diff --git a/docs/endpointpolicymanager/adminstrativetemplates/export.md b/docs/endpointpolicymanager/adminstrativetemplates/export.md deleted file mode 100644 index 09eda5f43f..0000000000 --- a/docs/endpointpolicymanager/adminstrativetemplates/export.md +++ /dev/null @@ -1,13 +0,0 @@ -# Exporting Policies and Collections - -The [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) topic explains how to -use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager directives and -deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, your own MDM service, or -Endpoint Policy Manager Cloud. To export a policy for later use using Endpoint Policy Manager -Exporter or Endpoint Policy Manager Cloud, right-click the collection or the policy and select -**Export to XML**. This allows you to save an XML file for later use. - -**NOTE:** For a video of Endpoint Policy Manager Admin Templates Manager delivering settings using -Endpoint Policy Manager Exporter and Microsoft Endpoint Manager (SCCM and Intune), see the -[Endpoint Policy Manager Cloud: Deploy Group Policy Admin template settings over the internet](/docs/endpointpolicymanager/video/administrativetemplates/deployinternet.md) -topic for additional information. diff --git a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/computerside.md b/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/computerside.md deleted file mode 100644 index 7ee8ea92fe..0000000000 --- a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/computerside.md +++ /dev/null @@ -1,19 +0,0 @@ -# Adding a Policy on the Computer Side - -When using Endpoint Policy Manager Admin Templates Manager to create a policy on the Computer side, -you can tap into both Computer and User policy settings. - -![about_policypak_admin_templates_6](/img/product_docs/endpointpolicymanager/adminstrativetemplates/gettoknow/about_endpointpolicymanager_admin_templates_6.webp) - -With both computer and user policy settings available in Endpoint Policy Manager Admin Templates -Manager you can deliver user-side settings to any computer that has this GPO. - -**NOTE:** For more information on the Endpoint Policy Manager Admin Templates Manager delivering -user-side settings to computers, see the -[Endpoint Policy Manager Admin Templates Manager: Switched Policies (without Loopback)](/docs/endpointpolicymanager/video/administrativetemplates/switchedpolicies.md) -topic for additional information. - -This feature allows you to avoid the complex process of Group Policy Loopback processing just for -the sake of delivering one (or more) user-side settings to a series of computers. Alternatively, you -may change the Scope Filter and elect to show User Policy only, Computer Policy only, or All Policy -(both user and computer). diff --git a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/overview.md b/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/overview.md deleted file mode 100644 index 723dbcc74e..0000000000 --- a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/overview.md +++ /dev/null @@ -1,7 +0,0 @@ -# Getting to Know Administrative Templates Manager - -The Endpoint Policy Manager Admin Templates Manager editor is found in the Endpoint Policy Manager -node. The Endpoint Policy Manager Admin Templates Manager allows you to create a new policy or -collection. - -![about_policypak_admin_templates_2](/img/product_docs/endpointpolicymanager/adminstrativetemplates/gettoknow/about_endpointpolicymanager_admin_templates_2.webp) diff --git a/docs/endpointpolicymanager/adminstrativetemplates/itemleveltargeting.md b/docs/endpointpolicymanager/adminstrativetemplates/itemleveltargeting.md deleted file mode 100644 index 7241258920..0000000000 --- a/docs/endpointpolicymanager/adminstrativetemplates/itemleveltargeting.md +++ /dev/null @@ -1,71 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint -Policy Managerchange the scope of individual preference items , so they apply only to selected users -or computers. In this example, we want the collection named **Control Panel Settings for East Sales -Users** to apply only to the East Sales Users. To do this, right-click the collection and then -select **Change Item Level Targeting**, as seen below. - -![about_policypak_admin_templates_11](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_11.webp) - -The **Edit Item Level Targeting** menu item brings up the **Targeting Editor**. You can select any -combination of characteristics you want to test for. The interface is similar to that used in Group -Policy Preferences' Item-Level Targeting. - -![about_policypak_admin_templates_12](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_12.webp) - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically. You can also add targeting collections, which group together targeting items in much the -same way parentheses are used in an equation. In this way, you can create a complex determination -about where a policy will be applied. Collections may be set to **And**,**Or**, **Is**, or **Is -Not**. In this example, the Pak would only apply to Windows 10 machines when the machine is portable -and the user is in the FABRIKAM\Traveling Sales Users group. - -Below are some real-world examples of how you can use Item-Level Targeting. - -- Software prerequisites — If you want to configure an application's settings, first make sure the - application is installed on the user's computer before configuring it. You can use File Match or - Registry Match targeting items (or both) to verify a specific version of a file or a registry - entry is present. For an example of this, look in the Uninstall registry key. -- Mobile computers — If you want to deploy settings exclusively for users on mobile PCs, then filter - the rule to apply only to mobile PCs by using the **Portable Computer** targeting item -- Operating system version — You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system. Then, filter each - rule using the **Operating System** targeting item. -- Group membership — You can link the Group Policy Object (GPO) to the whole domain or - organizational unit (OU), but only members within a specific group can pick up and process the - rule settings -- IP range — You can specify different settings for various IP ranges, like different settings for - the home office and each field office - -![about_policypak_admin_templates_13](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_13.webp) - -After you are done editing, close the editor. In the GP Management editor, you see that the -collection's icon has changed to orange, which shows that it now has Item-Level Targeting on the -whole collection. In other words, none of the items in the collection will apply unless the -Item-Level Targeting on the collection evaluates to **True**. - -![about_policypak_admin_templates_14](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_14.webp) - -You can also see that Item-Level Targeting is set on the collection when you click a higher node, -where you'll see the name of the collection and a column designating if Item-Level Targeting is on -(**Yes**) or off (**No**). - -![about_policypak_admin_templates_15](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_15.webp) - -You may also right-click any policy directive and select **Edit Item Level Targeting**. - -This enables you to be even more granular with the settings. For instance, you can specify whether -or not you want Item-Level Targeting applied to the following settings: - -- Only apply **Control Panel Settings for East Sales Users** to the East Sales User Group -- Only apply the **Prevent Changing theme** policy setting (within the collection) to users on - laptops - -![about_policypak_admin_templates_16](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_16.webp) - -If you put Item-Level Targeting on a specific policy setting, you can see the icon's color change to -orange, and the field **Item Level Targeting** will change to **Yes**. - -**NOTE:** Click the **Item-Level Targeting** button within any policy setting to open that policy's -Item-Level Targeting editor. diff --git a/docs/endpointpolicymanager/adminstrativetemplates/overview.md b/docs/endpointpolicymanager/adminstrativetemplates/overview.md deleted file mode 100644 index d029fde4fb..0000000000 --- a/docs/endpointpolicymanager/adminstrativetemplates/overview.md +++ /dev/null @@ -1,78 +0,0 @@ -# Administrative Templates Manager - -**NOTE:** Before reading this section, please see the -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md) topic  for more -information on the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, see the -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) topic for more -information. - -Endpoint Policy Manager Admin Templates Manager enables administrators to harness the existing power -of Microsoft's 3000+ Admin Template settings and a lot more. - -**NOTE:** See the -[Endpoint Policy Manager Admin Templates: Collections and Item Level Targeting](/docs/endpointpolicymanager/video/administrativetemplates/collections.md) -topic for more in formation on Endpoint Policy Manager Admin Templates Manager. - -![about_policypak_admin_templates](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates.webp) - -Here we can see some of Microsoft's Admin Template settings. - -![about_policypak_admin_templates_1](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_1.webp) - -Endpoint Policy Manager Admin Templates Manager is a node you see within every Group Policy Object -(GPO) you create. - -Endpoint Policy Manager Admin Templates Manager enables you to perform the following functions: - -- Assemble settings (policies) into collections -- Set Item-Level Targeting on policies and collections -- Deliver user-side policies to computers (without Group Policy Loopback mode) -- Use either Local Storage or Central Storage when choosing definitions -- Search for policies that match certain words in their titles or help text -- Export policies or collections as XML files (available with Endpoint Policy Manager Exporter and - Endpoint Policy Manager Cloud). See the - [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) topic for more - information on using Endpoint Policy Manager with MDM and UEM Tools. - -The basic way to use Endpoint Policy Manager Admin Templates Manager is as follows: - -- Create a Microsoft GPO using Endpoint Policy Manager Admin Templates Manager. If you use Group - Policy as the delivery mechanism, it is deployed to client machines. -- If you do not use Group Policy, deploy the GPO using one of these other ways: - - - Microsoft Endpoint Manager (SCCM and Intune) - - Your own systems-management software - - An MDM service - - Endpoint Policy Manager Cloud service - -- The client machine embraces the directives and performs the work - -Endpoint Policy Manager Admin Templates Manager lets admins use Group Policy to deliver settings and -also lets you use a mechanism other than Group Policy to get policies delivered. - -**NOTE:** Additionally, using the Endpoint Policy Manager Cloud service, can even deliver Group -Policy settings to non-domain-joined machines over the Internet. - -## Components - -Endpoint Policy Manager Admin Templates Manager has the following components: - -- A management station — Start out by creating a standard GPO (which will be edited) and then use - the Endpoint Policy Manager Admin Templates Manager node. -- The Endpoint Policy Manager client-side extension (CSE) — This runs on the client (target) - machine. It is the same CSE for all Endpoint Policy Manager products. There isn't anything - separate to install, and the Endpoint Policy Manager CSE must be present in order to accept - Endpoint Policy Manager Admin Templates Manager directives. -- Endpoints — Must be licensed for Endpoint Policy Manager Admin Templates Manager using one of the - licensing methods -- Endpoint Policy Manager Exporter (optional) — A free utility that lets you take Endpoint Policy - Manager Admin Templates Manager and our other products XML files and wrap them into a portable MSI - file for deployment using Microsoft Endpoint Manager (SCCM and Intune) or your own - systems-management software. diff --git a/docs/endpointpolicymanager/adminstrativetemplates/settings.md b/docs/endpointpolicymanager/adminstrativetemplates/settings.md deleted file mode 100644 index 3ca75ac8a9..0000000000 --- a/docs/endpointpolicymanager/adminstrativetemplates/settings.md +++ /dev/null @@ -1,25 +0,0 @@ -# Which settings can be managed with the Admin Templates Manager component? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Admin Templates Manager delivers all types of -Group Policy Admin Template settings (User side or Computer side) to your Windows users and -machines. - -![688_1_ppatm-gpme-user_400x1188](/img/product_docs/endpointpolicymanager/adminstrativetemplates/688_1_ppatm-gpme-user_400x1188.webp) - -The Administrative Templates for the User Configuration settings contains the following: - -- Control Panel -- Desktop -- Network -- Start Menu and TaskBar -- System -- Windows Components - -![688_2_ppatm-gpme-comp_400x1180](/img/product_docs/endpointpolicymanager/adminstrativetemplates/688_2_ppatm-gpme-comp_400x1180.webp) - -The Administrative Templates for the Computer Configuration settings contains the following: - -- Control Panel -- Desktop -- Network -- System diff --git a/docs/endpointpolicymanager/adminstrativetemplates/versions.md b/docs/endpointpolicymanager/adminstrativetemplates/versions.md deleted file mode 100644 index 5d84bd73fb..0000000000 --- a/docs/endpointpolicymanager/adminstrativetemplates/versions.md +++ /dev/null @@ -1,6 +0,0 @@ -# What Admin Console MSI and CSE versions are supported for Endpoint Policy Manager Admin Templates Manager ? - -The least supported combination for Netwrix Endpoint Policy Manager (formerly PolicyPak) Admin -Templates Manager MSI Console (MMC snap-in) 753 and CSE of 747. - -Whenever possible, please upgrade both the MMC and CSE to latest shipping version! diff --git a/docs/endpointpolicymanager/applicationsettings/appsetfiles/overview.md b/docs/endpointpolicymanager/applicationsettings/appsetfiles/overview.md deleted file mode 100644 index 0b4e9968ff..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/appsetfiles/overview.md +++ /dev/null @@ -1,19 +0,0 @@ -# AppSet Files - -When you use AppSets (your own or our pre-created ones) you need two files. - -- Netwrix Endpoint Policy Manager (formerly PolicyPak) XML files or pXML files—the source XML file, - which you can open, edit, or reedit, as needed. -- Extension DLL—the DLL file that you actually use when you're inside the group policy object (GPO) - editor. This DLL is the AppSet. - -**NOTE:** You can create DLLs from your original source pXML files, but you cannot re-create pXML -files from your compiled DLL files. Therefore, the pXML source is very important and should be -safely backed up. - -In this section, we're going to learn how to manage and share extension DLLs and learn how to update -existing Endpoint Policy Manager XMLs when necessary. - -**NOTE:** You can watch an introductory video overview of this section in the tutorial video we -created, which can be found here: -[https://www.endpointpolicymanager.com/video/working-with-others-and-using-the-central-store.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-acl-lockdown-for-registry-based-applications.html). diff --git a/docs/endpointpolicymanager/applicationsettings/centralstore.md b/docs/endpointpolicymanager/applicationsettings/centralstore.md deleted file mode 100644 index 17f884012a..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/centralstore.md +++ /dev/null @@ -1,9 +0,0 @@ -# How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?) - -Netwrix Endpoint Policy Manager (formerly PolicyPak) should be integrated with the central store in -most cases.To do this, simply create a folder in the SYSVOL directory on any one of your replicating -domain controllers within your network called "PolicPak". Then copy the Endpoint Policy Manager dll -files that currently reside in your local storage and paste them into that folder. - -Here is the how-to video: -[Working with Others and using the Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstorework.md) diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/advanced.md b/docs/endpointpolicymanager/applicationsettings/designstudio/advanced.md deleted file mode 100644 index 691645faa4..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/advanced.md +++ /dev/null @@ -1,88 +0,0 @@ -# Advanced AppSet Design and Manual Editing - -In this section, we round up some tips and tricks for the advanced AppSet designer. The -Configuration Wizard is almost always the best way to configure each element in your AppSet. -However, there are occasions where some manual work and advanced techniques are necessary to finish -your AppSet and have it work the way you intend. You might also want to manually enter in data and -values. Let's explore all these areas. - -## Basic Settings - -By default, all elements show their basic view. You can see at a glance the most important items -that the Configuration Wizard has configured, as shown in Figure 142. - -![advanced_appset_design_and](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and.webp) - -Figure 142. The basic properties of an element. - -The Configuration Wizard should auto-fill in all basic properties for most items. However, one item -that might need attention is the label link. Remember, the label link is the item that describes -elements that have no text, like text boxes, spinboxes, dropdowns, sliders, and radio button groups. -To configure the label link for an item, click on "Label Link" in the properties of the item, select -the "…" (not shown), and then select the text on the page that most closely represents what the text -box, spinbox, etc. is trying to configure. In Figure 143, the radio button group is being described -by the text "Associated image viewer." - -![advanced_appset_design_and_1](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_1.webp) - -Figure 143. Example of an element's label link. - -## Advanced Settings - -You can also click the "Advanced" button within Properties to see more detailed information about an -element, as shown in Figure 144.> - -![advanced_appset_design_and_2](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_2.webp) - -Figure 144. The "Advanced" button in the Properties dialog. - -The Advanced menu contains sections labeled "Control data" and "Actions." The control data specifies -items like dimensions, the display name ("Text"), the default state, the revert state, whether or -not the item is disabled ("Enabled"), and whether or not the item's text will stretch within the -boundaries of the element's handles ("AutoSize"). The Actions area shows what occurs when the -checkbox is checked. In Figure 145, you can see the following: - -- "First Action" performs a registry update. -- "`Reg. key`" is set to `WinZip\Policies`. This field is always relative to the data root, so the - whole key is not usually shown. You will often see only `` there as well, signifying - the value is directly within the project's data root. -- "`Reg. value`" is set to "passwordreqlower," the value in the registry. -- "Data type" is "String" (string registry type) -- "Sub type" (registry elements only) can be "Normal" or "Masked." "Normal" is the usual type, and - "Masked" is automatically chosen when the value is detected as a binary value with a mask, which - specifically flips specific binary bits on or off. -- The On value is 1. When the checkbox is checked, it sets the value to 1 inside "passwordreqlower." -- The Off value is 0. When the checkbox is un-checked (or the Group Policy falls out of scope) the - value inside "passwordreqlower" is deleted. - -It's possible to see (or set) second and third actions when an element changes. You can dictate -values within any of the supported datatypes, as shown in Figure 145. - -![advanced_appset_design_and_3](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_3.webp) - -Figure 145. Examples of second actions. - -You might want to do this if you had to configure both a registry item and also an INI file when a -checkbox is checked. This is a very rare occurrence, but it does happen. - -After selecting the data type (Registry, INI, XML, etc.) you are then prompted for the section and -property (or registry key and registry value), which in Figure 146 are shown as "[MainFrame]" and -"AdvertiseIndex." - -![advanced_appset_design_and_4](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_4.webp) - -Figure 146. Selecting the section and property. - -Once the value is manually selected, you are able to place the value automatically within the On or -Off values (or both or neither), as shown in Figure 147. - -![advanced_appset_design_and_5](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_5.webp) - -Figure 147. Placing the value within the "On" or "Off" fields. - -After placing the items, you can further specify the On and Off values within the action itself, as -shown in Figure 148. Checkboxes are only allowed three actions. - -![advanced_appset_design_and_6](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_6.webp) - -Figure 148. Specifying "On" and "Off" values within the action. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/overview.md deleted file mode 100644 index 3d8e5ef753..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Special Applications and Project Types - -Some Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio projects require special -consideration. In this section, we will share with you some notes about particular types of -applications you might want to make into AppSets. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/overview.md deleted file mode 100644 index 9e4b60da2a..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/overview.md +++ /dev/null @@ -1,21 +0,0 @@ -# Discovering Configuration Data Locations - -Usually, it's quite easy to discover where an application has stored its configuration data. Most -times, applications store their data in` HKEY_Current_User\Software`. In Figure 87, you can see the -data for many popular applications stored in the registry. - -![discovering_configuration_624x429](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_624x429.webp) - -Figure 87. Many applications store their data in the registry. - -Note that although most applications store their information in `HKEY_Current_User\Software`, if -you're trying to do something in Control Panel, those values would be stored in -`HKEY_Current_User\Control Panel`. For this reason, you might need look around to find the right -data store location if the application uses the registry. - -If an application's data isn't found in the registry, we suggest you look for other file types -manually. You can look in the following three common key locations for user configuration data: - -- `C:\program files\\` for 32-bit and 64-bit machines -- `C:\program files(x86)\\` for 64-bit machines -- `%localappdata%` diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/virtualstore.md b/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/virtualstore.md deleted file mode 100644 index 78135a72be..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/virtualstore.md +++ /dev/null @@ -1,87 +0,0 @@ -# Configuration Data in VirtualStore - -Sometimes, programs don't know that they are not allowed to store data in the protected Windows -locations. When a standard user runs the application and tries to change configuration data, the -application's configurations are not written to these protected Windows locations. They are -redirected or virtualized instead. In Figure 91, we can see that when the application tried to write -its data to `c:\Program Files`, it was actually redirected to - -`%LocalAppData%\VirtualStore\Program Files (x86)\Foxit Software\Foxit Reader`. - -![discovering_configuration_4](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_4.webp) - -Figure 91. Application data that has been redirected. - -This is a safety mechanism that Windows uses to allow applications to think that they've written -data to the desired location (`\Program Files`), when in actuality, the application's data was -really written to - -`%appdata%\local\virtualstore\Program Files (x86)\Foxit Software\Foxit Reader`. However, there is -one problem with this: both 32-bit and 64-bit client machines could possibly be our targets. Because -of this, even though we're finding the file in - -`%LocalAppData%\VirtualStore\Program Files (x86)\Foxit Software\Foxit Reader` (as shown in Figure -92), the data file could also be found on 32-bit machines in -`%LocalAppData%\VirtualStore\Program Files\Foxit Software\Foxit Reader` (as shown in Figure 93). - -![discovering_configuration_5](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_5.webp) - -Figure 92. The location for 64-bit machines is `%LocalAppData%\VirtualStore\Program Files (x86).` - -![discovering_configuration_6](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_6.webp) - -Figure 93. The location for 32-bit machiens is `%LocalAppData%\VirtualStore\Program Files.` - -If you select a file within the VirtualStore directory, Endpoint Policy Manager DesignStudio -recognizes this and provides two features to ensure proper delivery to clients. First, as shown in -Figure 94, Endpoint Policy Manager DesignStudio will substitute the correct variable so it will work -on client machines of the same type. - -![discovering_configuration_7](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_7.webp) - -Figure 94. Endpoint Policy Manager DesignStudio substituting the correct variable. - -To account for the possibility that you might have both 32-bit and 64-bit machines as targets, -Endpoint Policy Manager Application Settings Manager, by default, will always try to write to both -locations on the target machine. That way, you're ensured that both 32-bit and 64-bit machines will -get your directives. Note that this behavior is controllable within Endpoint Policy Manager -`DesignStudio in Tools|Options `in the VirtualStore tab, as shown in Figure 95. It is recommended -that you keep this checkbox checked. - -![discovering_configuration_8_624x322](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_8_624x322.webp) - -Figure 95. The VirtualStore tab. - -If you want to see both actions, you can click on the element's "Advanced" button, as shown in -Figure 96, and see the two actions created. - -![discovering_configuration_9_312x592](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_9_312x592.webp) - -Figure 96. The element's "Advanced" button. - -If you were to hover the mouse over each "File" location, you would see that the actions are set -against each possible file location automatically (`\Program Files(x86)` and `\Program Files`), one -for the first action and another for the second action, as shown in Figure 97 and Figure 98. - -![discovering_configuration_10](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_10.webp) - -Figure 97. The file location for the first action. - -![discovering_configuration_11_624x79](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_11_624x79.webp) - -Figure 98. The file location for the second action. - -Therefore, there's really no downside in leaving the "Always create additional action when target -files utilize Windows 7 "VirtualStore" directories (recommended)" turned on. It will mean that your -64-bit and 32-bit applications will read the right file and be correctly configured. - -For more information on the idea of how an application uses file virtualization, see the following -resources: - -- Video and example app for testing: - [http://www.msigeek.com/328/video-file-registry-virtualization-in-windows-7](http://www.msigeek.com/328/video-file-registry-virtualization-in-windows-7) -- [http://msdn.microsoft.com/en-us/library/bb756960.aspx](http://msdn.microsoft.com/en-us/library/bb756960.aspx). - Look for "Virtualization" about halfway down the page. -- [http://www.thewindowsclub.com/file-registry-virtualization-in-windows-7](http://www.thewindowsclub.com/file-registry-virtualization-in-windows-7). -- Group Policy: Fundamentals, Security and the Managed Desktop by Jeremy Moskowitz Page 561–562. - Available at [www.GPanswers.com/book](http://www.GPanswers.com/book). diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/setup.md b/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/setup.md deleted file mode 100644 index 6897c7749e..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/setup.md +++ /dev/null @@ -1,57 +0,0 @@ -# Setting Up Application Configuration Data - -When you create a new project (see Book 3: Application Settings Manager), you'll find that in the -initial wizard windows, you can choose how the capture process occurs, as shown in Figure 85. - -![setting_up_application_configuration](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/setting_up_application_configuration.webp) - -Figure 85. Choosing how to capture the application. - -Choose to start a new project using the Capture Wizard. Then, select your project type, as shown in -Figure 86. - -![setting_up_application_configuration_1](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/setting_up_application_configuration_1.webp) - -Figure 86. Selecting your project type. - -The following project types are currently supported, and more project types may be available in the -future. - -- Registry: This is the most common project type. Most applications store their configuration data - inside the registry. Most applications (like WinZip, Acrobat Reader, etc.) store their data per - user somewhere inside `HKEY_Local_User\Software`. -- Registry (service): Some applications store their information in `HKEY_Local_Machine`. This is not - very common, but it can happen. If in doubt, use "Registry" instead. You can learn more about this - project type in the section called "Special Applications and Project Types." -- `.INI` file: Many files store their configuration data in INI files. This is an older Windows - format, but is still widely supported. -- `.XML` file: A wide variety of applications use XML for their configurations. Not all XML types - are supported, and the wizard will indicate if the XML file you've selected is not supported. -- Mozilla-specific config file: The Mozilla Corporation has a variety of applications which all work - similarly, including Firefox, Thunderbird, and SeaMonkey. These applications from the Mozilla - Corporation all use this file type. There's no need to use Netwrix Endpoint Policy Manager - (formerly PolicyPak) DesignStudio to create your own Firefox or Thunderbird AppSets; we've already - done that for you. This Mozilla-specific file format is captured and handled somewhat differently - than the others, and is specifically discussed in the section called "Special Applications and - Project Types." -- `.js` file (Firefox-style config file): This is a JavaScript style file, in the common - Firefox-style format. -- .properties file (`Java-style config` file): This is a less common file format; however, some - applications do use .properties files to configure their data. Usually these are Java - applications, but could be other kinds of applications as well. -- OpenOffice and LibreOffice config file (\*`.xcu`): This file type is used to configure OpenOffice - and LibreOffice. -- Remote Desktop Settings file (\*`.rdp config `file): Configured Microsoft Remote Desktop Services - files. -- JSON: This is a common file format for many applications. -- Firefox Plugin Registry: This is for Firefox plugins that support a specific standard. - -**NOTE:** Endpoint Policy Manager DesignStudio will create new data files for all file types if they -don't already exist on the client computer. This is true for every file type Endpoint Policy Manager - -DesignStudio supports, except RDP files. RDP files are not created on the client machine, and they -must already be present to be modified by Endpoint Policy Manager - -DesignStudio. Additionally, it is now recommended that if you wish to deliver and maintain `.rdp` -files, you do so with Endpoint Policy Manager Remote Desktop Protocol Manager -([https://www.endpointpolicymanager.com/policies/remote-desktop-protocol-manager/](https://www.endpointpolicymanager.com/policies/remote-desktop-protocol-manager/)). diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/overview.md deleted file mode 100644 index 0fdc88e904..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/overview.md +++ /dev/null @@ -1,25 +0,0 @@ -# Configuring Elements - -Endpoint Policy Manager DesignStudio provides a wizard to configure the following element types: - -- Checkboxes (which we performed an example of together in the Quickstart above) -- Radio buttons -- Sliders (horizontal and vertical) -- Spinboxes (up/down boxes) -- Text boxes -- Numeric boxes -- Combo boxes -- Folder browsers -- File browsers -- Font browsers - -Most elements have the following constructs: - -- Min -- Max -- Default state -- Revert state -- Step value (for sliders and spinboxes) -- Linked label (for items that cannot describe themselves) - -We'll explore some of these element types in the following sections. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/overview.md deleted file mode 100644 index b9d6af9146..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/overview.md +++ /dev/null @@ -1,12 +0,0 @@ -# Configuring Elements Using the Configuration Wizard - -After you've captured and modified your AppSet's user interface (UI), it's time to configure each -element. This section expands on what the Configuration Wizard is capable of and gives you insights -into how it works and what to look out for when creating your own AppSets. The Configuration Wizard -is generally available to help you implement the details of what any element is doing. To start the -Configuration Wizard, you can right-click over most elements and select "Configuration Wizard" or -click on the wand, as shown in Figure 107. - -![configuring_elements_using](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/configuring_elements_using.webp) - -Figure 107. Starting the Configuration Wizard. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/usage.md b/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/usage.md deleted file mode 100644 index 77ae54281c..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/usage.md +++ /dev/null @@ -1,72 +0,0 @@ -# Using the Configuration Wizard - -Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio Configuration Wizard is a lite -capture tool. When the Configuration Wizard runs, it takes a snapshot of all the items in your data -root, asks you to make some changes, and then captures what you've done. Then it sets your element's -settings. To perform these tasks, the Configuration Wizard may ask you some questions about the -current state of the application first. For instance, it may asked if a checkbox is currently -checked or unchecked, as shown in Figure 114. - -![configuring_elements_using_7](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/configuring_elements_using_7.webp) - -Figure 114. Selecting whether a checkbox is checked or unchecked. - -This is to make sure nothing has changed from when the Capture Wizard captured the application's UI -settings. If you look at the actual application and the setting is checked, changed, or otherwise -altered, then change the Configuration Wizard, not the application. - -Once the current state is verified (or changed within the Configuration Wizard), the Configuration -Wizard will ask you to perform a series of steps on the element, such as the following: - -- For checkboxes, you will be asked to check the box, then click "OK" in the application. Next you - will click "Next" in the wizard. Then, you'll be asked to uncheck the box, and click "OK" in the - application. Then you will click "Next" in the wizard. -- For radio buttons, you will be asked to select each radio button and click "OK" in the - application. Then you will click "Next." -- For sliders and spinboxes, you will be asked to select the minimum value, the next least value - (step), and the maximum value. You will click "OK" in the application between each step. - -Other item types will have similar procedures. You must click "Apply" or "OK" inside most -applications in order to write the value back to the computer. Occasionally, some applications' -values are only stored in memory and only get changed to the registry or disk when the application -is fully closed. This means you might have to open and close the application dozens of times. - -If you click "Next" in the wizard but the wizard was unable to detect any changes, it will tell you -that no changes were detected, as shown in Figure 115. - -![configuring_elements_using_8](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/configuring_elements_using_8.webp) - -Figure 115. The message to indicate no changes were detected. - -To resolve this, you can try doing the following: - -- Click "No" in the dialog box to try again. -- Ensure you've clicked "Apply" or "OK" in the application and then continue onward with the wizard - to see if it detects the change. -- Select "No," then try closing the target application altogether. Sometimes the application's items - are stored in memory and only written to disk when the application is fully closed. After closing - the application, click "Next" in the wizard to see if the change was detected. - -If you've you continued to proceed onward, and there are still no detected changes, then the data is -not stored within the data root selected earlier. Even if 80% of an application's settings are -stored within the same place (such as` HKEY_Current_User\Software\\`), a -fraction of the settings may be stored in a different file or a different part of the registry. The -Capture Wizard cannot detect all changes on your hard drive; it has to be told where to look. So, if -you're still having problems, go back to the previous section of this guide entitled "Setting Up -Application Configuration Data," which uses Microsoft's Process Monitor to discover where settings -are being stored when you change data. - -If the wizard discovers exactly one change, you can continue onward to the next step as this is a -sign of a successful discovery. The wizard will usually ask you to confirm the following: - -- Each state (every radio button, checkbox, slider, etc.). -- Default value and what to do when you turn this setting on. -- Revert value and what to do when you turn this setting off. -- Linked label (for text boxes, numeric boxes, spinboxes, and some others). This helps with GPMC - reporting. Because a text box or numeric box is a box, it has no text of its own to describe - itself. Usually, however, there is something on the page that represents the item. The linked - label is some other text on the page (a label) which describes what the setting does. - -If the wizard discovers one change perfectly, you can easily go through the Configuration Wizard for -the element. If the wizard detects multiple changes during configuration, you are prompted for what -to do. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/overview.md deleted file mode 100644 index 93e8892da4..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/overview.md +++ /dev/null @@ -1,6 +0,0 @@ -# Getting Around - -In this section, you'll learn about: - -- Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio vocabulary -- Tabs inside Endpoint Policy Manager DesignStudio diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/compilation.md b/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/compilation.md deleted file mode 100644 index aab33a5f75..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/compilation.md +++ /dev/null @@ -1,29 +0,0 @@ -# Compilation - -The Compilation tab enables you to set your project's DLL name, as shown in Figure 55. It also -enables you to save your current work and compile your AppSet to be used in Group Policy, as shown -in Figure 56. - -![getting_around_7](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_7.webp) - -Figure 55. Setting the DLL name. - -![getting_around_8_624x155](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_8_624x155.webp) - -Figure 56. Compiling the AppSet. - -In Figure 55, you can see that you can do the following: - -- Compile to standard location (default): This will compile to what is set in `Tools | Options`. - Usually, this is the Endpoint Policy Manager local store or - - `c:\program files (x86)\PolicyPak\Extensions`. - -- Compile to same location as XML file: This will not copy to the local store, and instead will only - compile directly where the existing AppSet is located. -- Compile to both standard location and location as XML file: This will compile and save in the - local store and also make a copy where the AppSet XML file is located (overwriting any previous - DLL). - -You can also see a test preview of your AppSet after compiling. This can be useful if you want to -tweak, test, and re-tweak your application without having to launch the Group Policy editor. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/overview.md deleted file mode 100644 index fd27be0409..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/overview.md +++ /dev/null @@ -1,31 +0,0 @@ -# Tabs - -Endpoint Policy Manager DesignStudio has six main tabs that help you perform tasks in your project. -You can see the tabs highlighted in Figure 50. - -![getting_around_1](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_1.webp) - -Figure 50. The DesignStudio tabs. - -Those tabs are: - -- Tabs -- Hierarchy -- Properties -- Project Properties -- Compilation -- Error List - -Let's examine each one so we can see what is contained inside each tab. - -## Tabs - -The Tabs tab enables you to see the overall hierarchy of your project. You will see all the tabs -listed in your project and any subdialogs you have within each tab. This is the quickest way to see -the overall structure of your project and how all the major objects (tabs and subdialogs) relate to -each other. When you click on a tab inside the Tabs area, the corresponding tab is automatically -displayed in the main pane for quick navigation (see Figure 51). - -![getting_around_2](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_2.webp) - -Figure 51. Using the Tabs tab for quick navigation. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/properties.md b/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/properties.md deleted file mode 100644 index 96e72750a0..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/properties.md +++ /dev/null @@ -1,8 +0,0 @@ -# Properties - -The Properties tab shows how the element is set. It is automatically displayed when you use the main -pane and select an element (see Figure 53). - -![getting_around_4](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_4.webp) - -Figure 53. Viewing the properties of an element in the Properties tab. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/overview.md deleted file mode 100644 index 3a461ebb77..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/overview.md +++ /dev/null @@ -1,17 +0,0 @@ -# DesignStudio - -This document will help you to understand Netwrix Endpoint Policy Manager (formerly PolicyPak) -DesignStudio. However, you should only use this document after you have read and worked through the -DesignStudio example in Book 3: - -Application Settings Manager. We assume in this manual that you have already read that document and -can create simple AppSets. - -This document is a reference guide for the rest of the DesignStudio utility and addresses some -advanced scenarios. We won't be using this guide to build any one specific AppSet. Rather, we will -move from application to application pointing out some tips, tricks, and quirks which might be -applicable to many scenarios while building AppSets. - -Video: You may also wish to watch our DesignStudio videos, which cover some higher level details of -Endpoint Policy Manager: Application Manager > -[DesignStudio How-To](/docs/endpointpolicymanager/video/index.md#designstudio-how-to). diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/overview.md deleted file mode 100644 index 03849c4b08..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/overview.md +++ /dev/null @@ -1,29 +0,0 @@ -# Quick Start - -Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio is where you can create your own -AppSets or edit AppSets that we provide to you. PolicyPak DesignStudio can scrape the interfaces -from your existing applications, such as WinZip, and bring them into the Endpoint Policy Manager -format for later use inside Group Policy Objects (GPOs). - -Video: To see an overview of how to use Endpoint Policy Manager DesignStudio, watch this video: -[Creating Your First Pak using Endpoint Policy Manager Design Studio](/docs/endpointpolicymanager/video/applicationsettings/designstudio/firstpak.md). - -**NOTE:** The Endpoint Policy Manager format is properly called "pXML" format. You most likely will -never need to edit any pXML files by hand, but you're welcome to open up and explore the files that -are produced by the wizard. - -In this guide, you will be creating an AppSet for PuTTY, and open source SSH and telnet client. -You'll be doing the work on your Endpoint Policy Manager creation station. You'll also be using the -pre-configured AppSet for WinZip as a demonstration for other examples throughout this guide. - -Tip: We recommend that your Endpoint Policy Manager creation station have the same operating system -(and version) that your target machine does, if possible. Having a Endpoint Policy Manager creation -station that is a Server 2016 machine and a target machine that is a Windows 10 machine, for -example, may work fine. However, for ideal application compatibility, it's best if your Endpoint -Policy Manager creation station is as close as possible to your target machine. - -To keep things simple, we'll assume you'll be creating your AppSets from the same machine you used -to create GPOs. However, note that it is common to separate out these two roles, and Endpoint Policy -Manager makes it easy to do so. In this discussion, we'll assume you're using a Windows 10 machine -with the RSAT tools and the GPMC enabled. This will now be your Group Policy management station and -your Endpoint Policy Manager creation station. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/compilation.md b/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/compilation.md deleted file mode 100644 index e7162afee8..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/compilation.md +++ /dev/null @@ -1,24 +0,0 @@ -# Compilation Tab - -The Compilation tab controls where your Endpoint Policy Manager source files (pXML) are saved and -where they are compiled. You can see the Compilation tab in Figure 166. The default path for saved -pXML files is`\Documents\PolicyPak Design Studio\Projects.` You can change this to any location you -like. Additionally, the path for compiled DLLs is `C:\Program Files\PolicyPak\Extensions`. This is -the location where the Endpoint Policy Manager Application Settings Manager Group Policy Editor will -look for compiled extensions, so it's best to leave this as it is. - -![using_designstudio_tools_2](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_2.webp) - -Figure 166. The Compilation tab. - -**NOTE:** that only administrators can compile AppSets directly to this location. If you are running -Endpoint Policy Manager DesignStudio as a standard user (non-administrator) you are prompted for an -alternate (writable) location. After compiling, you can use an administrator account to copy the -AppSet DLL file to `c:\Program Files\PolicyPak\Extensions` to use it within the Group Policy Editor. - -Additionally, you can see the "Preferred C++ Compiler" in the Compilation tab. Endpoint Policy -Manager Application Settings Manager is actually compatible with two compilers: Microsoft Visual C++ -2008 (Express and Full Editions) and MinGW compiler. However, it is recommended that you use the -Microsoft Visual C++ 2008 compiler. Lastly, you can also see the Endpoint Policy Manager compiler -location, which should always point toward the file named PXmlParser. This should not be changed -unless specified by technical support. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/java.md b/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/java.md deleted file mode 100644 index b7cddbf162..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/java.md +++ /dev/null @@ -1,17 +0,0 @@ -# Java Tab - -Endpoint Policy Manager DesignStudio currently has experimental support for capturing Java-based -applications. In order to capture Java-based applications, you will need to do the following: - -**Step 1 –** Install the Java Access Bridge (free software from Java/Oracle). - -**Step 2 –** Fully turn off user account control (during the user interface [UI] capture). - -Without the Java Access Bridge installed, the Java tab will look like what's shown in Figure 169. - -![using_designstudio_tools_5_624x224](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_5_624x224.webp) - -Figure 169. The Java tab. - -To learn more about how to use Endpoint Policy Manager DesignStudio to capture Java-based -applications, check out the "Special Applications and Project Types" section of this document. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/overview.md deleted file mode 100644 index 4f6f0aba93..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/overview.md +++ /dev/null @@ -1,12 +0,0 @@ -# Options - -Endpoint Policy Manager DesignStudio has a variety of options you can configure. You can access -these options using Tools|Options, as shown in Figure 165. There are six tabs within Options: -Compilation, UI Capture, AppV (older versions of DesignStudio only), VirtualStore, Java, and Misc. - -![using_designstudio_tools_1_624x111](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_1_624x111.webp) - -Figure 165. DesignStudio Options. - -**NOTE:** The AppV tab has not been used since build 605. Only older versions of DesignStudio -require the AppV tab. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/virtualstore.md b/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/virtualstore.md deleted file mode 100644 index d4d179cc12..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/virtualstore.md +++ /dev/null @@ -1,9 +0,0 @@ -# VirtualStore Tab - -The VirtualStore tab has one setting, as shown in Figure 168. This setting is automatically checked -on and is used when applications running as standard users try to write to locations that are not -allowed. This setting was discussed in the section called "Configuration Data in VirtualStore." - -![using_designstudio_tools_4_624x174](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_4_624x174.webp) - -Figure 168. The VirtualStore tab. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/tools/overview.md deleted file mode 100644 index e3ea19ca19..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/overview.md +++ /dev/null @@ -1,19 +0,0 @@ -# Using DesignStudio Tools - -In this section, you'll learn how to do the following with Netwrix Endpoint Policy Manager (formerly -PolicyPak) DesignStudio: - -- Set up and configure Endpoint Policy Manager DesignStudio options (`Tools|Options`) -- Find unconfigured elements in our AppSet (`Tools|Show Elements List`) -- Perform a global search and replace for elements and text within our AppSet - (`Tools|Global Search and Replace`) -- Merge AppSets (`Tools|PXML Merge Wizard`) -- Compile multiple AppSets at once (`Tools|Batch Compile`) -- Preview an existing AppSet (`Tools|Pak Preview`) - -You can see the list of items from the Endpoint Policy Manager DesignStudio Tools menu in -Figure 164. - -![using_designstudio_tools](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/using_designstudio_tools.webp) - -Figure 164. DesignStudio Tools menu. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/overview.md deleted file mode 100644 index 5f808fc9f7..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/overview.md +++ /dev/null @@ -1,6 +0,0 @@ -# Manual Edits - -The Endpoint Policy Manager Capture Wizard usually does a pretty good job of capturing the elements -for most applications. However, sometimes it needs a little manual help to get the applications' -elements to where they need to be. The sections below describe some circumstances that may require -manual editing. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/overview.md b/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/overview.md deleted file mode 100644 index 320927a0d8..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/overview.md +++ /dev/null @@ -1,10 +0,0 @@ -# Crafting the User Interface of Your AppSet - -There are three ways you can craft the user interface (UI) of your target application: - -- Fully automatic with the Capture Wizard -- Automatic first, with manual corrections for non-standard captures -- Fully manual - -In the sections below, we'll explore all three options. We'll also discuss how to capture subdialogs -and how to understand capture results that aren't what you expected. diff --git a/docs/endpointpolicymanager/applicationsettings/dllstorage.md b/docs/endpointpolicymanager/applicationsettings/dllstorage.md deleted file mode 100644 index ec5ce0f721..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/dllstorage.md +++ /dev/null @@ -1,6 +0,0 @@ -# Can I store the DLL extensions in a central location AND locally on the machine I create my Paks on and if so which one is utilized? - -Although storing the Netwrix Endpoint Policy Manager (formerly PolicyPak) DLL extensions in a -central location allows multiple administrators the ability to utilize them, you can also store the -DLL extensions locally as well.In that instance, the GPO editor will list both the central and local -location and allow you the opportunity to select which one you wish to use. diff --git a/docs/endpointpolicymanager/applicationsettings/extras/overview.md b/docs/endpointpolicymanager/applicationsettings/extras/overview.md deleted file mode 100644 index 117becf714..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/extras/overview.md +++ /dev/null @@ -1,10 +0,0 @@ -# Extras - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager has some extra -management capabilities. In this section, we'll discuss the following features: - -- Item-Level Targeting for an AppSet entry -- Internal Item-Level Targeting for the AppSet itself -- Creating multiple AppSets and changing priority -- Setting a comment or description about an AppSet's settings -- Adding "Managed by Endpoint Policy Manager" to applications under management diff --git a/docs/endpointpolicymanager/applicationsettings/modes/acllockdown.md b/docs/endpointpolicymanager/applicationsettings/modes/acllockdown.md deleted file mode 100644 index 84bc82f675..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/modes/acllockdown.md +++ /dev/null @@ -1,65 +0,0 @@ -# ACL Lockdown™ Mode - -**NOTE:** For a demonstration of the ACL Lockdown™ Mode feature, please see this video: -[ACL Lockdown for Registry Based Applications](/docs/endpointpolicymanager/video/applicationsettings/acllockdown.md). - -ACL Lockdown mode can be seen when you right-click a setting within an AppSet (see Figure 34). - -![policypak_application_settings_1_13](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_13.webp) - -Figure 34. Selecting the ACL Lockdown setting. - -This is a very powerful Endpoint Policy Manager Application Settings Manager feature; it increases -your application's security. When it is selected, two things occur: - -- This mode prevents any changes to the application—even while the application is running. Note that - this is true for most (but not all) applications. Exceptions and problems are usually noted in the - AppSet's readme file. -- While the application is not running, clever "power users" cannot work around your settings by - manually changing them in the Registry or files. - -When ACL Lockdown™ mode is selected on a Endpoint Policy Manager Application Settings Manager -element, Endpoint Policy Manager Application Settings Manager will take ownership of the portion of -the user's Registry or files involved in the application. - -This literally prevents users (or other applications) from modifying your setting. It gives your -application a steady state where users are not permitted to work around your settings (whether -they're online or offline, or the machine is running or not running). - -When you select "Perform ACL Lockdown" using Endpoint Policy Manager Application Settings Manager, -Endpoint Policy Manager Application Settings Manager will automatically figure out which additional -elements within the ApSet share the same file or Registry container. - -For instance, in WinZip, if you right-click "Minimum password length" and select "Perform ACL -Lockdown," Endpoint Policy Manager will automatically select it for all other items in the AppSet -that share the same location in the Registry (see Figure 35). If you right-click any of the -checkboxes in the Passwords tab, you can see that "Perform ACL Lockdown" will be already checked, -because all the elements on this page are within the same portion of the Registry. - -![policypak_application_settings_1_14](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_14.webp) - -Figure 35. With "Perform ACL Lockdown" selected, all password options are automatically checked. - -However, clicking on another tab—such as Cameras—and right-clicking a setting will show that -"Perform ACL Lockdown" is not set (see Figure 36). - -![policypak_application_settings_1_15](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_15.webp) - -Figure 36. If other tabs are selected, "Perform ACL Lockdown" will not be set. - -This is because the items within the Cameras tab are located in a different place in the Registry -than the items in the Passwords tab. - -To reiterate, if an application's data is stored in a file, then usually ALL items within the AppSet -will be locked when "Perform ACL Lockdown" is selected. In the example shown in Figure 37, "Perform -ACL Lockdown" is selected for one Firefox setting. - -![policypak_application_settings_1_16](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_16.webp) - -Figure 37. "Perform ACL Lockdown" is selected for one Firefox setting. - -However, because all the settings within Firefox are stored in the same file, they will be -uneditable by the end user. - -When the GPO no longer applies, the ACL Lockdown settings that were originally on the Registry or on -the files are returned to the state they were in before Endpoint Policy Manager took ownership. diff --git a/docs/endpointpolicymanager/applicationsettings/modes/applock.md b/docs/endpointpolicymanager/applicationsettings/modes/applock.md deleted file mode 100644 index c25c1d44d0..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/modes/applock.md +++ /dev/null @@ -1,44 +0,0 @@ -# AppLock™ Modes - -Endpoint Policy Manager Application Settings Manager AppLock™ is a patent-pending technology that -enables administrators to truly lock down their applications so users cannot work around the -configured settings. For example, in an earlier example we were able to hide all the settings in the -Cameras tab for WinZip. - -**NOTE:** Endpoint Policy Manager Application Settings Manager AppLock™ modes are only available -when you utilize Endpoint Policy Manager DesignStudio Capture Wizard to capture an existing user -interface from an application. If you use Endpoint Policy Manager DesignStudio and design your own -interface from scratch, Endpoint Policy Manager DesignStudio won't capture the original -user-interface (UI); therefore, it has no ability to lock it down. Note that not every UI is -capturable, and not every capturable UI is able to be locked down. See Appendix B: Endpoint Policy -Manager Application Settings Manager DesignStudio Guide for more information. - -There are three Endpoint Policy Manager Application Settings Manager AppLock™ modes. - -- "Hide corresponding control in target application." This removes the corresponding control in the - application from the users' view so users cannot see that there is an element present. -- "Disable corresponding control in target application." This disables (grays out) the corresponding - control in the application. In this mode, users will be able to see the element but will not be - able to configure or manipulate the setting. -- "Force display of this control in target application." This should be used when you want to - restore a setting. This can be used by an upper-level domain admin, along with the Group Policy - Enforced property, on the GPO itself. This can ensure that a lower-level admin cannot permanently - lock out the UI of an application. - -If you right-click on any tab, you'll find two more settings. - -- "Disable whole tab in target application." This disables (grays out) the entire corresponding tab - in the application. Users will be able to see the tab, but they will not be able to access the - contents of the tab to manipulate any settings within that tab. -- "Force display of whole tab in target application." This should be used when you want to restore a - tab in the UI. This can be used by an upper-level domain admin, along with the Group Policy - Enforced property, on the GPO's link. This can ensure that a lower-level admin cannot permanently - lock out the UI of an application. - -Figures 28, 30, and 32 illustrate the selection process for the various settings that can be -enforced. Figures 29, 31, and 33 show the results of the settings on the target machines. - -| ![policypak_application_settings_1_7](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_7.webp) Figure 28. Endpoint Policy Manager Application Settings Manager Applock™ hide mode. | ![policypak_application_settings_1_8](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_8.webp) Figure 29. The corresponding control in the target application has been hidden. | -| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| ![policypak_application_settings_1_9](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_9.webp) Figure 30. Endpoint Policy Manager Application Settings Manager Applock™ disable mode. | ![policypak_application_settings_1_10](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_10.webp) Figure 31. The corresponding control in the target application has been grayed out. | -| ![policypak_application_settings_1_11](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_11.webp) Figure 32. In the Group Policy Editor, right-click below the tab you wish to disable, as seen here. | ![policypak_application_settings_1_12](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_12.webp) Figure 33. The target tab, Cameras, has been grayed out. Users cannot click it to see or modify any elements within this tab. | diff --git a/docs/endpointpolicymanager/applicationsettings/modes/overview.md b/docs/endpointpolicymanager/applicationsettings/modes/overview.md deleted file mode 100644 index 526f227e51..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/modes/overview.md +++ /dev/null @@ -1,36 +0,0 @@ -# Modes - -If you used the Quick Start guides, you now have a feel for some of the special modes in Endpoint -Policy Manager Application Settings Manager. Endpoint Policy Manager Application Settings Manager -modes are available on a per-attribute basis, which provides for excellent flexibility when deciding -which elements to configure, enforce, and even disable or hide. - -**NOTE:** To see an overview of the Enforcement modes, watch this quick tutorial video: -[https://www.endpointpolicymanager.com/video/endpointpolicymanager-the-superpowers.html](http://tinyurl.com/screenshotpilot). - -**NOTE:** To see an overview of ACL Lockdown™ mode, watch this tutorial: -[https://www.endpointpolicymanager.com/video/endpointpolicymanager-acl-lockdown-for-registry-based-applications.html](https://support.microsoft.com/en-us/kb/3087759). - -In Figure 22, you can see which modes are available when right-clicking a Endpoint Policy Manager -Application Settings Manager attribute with settings data inside. - -![policypak_application_settings_1_1](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_1.webp) - -Figure 22. The modes available in Endpoint Policy Manager Application Settings Manager. - -Let's examine the areas of control for an element, as seen in Figure 23. You can see we've -highlighted the following modes: - -- Enforcement modes -- Reversion mode -- Endpoint Policy Manager Application Settings Manager ACL Lockdown™ mode -- Endpoint Policy Manager Application Settings Manager Applock™ modes - -![policypak_application_settings_1_2](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_2.webp) - -Figure 23. The areas of control for an element. - -**NOTE:** There is a special AppLock mode that you can apply to the entire tab to disable it. We'll -discuss this in the "AppLock Modes" section. - -We first need to discuss how to set and deliver settings and values. diff --git a/docs/endpointpolicymanager/applicationsettings/onetime.md b/docs/endpointpolicymanager/applicationsettings/onetime.md deleted file mode 100644 index bf5f5b80ef..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/onetime.md +++ /dev/null @@ -1,8 +0,0 @@ -# Can I deploy the Application Manager settings I've configured as a one-time only deployment like Group Policy Preferences does? - -Yes, There are three ways in which to deploy each Netwrix Endpoint Policy Manager (formerly -PolicyPak) application settings you configure: - -- Always reapply this setting (this is the default) -- Apply once and do not reapply in the background. Only reapply with GP update /force -- Apply once and do not re-apply. Ignore GPupdate /force (similar to Group Policy Preferences) diff --git a/docs/endpointpolicymanager/applicationsettings/overview.md b/docs/endpointpolicymanager/applicationsettings/overview.md deleted file mode 100644 index 66be1ebfc1..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/overview.md +++ /dev/null @@ -1,32 +0,0 @@ -# Application Settings Manager - -Quick Start with Preconfigured AppSets - -Before reading this section, please ensure you have read Book 2: Installation and Quick Start, which -will help you learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section in Appendix A: Advanced Concepts -on Group Policy and non–Group Policy methods (MEMCM, KACE, and MDM service or Netwrix Endpoint -Policy Manager (formerly PolicyPak) Cloud) to deploy your directives. - -Endpoint Policy Manager Application Settings Manager is one of the Endpoint Policy Manager -components. Its job is to help you configure, manage, lock down, and remediate your desktop -applications. It ships with hundreds of preconfigured AppSets (previously referred to as -AppSets)—ready to use. - -Some of our most popular AppSets are for use with: - -- Firefox -- Chrome -- Internet Explorer -- Adobe products -- Microsoft products - -You can find the latest versions of our AppSets on our website at -[http://www.endpointpolicymanager.com/products/endpointpolicymanager-preconfigured-paks.html](http://www.endpointpolicymanager.com/videos/sn6j7q1clmq.html). -Most AppSets have corresponding videos with examples showing you how to use the AppSets. diff --git a/docs/endpointpolicymanager/applicationsettings/overview/knowledgebase.md b/docs/endpointpolicymanager/applicationsettings/overview/knowledgebase.md deleted file mode 100644 index 37200cdf4a..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/overview/knowledgebase.md +++ /dev/null @@ -1,132 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Application Manager. - -## General Configuration & Operation - -- [What if I am having trouble getting the Licensing GPO installed?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/license/gpo.md) -- [What happens to Application Settings Manager settings when the Endpoint Policy Manager license expires / if my company chooses not to renew?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/gpooutofscope.md) -- [Is there an easy way to back up the GPO's I configured with Application Manager?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/gpos.md) -- [Can I Export my GPO settings so that they can be used in the future to create similar GPOs?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/gpos.md) -- [How many Endpoint Policy Manager policies can I create within one Group Policy Object?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/limitations.md) -- [We upgraded our DLL files recently after creating a new Pak with Design Studio. After the implementation we would like to revert back to the original Pak. I have a local copy of the former DLL. Can I downgrade to the curre](/docs/endpointpolicymanager/troubleshooting/applicationsettings/downgrade.md) -- [Application Manager Roles and Responsibilities](/docs/endpointpolicymanager/applicationsettings/rolesresponsibilities.md) -- [I deselected the Applock feature, Disable whole tab in target application, but the elements are still grayed out. How can I fix this?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/feature.md) -- [I am selecting values for certain settings for the Lync client. On the Alerts tab, I am selecting and deselecting various radio buttons but none of these selections are being underlined. Why is this?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/lyncclient.md) -- [I am configuring the values for some settings for an application. Many of these settings involve checkmarks which are unchecked by default. How can I tell if an unchecked checkbox is being delivered or not?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/checkmarks.md) -- [How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?)](/docs/endpointpolicymanager/applicationsettings/centralstore.md) -- [How can I keep abreast of the latest Endpoint Policy Manager updates as they are released?](/docs/endpointpolicymanager/troubleshooting/latestupdates.md) -- [Should I create Endpoint Policy Application Manager policies on the USER or COMPUTER side?](/docs/endpointpolicymanager/applicationsettings/side.md) -- [What is the difference between running the gp update (Microsoft) and ppupdate (Endpoint Policy Manager) commands?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/updatedcommands.md) -- [Does Application Manager work when the machine is NOT US-English (say, Italian or Russian?)](/docs/endpointpolicymanager/troubleshooting/applicationsettings/language.md) -- [Can Application Manager help me in pushing, assigning or configuring printers?](/docs/endpointpolicymanager/applicationsettings/printers.md) -- [Can I deploy the Application Manager settings I've configured as a one-time only deployment like Group Policy Preferences does?](/docs/endpointpolicymanager/applicationsettings/onetime.md) -- [Are there any required permission settings for a Endpoint Policy ManagerAdministrator to store Endpoint Policy Manager Suite DLL Extensions to the central store?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/permissions.md) -- [Should I backup my Pak files?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/files.md) -- [I'm trying to find a particular font setting in one of your Word Paks but I can't find it. Is the setting not supported?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/fontsetting.md) -- [Is there a particular naming scheme I need to use when compiling my Paks within Design Studio?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/designstudio.md) -- [I need to modify the Pak (DLL file) of one of the applications I control with Application Manager. Will I lose my group policy settings after I modify the DLL file](/docs/endpointpolicymanager/troubleshooting/applicationsettings/modifydll.md) -- [I installed Design Studio on a Windows 7 Laptop but there are still some XP and Vista stations in our network. Will the Paks I create work for all three operating system?](/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudiowindows7.md) -- [Should I put lots of Paks (or other PP directives into one GPO?)](/docs/endpointpolicymanager/troubleshooting/applicationsettings/onegpo.md) -- [How-to gain access of a remote computer using built-in Windows Remote Assistance application?](/docs/endpointpolicymanager/applicationsettings/windowsremoteassistance.md) -- [How do I upgrade Application Manager when I upgrade my DCs / servers?](/docs/endpointpolicymanager/applicationsettings/upgrade.md) - -## Central Store and Sharing - -- [Can I store the DLL extensions in a central location AND locally on the machine I create my Paks on and if so which one is utilized?](/docs/endpointpolicymanager/applicationsettings/dllstorage.md) - -## PreConfigured AppSets - -- [Admin Console (Item Level Targeting): Why would I want to bypass Internal (pre-defined) Item Level Targeting?](/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bypassinternal.md) -- [Chrome: How to Configure Chrome HomePage using Application Manager](/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/home.md) -- [Chrome: How do I manage certificates with Google Chrome?](/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/certificates.md) -- [Chrome Policies don't appear to work when using Endpoint Policy Manager Cloud.](/docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/policies.md) -- [Chrome: How do I manage the Proxy settings for Google Chrome?](/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/proxysettings.md) -- [Chrome: How do I block Local File access to Google Chrome with Endpoint Policy Manager?](/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/localfileaccess.md) -- [Chrome: Why do I have extra tabs appear when I open Chrome on an endpoint?](/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/extratabs.md) -- [Chrome: Why Homepage button URL is not working for Google Chrome?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/homebuttonurl.md) -- [Firefox: How do I make Application Settings Manager work with Firefox 115 and later (and how do I transition existing settings?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/transition.md) -- [Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/certificates.md) -- [Firefox: How can I deliver Certificates to "Certificate Authority" store and select "websites", "mail users" and "software makers"?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/authority.md) -- [Firefox: How can I prevent both automatic AND manual updates for Firefox?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/preventupdates.md) -- [Firefox: How can I use Endpoint Policy Manager to revert Firefox's Options back to the "Old Style" ?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/revertoptions.md) -- [Firefox: How do I use the NTLM passthru (URIS) settings in the Firefox / about:config AppSets?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/ntlmpassthru.md) -- [Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox?](/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/version.md) -- [Firefox: Can I enable / disable add-ons for Firefox?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons.md) -- [Firefox: Can I deliver, manage and/or revoke certificates directly to Firefox?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates.md) -- [Can I use Security.enterprise_roots.enabled as an alternate method for FF + Certificates?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/securityenterpriseroots.md) -- [Firefox (and Java and Thunderbird): Why can't I seem to find (or perform) UI lockdown for Firefox, Java or Thunderbird ?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/javathunderbird.md) -- [Firefox: Is Endpoint Policy Manager compatible with the Frontmotion packaged MSI version of Firefox?](/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/frontmotion.md) -- [Firefox: Is Endpoint Policy Manager compatible with Firefox when installed to non-standard (and portable) locations?](/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/nonstandardlocation.md) -- [Firefox: Is Endpoint Policy Manager compatible with Firefox ESR?](/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/esr.md) -- [Firefox: How do I set "Allow Now", "Allow and Remember" or "Block Plugin" as plug-ins are requested?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/allowremember.md) -- [Firefox: How do I stop the "Firefox automatically sends some data to Mozilla so that we can improve your experience" message?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/stopsenddatamessage.md) -- [Firefox: How can I fix Dark Theme / Firefox 56 when using Endpoint Policy Manager?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/darktheme.md) -- [Firefox: Why doesn't the Firefox Applications Handler function work as expected?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/applicationshandlerfunction.md) -- [Firefox: Why don't I see Bookmarks and Pop-Ups settings set when user has NEVER run Firefox before?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/bookmarkpopups.md) -- [HowTo: What do I do if I find a problem with a preconfigured AppSet?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/issue.md) -- [HowTo: One of my AppSet entry's settings is not getting delivered on target machines. What should be the first thing to look into?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/entrysettings.md) -- [HowTo: Which "side" of GPO should I deploy AppSets to: User or Computer side?](/docs/endpointpolicymanager/applicationsettings/preconfigured/side.md) -- [Internet Explorer: I'm trying to use IE 11's Enterprise Mode, but it doesn't appear to be working?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/11enterprisemode.md) -- [Internet Explorer: Can I enable / disable add-ons for Internet Explorer?](/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/addons.md) -- [Internet Explorer: Can I deliver, manage and/or revoke certificates directly to Internet Explorer?](/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/certificates.md) -- [Internet Explorer: How do I deploy custom settings to zones?](/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/customsettings.md) -- [Internet Explorer: When should I use Compatibility mode vs. Enterprise Mode for IE 11?](/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/mode.md) -- [Internet Explorer: Why don't HTTP sites get added to the Trusted Site list?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/httpsites.md) -- [Internet Explorer: Why does IE fail to launch after I apply ACL lockdown or all of the IE AppSet STIG settings?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfailstig.md) -- [Internet Explorer: Why Internet Explorer is not launching after I apply "Perform ACL Lockdown"?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfail.md) -- [Java: Using the Pre-configured AppSet for Java, how do I prevent "Java has discovered application components that could indicate a security concern." Pop up?](/docs/endpointpolicymanager/applicationsettings/preconfigured/java/securitypopup.md) -- [Java: How to disable prompt "Your Java version is out of date."?](/docs/endpointpolicymanager/applicationsettings/preconfigured/java/versionoutofdate.md) -- [Java: How to disable prompt "You Java version is insecure"?](/docs/endpointpolicymanager/applicationsettings/preconfigured/java/versioninsecure.md) -- [Java: How to disable Java prompt "Do you want to run this application?"](/docs/endpointpolicymanager/applicationsettings/preconfigured/java/runapplication.md) -- [Java: How to disable User Account Control prompt for Java Auto Updater?](/docs/endpointpolicymanager/applicationsettings/preconfigured/java/useraccountcontrol.md) -- [Java: How to disable Task tray notification balloon events?](/docs/endpointpolicymanager/applicationsettings/preconfigured/java/tasktray.md) -- [Java: I don't see that any changes are working at all. What can I try first?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/issue.md) -- [Java: Java Site List Exceptions just stopped working. What can I do to fix this?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/sitelistexceptions.md) -- [Other: What is "Internal (pre-Defined)" Item Level Targeting?](/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/internalpredefined.md) -- [Other: Is "Internal Item-Level Targeting" on by default?](/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bydefault.md) -- [Other: I added a AppSet and some items are grayed out / not available. In other AppSets, everything seems available. What's happening?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemsunavailable.md) -- [AppSets: Why are there some areas of the pre-configured AppSet greyed out or not accessable?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/unavailable.md) -- [AppSets: Why do some AppSets have pre-defined Item Level Targeting for an EXACT version number, and others say "Version 7 to 99" (or similar)?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versions.md) -- [AppSets: What is the official support policy for the pre-configured AppSets?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/supportpolicy.md) -- [AppSets: How will I know that an existing AppSet will work with the version of the application I have today (and tomorrow)?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versionsupport.md) -- [AppSets: How often do the AppSets for specific apps get updated?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/updates.md) - -## Virtualized Applications - -- [Do I need to do anything special to get Application Manager to deploy settings to Microsoft App-V Sequences?](/docs/endpointpolicymanager/requirements/support/applicationsettings/appvsequences.md) -- [A ThinApp throws an "Exception Error". What can I do to fix it?](/docs/endpointpolicymanager/troubleshooting/error/applicationsettings/exception.md) -- [Which application virtualization platforms are supported?](/docs/endpointpolicymanager/requirements/support/applicationsettings/applicationvirtualization.md) -- [How can I manage a version of Java inside a ThinApp package ?](/docs/endpointpolicymanager/applicationsettings/thinapp.md) -- [Are there any additional steps required to integrate Endpoint Policy Manager Software with XenAPP applications?](/docs/endpointpolicymanager/requirements/support/applicationsettings/xenapp.md) -- [Can Endpoint Policy Manager deliver settings for applications that are provided by XenAPP?](/docs/endpointpolicymanager/applicationsettings/xenapp.md) - -## Design Studio - -- [Besides the installation of Design Studio, are there any additional components I need on my computer in order to create my own AppSets?](/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudioadditional.md) -- [What must I do to prepare for Endpoint Policy Manager Tech Support to assist me with AppSet creation?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/creation.md) - -## Troubleshooting - -- [Are there any caveats about removing the Endpoint Policy Manager CSE after it is deployed?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/removeclientsideextension.md) -- [I just upgraded my management station to 785. My LOCAL AppSets are now missing. What happened?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/localmissing.md) -- [Troubleshooting Group Policy Replication Problems](/docs/endpointpolicymanager/troubleshooting/applicationsettings/replication.md) -- [It appears that Endpoint Policy Manager is processing AppSet entries from another Group Policy Object. How is this possible?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/other.md) -- [Troubleshooting Application Manager – Basic Steps BEFORE calling or emailing Tech Support](/docs/endpointpolicymanager/troubleshooting/applicationsettings/basicsteps.md) -- [What are the two ways to export AppSet settings and why would I use one over the other?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/appset.md) -- [Which log file should I consult in order to troubleshoot when one or more settings are not getting applied to the Computer?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/settings.md) -- [How do I know if Application Manager is not behaving properly versus the target application not behaving properly?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/applicationissue.md) -- [How is Item Level Targeting handled in reports?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemleveltargeting/reports.md) -- [I'm using redirected folders and get un-expected results.](/docs/endpointpolicymanager/troubleshooting/applicationsettings/redirectedfolder.md) -- [AppLock (UI lockdown) doesn't seem to work on some applications. Why?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/someapplications.md) -- [Endpoint Policy Manager should be reapplying my settings on application launch time. Why doesn't "reapply on launch" work ?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunch.md) -- [Why does Symantec Endpoint Protection (or SEP for Small business) report that Endpoint Policy Manager is "tampering" ?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/symantecendpointprotection.md) -- [Why does Windows Remote Assistance (MSRA) report "PPAppLockdr64.dll is not designed to run on Windows or it contains an error" 0xc000428 ?](/docs/endpointpolicymanager/troubleshooting/error/applicationsettings/code0xc000428.md) -- [How to use Scripts Manager to workaround the "PPAppLockdr64.dll is either not designed to run on Windows or it contains an error" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903](/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftremoteassistance.md) -- [How do I turn AppLock off or on based upon the CSE version I'm using?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/disable.md) -- [How do I turn off "Reapply on Launch" for all applications if asked by tech support?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunchdisable.md) -- [When I use Forcepoint, Firefox takes 15 minutes to open. How can I fix this?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/forcepoint.md) -- [I do not have access or ability to create the Central Store. What should the best practice to store AppSets be?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/storage.md) -- [What happens to Application Settings Manager settings when the Endpoint Policy Manager license expires / if my company chooses not to renew?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/gpooutofscope.md) -- [Why does Microsoft 365 Defender report suspicious encoded content in Endpoint Policy Manager Application Settings Manager values?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftdefender.md) -- [Why do I see "Extra Registry Settings" in Endpoint Policy Manager Application Settings Manager items in the GPMC?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/gpmc.md) diff --git a/docs/endpointpolicymanager/applicationsettings/overview/videolearningcenter.md b/docs/endpointpolicymanager/applicationsettings/overview/videolearningcenter.md deleted file mode 100644 index 1d49809cb2..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/overview/videolearningcenter.md +++ /dev/null @@ -1,154 +0,0 @@ -# Video Learning Center - -See the following Video topics for Application Manager. - -## What does it do (and Why You Need It) - -- [Endpoint Policy Manager Overview Video for Managers](/docs/endpointpolicymanager/video/applicationsettings/managers.md) -- [Endpoint Policy Application Manager Overview](/docs/endpointpolicymanager/video/applicationsettings/pak.md) -- [Endpoint Policy ManagerOn-Premise QuickStart for Endpoint Policy Application Manager](/docs/endpointpolicymanager/video/applicationsettings/onpremise.md) -- [Managing Application Settings on your MDM enrolled machines](/docs/endpointpolicymanager/video/applicationsettings/mdm.md) -- [What is Endpoint Policy Application Manager (Group Policy Edition)](/docs/endpointpolicymanager/video/applicationsettings/grouppolicy.md) -- [What is Endpoint Policy Application Manager (Cloud Edition)](/docs/endpointpolicymanager/video/applicationsettings/cloud.md) - -## Getting Started - -- [Creating the Central Store for Group Policy andEndpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/centralstorecreate.md) -- [Updating Endpoint Policy Manager Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstoreupdate.md) -- [PPGP Quick Rundown: Application Manager](/docs/endpointpolicymanager/video/applicationsettings/quickrundown.md) - -## Central Store and Sharing - -- [How to manually update Paks](/docs/endpointpolicymanager/video/applicationsettings/manualupdate.md) -- [Working with Others and using the Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstorework.md) -- [Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) -- [Keeping Application Settings Manager and Paks up to date](/docs/endpointpolicymanager/video/applicationsettings/uptodate.md) -- [Understanding and fixing Endpoint Policy Manager DLL Orphans](/docs/endpointpolicymanager/video/applicationsettings/dllorphans.md) -- [Reconnecting DLLs](/docs/endpointpolicymanager/video/applicationsettings/dllreconnect.md) -- [GPOTouch Utility](/docs/endpointpolicymanager/video/applicationsettings/touchutility.md) - -## Features, Tech Support and How-To - -- [Using Item Level Targeting](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargeting.md) -- [Bypassing Internal Item Level Targeting Filters](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargetingbypass.md) -- [ACL Lockdown for Registry Based Applications](/docs/endpointpolicymanager/video/applicationsettings/acllockdown.md) -- [Re-Deploy Settings at application launch](/docs/endpointpolicymanager/video/applicationsettings/applicationlaunch.md) -- [The Superpowers](/docs/endpointpolicymanager/video/applicationsettings/superpowers.md) -- [Using Environment Variables in Paks](/docs/endpointpolicymanager/video/applicationsettings/variables.md) -- [Manage different proxy settings, even when offline](/docs/endpointpolicymanager/video/applicationsettings/proxysettings.md) -- [Endpoint Policy Manager Application Setting Manager (Understanding Trusted AppSets)](/docs/endpointpolicymanager/video/applicationsettings/trustedappsets.md) - -## Misc Tips and Tricks - -- [Managing IE Proxy server with Advanced settings](/docs/endpointpolicymanager/video/applicationsettings/ieproxyserver.md) -- [Wipe Privdog (and other evil certificates) off your network using Group Policy and Endpoint Policy Manager.](/docs/endpointpolicymanager/video/applicationsettings/certificatesevil.md) -- [Endpoint Policy Manager and Invincea Integration Demo](/docs/endpointpolicymanager/video/applicationsettings/invincea.md) -- [Manage Firefox Plug-ins Per Website](/docs/endpointpolicymanager/video/applicationsettings/firefoxplugins.md) -- [Chrome Revert Tips (Pre-CSE 1260)](/docs/endpointpolicymanager/video/applicationsettings/chromerevert.md) -- [Fix Chrome Revert with PP CSE 1260 or later](/docs/endpointpolicymanager/video/applicationsettings/chromerevertfix.md) -- [Transitioning to the Universal Oracle Java AppSet (7 thru 9)](/docs/endpointpolicymanager/video/applicationsettings/oraclejava.md) -- [PPAM: Convert from 2 to 4 AppSet for Firefox About:Config AppSet](/docs/endpointpolicymanager/video/applicationsettings/firefoxabout.md) -- [Deliver pre-configured Bookmarks in Chrome](/docs/endpointpolicymanager/video/applicationsettings/chromebookmarks.md) -- [Endpoint Policy Manager App Settings Manager: Finding items in big Paks](/docs/endpointpolicymanager/video/applicationsettings/paksbig.md) - -## DesignStudio How-To - -- [Creating Your First Pak using Endpoint Policy Manager Design Studio](/docs/endpointpolicymanager/video/applicationsettings/designstudio/firstpak.md) -- [Use the DesignStudio to import existing registry keys](/docs/endpointpolicymanager/video/applicationsettings/designstudio/importregistry.md) -- [Using DesignStudio to add elements from an alternate UI](/docs/endpointpolicymanager/video/applicationsettings/designstudio/addelements.md) -- [Predefined ILTs (Internal Filters)](/docs/endpointpolicymanager/video/applicationsettings/designstudio/itemleveltargeting.md) -- [Design Studio – FoxIT Printer Settings Tutorial](/docs/endpointpolicymanager/video/applicationsettings/designstudio/foxitprinter.md) -- [Manage Firefox Plug-ins using Endpoint Policy Managerand the Endpoint Policy Manager DesignStudio](/docs/endpointpolicymanager/video/applicationsettings/designstudio/firefox_plugins.md) - -## Citrix & Terminal Servers - -- [Endpoint Policy Manager and Citrix: Webster Seal of Approval](/docs/endpointpolicymanager/video/applicationsettings/citrix/sealapproval.md) -- [Endpoint Policy Manager and Citrix: Better Together.. A quick introduction!](/docs/endpointpolicymanager/video/applicationsettings/citrix/integration.md) -- [Endpoint Policy Manager on Citrix: You Gotta Try This](/docs/endpointpolicymanager/video/applicationsettings/citrix/demo.md) -- [CUGC Connect Endpoint Policy Manager + Citrix Demo You Gotta Try This!](/docs/endpointpolicymanager/video/applicationsettings/citrix/demo2.md) -- [Endpoint Policy Manager enhances XenApp with Group Policy](/docs/endpointpolicymanager/video/applicationsettings/citrix/xenapp.md) -- [Endpoint Policy Manager & Citrix XenDesktop](/docs/endpointpolicymanager/video/applicationsettings/citrix/xendesktop.md) -- [Endpoint Policy Manager and Microsoft RDS and RemoteApp – Better Together to Manage Applications' settings](/docs/endpointpolicymanager/video/applicationsettings/citrix/rds.md) - -## Methods (Cloud, MDM, SCCM, PDQ) - -- [Perform Desktop Lockdown using Microsoft Intune](/docs/endpointpolicymanager/video/applicationsettings/integration/microsoftintune.md) -- [Perform Desktop Lockdown using Microsoft SCCM and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/sccmsoftwarecenter.md) -- [Endpoint Policy Manager Integrates with Specops Deploy](/docs/endpointpolicymanager/video/applicationsettings/integration/specops.md) -- [Deploy and Manage WinZip with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeploy.md) -- [Deploy and Manage Firefox with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeployfirefox.md) - -## VDI - -- [Endpoint Policy Manager and Microsoft VDI – Better Together to Manage Applications' settings](/docs/endpointpolicymanager/video/applicationsettings/vdi/integration.md) -- [Endpoint Policy Manager and VMWare Horizon View](/docs/endpointpolicymanager/video/applicationsettings/vdi/vmware.md) -- [Endpoint Policy Manager and VMware Horizon View – Dedicated VDI](/docs/endpointpolicymanager/video/applicationsettings/vdi/dedicated.md) -- [Endpoint Policy Manager and VMware Horizon View – Local Mode VDI](/docs/endpointpolicymanager/video/applicationsettings/vdi/localmode.md) -- [Endpoint Policy Manager and VMware Horizon View with ThinApp Assigned Packages](/docs/endpointpolicymanager/video/applicationsettings/vdi/thinapp.md) -- [Endpoint Policy Manager and VMware Horizon Workspace Applications and ThinApp Entitled Packages](/docs/endpointpolicymanager/video/applicationsettings/vdi/thinappworkspace.md) - -## Application Virtualization - -- [Endpoint Policy Manager extends Group Policy to Microsoft App-V](/docs/endpointpolicymanager/video/applicationsettings/virtualization/appv.md) -- [Endpoint Policy Manager & Citrix XenApp](/docs/endpointpolicymanager/video/applicationsettings/virtualization/xenapp.md) -- [Microsoft User Experience Virtualization (UE-V) enhanced by Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/virtualization/uev.md) -- [Manage ThinApp Packages on Physical or VDI machines using Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/virtualization/thinapp.md) -- [Endpoint Policy Manager & Symantec](/docs/endpointpolicymanager/video/applicationsettings/virtualization/symantec.md) -- [Endpoint Policy Manager extends Group Policy to Spoon / Novell ZENworks App Virtualization](/docs/endpointpolicymanager/video/applicationsettings/virtualization/spoonnovell.md) - -## Troubleshooting - -- [Endpoint Policy Manager and "Chrome Incompatible apps"](/docs/endpointpolicymanager/video/troubleshooting/applicationsettings/chrome.md) - -## Internet Explorer (all videos) - -- [Getting Started Managing Internet Explorer](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/gettingstarted.md) -- [Manage IE Certificates](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/certificates.md) -- [Manage IE Connections tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/connectionstab.md) -- [Manage IE Content tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/contenttab.md) -- [Manage IE General tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/generaltab.md) -- [Manage IE Privacy tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/privacytab.md) -- [Manage IE Programs Tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/programstab.md) -- [Manage Internet Explorer Security tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/securitytab.md) -- [Manage Internet Explorer Settings With Endpoint Policy Manager Application Settings Manager](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/settings.md) -- [Managing Favorites in IE](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/favorites.md) - -## Chrome (all videos) - -- [Manage Google Chrome using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/video/applicationsettings/chrome/gettingstarted.md) -- [Google Chrome: Clear Browsing History, Cookies, Password, Images and more](/docs/endpointpolicymanager/video/applicationsettings/chrome/clearbrowsing.md) -- [Manage Google Chrome Bookmarks](/docs/endpointpolicymanager/video/applicationsettings/chrome/bookmarks.md) - -## Firefox (all videos) - -- [Manage Firefox using Group Policy, SCCM, or your own management tool](/docs/endpointpolicymanager/video/applicationsettings/firefox/gettingstarted.md) -- [Changing the Firefox Default Search Engine in one-click](/docs/endpointpolicymanager/video/applicationsettings/firefox/defaultsearch.md) -- [Manage Firefox Pop-Ups and Permissions using Group Policy](/docs/endpointpolicymanager/video/applicationsettings/firefox/popups.md) -- [Force Install Firefox Extensions (from URL or file).](/docs/endpointpolicymanager/video/applicationsettings/firefox/extensions.md) -- [Manage Firefox Bookmarks](/docs/endpointpolicymanager/video/applicationsettings/firefox/bookmarks.md) -- [Remove Firefox's Extra Tabs at First Launch](/docs/endpointpolicymanager/video/applicationsettings/firefox/extratabs.md) -- [Disable the following about:config, about:addons, pages, Developer Menu, and any Preferences in one click](/docs/endpointpolicymanager/video/applicationsettings/firefox/disable.md) -- [Firefox Remove Specific Elements from about:preferences panel](/docs/endpointpolicymanager/video/applicationsettings/firefox/removeelements.md) -- [Manage Firefox Misc Settings and Buttons Using Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/firefox/miscsettings.md) -- [Manage Firefox Certificates](/docs/endpointpolicymanager/video/applicationsettings/firefox/certificates.md) -- [Change Firefox application handler (like PDF) to Adobe Reader](/docs/endpointpolicymanager/video/applicationsettings/firefox/adobe.md) -- [Manage Firefox Add-ons using Group Policy](/docs/endpointpolicymanager/video/applicationsettings/firefox/addons.md) -- [How to Add and Remove Bookmarks folders from the Firefox menu and toolbar](/docs/endpointpolicymanager/video/applicationsettings/firefox/bookmarksmodify.md) - -## Java (all videos) - -- [How to quickly disable Java, everywhere (in an emergency)](/docs/endpointpolicymanager/video/applicationsettings/java/disable.md) -- [Manage and Lock down Java Site List Exceptions](/docs/endpointpolicymanager/video/applicationsettings/java/lockdown.md) -- [Manage Java JRE Control Panel applet with Group Policy](/docs/endpointpolicymanager/video/applicationsettings/java/jre.md) -- [How to Manage the security slider in Java](/docs/endpointpolicymanager/video/applicationsettings/java/securityslider.md) - -## Other applications (all videos) - -- [Netwrix Endpoint Policy Manager can manage Netwrix Password Secure](/docs/endpointpolicymanager/video/applicationsettings/passwordsecure.md) -- [Managing Teams Settings](/docs/endpointpolicymanager/video/applicationsettings/teams.md) -- [Endpoint Policy Manager for Adobe Acrobat](/docs/endpointpolicymanager/video/applicationsettings/acrobat.md) -- [Endpoint Policy Manager for Adobe Flash Player](/docs/endpointpolicymanager/video/applicationsettings/flashplayer.md) -- [Endpoint Policy Manager for IrfanView](/docs/endpointpolicymanager/video/applicationsettings/irfanview.md) -- [Endpoint Policy Manager for Microsoft Office 2013 and 2016](/docs/endpointpolicymanager/video/applicationsettings/office.md) -- [Endpoint Policy Manager for Microsoft Skype for Business (formerly Lync)](/docs/endpointpolicymanager/video/applicationsettings/skype.md) -- [Endpoint Policy Manager for Thunderbird](/docs/endpointpolicymanager/video/applicationsettings/thunderbird.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/certificates.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/certificates.md deleted file mode 100644 index b9a1352188..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/certificates.md +++ /dev/null @@ -1,9 +0,0 @@ -# Chrome: How do I manage certificates with Google Chrome? - -Chrome uses the underlying certificates that Internet Explorer does. As such we didn't opt to put -the functionality in Chrome AppSet. Said another way, use the IE + Certs features, you're ALSO -setting Chrome at the same time. - -Here's the how-to video in using the IE + Certs features (again, which should also set Chrome too): - -[Manage IE Certificates](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/certificates.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/extratabs.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/extratabs.md deleted file mode 100644 index 8d6802c8d0..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/extratabs.md +++ /dev/null @@ -1,7 +0,0 @@ -# Chrome: Why do I have extra tabs appear when I open Chrome on an endpoint? - -Be sure to find the Set Pages area and uncheck "Always reapply this setting" in the remaining tabs. -Netwrix Endpoint Policy Manager (formerly PolicyPak) is delivering "blank" when the "Always reapply -this setting" is present upon items. So right-click and uncheck each unwanted page as seen here. - -![282_1_faq-images7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/282_1_faq-images7.webp) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/localfileaccess.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/localfileaccess.md deleted file mode 100644 index 8839a81a81..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/localfileaccess.md +++ /dev/null @@ -1,16 +0,0 @@ -# Chrome: How do I block Local File access to Google Chrome with Endpoint Policy Manager? - -Use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Pak for Chrome. Then in the Extras, -specify a URL to block as - -three slashes after file like this. - -``` -file:///c:/ -``` - -![38_1_image001](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/38_1_image001.webp) - -Result: - -![38_2_image002](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/38_2_image002.webp) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/proxysettings.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/proxysettings.md deleted file mode 100644 index 0fb49b9444..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/proxysettings.md +++ /dev/null @@ -1,10 +0,0 @@ -# Chrome: How do I manage the Proxy settings for Google Chrome? - -Google Chrome uses the same settings as the system. - -Which is set using the Netwrix Endpoint Policy Manager (formerly PolicyPak) Pak for Internet -Explorer. - -See this video for more details, which will also set the Chrome Pak: - -[Manage IE Connections tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/connectionstab.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons.md deleted file mode 100644 index f20e23ea51..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons.md +++ /dev/null @@ -1,5 +0,0 @@ -# Firefox: Can I enable / disable add-ons for Firefox? - -Yes. Here is a videos to demonstrate that. - -[Manage Firefox Add-ons using Group Policy](/docs/endpointpolicymanager/video/applicationsettings/firefox/addons.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/enabledisableid.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/enabledisableid.md deleted file mode 100644 index d9790829bb..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/enabledisableid.md +++ /dev/null @@ -1,10 +0,0 @@ -# Using the ID to Enable or Disable Add-Ons - -The following snippet will disable all add-ons except extensions, and then will disable the -"Clearly" extension from Evernote by its ID (GUID or friendly name). - -``` -readable@evernote.com, enable -{47c11ff1-bbce-4481-83be-54e0c0adfda7}, disable -In the next section, we will give you some tips on how to find the GUID or friendly name of your extensions. -``` diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/overview.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/overview.md deleted file mode 100644 index 1e97b80bc4..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/overview.md +++ /dev/null @@ -1,10 +0,0 @@ -# Add-Ons - -Netwrix Endpoint Policy Manager (formerly PolicyPak) can manipulate Firefox add-ons by enabling and -disabling add-ons of all types. Endpoint Policy Manager can also force the installation of or force -the removal of specific add-ons. To find Firefox's add-ons, select "Add-ons" within Firefox, as -shown in Figure 15. - -![add_ons](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/add_ons.webp) - -Figure 15. The Add-ons tab. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates.md deleted file mode 100644 index 36fb8973b8..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates.md +++ /dev/null @@ -1,3 +0,0 @@ -# Firefox: Can I deliver, manage and/or revoke certificates directly to Firefox? - -Yes. Here is a videos to demonstrate that. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/overview.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/overview.md deleted file mode 100644 index 79fd4ab065..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/overview.md +++ /dev/null @@ -1,128 +0,0 @@ -# Certificates - -Netwrix Endpoint Policy Manager (formerly PolicyPak) can add or remove certificates within Firefox. -These certificates must be in the binary-encoded DER format and cannot be Base64-encoded. If you -need to learn how to convert a certificate, see the section "Exporting Certificates to the -Binary-Encoded DER Format" below. - -Video: To see a video of Endpoint Policy Manager managing Firefox's add-ons, go to -[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-certificates.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-certificates.html) - -You can see Firefox's certificates under` Options | Advanced | Certificates | View Certificates`, as -shown in Figure 42. - -![certificates](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates.webp) - -Figure 42. The Servers tab within the Certificate Manager. - -To manage Firefox's certificates, you need to specify the location of the certificate to import -(source) and the location where you want to deliver it (target). The source location can be local, -on a file server, etc. - -![certificates_1](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_1.webp) - -Figure 43. Specifying the Firefox certificate location. - -Target locations require a keyword to specify the location. The possible values are listed in -Table 3. - -Table 3: Keywords for target locations. - -| Keyword | Location | Note | -| ---------- | ------------- | --------------------------------------------- | -| Root | Authorities | Root and Intermediate Certificate Authorities | -| Trusted | Servers | | -| People | People | | -| Your Certs | Not Supported | | -| Other | Not Supported | | - -You can also specify how often (in days) the source certificate file should be checked for changes -using the following: `\\DC\Share\Fabrikam-CA.cer, 1, ROOT, add`. If the optional parameter is not -specified, it defaults to 0, meaning that the client-side extension (CSE) will re-read the -certificate file every time Firefox starts. Note that if the file is unavailable or the remote -location is offline, the launch of Firefox is not slowed down. Additionally, you might want to -deliver certificates to all these stores, as shown in Figure 44. - -![certificates_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_2.webp) - -Figure 44. Editing the trust settings. - -To do so, use the following syntax: `\\Server\Share\FF.cer,1,C;C;C,add`. Note that the certificate -authority is omitted in this correct syntax. For more information on this advanced syntax, see the -following - -**NOTE:** -[http://www.endpointpolicymanager.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html](http://www.endpointpolicymanager.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html). - -**NOTE:** In order to decrease network load, you may want to specify the number of days explicitly. - -To delete a certificate, you must know its SHA 1 fingerprint. You do not need to specify where the -certificate is currently stored; if the fingerprint matches a certificate in any store, it is -removed. - -![certificates_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_3.webp) - -Figure 45. SHA Fingerprint location. - -## Exporting Certificates to the Binary-Encoded DER Format - -Endpoint Policy Manager can only work with binary-encoded DER certificates. If you have a -certificate of another type, you may import it first into Firefox. Then, you can immediately export -it as a DER file, as shown in Figure 46. - -![certificates_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_4.webp) - -Figure 46. Explorting a certificate as a DER. - -You can optionally perform the same type of export by looking at the file itself in the Details tab -of Explorer, and then selecting the "Copy to File" button. Then, select "DER encoded binary X.509 -(CER)," as shown in Figure 47. - -![certificates_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_5.webp) - -Figure 47. Exporting via Explorer. - -## Troubleshooting Certificates - -If you are not seeing the results you expect, you can look in Endpoint Policy Manager's logs (see -Book 3: Application Settings Manager for more information) as well as Firefox's log. An example of -Endpoint Policy Manager's log showing that certificates are correctly being added can be seen in -Figure 48. - -![certificates_6](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_6.webp) - -Figure 48. The Endpoint Policy Manager log with certificate details. - -You can also use Firefox's log by clicking Ctrl+Shift+J on any page. In the log below (Figure 49), -you can see certificates being added to the proper stores. - -![certificates_7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_7.webp) - -Figure 49. The Firefox log with certificate details. - -The most common reasons for certificates not showing up the store you want are the following: - -- The certificate is NOT in binary/DER format. See the preceding section "Exporting Certificates to - the Binary-Encoded DER Format" in order to get certificates into the correct format first. -- The certificate is not designed to work in the store of your choice. For instance, you've selected - an email certificate and tried to use it in the ROOT or CA store. -- You have misspelled the name of the file. For instance, the file is named - -``` -\\server\share\file123.cer but you specified  -\\server\share\file123 or  -\\server\share\file123.x509. -``` - -- When specifying a certificate and the number of days after which Endpoint Policy Manager should - check for updates, you have transposed the values. The correct way to specify a certificate and - have Endpoint Policy Manager check for updates every two days is - -`\\DC\Share\Fabrikam-CA.cer, 2, CA`, add and not - -`\\DC\Share\Fabrikam-CA.cer, CA, 2, add`. In the logs, you would see this transposition error as -shown in Figure 50. - -![certificates_8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_8.webp) - -Figure 50. Log showing a transposition error. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/overview.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/overview.md deleted file mode 100644 index fb90c3e048..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/overview.md +++ /dev/null @@ -1,38 +0,0 @@ -# Firefox AppSet - -This document will help you to understand how to use the AppSet named "Mozilla Firefox 23.0". This -AppSet works for Firefox 23 and later but only works with Firefox ESR, and not the regular version. -For more details on this see: -[https://www.endpointpolicymanager.com/pp-blog/policypak-will-soon-only-support-firefox-esr](https://www.endpointpolicymanager.com/pp-blog/endpointpolicymanager-will-soon-only-support-firefox-esr) - -Only use this document after you have read and worked through Book 3: Application Settings Manager -and have successfully tested "Winzip 14," or an example application. Some features are only -available when you have a Netwrix Endpoint Policy Manager (formerly PolicyPak) client-side extension -(CSE) which supports the feature. Inside the AppSet, we've noted when a feature requires a specific -CSE version. - -**NOTE:** The Endpoint Policy Manager "About Config" AppSets are still valid and available and -should be used for settings within Firefox's About:config. - -Additionally, if you were using any of the other main Firefox AppSets created by Endpoint Policy -Manager, those are now deprecated and are no longer to be used. These AppSets include: - -- Mozilla Firefox 21 AppSet -- Mozilla Firefox ESR 24/24.1 AppSet -- Mozilla Firefox ESR 17 AppSet -- Mozilla Firefox Plug-In Example AppSet - -For information on how to migrate from any of these old Firefox AppSets to the Firefox 23 AppSet, -see the section title "Migrating to the Firefox 23 AppSet" in this document. - -This AppSet is no different than other AppSets, in that it can be placed into Local, Shared or -Central storage. (See Book 3: Application Settings Manager for details.) Once placed into the -storage location, it will be available as seen in Figure 1. - -![about_this_document_and_the](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/about_this_document_and_the.webp) - -Figure 1. The Endpoint Policy Manager Mozilla Firefox Pak. - -The AppSet may be used on the User or Computer side just like all other AppSets. However, Firefox -lockdown features are ONLY available on the COMPUTER side, and therefore we recommend using the -Firefox AppSet on the Computer side. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions.md deleted file mode 100644 index fd3f2bb53f..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions.md +++ /dev/null @@ -1,105 +0,0 @@ -# Permissions and Pop Ups - -Starting recently in Firefox, you can only see permissions and pop-ups by doing the following: - -**Step 1 –** Go to the website. - -**Step 2 –** Click on the lock icon or another icon in that space. - -**Step 3 –** Click the right arrow as shown in Figure 6. - -**Step 4 –** Click on "More Information," as shown in Figure 7. - -**Step 5 –** After doing this, you will reach the Permissions tab, as shown in Figure 8. - -![permissions_and_pop_ups](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups.webp) - -Figure 6. To see permissions and pop-ups click, one must click on the lock icon and then on the -right arrow. - -![permissions_and_pop_ups_1](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_1.webp) - -Figure 7. The next step to see the permissions and pop-ups is to click on "More Information." - -![permissions_and_pop_ups_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_2.webp) - -Figure 8. The Permissions tab. - -You can see Firefox's pop-up exceptions using Options | Privacy & Security | Exceptions, as shown in -Figure 9 and Figure 10. - -![permissions_and_pop_ups_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_3.webp) - -Figure 9. Firefox's pop-up exceptions. - -![permissions_and_pop_ups_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_4.webp) - -Figure 10. The pop-up exceptions page. - -Netwrix Endpoint Policy Manager (formerly PolicyPak) can manipulate most areas of permissions and -pop-ups. Within the Firefox AppSet, you can use the Permissions tab to enter in the values you wish -for the sites that are allowed to have pop-ups and you can set permissions, as shown in Figure 11. - -![permissions_and_pop_ups_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_5.webp) - -Figure 11. Using Endpoint Policy Manager to configure the Permissions tab. - -To see a video of Endpoint Policy Manager managing permissions and pop-ups, to go -[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-pop-ups-and-permissions-using-group-policy.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-pop-ups-and-permissions-using-group-policy.html). - -In Figure 11, you can see the key word after the website, like "image," "Geo," "cookie," and so on. -Use Table 1 to find the key word for the area on the website you would like to manage. - -Table 1: PolicyPak keywords. - -| Endpoint Policy Manager Keyword (case sensitive) | Possible Verbs | Item in About:Permissions for a website | -| ------------------------------------------------ | -------------- | --------------------------------------- | ------------------- | ------------------------ | -| popup | Allow | Block | Open Pop-Up Windows | -| camera | Allow | Block | Ask | Camera | -| microphone | Allow | Block | Ask | Microphone | -| fullscreen | Allow | Block | Ask | Fullscreen | -| pointerLock | Allow | Block | Ask | Hide Mouse | -| NOT AVAILABLE | Allow | Block | Store Passwords | -| geo | Allow | Block | Ask | Share Location | -| cookie | Allow | Block | Set Cookies | -| indexedDB | Allow | Block | Ask | Maintain Offline Storage | -| Image | Allow | Block | Load images | -| Install | Allow | Block | Install Add-Ons | -| desktop-notification | Allow | Block | Ask | Show Notifications | -| plugin:[name] | Allow | Block | Ask | See below. | - -A special case would be when you want a plugin to be enabled or always allowed for a particular -website. To do this, you need the "short name" of the plugin. - -Video: To see a video of how to discover the short name of a plugin and ensure it always works for a -particular website, go to -[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-plug-ins-per-website.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-plug-ins-per-website.html). - -For example, if you want to ensure that when end-users go to a specific Citrix website, the Citrix -ICA plugin is always set to ALLOW for that site, you would need to know the Citrix plugin short -name, which is "npican." Then, you would enter http://site.com, plugin:npican, allow. This is -illustrated in Figure 12. - -![permissions_and_pop_ups_6](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_6.webp) - -Figure 12. The plug in short name within the Permissions tab. - -This will ensure on the endpoint that Firefox will perform the ALLOW command on that plugin for that -website, as shown in Figure 13. - -![permissions_and_pop_ups_7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_7.webp) - -Figure 13. The plug in is allowed in Firefox. - -To get plugin short names, you need to use a SQLLite browser, like http://sqlitebrowser.org/. Then, -do the following: - -**Step 1 –** Open the firefox permissions.sqllite database, as shown in Figure 14. - -**Step 2 –** Select the table "moz_perms." - -**Step 3 –** Locate the website and the type, as shown in Figure 14, to discover the short name. - -![permissions_and_pop_ups_8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_8.webp) - -Figure 14. Finding the plug in short name. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/preferences.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/preferences.md deleted file mode 100644 index 3077633999..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/preferences.md +++ /dev/null @@ -1,93 +0,0 @@ -# Hiding Preferences Pages and Other Special Elements - -Netwrix Endpoint Policy Manager (formerly PolicyPak) is able to hide many Firefox elements, -sometimes with only one click. - -Video: To see a video of Endpoint Policy Manager disabling various Firefox user interface (UI) pages -see -[Disable the following about:config, about:addons, pages, Developer Menu, and any Preferences in one click](/docs/endpointpolicymanager/video/applicationsettings/firefox/disable.md). - -For instance, you can select "Hide about:config UI" in the About:Config tab, as shown in Figure 32. - -![hiding_preferences_pages_and](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and.webp) - -Figure 32. Hiding the about:config page. - -Endpoint Policy Manager can hide the about:addons page UI with a checkbox in the Add-Ons: -Extensions, Appearance, Plugins, and Service page, as shown in Figure 33. - -![hiding_preferences_pages_and_1](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_1.webp) - -Figure 33. Hiding the about:addons page. - -Endpoint Policy Manager can allow you to hide the Australis menu in FireFox (seen in Figure 34) by -clicking the "Hide Australis button" in the Extras tab, as shown in Figure 35. Endpoint Policy -Manager can also provide you with the ability to disable the web developer menu and many other -special pages, as shown in Figure 35. - -![hiding_preferences_pages_and_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_2.webp) - -Figure 34. The Australis menu. - -![hiding_preferences_pages_and_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_3.webp) - -Figure 35. Disabling the web developer menu and other special pages. - -Note that some of the options specifically require that the settings be right-clicked and locked in -order to work. This means they must be deployed on the Computer side, because only Group Policy -Objects (GPOs) based on the Computer side can be locked with the Firefox AppSet. - -Lastly, Endpoint Policy Manager has another huge array of special things that can be hidden within -the About:Preferences tab, as shown in Figure 36. - -![hiding_preferences_pages_and_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_4.webp) - -Figure 36. Hiding preferences. - -The items on the left only require one click to get the expected response in Firefox. The special -box on the right can remove nearly every element in Firefox, but you need to know the special -element ID. - -Video: To see a video of Endpoint Policy Manager removing elements in about:prefrences, go to -[Firefox Remove Specific Elements from about:preferences panel](/docs/endpointpolicymanager/video/applicationsettings/firefox/removeelements.md). - -For instance, let's imagine you wanted to hide the element "Play DRM-controlled content" in the -Content section, as shown in Figure 37. In this example, we did a search for DRM rather than -navigate to it through the menus. - -![hiding_preferences_pages_and_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_5.webp) - -Figure 37. Hiding DRM-controlled content. - -Start by opening the Firefox web developer tools (press Ctrl + Shift + I) or select Options | -Developer | Toggle Tools, as shown in Figure 38. - -![hiding_preferences_pages_and_6](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_6.webp) - -Figure 38. Web developer menu. - -Then, as shown in Figure 39, click the selector icon all the way on the left side, then click the -"Play DRM content" element. The element will light up with a red dotted box, and in the Inspector -pane, you'll see the element ID. - -![hiding_preferences_pages_and_7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_7.webp) - -Figure 39. Selecting the "Play DRM content" element. - -In this case, `checkbox id=" playDRMContent"`. Copy its value into the textbox in Firefox 23.0 -AppSet, as shown in Figure 40. You can also see another value, useMasterPassword, there as well to -show how multiple values are separated by commas. - -![hiding_preferences_pages_and_8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_8.webp) - -Figure 40. Copying the value to the Firefox 23.0 textbox. - -**CAUTION:** All values are comma separated instead of being one per line. - -The result once Group Policy applies and Firefox is restarted is that the element is hidden. - -![hiding_preferences_pages_and_9](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_9.webp) - -Figure 41. The DRM content setting is now hidden. - -Later, if the element ID is removed from the MMC, it will return back. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/specialsections.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/specialsections.md deleted file mode 100644 index f97be8a809..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/specialsections.md +++ /dev/null @@ -1,29 +0,0 @@ -# How to Use Special Sections - -There are some special sections within the Firefox AppSet and most have pre-configured example -values listed for how to use that section. Many also let you specify the first line as: - -`MODE=REPLACE` or `MODE=MERGE` - -In Figure 2, you can see Permissions tab has the default example set with `MODE=REPLACE` and shows -some examples on how to use the special section. - -![how_to_use_special_sections](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/how_to_use_special_sections.webp) - -Figure 2. Site to Zone assignment special section. - -**NOTE:** If you leave the MODE line off, the default is MERGE. - -Here's what each mode does: - -`MODE=REPLACE`: This takes the existing settings on the machine, removes them, and replaces them -with these entries. Use `MODE=REPLACE` if you want to ensure your specific settings, regardless of -what the user already has. - -`MODE=MERGE`: This merges the settings a user already has manually placed there, with the entries -you have here. Use` MODE=MERGE` if you want to let users make changes, but also ensure that your -additions make it to their environment. - -Note that with some sections (like Bookmarks), MERGE is the only option and is not changeable. In -the next sections we'll explore each tab and highlight anything noteworthy with examples, tips, -tricks, and exceptions. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/stopsenddatamessage.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/stopsenddatamessage.md deleted file mode 100644 index 8d57d0ed8e..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/stopsenddatamessage.md +++ /dev/null @@ -1,10 +0,0 @@ -# Firefox: How do I stop the "Firefox automatically sends some data to Mozilla so that we can improve your experience" message? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager can remove the message -"Firefox automatically sends some data to Mozilla so that we can improve your experience" as seen -below. - -![177_1_image001](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/177_1_image001.webp) - -To do this, use the Endpoint Policy Manager Application Manager pak About:Config A-I Pak. -Use the setting datareporting.policy.dataSubmissionPolicyBypassNotification and set to TRUE. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/transition.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/transition.md deleted file mode 100644 index 3f0e0e155b..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/transition.md +++ /dev/null @@ -1,316 +0,0 @@ -# Firefox: How do I make Application Settings Manager work with Firefox 115 and later (and how do I transition existing settings? - -This document is only needed for customers using Netwrix Endpoint Policy Manager (formerly -PolicyPak) Application Settings Manager and Firefox ESR. There is no required special workaround for -Endpoint Policy Manager Browser Router except using the latest Endpoint Policy Manager CSE and -Firefox ESR 115 and later. - -Update for 24.11 CSE - -Firefox 128 has made a breaking change requiring an update to the CSE and the Firefox 115 and later -Pak to continue functioning. - -The only supported configuration going forward for Firefox 128 support is CSE 24.11 (or later) and -the Firefox 115 and later pak, which is compiled (and signed) from Netwrix with date stamp 11/7/2024 -and later. - -![transition](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/transition.webp) - -Previous Details (Pre 24.11 CSE) - -Firefox 115 and later has made a breaking change internally which makes our longstanding plug-in -implementation fail to operate. This change is expected to be permanent, and as such required a few -items to workaround and fix it: - -- Changes within Endpoint Policy Manager Application Settings Manager on how we register the Firefox - plug in (requiring an updated CSE) -- The way the AppSet performs its interaction with the CSE -- The AppSet itself which needed to be recompiled with some Endpoint Policy Manager DesignStudio - updates. - -**NOTE:** If you are using the Endpoint Policy Manager DesignStudio yourself to make any changes to -the Firefox 23 AppSet, you will need to re-compile with the latest Endpoint Policy Manager -DesignStudio and then perform the steps listed below. - -This document is to help guide you through the required transition. - -We will refer to the original Firefox AppSet as FF23 AppSet and the updated one as Firefox AppSet as -FF115. - -You can acquire the updated FireFox AppSet 115 in the Endpoint Policy Manager Portal within the -AppSets downloads. - -**NOTE:** It is recommended, though not strictly required that you also update your management -station to the latest Endpoint Policy Manager MMC snap-in. In doing so the screenshots shown here -will match the steps you will be performing. - -## Functional Matrix of Firefox, CSE and AppSet - -| Firefox ESR version | CSE Version | AppSet Version Compiled with | Expected Behavior | -| ------------------- | --------------- | ----------------------------------- | ----------------- | -| 102.9 and below | 23.8 and below | 23.8 and below (aka FF23 AppSet) | Works | -| 102.9 and below | 23.10 and later | 23.10 and later (aka FF 115 AppSet) | Works | -| 102.9 and below | 23.8 and below | 23.10 and later (aka FF 115 AppSet) | Not Work | -| 115 and later | 23.10 and later | 23.8 and below (aka FF23 AppSet) | Not Work | -| 115 and later | 23.8 and below | 23.10 and later (aka FF 115 AppSet) | Not Work | -| 115 and later | 23.10 and later | 23.10 and later (aka FF23 AppSet) | Works | - -The upshot is: - -- If you use the new CSE you must use the New AppSet (FF115) -- If you use an older CSE you must use the Older AppSet (FF23) -- Then when you use the new CSE and the New AppSet (FF115), Endpoint Policy Manager will operate as - expected for FF ESR version 102.9 and also FF 115 and later - -Additionally, you will want to ensure that your existing FF23 AppSet policies do not get pushed down -to the machines with the new 23.10 and later CSE. During this guide you will use Item Level -Targeting to ensure that the older FF23 AppSet cannot work with, and shouldn't be applied to newer -CSEs; therefore we need to ensure that the newer FF115 AppSet only applies to the newer CSEs. - -**NOTE:** This document mostly focuses on Group Policy Object delivery of the Firefox Endpoint -Policy Manager AppSet. Note you may have other ways to deliver the FireFox Endpoint Policy Manager -AppSet like Endpoint Policy Manager Cloud, local GPOs, and/or XML data files (via MSI files.) Be -sure to perform this same operation using any and all methods. - -## Finding all GPOs with Endpoint Policy Manager Application Settings Manager Data - -You'll want to first discover all GPOs with Endpoint Policy Manager Application Settings Manager -Data, and those with specific Firefox 23 AppSets. That being said, automation can only help you -discover which GPOs contain Endpoint Policy Manager Application Settings Manager data. After that, -you must open each Group Policy Object one by one and manually look for FF23 AppSet data. - -Overview of using the Endpoint Policy Manager PowerShell cmdlets to discover Endpoint Policy Manager -data within GPOs see the -[Endpoint Policy Manager User PowerShell to find all Endpoint Policy Manager GPOs](/docs/endpointpolicymanager/video/troubleshooting/powershell.md) -topic for additional information. - -![939_1_image-20231101213809-1_950x372](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_1_image-20231101213809-1_950x372.webp) - -The specific command you'll want to run is Get-PPGPOs -cse "application settings manager". - -Each Group Policy Object at this point will need to be opened to look for Firefox 23 AppSets. Here -is an example of the FF23 AppSet on the Computer side, though it may also reside on the User side. - -![939_2_image-20231101213809-2_950x458](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_2_image-20231101213809-2_950x458.webp) - -Before making any modifications, you'll want to perform a few backup steps which are detailed in the -next section. - -## Backing Up and Testing a Restore - -There are a myriad of ways to recover from a problem during this procedure; and we recommend you -perform all of these steps. - -We strongly recommend before starting the upgrade that you are confident you can backup and also -restore your Endpoint Policy Manager Application Settings Manager and specifically the Firefox -settings before continuing. - -### Back up 1: Viewing the Group Policy Object Report and saving the HTML report. - -![939_3_image-20231101213809-3_950x493](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_3_image-20231101213809-3_950x493.webp) - -This won't be your only backup, but it will express exactly what is in your Group Policy Object with -regards to your settings. - -### Back Up 2: Backing up the Group Policy Object (or all GPOs.) - -For backing up the GPO or all GPOs see the -[Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) -topic for additional information. - -### Back up 3: Export the settings for each FF23 AppSet you already have. - -Open each FF23 AppSet and locate the Options button. Then click Export XML Settings Data and save -the file out. - -![939_4_image-20231101213809-4_950x761](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_4_image-20231101213809-4_950x761.webp) - -See the -[What are the two ways to export AppSet settings and why would I use one over the other?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/appset.md) - -**NOTE:** You will use the resulting XML file in an upcoming step and not only for backup purposes. - -### Back up 4: Backing up your Firefox 23 AppSet DLL - -Additionally, you should keep handy the OLD Endpoint Policy Manager Firefox 23 App Set DLL file that -you are currently using; and not merely the one still available in the Endpoint Policy Manager -portal. - -The file you are looking for is PP-Firefox23.DLL which is likely in one of three locations: - -- `\Programfiles\PolicyPak\Extensions` or -- SYSVOL (replicated to other domain controllers)\ - `C:\Windows\SYSVOL\sysvol\fabrikam.com\Policies\PolicyPak ` -- A share. (Tip: To locate the share you could be using see the - [Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md)[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md)) - -So, in summary, before leaving this section and continuing onward, again we advise that you: - -- Have an HTML report of your existing FF23 settings -- Have a backup of the GPO or GPOs which may potentially need to be restored -- Have your exported FF23 AppSet settings XML as per the instructions -- Have your PP-Firefox23.DLL handy that you are already using - -Remember also you might have more than one Group Policy Object with FF23 settings, so be sure to -repeat this procedure for each discovered Group Policy Object with FF23 settings. - -## Adding Item Level Targeting to your Existing FF 23 AppSet policy entry (and optionally testing the ILT evaluation) - -You want to make sure that that your existing Firefox 23 AppSet policy doesn't affect machines with -the newest CSE. As of this writing the version is 23.10.3683 (October of 2023) but could be -different in your download. - -To play it safe, set the ILT evaluation to check for Endpoint Policy Manager CSE version 23.9.0.0 -(September of 2023) and earlier for FF23 and 23.10.0.0 (October of 2023) and later for FF125. - -However, anything EARLIER than this version will support only FF23 AppSet and anything LATER or -EQUAL to this version will support only FF115 AppSet. - -Find your existing FF23 AppSet in your Group Policy Object(s) and select "Edit item-level targeting -filters…" - -![939_5_image-20231101213809-5_950x524](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_5_image-20231101213809-5_950x524.webp) - -You can test for the presence or absence of Endpoint Policy Manager CSE version 23.09.0.0 with a -Registry match query for: - -- Match type: Match value data -- Value data match type: Version match -- Hive: HKEY_Local_Machine -- Key Path: `SOFTWARE\PolicyPak\ClientSide Extensions\{F8357AE4-F4E0-49EC-AE9D-61078938E7CD}` -- Value Name: Version -- Value Type: REG_SZ -- Version Range: GREATER THAN 0.0.0.0 and LESS THAN 23.9.0.0 - -![939_6_image-20231101213809-6_950x743](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_6_image-20231101213809-6_950x743.webp) - -When done save the values. You will know you have ILT set when you see the Targeting column change -to ON. - -![939_7_image-20231101213809-7_950x273](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_7_image-20231101213809-7_950x273.webp) - -This is different than "Predefined Targeting". To understand the difference between ILT and -Predefined Targeting see the -[Predefined ILTs (Internal Filters)](/docs/endpointpolicymanager/video/applicationsettings/designstudio/itemleveltargeting.md) -topic for additional information. - -### Optional: Testing the ILT Filters on FF23 using the Endpoint Policy Manager Item Level Targeting Validation Tool - -Tip: You can also export the FF 23 settings to XMLdata File format and use part of the output to -verify the Item Level Targeting will evaluate to TRUE or FALSE. To do this, right-click the entry -and select Export settings to XMLData file and save the file. Then use the Endpoint Policy Manager -Item Level Targeting Validation tool to test how ILT will operate. See the -[Troubleshooting ILT with the ILT Validator Tool](/docs/endpointpolicymanager/video/troubleshooting/itemleveltargeting.md) -topic for additional information. - -**NOTE:** You will have to trim the ILT part of the output to eliminate the `` at the -beginning and `` at the end. - -![939_8_image-20231101213809-8_950x453](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_8_image-20231101213809-8_950x453.webp) - -Expected result on a machine with 23.10 and later CSE: - -![939_9_image-20231101213809-9_950x523](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_9_image-20231101213809-9_950x523.webp) - -## Adding the FF 115 AppSet to an existing or new Group Policy Object - -After you download the FF 115 AppSet from the Endpoint Policy Manager portal, it will appear like -this. You only need the .DLL file and not the XML file. - -![939_10_image-20231101213809-10](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_10_image-20231101213809-10.webp) - -Use these instructions to add the AppSet Locally or via Central Store: - -[Working with Others and using the Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstorework.md) - -Use these instructions to add the AppSet to a Share: - -[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) - -![939_11_image-20231101213809-11_950x492](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_11_image-20231101213809-11_950x492.webp) - -For example in the Endpoint Policy Manager Central Store you simply add the pp-Mozilla Firefox -115.DLL. - -**NOTE:** You may leave your existing pp-Mozilla Firefox 23 aboutconfig A to I and J to Z.DLL files -in place without modification. - -![939_12_image-20231101213809-12_950x406](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_12_image-20231101213809-12_950x406.webp) - -Next time you open the Group Policy editor you should see Endpoint Policy Manager For Mozilla -Firefox 115. - -## Using the FF 115 AppSet - -Now you can create a new entry for the FF 115 AppSet, import the previously exported FF23 settings -into the FF115 AppSet and also set Item Level Targeting on the FF 115 AppSet so it only applies to -computers with the latest Endpoint Policy Manager CSE. - -After creating the entry, double-click into it to open it up and select Import XML Settings Data. - -![939_13_image-20231101213809-13_950x633](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_13_image-20231101213809-13_950x633.webp) - -Then select the previously exported settings from the FF 23 AppSet. You should get a SUCCESS -message. - -Next, set the Item-level targeting in the AppSet. - -![939_14_image-20231101213809-14](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_14_image-20231101213809-14.webp) - -FF AppSet 115 should be applied only to machines with Endpoint Policy Manager CSE version 23.10.3687 -or Greater and can be determined with a Registry match query for: - -- Match type: Match value data -- Value data match type: Version match -- Hive: HKEY_Local_Machine -- Key Path: `SOFTWARE\PolicyPak\ClientSide Extensions\{F8357AE4-F4E0-49EC-AE9D-61078938E7CD}` -- Value Name: Version -- Value Type: REG_SZ -- Version Range: GREATER THAN OR EQUAL TO 23.10.0.0 and LESS THAN 99.0.0.0 - -![939_15_image-20231101213809-15_950x815](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_15_image-20231101213809-15_950x815.webp) - -Click OK and then close the AppSet entry to save it. - -### Optional: Testing the ILT Filters on FF23 using the Endpoint Policy Manager Item Level Targeting Validation Tool - -You can also export the FF 115 settings to XMLdata File format and use part of the output to verify -the Item Level Targeting will evaluate to TRUE or FALSE. To do this, right-click the entry and -select Export settings to XMLData file and save the file. Then use the Endpoint Policy Manager Item -Level Targeting Validation tool to test how ILT will operate. See the -[Troubleshooting ILT with the ILT Validator Tool](/docs/endpointpolicymanager/video/troubleshooting/itemleveltargeting.md) -topic for additional information. - -Note that you will have to trim the ILT part of the output to eliminate the `` at the -beginning and `` at the end. - -You can test the ILT evaluation by using the Export settings to XMLData file for the Mozilla Firefox -115 entry. - -![939_16_image-20231101213809-16_950x543](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_16_image-20231101213809-16_950x543.webp) - -Then you can use the ILT Evaluator tool to ensure your ILT evaluation is properly crafted and the -AppSet will only target machines with the latest Endpoint Policy Manager CSE. - -![939_17_image-20231101213809-17_950x549](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_17_image-20231101213809-17_950x549.webp) - -# HTML Settings Report Manual Comparison - -In one of the backup steps we recommended you export the FF23 GPMC HTML report. At this point you -may also want to double-check the FF115 GPMC report for any discrepancies or omissions in the -export/import process. - -If you don't see an expected value this could be because (1) the FF115 Pak was updated to remove -some values which appear to be unsupported in modern Firefox versions or (2) Some part of the Export -from FF23 and import to FF115 didn't work as expected. - -In such a case as case 2, please manually open the FF115 Pak and manually update your settings to -correct for any non-imported settings. - -![939_18_image-20231101213809-18_950x807](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_18_image-20231101213809-18_950x807.webp) - -## Final Thoughts - -In this document you learned how to target the FF23 AppSet to your older CSEs and the FF115 AppSet -to your newer CSEs. You also learned how to export the FF23 settings and migrate them over to the -FF115 AppSet. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/uninstall.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/uninstall.md deleted file mode 100644 index 7e0ee83c7f..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/uninstall.md +++ /dev/null @@ -1,10 +0,0 @@ -# UnInstalling the Endpoint Policy Manager Application Settings Manager Firefox Functionality - -The Firefox add-on that Netwrix Endpoint Policy Manager (formerly PolicyPak) uses is installed the -first time the Firefox AppSet is used. The best (and only supported) way to uninstall the Firefox -add-on is to uninstall the Endpoint Policy Manager client-side extension (CSE) from within -"Add-Remove Programs." - -**CAUTION:** Simply stopping the use of the AppSet (by deleting the entry or unlinking the Group -Policy Object) isn't enough. The full CSE must be uninstalled to remove all of Endpoint Policy -Manager's Firefox functionality. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/addons.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/addons.md deleted file mode 100644 index 61559ff805..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/addons.md +++ /dev/null @@ -1,5 +0,0 @@ -# Internet Explorer: Can I enable / disable add-ons for Internet Explorer? - -Yes. Here is a videos to demonstrate that. - -[Manage IE Programs Tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/programstab.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/certificates.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/certificates.md deleted file mode 100644 index ae8890084e..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/certificates.md +++ /dev/null @@ -1,5 +0,0 @@ -# Internet Explorer: Can I deliver, manage and/or revoke certificates directly to Internet Explorer? - -Yes, Here is a videos to demonstrate that. - -[Manage IE Certificates](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/certificates.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/customsettings.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/customsettings.md deleted file mode 100644 index a48d80bb91..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/customsettings.md +++ /dev/null @@ -1,10 +0,0 @@ -# Internet Explorer: How do I deploy custom settings to zones? - -On the page that looks like this, simply change the settings inside the CUSTOM SETTINGS frame. - -However, DO NOT set the dropdown to custom. That is, but leave the "Security Level for Trusted -Sites" dropdown (for instance) set to nothing. - -This formula will deliver the specific custom settings you choose. - -![313_1_2015-03-16_1607](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/313_1_2015-03-16_1607.webp) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/mode.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/mode.md deleted file mode 100644 index d1976d0ee2..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/mode.md +++ /dev/null @@ -1,8 +0,0 @@ -# Internet Explorer: When should I use Compatibility mode vs. Enterprise Mode for IE 11? - -Both modes are actually additive and not exclusive. For details, please see these Microsoft -articles. -Netwrix Endpoint Policy Manager (formerly PolicyPak)'s job is to populate those lists for you -dynamically instead of having to make your own lists. - -[https://techcommunity.microsoft.com/t5/windows-blog-archive/ie11-enterprise-mode-and-compatibility-view-are-additive-not/ba-p/228730](https://techcommunity.microsoft.com/t5/windows-blog-archive/ie11-enterprise-mode-and-compatibility-view-are-additive-not/ba-p/228730) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/overview.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/overview.md deleted file mode 100644 index b2ebc1b413..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/overview.md +++ /dev/null @@ -1,33 +0,0 @@ -# Internet Explorer AppSet - -This document will help you to understand how to use the AppSet named "Microsoft Internet Explorer 8 -and Later for Windows 7 and Later" (IE AppSet). - -**NOTE:** There are also some older IE AppSets, which should no longer be used. - -This AppSet has some special super powers that you won't find in other AppSets. These super powers -require that the PolicyPak Application Settings Manager CSE version 707 or later be installed on the -client. Only use this document after you have already read and worked through Book 3: Application -Settings Manager and have successfully tested "Winzip 14" or an example application. The IE AppSet -is not any different, from a supportability perspective, from other AppSets. For more information -about PolicyPak's support for AppSets, see the PolicyPak EULA. - -This AppSet is no different than other AppSets, in that it can be placed into Local, Shared, or -Central storage. (See Book 3: Application Settings Manager for details.) Once placed into the -storage location, it will be available under the Application Settings Manager, as shown in Figure 1. - -![about_this_document_and_the](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/about_this_document_and_the.webp) - -Figure 1. The IE AppSet. - -The AppSet may be used on the User or Computer side just like all other AppSets. However, this -AppSet is unique for several reasons: - -- Its name is "Microsoft Internet Explorer 8 and Later for Windows 7 and Later," which means that it - will work for IE 8, 9, 10, and 11 when the machine is Windows 7, Windows 8, or Windows 8.1. It - will even work on a server. -- This AppSet uses some special data types which can be seen if you open the AppSet using the - PolicyPak DesignStudio (advanced). - -Video: To get started with the IE AppSet, use this video: -[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-internet-explorer-getting-started.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-internet-explorer-getting-started.html) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/specialsections.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/specialsections.md deleted file mode 100644 index 59ca59cae5..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/specialsections.md +++ /dev/null @@ -1,29 +0,0 @@ -# How to Use Special Sections - -Most special sections have some pre-configured example values listed for you as examples on how to -use that section. Many also let you specify the first line as: - -``` -MODE=REPLACE or MODE=MERGE -``` - -In Figure 3, you can see the Site to Zone Assignment in the Security tab has the default example set -with MODE=REPLACE. The figure also shows some examples on how to use the special section. - -![how_to_use_special_sections](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/how_to_use_special_sections.webp) - -Figure 3. Using the Site to Zone Assignment special section. - -**NOTE:** If you leave the MODE line off, the default is MERGE. - -Here's what each mode does: - -- `MODE=REPLACE`: This takes the existing settings on the machine, removes them, and replaces them - with these entries. Use MODE=REPLACE if you want to ensure your specific settings, regardless of - what the user already has. -- `MODE=MERGE`: This merges the settings a user has already manually placed there, with the entries - you have here. Use MODE=MERGE if you want to let users make changes, but also ensure that your - additions make it to their environment. - -In the next sections, we'll explore each tab and highlight anything noteworthy with examples, tips -and tricks, and exceptions. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/advanced.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/advanced.md deleted file mode 100644 index 7541de6016..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/advanced.md +++ /dev/null @@ -1,14 +0,0 @@ -# Advanced Tab - -The Advanced tab has a lot of settings, and varies from version to version of IE. You can see the -Advanced tab in IE 11 in Figure 27. - -![ie_appset_tab_by_tab_23](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_23.webp) - -Figure 27. The IE Advanced tab. - -Almost all of these settings are configurable in the IE AppSet, as shown in Figure 28. - -![ie_appset_tab_by_tab_24](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_24.webp) - -Figure 28. Configuring IE settings in the Advanced tab. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/extras.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/extras.md deleted file mode 100644 index 9323d79cf0..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/extras.md +++ /dev/null @@ -1,121 +0,0 @@ -# Extras Tab - -Video: For a quick overview of how to manage certificates in IE using Endpoint Policy Manager -Application Settings Manager see the following video: -[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-certificates.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-certificates.html). - -The Extras tab in the IE AppSet enables you to do the following: - -- Set Menu bar icons -- Set custom support page URL (versions of IE prior to IE 10) -- Set custom title bar (versions of IE prior to IE 10) -- Manage certificates - -**NOTE:** Endpoint Policy Manager can only deploy binary/DER type certificates. If you need to -convert an existing certificate to DER format, please see the section, "Exporting Certificates to -the Binary-Encoded DER Format." - -Examples of IE certificates are shown in Figure 29. - -![ie_appset_tab_by_tab_25](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_25.webp) - -Figure 29. IE Certificates. - -IE has the following locations to specify certificates: - -- Personal -- Other people -- Intermediate certification authorities -- Trusted root certification authorities -- Trusted publishers -- Untrusted publishers - -You can use the IE AppSet to add or remove certificates from those locations using the following -format, as shown in Figure 30: - -``` -File Location, Certificate Store, add -or -Thumbprint, Certificate Store, remove -``` - -![ie_appset_tab_by_tab_26](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_26.webp) - -Figure 30. Adding or removing IE certificates. - -## Adding Certificates using the IE AppSet - -To add a certificate using the IE AppSet, the file must be located at `\\server\share `or a local -location like `c:\Certificates`. Endpoint Policy Manager then accesses the file in that location and -determines which certificate store you want to put it in. The available stores and the corresponding -word to specify within Endpoint Policy Manager can be seen in Table 1. - -Table 1: Certificate stores and corresponding terms. - -| IE Certificate Store | Word to specify in Endpoint Policy Manager AppSet | | -| -------------------------------------- | ------------------------------------------------- | ------------------------ | -| User store | Machine Store | | -| Personal | Personal | Machine\Personal | -| Other People | AddressBook | Machine\AddressBook | -| Intermediate Certification Authorities | CA | Machine\CA | -| Trusted Root Certification Authorities | Root | Machine\Root | -| Trusted Publishers | TrustedPublisher | Machine\TrustedPublisher | -| Untrusted Publishers | Disallowed | Machine\Disallowed | - -**CAUTION:** Not all certificate types will work in all locations for IE certificates. - -The following line would look for a file named certificate.pfx on `\\DC\Share` and add it to the -Personal certificate store: `\\DC\Share\certificate.pfx, personal, add`. - -By default, certificates are added to and removed from the certificate store of the current user. -Prepend any store name with `Machine\` if you want to add or remove a certificate from the machine -store. For example, the following line would would add a certificate to Intermediate Certification -Authorities of the current user: `\\DC\Share\CA.cer, CA, add`, while the next line would add a -certificate to Intermediate Certification Authorities of the machine, meaning that all users on the -machine will get it: `\\DC\Share\CA.cer, Machine\CA, add`. - -**NOTE:** Non-elevated users are not allowed to remove certificates from the machine store, so you -can use `Machine\{Store Name}` to ensure certificates are delivered to everyone and cannot be -removed by users. - -## Removing Certificates using the IE AppSet - -To remove certificates using the IE AppSet, you must know the thumbprint for the certificate you -want to remove. You can find the thumbprint within IE by viewing the details for a certificate and -selecting the thumbprint, as shown in Figure 31. Then, you can copy and paste it into the AppSet. - -![ie_appset_tab_by_tab_27](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_27.webp) - -Figure 31. Details and thumbprints of certificates in IE. - -The format of the text to remove the certificate should include the thumbprint with spaces, a comma, -the certificate store word from the table above, and the word remove: - -``` -da 8f 1a 48 0b 43 93 01 fe 07 40 dc 9d d5 bb 78 9e 00 81 01, CA, remove -``` - -As with adding a certificate, you can prepend the store word with `Machine\` to remove a certificate -from the machine store: - -``` -da 8f 1a 48 0b 43 93 01 fe 07 40 dc 9d d5 bb 78 9e 00 81 01, Machine\CA, remove -``` - -## Exporting Certificates to the Binary-Encoded DER Format - -Endpoint Policy Manager can only work with binary-formatted/DER certificates. If you have a -certificate of another type, you may import it first into Internet Explorer. Then you can -immediately export it as a DER file, as shown in Figure 32. - -![ie_appset_tab_by_tab_28](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_28.webp) - -Figure 32. Exporting a certificate as a DER file. - -You can optionally perform the same type of export by finding the file itself in Explorer, -navigating to the Details tab, and then clicking on the "Copy to File..." button and selecting -"`DER encoded binary X.509 (CER)`," as shown in Figure 33. - -![ie_appset_tab_by_tab_29](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_5.webp) - -Figure 33. Exporting a certificate using the "Copy to File..." button. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/overview.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/overview.md deleted file mode 100644 index b4c3825cfb..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/overview.md +++ /dev/null @@ -1,3 +0,0 @@ -# IE AppSet Tabs - -In this section, we will look at each IE tab and the tab in the IE AppSet that controls it. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/security.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/security.md deleted file mode 100644 index 2f2c609dc6..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/security.md +++ /dev/null @@ -1,45 +0,0 @@ -# Security Tab - -Video: For a quick overview of how to manage the Security tab using Endpoint Policy Manager -Application Settings Manager, see the following video: -[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-security.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-security.html). - -The Security tab lets you set levels for all four zone types. The dialog within IE can be seen in -Figure 6. - -![ie_appset_tab_by_tab_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_2.webp) - -Figure 6. Custom security settings for all four zone types. - -Using the Endpoint Policy Manager IE AppSet, click on "Set Level" for the corresponding zone and -select your level (or select "Custom"). Do not set any custom settings when you select a standard -option from the drop-down menu, such as Medium, Medium High, etc. - -![ie_appset_tab_by_tab_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_3.webp) - -Figure 7. Custom settings for the local intranet zone. - -Internet Explorer has a rich way of adding site to zone assignments, as shown in Figure 8. - -![ie_appset_tab_by_tab_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_4.webp) - -Figure 8. Adding site to zone assignments in Internet Explorer. - -The IE AppSet Security tab Site to Zone Assignment is shown in Figure 9. - -![ie_appset_tab_by_tab_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_5.webp) - -Figure 9. Setting site to zone assignments in the IE Pak. - -On the first line, you can specify `MODE=REPLACE` or `MODE=MERGE`. If you don't specify, the default -is `MODE=MERGE`. All other lines should take the form of`http://`or` https://` followed by a comma -and one of the following words: - -- intranet -- internet -- trusted -- untrusted -- remove - -This will deliver the web page into the corresponding zone or remove the web page from any zone if -"remove" is specified. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bydefault.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bydefault.md deleted file mode 100644 index 8464fef6e5..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bydefault.md +++ /dev/null @@ -1,8 +0,0 @@ -# Other: Is "Internal Item-Level Targeting" on by default? - -Internal Item-Level Targeting is "On" by default since 557. - -From 603 onwards we have made this fact more obvious by showing the "Item-Level Targeting" in the -MMC. - -![368_1_pp-predefined-targeting](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/368_1_pp-predefined-targeting.webp) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/securitypopup.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/java/securitypopup.md deleted file mode 100644 index 4b033c99e4..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/securitypopup.md +++ /dev/null @@ -1,21 +0,0 @@ -# Java: Using the Pre-configured AppSet for Java, how do I prevent "Java has discovered application components that could indicate a security concern." Pop up? - -If you get the following pop-up: - -![158_1_uhae4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/java/158_1_uhae4.webp) - -the pre-configured Java AppSet can adjust for that. However, know that we are not magically -"increasing" your security here, simply delivering the value that forces Java to stop the pop up. - -The setting located in our pre-configured AppSets for Java is: - -Java 7 Pak technique: - -![158_2_2014-04-13_1737](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/java/158_2_2014-04-13_1737.webp) - -Java 8 AppSet technique: - -![158_3_13-8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/java/158_3_13-8.webp) - -More information from Oracle on the underlying issue can be found at this web page:  -[http://java.com/en/download/help/error_mixedcode.xml](http://java.com/en/download/help/error_mixedcode.xml) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/acllockdown.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/acllockdown.md deleted file mode 100644 index 4cab93e905..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/acllockdown.md +++ /dev/null @@ -1,57 +0,0 @@ -# Locking Down the Use of Application Settings Manager ACL Lockdown™ - -In the example above, we changed some values, closed the application, and reopened it. We also saw -that PolicyPak Application Settings Manager automatically remediated the application's settings -again at relaunch. - -In addition, Endpoint Policy Manager Application Settings Manager can perform ACL Lockdown™. - -**NOTE:** To see Endpoint Policy Manager Application Settings Manager ACL Lockdown™ in action, -watch this video: -[https://www.endpointpolicymanager.com/video/endpointpolicymanager-acl-lockdown-for-registry-based-applications.html](http://www.endpointpolicymanager.com/videos/bypassing-internal-item-level-targeting-filters.html). - -ACL stands for Windows's Access Control List. ACLs are a built-in operating system function that -performs true lockout on sections of the Registry and files. With Endpoint Policy Manager -Application Settings Manager ACL Lockdown™ enabled, users literally cannot make or keep changes in -the effected pieces of the application. - -**Step 1 –** To see ACL Lockdown in action, let's go back into the GPO and turn it on. To do this, -right-click "at least one lower case character (a-z)" and select "Perform ACL Lockdown," as seen in -Figure 14. - -![policypak_application_settings_13](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/endpointpolicymanager_application_settings_13.webp) - -Figure 14. Selecting the "Perform ACL Lockdown" setting. - -**Step 2 –** When you perform ACL Lockdown on one setting, the same portion of the Registry (or file -system) might contain more than one setting. For instance, all the items in the Passwords tab are -located in the same place in the Registry. Therefore, if you were to right-click any other setting -in the Passwords tab, you'll see that "Perform ACL Lockdown" is automatically checked for those -settings, as well. - -On the client machine - -- ensure WinZip is closed, -- run `GPupdate `(or log off and log back on) to get the new "signal" that you want to test ACL - Lockdown™, and -- rerun WinZip. - -**Step 3 –** ACL Lockdown is now working while the application is running. Now, go back to WinZip's -Options, select the Passwords tab, and uncheck the two checkboxes that are available, as shown in -Figure 15. Then click OK. - -![policypak_application_settings_14](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/endpointpolicymanager_application_settings_14.webp) - -Figure 15. The Passwords tab in WinZip Options. - -**Step 4 –** After that's done, immediately go back to Options and select the Passwords tab again. -Figure 16 shows that the user's desired changes did not take effect because Endpoint Policy Manager -Application Settings Manager has used ACL Lockdown™ to perform the lockout of the settings. - -![policypak_application_settings_15](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/endpointpolicymanager_application_settings_15.webp) - -Figure 16. Using ACL Lockdown, the user's changes have not taken effect because the settings have -been locked. - -For more information on ACL Lockdown™, see section, "ACL Lockdown™ Mode," in the next major -section in the manual. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/side.md b/docs/endpointpolicymanager/applicationsettings/preconfigured/side.md deleted file mode 100644 index 6048c418ab..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/side.md +++ /dev/null @@ -1,21 +0,0 @@ -# HowTo: Which "side" of GPO should I deploy AppSets to: User or Computer side? - -There is no right or wrong answer here. - -In our Quickstart and manual, we suggest you perform the work on the USER side. - -This means that whenever users log on to any machines (so, as users roam), they get the settings. - -That being said, you're welcome to deliver settings on the COMPUTER side. - -This means that ALL USERS on the computer will get the settings… regardless of who the user is. - -So, our general recommendation (if you're looking for one) is: - -- Perform settings on the USER side (usually). -- Except for three applications which work BEST when managed on the Computer side: Firefox, Java and - Thunderbird. - -For more information on this, see the following FAQ item. - -[Firefox (and Java and Thunderbird): Why can't I seem to find (or perform) UI lockdown for Firefox, Java or Thunderbird ?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/javathunderbird.md) diff --git a/docs/endpointpolicymanager/applicationsettings/printers.md b/docs/endpointpolicymanager/applicationsettings/printers.md deleted file mode 100644 index aea38d0440..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/printers.md +++ /dev/null @@ -1,6 +0,0 @@ -# Can Application Manager help me in pushing, assigning or configuring printers? - -Because Microsoft's Group Policy Preferences already does a good job of pushing and assigning -printers to your network, Netwrix Endpoint Policy Manager (formerly PolicyPak) does not duplicate -this functionality. Endpoint Policy Manager will manage specific settings inside your printer -drivers such as a "Tools | Options" page or component that stores settings. diff --git a/docs/endpointpolicymanager/applicationsettings/side.md b/docs/endpointpolicymanager/applicationsettings/side.md deleted file mode 100644 index ae97a71386..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/side.md +++ /dev/null @@ -1,14 +0,0 @@ -# Should I create Endpoint Policy Application Manager policies on the USER or COMPUTER side? - -It's really your choice where you want to apply the policy either on Computer or User side. - -- When you apply policy on the User side, this user will get the setting wherever he or she goes. -- When you apply policy on Computer side, all the users logging into that computer will get the - policy. - -So it's really up to you. - -Note that SOME Paks have "extra superpowers" which are only available on the COMPUTER side. Those -three special Paks are: Firefox, Java and Thunderbird. - -We explain this in the Netwrix Endpoint Policy Manager (formerly PolicyPak) On-Prem Manual. diff --git a/docs/endpointpolicymanager/applicationsettings/upgrade.md b/docs/endpointpolicymanager/applicationsettings/upgrade.md deleted file mode 100644 index 74e0379026..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/upgrade.md +++ /dev/null @@ -1,12 +0,0 @@ -# How do I upgrade Application Manager when I upgrade my DCs / servers? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) isn't "running" on any server. - -Endpoint Policy Manager has three parts: - -- MMC snap in for the GPMC. -- Data which resides within GPOs. -- CSE on target systems. - -So, there's nothing to "move" or do if you decommission a DC or upgrade a server. If you were using -the Endpoint Policy Manager Central Store, that simply replicates when the next DC comes online. diff --git a/docs/endpointpolicymanager/applicationsettings/variables.md b/docs/endpointpolicymanager/applicationsettings/variables.md deleted file mode 100644 index 11f8fe86e7..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/variables.md +++ /dev/null @@ -1,33 +0,0 @@ -# Environment Variables and Shell Folders - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager can use -environment variables and Shell Folder variables. - -First, you can use any environment variable that is already defined on the machine. Simply type set -at a command prompt on a target machine and see what environment variables are already set. -Additionally, you can use Group Policy Preferences' Environment Variables extension to set up -another one if you like. - -You can use any value name from the following key and use it as an environment variable: -`SoftwareMicrosoft\Windows\CurrentVersion\Explorer\Shell` Folders. For example, there's no real -environment variable for the Desktop. - -But when you're using Endpoint Policy Manager Application Settings Manager, you can specify -`%desktop%\SomeFile.ini` or `%desktop%\SomeFile.rdp`. This is done the same way for Favorites; you -can specify %favorites% (or any other Registry value name from that key) in both the DesignStudio -and the MMC. - -As an extra tip, you should use `%{374DE290-123F-4565-9164-39C4925E467B}%` for downloads instead of -%Downloads%. That's because the Registry value name for that folder is actually the odd name of -`{374DE290-123F-4565-9164-39C4925E467B}`. - -Endpoint Policy Manager also supports the use of variables such as `%USERPROFILE%\Favorites` or -`%USERPROFILE%\Downloads`. When you use this, the variable will expand to something similar -to` C:\Users\Jake. Therefore`, the paths for `%USERPROFILE%\Favorites` and -`%USERPROFILE%\ Downloads` should resolve (by default) to -`C:\Users\Jake\Favorites and C:\Users\Jake\Downloads`. That being said, there is no guarantee that -the downloads will be redirected to another volume or even to a network share. - -Therefore the direct environment variable names such as -`%{374DE290-123F-4565-9164-39C4925E467B}%`,` %Desktop%, and %Favorites%` are safer to use because -they expand to the actual path that client-side extension (CSE) gets from the Registry. diff --git a/docs/endpointpolicymanager/applicationsettings/xenapp.md b/docs/endpointpolicymanager/applicationsettings/xenapp.md deleted file mode 100644 index 9851f2ca5e..0000000000 --- a/docs/endpointpolicymanager/applicationsettings/xenapp.md +++ /dev/null @@ -1,6 +0,0 @@ -# Can Endpoint Policy Manager deliver settings for applications that are provided by XenAPP? - -Yes, besides delivering application settings to real installed applications, the Netwrix Endpoint -Policy Manager (formerly PolicyPak) Application Settings Manager PAK, will also deliver them to -applications that either reside on a XenAPP server or are being streamed (virtualized) from a XenAPP -server diff --git a/docs/endpointpolicymanager/archive/applock.md b/docs/endpointpolicymanager/archive/applock.md deleted file mode 100644 index 87b4e7f0c7..0000000000 --- a/docs/endpointpolicymanager/archive/applock.md +++ /dev/null @@ -1,44 +0,0 @@ -# Endpoint Policy Manager 3.5 Applock Update Behavior Change - -Prior to Netwrix Endpoint Policy Manager (formerly PolicyPak) 3.5, it was necessaryto forcefully -display previous AppLock (TM) elements. In this video you can see how to quickly and easily restore -the element within the GPO. - -### PolicyPak 3.5 Applock Update Behavior Change video transcript - -Hi, everyone. This is Jeremy Moskowitz. In this quick video, I'm going to show you a small behavior -change between PolicyPak 3.0 and 3.5. - -Here in this example of WinZip, you can see I've disabled this particular entry, and here I've also -hidden a particular entry. Let's go to the actual definition in the Group Policy Object and see what -I'm talking about here. This is inside the Group Policy Object itself. Here you can see that I've -right clicked and selected "Hide corresponding control in target application"for this guy and I've -right clicked over and selected "Disable corresponding control in target application"for this guy. - -Prior to PolicyPak 3.5, the behavior would be if you were to uncheck "Hide corresponding control in -target application" for this guy and also to uncheck "Disable corresponding control in target -application" for this guy, unfortunately those things would stick around. - -The rationale would be we wanted you to specifically "Force display of this control in target -application" if you wanted to return it, but we've got some feedback that said that's not what -people wanted. So we've removed that behavior and now updated it so that a simple uncheck of the -"Hide corresponding control in target application" or "Disable corresponding control in target -application" will re-reveal, thus removing the lockout mechanism. - -Now that I've unselected the checkmark on either of these guys so this one is no longer hidden and -this one is no longer disabled, let's go ahead and click "OK." I don't have to forcefully ensure -that's going to view. I'm just going to go over to my target machine again, run "gpupdate" and get -the latest setting here. - -Now that that's done, we'll go ahead and run "WinZip," go to "Options/Configuration…," go over to -"Passwords" and there we go. Very quickly and easily you can now specifically simply in the Group -Policy Object un-unlock the thing you want. Just uncheck the checkbox of the lockout mechanism that -you don't want anymore, and it will immediately take effect on the next Group Policy refresh. - -That is a behavior change that you should be aware of. You no longer are required to manually -specify for a particular setting that you would want to, for instance, "Force display of this -control in target application." We have removed that requirement. - -I hope that helps you out. We're here for you if you need us. - -Thanks so much. diff --git a/docs/endpointpolicymanager/archive/cloud.md b/docs/endpointpolicymanager/archive/cloud.md deleted file mode 100644 index 564944dfb0..0000000000 --- a/docs/endpointpolicymanager/archive/cloud.md +++ /dev/null @@ -1,225 +0,0 @@ -# Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud - -Microsoft MVP Jeremy Moskowitz and Shane from Admin Arsenal show how you can deploy group policy -settings to domain joined or non-domain joined machines through the cloud with Netwrix Endpoint -Policy Manager (formerly PolicyPak) Cloud - -### Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud - -Shane: Hey everybody. I'm Shane from Admin Arsenal. This is Jeremy Moskowitz. He's a Microsoft MVP -for GP Answers and PolicyPak. - -Jeremy: That's right. - -Shane: What are we going to do right now buddy? - -Jeremy: Would you find it interesting if you could deploy real, no kidding around group policy -settings, pretty much all of them to domain joined or non-domain machines – wait for it – through -the cloud? - -Shane: Through the cloud. Okay, so, A. you had me at non-domain join. - -Jeremy: Yep. - -Shane: That's fantastic. - -Jeremy: Yep. - -Shane:And then those that aren't even on my environment here? - -Jeremy: Yep. - -Shane: Okay. So, obviously we have to get something out to them. - -Jeremy: "Correct. - -Shane:Alright. - -Jeremy: So, let's set the stage first. So, before we even do the thing that we gotta get over to -them, let's go over and take a look at PolicyPak cloud. - -Shane: Okay. - -Jeremy: Let's do a quick run through here. - -Shane: Sweet. - -Jeremy: The idea is that we got these ideas called "built-in groups" and "company groups". Built- in -groups – the first one is called "all" and all we've done is we've got a shortcut item on the -desktop as soon as you join PolicyPak Cloud you're instance, of course. I wouldn't expect everybody -else to have the same shortcut. - -Shane: Sure. - -Jeremy: And then what we'll do is we'll create some other directives, get them into PolicyPak Cloud -and watch the endpoint pick up these directives in PolicyPak Cloud, but you're on the right track. - -Shane: Alright. - -Jeremy: We've got to get something over to them and that's the cloud client which will join -PolicyPak Cloud. - -Shane: Okay. - -Jeremy: And that's what you're going to do so I'll let you. - -Shane: So, right now this user or this computer is computer 3.. - -Jeremy: Yep. - -Shane: Alright. - -Jeremy:Is it domain joined or not domain joined? - -Shane: It's not domain joined. - -Jeremy:That's right. - -Shane: But it is currently here on – - -Jeremy:On site. - -Shane: Yeah. - -Jeremy:Yeah. - -Shane: Because I can't deploy my stuff out there so – - -Jeremy: Nope. Nope. - -Shane: You said it's in PP, right? - -Jeremy: Yep. - -Shane: There we go. This is the 32 bit computer so I guess we're going to use the cloud client. - -Jeremy: Yeah. And notice how it's coded for your company name. So, each customer that we have will -have their own MSI that's unique to them so their computers will join their instance of PolicyPak -Cloud. - -Shane: PolicyPak Cloud. Okay, so I just did a right click and said "Install this." - -Jeremy: Yep. - -Shane: And this is the 32 bit version? - -Jeremy: Yep. Yep. - -Shane: Let's do this first. Obviously, create a second step for your 64 bit. - -Jeremy: Right. - -Shane: Alright, now since this is not – I usually deploy using credentials for – I'm just going to -type in computer 3 once I get into non-domain. Now, I can't use my domain credentials. - -Jeremy: Right. - -Shane: So, I have set up the local admin account for this computer. - -Jeremy: Great. - -Shane: That's what I'm going to deploy as. - -Jeremy: Yep. So, you're going through the local admin and getting them some software. - -Shane: Correct. - -Jeremy: And that software is our software. - -Shane: Mm-hmm. - -Jeremy: And if all goes perfectly well, what's going to happen is that the cloud client is going to -install on the endpoint. It's going to automatically, silently make contact to PolicyPak cloud and -we have exactly one directive and that directive right now is to put the PolicyPak icon, just -something to demo, on the desktop. - -Shane: Yeah. - -Jeremy: And so we'll wait for that to occur. - -Shane: And so once it's installed it automatically opens or do I have to open it or log in or -anything like that? - -Jeremy:Nope. As soon as PolicyPak Cloud is installed it'll join your instance and download your -directives.. - -Shane: How is this different from the CSE? - -Jeremy:So, the cloud client is the first thing. It makes contact and joins PolicyPak cloud and auto -downloads the client side extension. So, we keep that up to date for you. - -Shane: Okay, great. - -Jeremy:Oh, look at that. That was it. It already happened. That was it. So, now if you take a look -at, say, control panel here just to prove we're not pulling a fast one on anybody. If we go to -programs, uninstall programs just to see what's here, look what happened. You installed the cloud -client and then it made contact and downloaded and got the shortcut icon. - -Shane: So, this is a way you can enforce settings even for computers I've got travelling salesmen or -something like that that are always out on the road and they get to a Hilton, they open up and you -can still enforce. - -Jeremy:Yep. Yep. Yeah. So, for instance let's just do something very simple. Let's say you want to -guarantee that they can't get into the control panel or some security directive or anything like -that. Let's just do something simple. So, let's go into the group policy editor. We'll create a -group policy object. It doesn't matter if it's live. For instance, a lot of our cloud customers, -they don't even have a real domain anymore. They just have a vm that is a pretend domain controller. -So, it doesn't matter what it's called. It's not being linked anywhere. We'll just create group -policy object. Click at it. So, go ahead and we'll click on the PolicyPak node. - -Shane: Alright.. - -Jeremy:You know that there's a lot of different things that PolicyPak can do. For instance, you saw -that we've got videos on Firefox, Flash and Java. You can just right click any of those directives; -export and boom get them to PolicyPak Cloud. - -Shane: Wow. - -Jeremy:So, what we're going to do is not do that. We're going to do admin template manager. Okay. -And instead we're just going to create a new policy here and this is the same basic interface that -you've already seen under user side policy's admin template manager. You already know how to do -this. So, go to admin templates, control panel, prohibit access to the control panel and enable it. -Now, again, this is real GPO. We don't want a real GPO. What we want to do is right click and export -to XML and we'll put this on the desktop and we'll call this "No control panel for you." Okay. - -Shane: Got it. - -Jeremy:Alright. And then what we'll do now that it's on the desktop, we'll go back to PolicyPak -Cloud and we'll just do it for all. For all of our computers in PolicyPak Cloud we'll upload and -link a new XML here. We'll go ahead and browse for that file we just put on the desktop called "No -control panel for you." We'll put a description. Oh, it already does it for you and we'll just say -"No CPL for you." We'll click add and it's linked over to the all group. Now, if you had a lot of -different groups, a lot of different computers, for instance you had roaming sales, roaming -marketing, whatever, you could move computers into groups and get different policy settings for -different groups for different circumstances. - -Shane: That's fantastic. - -Jeremy:To kinda accelerate things we're not going to do that. And all we're going to do here is -we're going to run ppcloud/sync. Okay. And this is going to connect to PolicyPak Cloud. And you can -see we got the "No CPL for you" policy and if all goes perfectly well we'll just go ahead and close -this. Right click, go to control panel, personalize this control panel and no control panel. By the -way, there's a bug when you do a no control panel. It's an actual Windows bug. Check this out. -That's been there forever. That's literally been there for like ten years. I just love that bug. - -And so there's no control panel icon here and we really are doing no kidding around, pretty much -every group policy setting, every group policy preference setting and every group policy security -setting through the cloud by just creating a GPO, exporting the segment you want, uploading it to -PolicyPak Cloud and waiting. - -Shane: Wow. - -Jeremy:And we'll get all of those settings to all of your roaming computers, domain joined or not. - -Shane: That does not suck. - -Jeremy:Yep. We live to serve. We love this feature. It's great for MSP's and great for on premise -and roaming people. - -Shane: That's fantastic. Hey, -[https://dev.endpointpolicymanager.com/resources/thank-you-whitepapers/](https://dev.endpointpolicymanager.com/resources/thank-you-whitepapers/) -Jeremy. - -Jeremy:Thank you man. Appreciate it. - -Shane: Alright. Rock on everybody. Thanks. diff --git a/docs/endpointpolicymanager/archive/java.md b/docs/endpointpolicymanager/archive/java.md deleted file mode 100644 index c42a24fd07..0000000000 --- a/docs/endpointpolicymanager/archive/java.md +++ /dev/null @@ -1,156 +0,0 @@ -# Endpoint Policy Manager: Manage Java 7u45 using Group Policy - -Here is an update for Java 7 u 45. Learn how Netwrix Endpoint Policy Manager (formerly PolicyPak) -can manage major settings in Java very quickly. - -### PolicyPak: Manage Java 7 u 45 using Group Policy Video Transcript - -Hi. This is Jeremy Moskowitz, Microsoft MVP, Enterprise Mobility and Founder of PolicyPak Software. -In this video, I'm going to show you the overhaul that we did for the latest Java Pak here. This is -for Java 7, Update 45 – also known as J7u45. - -The first thing I want to show you here – obviously you can just see here's the about – this is the -target machine. So this is the end user's machine here. You can see there's an "Update" tab, and you -almost certainly want to make Java stop updating so you can make it work so you can deliver your own -updates on your schedule and not have users get popups and such like that. - -We can also do things like actually turn Java on and off entirely if you're so inclined. We can also -set the sliders in here, and we can also manipulate pretty much all the "Advanced" items that are -here. - -I'm going to go over a handful of things that some people want to do in our examples here. Let's go -ahead and get started. Over here on my Management Station here, the first thing I want to note to -you is that for Java, the Java settings can be deployed either per user or per system. If you want -to do it per system, you get a special bonus which is you can do UI lockout. - -For these examples for my "East Sales Desktops," I'm going to "Create a GPO in this domain, and Link -it here…" and call it "Manage Java 7u45 with PolicyPak." The first thing to note is that you'll see -that it's not available because I haven't put in the latest, greatest PolicyPak settings. - -What you do see here is "PolicyPak for Java Control Panel Version 8 (Windows 7)," which is actually -a future version. They have a prerelease version. We have a Pak for that as well. What I'm going to -show you is the Pak we have for the current version: J7u45. - -If we go to our "PreConfigured PolicyPaks Production" – this is part of the download – what you'll -do is you're going to look for is "Oracle Java for Windows 7 Version 7 45." That's what you're after -here. Here are the files there. - -What you then need to do is get them into your PolicyPak system. For those familiar with it, we're -going to use the Central Store. All you do is copy one file, which is the DLL, right there ("Copy -here") and you're ready to go. With that in mind, let's go back to our Group Policy Object, click -"New/Application" and there it is: "PolicyPak for Java Control Panel 7u45 (Windows 7 and later)." - -Now, what I want to show you is that it looks a little bit differently because Java updated their -world a little bit differently. If we go back to the target machine, what I want to show you here is -you can see here's "Advanced" and there's a whole lot of stuff here. - -What we try to do in this Pak is try to make it pretty similar. If you go to "Adv/Adv1," you'll see -most of those first settings there. Go to "Adv/Adv2," you'll see most of those settings there. You -want to go to the "Adv/Secure Execution Environment" here, there are all those settings there and -also "Adv/Adv Sec." They are all here. - -There are also some settings that have been retired, and I put them here in "Retired Settings in -u45" in case you need them. Technically the latest version of Java won't honor these settings, but -they're here anyway. - -Let's take a look and try to do some things out of the gate. First thing, let's get rid of -"Updates." First and foremost where it says "Check for updates and notify me before installing," we -want to specifically "Never check for updates, never check for updates automatically." When we -select it in PolicyPak, it underlines and therefore it will be delivered. That's the first thing -that we want to do. - -The second thing we want to do, let's take a look inside Java. I got the memo here that a lot of -people want to change these settings: "Perform certificate revocation checks on" "Publisher's -certificate only" and also "Check for certificate revocation using" "Certificate Revocation Lists -(CRLs)." You can see the defaults here, and we're going to deliver those using PolicyPak. - -Let's go ahead and do that now. That is going to live under "Adv/Cert Rev Checks." We want to -deliver "Publisher's certificate only" and "Certificate Revocation Lists (CRLs)." Let's just start -right there and see that those settings are deployed. - -We'll go ahead and click "OK" and go over here. Our machine is in the right OU to pick these up. It -doesn't matter what user we're logged in as because PolicyPak will pick up the directive because -we're deploying this on the computer side. Let's just see that these directives took hold before we -continue onward. - -OK, let's go ahead and rerun "Java" here. The first thing, you can see the "Updates" tab is -completely gone. Now you know that Java is not going to be prompting users for auto-updates. If you -don't see the tab, you know you've done that part right. - -If we go to "Advanced here," we can go down to those two things that we delivered: "Perform -certificate revocation checks on." PolicyPak has delivered the right setting for each of those guys. - -Let's pretend to be naughty and work around the settings there. In fact, you can see these settings -are related. If you do something like this, which is naughty and which you don't want the users to -do, the next time "Java" is run PolicyPak is always working and will automatically redeliver those -settings. I didn't have to do anything. PolicyPak is just always working for you. - -I'll show you again just to show you one more time. The user is being naughty doing this naughty -thing they shouldn't do changing it to something like that. The next time "Java" runs or Group -Policy reapplies, it puts it right back. That's the first piece. - -The second thing that I wanted to demonstrate is the ability to deploy UI lockdown for not all but -many of the settings here in the "Advanced" tab here. Let me go ahead and do that. What I'll do is -I'll go back to my configuration, and I'll just pick a couple of things to just get started on here. - -For instance, if I wanted to go to "Adv/Adv 1" just to pick a couple to hang our hats on, let's say -I wanted to enable "Debugging" and I wanted to lockdown these settings down, you check on the -checkbox or the radio button and right click and "Lockdown this setting using the system-wide config -file." I'll do that for two of those three settings. - -Another popular setting is here in "Adv/Adv Sec": "Use certificates in keys and browser keystore." -If you want to guarantee that setting is in fact checked, you can check it, underline it and -"Lockdown this setting using the system-wide config file." I'll do that and also do "Use SSL 3.0." - -That's it for now. I'll go ahead and click those guys, click back over here and run "gpupdate" and -let's see that the effects took hold. We'll go ahead and click on "Java" here and click on advanced. -You can see we've delivered them, and we've locked down those settings here. If we go down, there we -go. We've delivered "Use certificates and keys in browser keystore" and "Use SSL 3.0," and they're -locked out and users can't work around it. - -Again, most – not all – of the settings are available for system-wide lockout as I've described. If -you need more information on which ones are and which ones aren't, just read the Read Me file. -Hopefully, this gives you some idea of how to use it. - -If you want, you can sign off now. This is the "how to use it." If you're interested in what's going -on underneath the hood in this video here, I'm going to continue onward here. In order to do that, -I'm going to run the PolicyPak Design Studio. Some people may be interested in understanding one key -element here, which is the restrictions. How do we know this is always going to work only on, say, -Windows 7 and later for a particular Java. - -What I'm going to do is "Load a project from XMIL file" here. Again, you have access to all these as -well. We'll go to the download. We'll go to "Oracle Java for Windows 7 Version 7 45" and open it up. - -We have this idea inside the project of this thing called internal or "Predefined Item-Level -Targeting" filters. What I'm doing is I'm specifying that this will only fire off when the right -version of Java is there. This version of Java is 45, so it really expands to version "7.0.450.0" -and who knows what the next version will be. I've tied down the project specifically here with -internal item-level targeting filters so that it must match the right version of Java or the -settings don't get applied. - -What's that I hear you crying? You don't like that? You want to try to make these settings work -regardless? You're welcome to clear out the filters, recompile the Pak and it will work that way. -Again, this is somewhat on a technical side. This gets into the Pak about why the Pak will deliver -settings expressly and only to Java 7u45. - -If you take a look at the older Paks, the ones that are before this one just to go a little earlier, -it should really say version 7 40 and earlier. First of all, the Pak looks a lot different. For this -latest version, we've made it look a lot more closely. But underneath the hood, the predefined -conditions just checked that the operating system is Windows 7. - -I'm telling you this so that many of the settings in the old Pak will work perfectly going forward, -but this time we made a decision to specify with internal or "Predefined Item-Level Targeting" -filters for the latest Pak, the 45 Pak, to only apply when the machine actually has that version of -Java and not any sooner. - -I hope that gives you some idea of what's going on underneath the hood and gives you some ammunition -to get started. Sorry for the extra-long video here, but Java is one of those things that people -really, really want to see and understand, and I thought it might be worth going through a little -bit of extra time and effort going through that. - -Thanks so very much. If you have any questions about any of our preconfigured Paks – about how they -work, why, what's going on – the first place to get started is the community forum. Please post your -"how do I" questions, especially about preconfigured Paks, to the community forum and we will answer -them, and the answers we provide there will help everybody. - -Thanks so very much, and we'll talk to you soon. diff --git a/docs/endpointpolicymanager/archive/overview.md b/docs/endpointpolicymanager/archive/overview.md deleted file mode 100644 index 4c9e768d87..0000000000 --- a/docs/endpointpolicymanager/archive/overview.md +++ /dev/null @@ -1,33 +0,0 @@ -# Archive - -See the following Knowledge Base articles and Video topics that have been archived. This is a list -of archived Knowledge Base articles and video topics. - -- [ADM/X Files – why they cannot prevent user shenanigans](/docs/endpointpolicymanager/archive/admxfiles.md) -- [Manage Different Users In The Same OU (And Reduce Number of GPOs) With Endpoint Policy Manager ](/docs/endpointpolicymanager/archive/differentusers.md) -- [Mass Deploy the Endpoint Policy Manager CSE using GPSI](/docs/endpointpolicymanager/archive/massdeploy.md) -- [Upgrading the CSE using GPSI](/docs/endpointpolicymanager/archive/upgrading.md) -- [Endpoint Policy Manager: Use the DesignStudio to manage FireFox's about:config settings](/docs/endpointpolicymanager/archive/designstudiofirefox.md) -- [Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud](/docs/endpointpolicymanager/archive/cloud.md) -- [Understanding ADM-ADMX files Tattooing (and what to do about it)](/docs/endpointpolicymanager/archive/tattooing.md) -- [Endpoint Policy Manager: Manage InfranView using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/archive/infranview.md) -- [Endpoint Policy Manager: Manage Opera Next using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/archive/operanext.md) -- [Endpoint Policy Manager: Manage GoToMeeting using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/archive/gotomeeting.md) -- [Endpoint Policy Manager Configure PARCC Testing Configuration Stations using Endpoint Policy Manager to prevent pop-ups](/docs/endpointpolicymanager/archive/parcctesting.md) -- [Endpoint Policy Manager: Manage VMware Workstation Hardware and Options](/docs/endpointpolicymanager/archive/vmware.md) -- [Endpoint Policy Manager: Manage and lockdown a specific VMware Workstation's VMX file settings](/docs/endpointpolicymanager/archive/vmwarefilesettings.md) -- [Endpoint Policy Manager: Manage Java 7u45 using Group Policy](/docs/endpointpolicymanager/archive/java.md) -- [Endpoint Policy Manager and VMware Horizon Mirage](/docs/endpointpolicymanager/archive/vmwarehorizonmirage.md) -- [Lockdown Microsoft Office Suite 2013](/docs/endpointpolicymanager/archive/office2013.md) -- [Endpoint Policy ManagerPreferences with Endpoint Policy Manager Exporter](/docs/endpointpolicymanager/archive/preferencesexporter.md) -- [Endpoint Policy Manager Using Endpoint Policy Manager DesignStudio to modify the Java Paks for XP](/docs/endpointpolicymanager/archive/designstudiojava.md) -- [Internet Explorer 10 and Internet Explorer Maintenance – the whole story](/docs/endpointpolicymanager/archive/ie10.md) -- [Nuke mode, and why users can avoid your GPprefs settings](/docs/endpointpolicymanager/archive/modenuke.md) -- [Endpoint Policy Manager: Manage Acrobat X Pro Using Group Policy](/docs/endpointpolicymanager/archive/acrobatxpro.md) -- [Endpoint Policy Manager: Manage Internet Explorer (IE9) Using Group Policy](/docs/endpointpolicymanager/archive/ie9.md) -- [Endpoint Policy Manager supplements VMware View](/docs/endpointpolicymanager/archive/vmwaresupplements.md) -- [Endpoint Policy Manager: Manage Xenapp applications using Group Policy](/docs/endpointpolicymanager/archive/xenapp.md) -- [Endpoint Policy Manager 3.5 Applock Update Behavior Change](/docs/endpointpolicymanager/archive/applock.md) -- [Endpoint Policy Manager and Symantec Workspace Streaming and Virtualization](/docs/endpointpolicymanager/archive/symantecworkspace.md) -- [The CSE auto-updater feature appears to not be working. What can I do?](/docs/endpointpolicymanager/archive/autoupdater.md) -- [Group Policy Preferences: Item Level Targeting](/docs/endpointpolicymanager/archive/itemleveltartgeting.md) diff --git a/docs/endpointpolicymanager/archive/xenapp.md b/docs/endpointpolicymanager/archive/xenapp.md deleted file mode 100644 index 1624341b4d..0000000000 --- a/docs/endpointpolicymanager/archive/xenapp.md +++ /dev/null @@ -1,121 +0,0 @@ -# Endpoint Policy Manager: Manage Xenapp applications using Group Policy - -Citrix Xenapp receiver is missing the ability to receive Group Policy settings. It is also missing -the ability to truly lock down your applications so users cannot work around your settings. In this -demonstration, see how Netwrix Endpoint Policy Manager (formerly PolicyPak) enables Xenapp -environments to truly receive Group Policy settings for any Xenapp application, plus lock those -applications down so users cannot work around your important IT and security settings - -### PolicyPak enhances XenApp with Group Policy video transcript - -Hi, everybody. This is Jeremy Moskowitz, Microsoft MVP, Enterprise Mobility and Founder of PolicyPak -Software. In this video, I'm going to show you how to use PolicyPak to manage XenApp deployed -applications using Group Policy. - -Let's go ahead and get started. Let me go ahead and logon as some guy, "westsalesuser2." Let's take -a look at what stuff he's got. Here's his XenApp world. - -Let's say he decides to run "WinZip" for the first time. Sure, we'll go ahead and do all that stuff. -Go ahead and run WinZip for the very first time as the user. The Citrix receiver will do its thing, -as you can see here.Once it's done, what you're going to see immediately is that the settings you -want them to get he's not going to get at all. - -For instance, if there's a security setting in this application – and I just happen to be using -WinZip as an example – like setting the "Minimum password length" or ensuring that certain security -settings need to be set, there's really no way to deploy guaranteed settings into your Xen -Appapplications unless you're using PolicyPak. - -You might try to use the Group Policy preferences and that might work for some of the cases, but if -your applications don't use registry punches that's going to be a problem. Also, the Group Policy -preferences can't perform UI lockout. We're going to see both of those things in this little -demonstration. - -Here, what I want to try to do is I want to dictate some of these important password settings and -also eliminate some of the confusion that a user might have when using this particular application. - -Let's also take a look at Firefox as the user, as well. We go ahead and we run "Mozilla Firefox" -here. The Citrix receiver does its thing, downloads a little bit of Firefox here and it's presenting -it to us. Here we go. - -Maybe we want to make sure that the "Home Page" is always up-to-date – there's the home page – and -certain "Security" settings aren't worked around. Like if a user does something nasty like that and -they uncheck these settings, that wouldn't be good. - -What we're going to do now is we'll go ahead and close out right here on the Citrix receiver. We'll -go to Group Policy here. For all of our "West Sales Users" we're going to "Dictate Winzip and -Firefox settings to XenApp users." We'll do two things at once just to accelerate things a little -bit. - -On the user side under "PolicyPak/Applications," it's as simple as right click, -"New/Application."Actually, we have over 35 preconfigured paks, but for this demonstration I'm going -to show you WinZip first and then Firefox second. - -Here's "PolicyPak for WinZip14 and 15." Let's go ahead and go right to "Passwords." We'll click all -these checkboxes just to prove a point. We'll right click over this guy and "Hide corresponding -control in target application,"and we'll "Disable corresponding control in target application"for -this second setting. - -Not only are we checking the checkboxes, but we're going to literally change the UI in the -application. So no matter what Citrix receiver you're using – if you happen to be using an old XP -machine like I have up here or Win7 machine or an iPad or an iPhone –you're going to get the UI that -you want them to have. - -We'll go over to "Cameras," right click over this and "Disable whole tab in target -application."We'll make it hard for them to work around our settings. - -Also while we're here, we'll go to "PolicyPak/Applications/New/Application"and we'll go to -"PolicyPak for Mozilla Firefox."Like I said, what we want to do here is we want to for the "Home -Page" we'll do this "www.endpointpolicymanager.com." - -Then while we're here, we'll also go to "Security." Well, remember, that user unchecked those -checkboxes. Let's make sure that those checkboxes, those important security things, are in fact -always set. - -Now let's go back over to the user. We'll click on our "XPComputer32" machine here. It doesn't -really matter. Any Citrix receiver will work. Go to "westsalesuser2." We'll give credentials, -"Fabrikam.com" here. - -We'll go ahead and run "WinZip," and let's see what we see now as a user. We'll go ahead and go to -"Options/Configuration…" and go over to "Passwords," and there we go. We've dictated those important -settings exactly like what we wanted. - -Can you see that right there under "Cameras"? "Cameras" is totally grayed out. We've locked out that -portion of the UI so the user can't work around it. If a user does try to work around our settings, -well, the next time Group Policy applies it'll automatically dictate those settings back to them. -But if you wanted to, you could simply gray out those settings for them. - -Let's see how Firefox did. Let's go ahead and close our WinZip. We'll run "Mozilla Firefox" now. The -Citrix receiver is doing its thing. There we go. Now we can see we've got the PolicyPak home page -delivered to our Firefox. - -If we go to "Options" here and we take a look, sure enough those "Security" settings are -re-dictated. If we uncheck these checkboxes or change the home page to something we shouldn't do – -we'll go to "www.evil.com." I have no idea if that's a real website or not. - -If we try to rerun "Mozilla Firefox" at this point, let's go ahead and see what happens. Right back -to PolicyPak. Go to "Options" right there, and we've put the settings right back. Even if a user -does try to work around our settings, at their very next session for Firefox it will come back and -ensure those security settings. - -That is the deal. With PolicyPak, you are now able to deliver the settings to any of your -applications no matter what receiver they're running on. If we were to go to another computer here – -"westsalesuser2," same guy or a different guy in the same OU, "Fabrikam.com" – as soon as he runs -"Mozilla Firefox,"for instance, as soon as he runs that application he's going to get the exact same -settings again dictated through Group Policy every single time.. - -There it is, PolicyPak. If he goes to the "Security" settings, they're guaranteed. If he tries to -uncheck those settings here, no problem. The very next time he tries to run the application, those -settings will return again and again. - -Users are not able to work around your preconfigured, set settings. That is the whole point of -PolicyPak. You can deliver settings to installed applications. You can deliver settings to ThinApp -applications. You can deliver settings to App-V applications, and you can deliver settings to XenApp -applications. - -PolicyPak basically enables you, using the Group Policy infrastructure you already have, to dictate -settings and lock things down for any application regardless of how that application is delivered. - -I hope you had fun watching this demonstration of PolicyPak and XenApp. If you have any questions, -we're happy to help. - -Thanks so much, and we'll talk to you soon. diff --git a/docs/endpointpolicymanager/browserrouter/commandlinearguments.md b/docs/endpointpolicymanager/browserrouter/commandlinearguments.md deleted file mode 100644 index 6c2fc05f80..0000000000 --- a/docs/endpointpolicymanager/browserrouter/commandlinearguments.md +++ /dev/null @@ -1,31 +0,0 @@ -# Using Command Line Arguments - -This feature enables you to create a route in situations where you start off in the wrong browser -and want to open up the right browser, with specific options such as  `-incognito` for Chrome and -`-private-window` for Firefox, or launch a custom App-V virtualized Internet Explorer plugin like -this one: - -``` --noframemerging /appwe:76d7f387-c5c4-44a9-8982-cca6124a6aec.  -``` - -Below is an example of launching www.abc.com in Chrome's incognito mode. - -![about_policypak_browser_router_21](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_21.webp) - -Note how you must specifically include **%url%** to specify where the URL will reside on the command -line. Just selecting **incognito** by itself is not enough. The **%url%** will populate the correct -URL, and it is up to you to place it correctly within the command line arguments structure, based on -your needs. - -Another use for the **Custom** policy that utilizes command line arguments might be if you want to -launch a specific non-browser application instead of launching an actual browser. For example, one -use might be to launch a Remote Desktop Protocol (RDP) session that calls a remote program, which -would usually be a browser on the RDP machine. - -To do this, select **Custom** for the browser type. Then set the **Command Line Arguments** field to -**Yes**. Finally, in the **Custom Browser Path** and **Command Line Arguments** field, specify the -application you want to launch (as in, MSTSC) and the command line arguments to pass (as in, -`c:\temp\file1.rdp /v:server1 8080`). - -![about_policypak_browser_router_22](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_22.webp) diff --git a/docs/endpointpolicymanager/browserrouter/defaultbrowser/overview.md b/docs/endpointpolicymanager/browserrouter/defaultbrowser/overview.md deleted file mode 100644 index 7d103e41ec..0000000000 --- a/docs/endpointpolicymanager/browserrouter/defaultbrowser/overview.md +++ /dev/null @@ -1,32 +0,0 @@ -# Understanding Default Browser Policies - -In the previous example, you used the **New Default Browser** policy to set the default browser to -Internet Explorer. In this way, Internet Explorer only would be used when users click on an external -link (e.g., from an email) and there is no other rule routing to a specific browser. Any of the -browsers can be the default, but only one can be chosen as the default. Additionally, there is a -special browser called **User Selectable**. Below you can see how to select the default browser. - -**NOTE:** For an overview of the User Selectable option, see -[Endpoint Policy Manager Browser Router User-Selected Default](/docs/endpointpolicymanager/video/browserrouter/userselecteddefault.md). - -![about_policypak_browser_router_11](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/about_endpointpolicymanager_browser_router_11.webp) - -The **User Selectable** option enables the user to specify their desired default browser as Internet -Explorer, Edge, Chrome, or Firefox. The Endpoint Policy Manager engine "learns" this setting at the -next Group Policy background update (or if GPupdate is manually invoked). This means there could be -a situation where the user changes their default browser, but then logs off before Group Policy -re-applies to capture their desired setting. If this is the case, Endpoint Policy Manager cannot -"learn" the user's desired defaults until the user changes the setting and Group Policy re-applies -it in the background. - -You might also want to specify a default browser one time and then drift. In other words, the user -is assigned a default browser the first time they open a URL but can then change the default browser -to one of their own choosing. In this case, we select the same settings as last time except we -choose to apply the rule only one time, as sown below - -![about_policypak_browser_router_12](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/about_endpointpolicymanager_browser_router_12.webp) - -Users can then change the default browser to their own liking, even though their settings show that -the web browser is managed by their organization. - -![about_policypak_browser_router_13](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/about_endpointpolicymanager_browser_router_13.webp) diff --git a/docs/endpointpolicymanager/browserrouter/editpolicytemplate/commandlinearguments.md b/docs/endpointpolicymanager/browserrouter/editpolicytemplate/commandlinearguments.md deleted file mode 100644 index 4f430cefb6..0000000000 --- a/docs/endpointpolicymanager/browserrouter/editpolicytemplate/commandlinearguments.md +++ /dev/null @@ -1,29 +0,0 @@ -# Does Endpoint Policy Manager Manage Chrome or Edge "Flags"? - -Chrome supports command-line switches, also called flags. They allow you to run Chrome with special -options that allow you to enable or disable a particular feature by modifying the default -functionality. - -In this topic we show how to use flags or a command-line switch for Google Chrome with Netwrix -Endpoint Policy Manager (formerly PolicyPak) Browser Router. - -For a complete list of Chromium command-line switches, see -[https://peter.sh/experiments/chromium-command-line-switches/](https://peter.sh/experiments/chromium-command-line-switches/). - -## Launching a URL in Incognito mode: - -For example, if you want to launch a specific URL under an incognito mode, you need to configure the -PPBR rule as shown below. - -**NOTE:** Please note that the syntax `%url%` is case sensitive. - -![881_1_image-20221228073914-1](/img/product_docs/endpointpolicymanager/browserrouter/editpolicytemplate/881_1_image-20221228073914-1.webp) - -**NOTE:** Please note that Chromium often removes a flag's support or replaces it with ADMX -settings. - -For example, a command-line to disable Google Translate `--disable-translate` is not supported -anymore and it is replaced with -[https://chromeenterprise.google/policies/#TranslateEnabled](https://chromeenterprise.google/policies/#httpschromeenterprisegooglepoliciestranslateenabled). - -**CAUTION:** Command line arguments don't work when the source and target browsers are the same. diff --git a/docs/endpointpolicymanager/browserrouter/editpolicytemplate/securityzone.md b/docs/endpointpolicymanager/browserrouter/editpolicytemplate/securityzone.md deleted file mode 100644 index b99198d60b..0000000000 --- a/docs/endpointpolicymanager/browserrouter/editpolicytemplate/securityzone.md +++ /dev/null @@ -1,13 +0,0 @@ -# Is it possible to prevent all Internet websites, but allow just a few? (Blacklist websites, whitelist some?) - -This is possible, using the Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router. - -**Step 1 –** Set up a rule (route as seen in this example. Specify that the Internet Security Zone -is set to BLOCK. - -![170_1_image001](/img/product_docs/endpointpolicymanager/browserrouter/editpolicytemplate/170_1_image001.webp) - -**Step 2 –** Then, make other rules which route to the websites you want. Finally, ensure your -blocking policy is last in the list, so all whitelisted items will process before the blockitem. - -![170_2_image002](/img/product_docs/endpointpolicymanager/browserrouter/editpolicytemplate/170_2_image002.webp) diff --git a/docs/endpointpolicymanager/browserrouter/exportcollections.md b/docs/endpointpolicymanager/browserrouter/exportcollections.md deleted file mode 100644 index 8575e5e285..0000000000 --- a/docs/endpointpolicymanager/browserrouter/exportcollections.md +++ /dev/null @@ -1,22 +0,0 @@ -# Exporting Collections - -Advanced Concepts explains how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint -Policy Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, -your own MDM service, or Endpoint Policy Manager Cloud. - -To export a policy for later use using Endpoint Policy Manager Exporter or Endpoint Policy Manager -Cloud, follow thee steps: - -![about_policypak_browser_router_47](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_47.webp) - -**Step 1 –** Right-click the collection or the policy and select **Export to XML**. This enables you -to save an XML file for later use. - -![about_policypak_browser_router_48](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_48.webp) - -Choose a policy and select Export to XML. - -**NOTE:** Exported collections or policies maintain any Item-Level Targeting that is set. Endpoint -Policy Manager Browser Router policies are always contained within collections, even if you export -one single policy. In other words, a collection is automatically created at the time of export if -you export a single policy. diff --git a/docs/endpointpolicymanager/browserrouter/internetexplorer/overview.md b/docs/endpointpolicymanager/browserrouter/internetexplorer/overview.md deleted file mode 100644 index 4c4e8d5e90..0000000000 --- a/docs/endpointpolicymanager/browserrouter/internetexplorer/overview.md +++ /dev/null @@ -1,70 +0,0 @@ -# Understanding Browser Router and Internet Explorer - -Endpoint Policy Manager Browser Router has special functions for managing Internet Explorer. First, -you can set Internet Explorer 11's Enterprise Mode and Document Modes for an individual website. -Second, there are also two overriding policies that help route many websites to Internet Explorer, -which is something that IT departments often want to do. - -## Setting Internet Explorer Enterprise Modes and Document Modes - -Internet Explorer 11, when patched to certain levels, will embrace Enterprise Mode (EM) and Document -Modes (DM). Internet Explorer 11 EM and DM enable you to tell Internet Explorer 11 how to render -certain websites for a more compatible view. - -**NOTE:** To get an overview of Endpoint Policy Manager Browser Router and Internet Explorer 11's -Enterprise and Document Modes, please see -[http://www.endpointpolicymanager.com/video/endpointpolicymanager-browser-router-enterprise-and-document-modes.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-browser-router-block-web-sites-from-opening-in-all-browsers.html). - -**NOTE:** To learn more about Internet Explorer 11 Enterprise and Document Modes, see the following -Microsoft websites: Enterprise Mode is at: -[Internet Explorer to Endpoint Policy Manager Browser Router Site lists](/docs/endpointpolicymanager/video/browserrouter/iesitelists.md) -and Document Modes is at: -[https://technet.microsoft.com/en-us/library/dn321432.aspx](http://www.endpointpolicymanager.com/video/endpointpolicymanager-using-pp-browser-router-on-citrix-or-rds-servers-with-published-browser-applications.html). - -**CAUTION:** This Endpoint Policy Manager Browser Router method is meant to replace the Microsoft -method of creating Enterprise Mode site lists. Do not try to use Microsoft's list (explained in the -Microsoft URL above) along with Endpoint Policy Manager Browser Router's function. Only use Endpoint -Policy Manager Browser Router to perform this function. - -Using Endpoint Policy Manager Browser Router, you can require particular websites to use a specific -Internet Explorer Enterprise Mode or Document Mode. - -![about_policypak_browser_router_25](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_25.webp) - -Internet Explorer 11's Enterprise Mode has two specifications: v1 and v2. Endpoint Policy Manager -Browser Router automatically detectsthe version of Internet Explorer installed on your endpoint -machines and write the Enterprise site list based on the correct specification. Note that **PORT** -is not supported in the Internet Explorer EM v1 specification, and as such, is ignored when v1 site -lists must be used. - -**NOTE:** Site lists for v2 are automatically created and used when Windows 10 and Internet Explorer -11 (version 11.0.10586.\*) are detected. Site lists for v1 are used in all other circumstances. - -Note the checkbox labeled **Don't make a route**. If the user is already using Firefox or Chrome and -goes to this website, Internet Explorer will always open when **Don't make a route** is unchecked. -When it is checked, the user is free to use Firefox or Chrome on this website, and they will only -see the Internet Explorer Document Mode set when they specifically select Internet Explorer. This -gives you the ability to use Endpoint Policy Manager Browser Router to manage the Internet Explorer -Enterprise Mode site list without having to force users to specifically use Internet Explorer and -impose a route. - -You can easily see if Endpoint Policy Manager Browser Router and the Internet Explorer 11 Enterprise -Mode are working. There's an Internet Explorer 11 EM icon in the title bar next to the address bar -that demonstrates that EM is active. - -![about_policypak_browser_router_26](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_26.webp) - -If you've chosen to use one of the Internet Explorer Document Modes, you might have a hard time -locating them if they are applying correctly since they are difficult to see. For instance, here -we've set a page to display in IE5 Document Mode using Endpoint Policy Manager Browser Router. - -![about_policypak_browser_router_27](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_27.webp) - -When users visit the website at this point, Endpoint Policy Manager Browser Router correctly sets -the IE Document Mode accordingly. To see the DM, you need to press F12 within Internet Explorer 11 -for **Developer Tools**, and then click the Emulation tab. - -![about_policypak_browser_router_28](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_28.webp) - -In this way, you can easily create routes for all webpages that need special rendering modes using -Endpoint Policy Manager Browser Router. diff --git a/docs/endpointpolicymanager/browserrouter/itemleveltargeting.md b/docs/endpointpolicymanager/browserrouter/itemleveltargeting.md deleted file mode 100644 index d8e1eba5e0..0000000000 --- a/docs/endpointpolicymanager/browserrouter/itemleveltargeting.md +++ /dev/null @@ -1,64 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint -Policy Manager to target or filter where specific items will apply. With Endpoint Policy Manager -Browser Router, Item-Level Targeting can be used with collections as well as Browser Router policies -within collections. - -To do this, right-click **Collection** and select **Change Item Level Targeting** - -![about_policypak_browser_router_37](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_37.webp) - -Alternatively, within a Browser Router policy, you can dictate when a policy will apply by clicking -**Item Level Targeting**. - -![about_policypak_browser_router_38](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_38.webp) - -The **Edit Item Level Targeting** menu item brings up the **Targeting Editor**. You can select any -combination of characteristics you want to test for. Administrators familiar with Group Policy -Preferences' Item-Level Targeting will be at home in this interface as it is functionally -equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically. You can also add targeting collections, which group together targeting items in much the -same way parentheses are used in an equation. In this way, you can create a complex determination -about where a policy will be applied. Collections may be set to **And**, **Or**, **Is**, or **Is -Not**. - -![about_policypak_browser_router_39](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_39.webp) - -In this example, the Pak would only apply to Windows 10 machines when the machine is portable and -the user is in the FABRIKAM\Traveling Sales Users group. - -Below are some real-world examples of how you can use Item-Level Targeting. - -- Software prerequisites - If you want to configure an application's settings, first make sure the - application is installed on the user's computer before configuring it. You can use **File Match** - or **Registry Match** targeting items (or both) to verify a specific version of a file or a - registry entry is present. For an example of this, look in the Uninstall registry key. -- Mobile computers - If you want to deploy settings exclusively for users on mobile PCs, filter the - rule to apply only to mobile PCs by using the **Portable Computer** targeting item. -- Operating system version - You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system, then filter each - rule using the **Operating System** targeting item. -- Group membership - You can link the **Group Policy Object** (GPO) to the whole domain or - organizational unit (OU), but only members within a specific group will pick up and process the - rule settings. -- IP range - You can specify different settings for various IP ranges, like different settings for - the home office and each field office. - -Close the editor when done. You canl see that the collection's icon has changed to orange, which -shows that it now has Item-Level Targeting on the whole collection. In other words, none of the -items in the collection will apply unless the Item-Level Targeting on the collection evaluates to -**True**. - -![about_policypak_browser_router_40](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_40.webp) - -Within the collection, if you set Item-Level Targeting within any policy, you'll see the icon turn -orange, and the Item-Level Targeting column will indicate if Item-Level Targeting is on **Yes** or -off **No**. - -![about_policypak_browser_router_41](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_41.webp) - -This feature allows you toadd very granular filters. First, filter with Item-Level Targeting in a -collection, and then filter on any specific rule if any Item-Level Targeting is applied there. diff --git a/docs/endpointpolicymanager/browserrouter/navigation.md b/docs/endpointpolicymanager/browserrouter/navigation.md deleted file mode 100644 index 212203c8c4..0000000000 --- a/docs/endpointpolicymanager/browserrouter/navigation.md +++ /dev/null @@ -1,89 +0,0 @@ -# Getting to Know Browser Router - -Endpoint Policy Manager Browser Router editor is located in the Endpoint Policy Manager node. -Endpoint Policy Manager Browser Router enables you to create a new Endpoint Policy Manager Browser -Router policy or collection. - -**NOTE:** The Browser Router node is only visible with the latest Admin Console MSI installed on -your management station. - -![about_policypak_browser_router](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router.webp) - -All Endpoint Policy Manager Browser Router policies must always reside within collections. There are -two steps for this. - -![about_policypak_browser_router_1](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_1.webp) - -**Step 1 –** Create and name a collection. - -**Step 2 –** Put Browser Router policies (or other collections) inside the collection. - -![about_policypak_browser_router_2](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_2.webp) - -You can create collections and policies within collections on either the User or Computer side (or -both). Endpoint Policy Manager Browser Router has a precedence order if you decide to have multiple -policies, collections, or GPOs, or when you choose to use a "on-Group Policy method to deliver -settings. - -For more in formation on this, please see the section on -[Understanding Processing Order and Precedence](/docs/endpointpolicymanager/browserrouter/processorderprecedence.md). - -To complete the Quickstart examples, we recommend creating a collection on the User side. Next,, -create a new Browser Router policy, similar to the one shown below. In this example, we are routing -all requests for www.microsoft.com to Internet Explorer. - -![about_policypak_browser_router_3](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_3.webp) - -Once you click **OK**, you'll get an entry such as the one shown below. - -![about_policypak_browser_router_4](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_4.webp) - -If you'd like to follow along, create two more Browser Router policies in the same collection. In -the next example, we will route www.GPanswers.com to Firefox. - -![about_policypak_browser_router_5](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_5.webp) - -Click OK to save the entry. - -Create another policy to route \*.endpointpolicymanager.com to Edge. - -![about_policypak_browser_router_6](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_6.webp) - -Last, create an entry for **New Default Browser**. - -![about_policypak_browser_router_7](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_7.webp) - -After you do this, a dialog box with limited options appear. You can only choose a default browser, -which will be Chrome. - -![about_policypak_browser_router_8](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_8.webp) - -When you've finished these actions, your entries will resemble these. - -![about_policypak_browser_router_9](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_9.webp) - -Below is an explanation of each column in the editor: - -- Setting - This is the name you gave the policy. The default browser is always named Default - Browser. -- Enabled (True/False) - A policy entry can be enabled, which means it will go to work. If you need - to temporarily stop a policy entry from applying, you can disable it (set it to False). -- Scope - This is either User or Computer, depending on what side of the GPO you are on. -- Item-Level Targeting (No/Yes) - See the section on "Using Item-Level Targeting with Collections - and Policies"for mre information on this. -- Browser - This column lists what browser a particular entry will route to. -- Pattern - Explains what type of pattern (rules) we are following. The types are URL, Wildcard, - RegEx, and Internet Security Zone. - -On the endpoint, log on as a user who gets the GPO (or run GPupdate if the user is already logged -on). Make sure that Internet Explorer, Firefox, and Chrome are all installed. You will be ready to -go if you followed along with the Endpoint Policy Manager Browser Router Quickstart, created a new -Wordpad document, and typed in each URL (www.microsoft.com, www.gpanswers.com, -[www.endpointpolicymanager.com](https://technet.microsoft.com/en-us/library/dn321432.aspx)). Next, type in a URL -that is unrelated to anything, such as www.abc.com. Based on the rules, the correct browser is -opened for each URL. - -![about_policypak_browser_router_10](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_10.webp) - -Notice that since there was no rule for www.abc.com, the overriding Default Browser rule took effect -and launched Internet Explorer. diff --git a/docs/endpointpolicymanager/browserrouter/overview.md b/docs/endpointpolicymanager/browserrouter/overview.md deleted file mode 100644 index 52281de12b..0000000000 --- a/docs/endpointpolicymanager/browserrouter/overview.md +++ /dev/null @@ -1,93 +0,0 @@ -# Browser Router - -**NOTE:** Before reading this section, please ensure you have read -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which explain how to: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the sectionon **Advanced Concepts on Group -Policy and non-Group Policy methods** (MEMCM, KACE, and MDM service or Netwrix Endpoint Policy -Manager (formerly PolicyPak) Cloud), located -in[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md). This information on -how to deploy your directives. - -**NOTE:** Watch this video for an overview of Endpoint Policy Manager Browser Router: -[](http://www.endpointpolicymanager.com/video/endpointpolicymanager-browser-router-ensure-users-utilize-the-right-browser-for-the-right-website.html)[Ensure users utilize the RIGHT browser for the right website !](/docs/endpointpolicymanager/video/browserrouter/rightbrowser.md). - -Let's say you wanted to apply the following routing policies: - -- www.microsoft.com is set to Internet Explorer. -- www.gpanswers.com is set to Firefox. -- \*.endpointpolicymanager.com is set to Edge. -- abc.endpointpolicymanager.com is set to Firefox via App-V. -- xyz.endpointpolicymanager.com is set to Chrome via ThinApp. -- All websites with \*xxx\* in the name are blocked; that is, a browser will not launch for them. - -With Endpoint Policy Manager Browser Router, you can apply all of the above policies and more. -Browser Router enables you to perform the following functions: - -- Assemble settings (policies) into collections. -- Set Item-Level Targeting on policies and collections. -- Deliver user-side policies to the Computer side without Group Policy Loopback mode. -- Create exact criteria for when specific websites should open, and in which browser. -- Export policies or collections as XML files (which can be used with Endpoint Policy Manager - Exporter and Endpoint Policy Manager Cloud). See - [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) for more details. -- Set custom messages when you have blocked a website. -- Dynamically set Internet Explorer 11 Enterprise Mode (IE 11 EM) and Document Modes site lists. -- Automatically write Internet Explorer 11 EM version 1 or version 2 site lists, based on the - machine type. -- Route all intranet traffic from Microsoft Edge to IE 11. -- Route all sites on Internet Explorer Site List from Edge to IE 11. - -If you would like to perform your own Quickstart with Endpoint Policy Manager Browser Router, it is -recommended that you have one endpoint (Windows 10) set up with the following browsers: - -- Internet Explorer 11 -- Firefox (latest) -- Chrome (latest) - -There are more advanced scenarios, but this will get you going quickly. - -There are a few basic ways to use Endpoint Policy Manager Browser Router. First, you can create one -or multiple Microsoft Group Policy Objects (GPOs) using Endpoint Policy Manager Browser Router. If -you use Group Policy as the delivery mechanism, that directive is deployed to client machines. -Alternatively, you can export the Endpoint Policy Manager Browser Router rules and deliver them via -the following methods: - -Microsoft Endpoint Manager (SCCM and/or Intune) - -- Systems management software -- Endpoint Policy Manager Cloud service - -The client machine with the Endpoint Policy Manager client-side extension (CSE) embraces the -directives and performs the work. - -**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy -settings over the Internet, even to non-domain-joined machines. - -**NOTE:** You can also use Endpoint Policy Manager Browser Router with your Citrix or RDS servers. -See the following video for more information: -[Using PP Browser Router on Citrix or RDS servers with published browser applications](/docs/endpointpolicymanager/video/browserrouter/citrix.md). - -## Endpoint Policy Manager Browser Router Moving Parts - -You will need the following to get started with Endpoint Policy Manager Browser Router: - -- A management station. You must install the Endpoint Policy Manager Admin Console MSI on the - management station where you create GPOs. Once it's installed, you'll see the Endpoint Policy - Manager | Endpoint Policy Manager Browser Router node. -- The Endpoint Policy Manager CSE that runs on the client (target) machine. This is the same CSE for - all Endpoint Policy Manager products; there isn't anything separate to install. The Endpoint - Policy Manager CSE must be present in order to accept Endpoint Policy Manager Security Settings - Manager directives when using Microsoft Endpoint Manager (SCCM and Intune), KACE, similar - utilities, or Endpoint Policy Manager Cloud. -- Endpoints. Endpoints must be licensed for Endpoint Policy Manager Browser Router using one of the - licensing methods. -- Endpoint Policy Manager Exporter (optional). This is a free utility that lets you take exported - Group Policy and Endpoint Policy Manager XML files and wrap them into a "portable" MSI file for - deployment using Microsoft Endpoint Manager (SCCM and Intune) or your own systems management - software. diff --git a/docs/endpointpolicymanager/browserrouter/overview/knowledgebase.md b/docs/endpointpolicymanager/browserrouter/overview/knowledgebase.md deleted file mode 100644 index 7213a41efc..0000000000 --- a/docs/endpointpolicymanager/browserrouter/overview/knowledgebase.md +++ /dev/null @@ -1,56 +0,0 @@ -# Knowledge Base - -The following is a list of Knowledge Base articles for Browser Router. - -## Installation and Uninstallation - -- [Why does Windows 8 and 10 ask me "How do you want to open this?" and how do I make it go away?](/docs/endpointpolicymanager/troubleshooting/browserrouter/install/windowsopenprompt.md) -- [I'm using SCCM to deploy the PP CSE. I want to ensure that Internet Explorer is closed during the installation of PPBR to prevent IE questions of users if they are logged in. What should I do?](/docs/endpointpolicymanager/troubleshooting/browserrouter/install/preventiequestions.md) -- [I launched IE and saw "PPBRAGENTIExIE_01.dll" or "PPBRExplorerExtension.dll" prompted for the user. What should I do?](/docs/endpointpolicymanager/troubleshooting/browserrouter/install/iepromptdll.md) -- [When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS "default browser". Why is that and is there a workaround?](/docs/endpointpolicymanager/troubleshooting/browserrouter/install/defaultbrowser.md) -- [Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10?](/docs/endpointpolicymanager/troubleshooting/browserrouter/install/twologons.md) -- [How-to manually install and enable Endpoint Policy Manager Browser Router (PPBR) extension for Google Chrome?](/docs/endpointpolicymanager/browserrouter/install/chromemanual.md) - -## Troubleshooting - -- [Troubleshooting routing between browsers.](/docs/endpointpolicymanager/troubleshooting/browserrouter/betweenbrowsers.md) -- [I'm having a "Browser Router Emergency" or some kind of critical website incompatibility. What can I do?](/docs/endpointpolicymanager/troubleshooting/browserrouter/criticalwebsiteincompatibility.md) -- [When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists?](/docs/endpointpolicymanager/troubleshooting/browserrouter/versions.md) -- [PPBRAgentExeIE_01.DLL error message occurs about Internet Explorer enhanced security. What should I do?](/docs/endpointpolicymanager/troubleshooting/error/browserrouter/dllcompatible.md) -- [Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?](/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/forceinstall.md) -- [Why don't routes work from Firefox to other browsers (in Firefox 49+) ?](/docs/endpointpolicymanager/troubleshooting/browserrouter/firefox.md) -- [Why don't routes work from IE to other browsers?](/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/fromtootherbrowsers.md) -- [Chrome and Citrix problems](/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/citrixproblems.md) -- [Why doesn't Edge to Other browser support work as expected?](/docs/endpointpolicymanager/troubleshooting/browserrouter/edge/fromtootherbroswers.md) -- [Browser router doesn't seem to work when I use a pattern, and the URL has multiple redirects.](/docs/endpointpolicymanager/troubleshooting/browserrouter/pattern.md) -- [What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) -- [What does it mean when Endpoint Policy Manager Browser Router gives a pop-up saying to contact support to my end-users?](/docs/endpointpolicymanager/troubleshooting/error/browserrouter/contactsupport.md) -- [I see the Endpoint Policy Manager Browser Router Chrome Extension is being installed, but it's not active. What can I do?](/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/extensioninactive.md) -- [How do I revert to "Legacy Browser Router Method & Features" if directed?](/docs/endpointpolicymanager/troubleshooting/browserrouter/revertlegacy.md) -- [What is the PPBR "Keep original tab open when routing / Experimental Feature" checkbox, and why must I turn it OFF for ALL routes if I'm having trouble with ONE website?](/docs/endpointpolicymanager/troubleshooting/browserrouter/editpolicytemplate/keeporiginaltab.md) -- [Why is my Wildcard rule not applying to top level WWW site?](/docs/endpointpolicymanager/troubleshooting/browserrouter/wildcardrule.md) -- [I'm attempting to use an older CSE but routing from Edge / Chrome to other browsers is not working. Why is this?](/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/routing.md) -- [How do I fix "">Endpoint Policy Manager Browser Router Chromium Extension" was automatically disabled." message in Chrome or Edge?](/docs/endpointpolicymanager/troubleshooting/error/browserrouter/automaticallydisabled.md) -- [An older CSE isn't routing from Chrome or Edge to other browsers, because the older CSE isn't downloading the latest Chrome extension. What can I do?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromerouting.md) -- [How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849)](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextension.md) -- [How can I stop websites automatically routing to Edge when I expect them to be shown in IE (and/or I get an endless loop). Why is this?](/docs/endpointpolicymanager/troubleshooting/browserrouter/edge/stop.md) -- [Hyperlinks in Adobe documents do not work when Browser Router is set as the Default Browser](/docs/endpointpolicymanager/troubleshooting/browserrouter/adobelinks.md) -- [Why does Endpoint Policy Manager PPExtensionService.exe make a call out to DNS?](/docs/endpointpolicymanager/troubleshooting/browserrouter/dnscall.md) -- [How to fix the Chrome / Edge Chromium launch issues?](/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/launch.md) -- [How does Browser Router function when Internet Explorer is removed from the machine?](/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/removed.md) -- [How to set "Choose which browser opens web links in Office365" so that Browser Router properly routes web links in Outlook](/docs/endpointpolicymanager/troubleshooting/browserrouter/office365.md) -- [How to quickly troubleshoot Endpoint Policy Manager Browser Router](/docs/endpointpolicymanager/troubleshooting/browserrouter/quick.md) - -## Tips and Tricks - -- [Which variables can I use in the Browser Router Advanced Blocking Message?](/docs/endpointpolicymanager/browserrouter/advancedblockingmessage.md) -- [How can I use Endpoint Policy Manager Browser router to force people to always use the SAME browser?](/docs/endpointpolicymanager/browserrouter/forcebrowser.md) -- [Is it possible to prevent all Internet websites, but allow just a few? (Blacklist websites, whitelist some?)](/docs/endpointpolicymanager/browserrouter/editpolicytemplate/securityzone.md) -- [What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/browserrouter/defaultbrowser/defined.md) -- [How do I suppress the pop-up of the Browser Router Chrome Extension at First run?](/docs/endpointpolicymanager/browserrouter/suppresspopup.md) -- [How to remove the Endpoint Policy Manager Browser Router Agent from the list of available Web Browser handlers under Default Apps in Windows 10](/docs/endpointpolicymanager/browserrouter/install/removeagent.md) -- [Where does Browser Router store user selected browser (and how can I fake it if I need to) in versions 2536 and later?](/docs/endpointpolicymanager/browserrouter/useselectablebrowser.md) -- [How to Configure Browser Router to use IE Document Modes in Edge IE TAB](/docs/endpointpolicymanager/browserrouter/editpolicytemplate/browsermode.md) -- [How do I change the default icon for user-created shortcuts for my default browser?](/docs/endpointpolicymanager/browserrouter/shortcuticons.md) -- [Does Endpoint Policy Manager Manage Chrome or Edge "Flags"?](/docs/endpointpolicymanager/browserrouter/editpolicytemplate/commandlinearguments.md) -- [What is PPBREdgePackage and When is it used?](/docs/endpointpolicymanager/browserrouter/edgelegacybrowser.md) diff --git a/docs/endpointpolicymanager/browserrouter/overview/videolearningcenter.md b/docs/endpointpolicymanager/browserrouter/overview/videolearningcenter.md deleted file mode 100644 index fc1e77e50f..0000000000 --- a/docs/endpointpolicymanager/browserrouter/overview/videolearningcenter.md +++ /dev/null @@ -1,35 +0,0 @@ -# Video Learning Center - -See the following Video topics for Browser Router. - -## Getting started - -- [Ensure users utilize the RIGHT browser for the right website !](/docs/endpointpolicymanager/video/browserrouter/rightbrowser.md) -- [Browser Router now with support for MS Edge](/docs/endpointpolicymanager/video/browserrouter/edgesupport.md) -- [Block web sites from opening in all browsers.](/docs/endpointpolicymanager/video/browserrouter/blockwebsites.md) -- [Endpoint Policy Manager and Edge ‘Special' policies](/docs/endpointpolicymanager/video/browserrouter/edgespecial.md) -- [Endpoint Policy Manager Browser Router and Ports](/docs/endpointpolicymanager/video/browserrouter/ports.md) -- [Endpoint Policy Manager Browser Router User-Selected Default](/docs/endpointpolicymanager/video/browserrouter/userselecteddefault.md) -- [Manage Internet Explorer 11 and Edge Compatibility, Enterprise Modes and IE-in-Edge Mode](/docs/endpointpolicymanager/video/browserrouter/ie.md) - -## Methods: Cloud, MDM, and SCCM - -- [Map the Right Website to the Right Browser using your MDM service](/docs/endpointpolicymanager/video/browserrouter/mdm.md) -- [Use PP Cloud to Manage your browsers and manage your routes to domain joined and non domain joined machines](/docs/endpointpolicymanager/video/browserrouter/cloud.md) - -## Citrix & Virtual applications - -- [Using PP Browser Router on Citrix or RDS servers with published browser applications](/docs/endpointpolicymanager/video/browserrouter/citrix.md) -- [Browser Router with Custom Browsers](/docs/endpointpolicymanager/video/browserrouter/custombrowsers.md) - -## Tips and Tricks - -- [Endpoint Policy Manager Browser Router: Set the Windows 10 Default Browser (once) then drift](/docs/endpointpolicymanager/video/browserrouter/defaultwindows10.md) -- [Browser Router now supports Chrome on Non-Domain Joined machines](/docs/endpointpolicymanager/video/browserrouter/chromenondomainjoined.md) -- [Force all websites to IE (but have some exceptions)](/docs/endpointpolicymanager/video/browserrouter/ieforce.md) -- [Use Firefox as default for ALL pages, except some pages](/docs/endpointpolicymanager/video/browserrouter/firefox.md) -- [Route all sites to Chrome, with some exceptions](/docs/endpointpolicymanager/video/browserrouter/chrome.md) -- [Route all sites to Edge (with some exceptions)](/docs/endpointpolicymanager/video/browserrouter/edge.md) -- [Internet Explorer to Endpoint Policy Manager Browser Router Site lists](/docs/endpointpolicymanager/video/browserrouter/iesitelists.md) -- [Endpoint Policy Manager Browser Router: Internet Explorer in Edge mode](/docs/endpointpolicymanager/video/browserrouter/ieedgemode.md) -- [Set the links to icons to actually show the default browser.](/docs/endpointpolicymanager/video/browserrouter/browsericon.md) diff --git a/docs/endpointpolicymanager/browserrouter/policy/block.md b/docs/endpointpolicymanager/browserrouter/policy/block.md deleted file mode 100644 index b3ef72204d..0000000000 --- a/docs/endpointpolicymanager/browserrouter/policy/block.md +++ /dev/null @@ -1,19 +0,0 @@ -# Using Block Policies - -You can block specific websites by making a rule and selecting the **Block** website type. You can -choose to provide **Block Text**, which will appear in a pop-up for the user, explaining why they -cannot visit the website. - -**NOTE:** For an overview of using Block policies, see the following video: -[Block web sites from opening in all browsers.](/docs/endpointpolicymanager/video/browserrouter/blockwebsites.md) - -![about_policypak_browser_router_16](/img/product_docs/endpointpolicymanager/browserrouter/policy/about_endpointpolicymanager_browser_router_16.webp) - -When you include text in the **Block Text** field, the endpoint will react in all browsers with a -pop-up like this one. - -![about_policypak_browser_router_17](/img/product_docs/endpointpolicymanager/browserrouter/policy/about_endpointpolicymanager_browser_router_17.webp) - -**NOTE:** If you leave the **Block Text** field empty, default text is automatically provided. - -![about_policypak_browser_router_18](/img/product_docs/endpointpolicymanager/browserrouter/policy/about_endpointpolicymanager_browser_router_18.webp) diff --git a/docs/endpointpolicymanager/browserrouter/processorderprecedence.md b/docs/endpointpolicymanager/browserrouter/processorderprecedence.md deleted file mode 100644 index e5d05ae16e..0000000000 --- a/docs/endpointpolicymanager/browserrouter/processorderprecedence.md +++ /dev/null @@ -1,87 +0,0 @@ -# Understanding Processing Order and Precedence - -When you use Endpoint Policy Manager Browser Router you might have multiple policies and/or -conflicting settings. When you do, you need to troubleshoot by understanding the processing order -and precedence order as explained in the following sections. - -## Processing Order - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So, lower-numbered collections attempt to process first, and higher-numbered collections attempt to -process last. - -![about_policypak_browser_router_42](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_42.webp) - -Within any collection, each policy is processed in numerical order from lowest to highest. - -![about_policypak_browser_router_43](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_43.webp) - -## Precedence - -Policies can be delivered by Group Policy and non-Group Policy methods, such as Microsoft Endpoint -Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As -such, the Endpoint Policy Manager engine needs to make a final determination whether there is any -overlap of policies. Here is how the precedence works: - -- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. -- Policies delivered through Endpoint Policy Manager files have the next highest precedence. -- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest - precedence. - -After that, user-side policy has precedence over computer-side (switched) policy. This is so that -you can specify a baseline setting for various computers and then have particular (overriding) -policies when specific users log on. - -If policies are on the same side, a more-specific URL pattern takes precedence over a less-specific -URL pattern. For example, mail.endpointpolicymanager.com takes precedence over \*.endpointpolicymanager.com. - -If patterns are equally specific, a pattern in a more specific policy always takes precedence over a -pattern in a less-specific policy. For example, a pattern in a GPO linked to an OU wins over a -pattern in a GPO linked to a domain (unless the OU GPO is set to **Enforced**). In other words, -Endpoint Policy Manager Browser Router honors all Group Policy rules and constructs. - -If policies are equally specific, the policy with a higher precedence (which is determined based on -the link order for GPOs and file names for XML Data policies) takes precedence. - -If policies have the same precedence (e.g., we have two patterns in the same GPO), the "last" -pattern takes precedence over previous patterns. For example, patterns in Collection 2 win over -patterns in Collection 1, and any pattern in a collection wins over all previous patterns in the -same collection. - -## Rule Precedence - -Endpoint Policy Manager Browser Router has four rule types. - -![about_policypak_browser_router_14](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_14.webp) - -The following precedence order applies to these rule types. - -| Precedence | Rule | -| ----------- | ------------- | -| Most | URL | -| Second Most | Internet Zone | -| Third Most | Wildcard | -| Last | Regex | - -For instance, if you have a specific URL rule, like google.com gets routed to Firefox, when end -users go directly to google.com, it will open in Firefox. If \*.google.com is routed to Internet -Explorer, then when users go to gmail.google.com, it will open in Internet Explorer. - -Next, we'll look at the precedence of specific rule types of Wildcard and RegEx. - -## Precedence with Wildcards - -Example precedence order with wildcards would be arranged in the following way: - -- google\* -- g\* -- \* - -## Precedence with RegEx - -Items with additional RegEx characters will be considered more specific than those with fewer RegEx -characters. So an example of priority order would be as follows: - -- (x)(.\*)(x)(.\*)(x).com -- (blue)(.\*) -- (.\*) diff --git a/docs/endpointpolicymanager/browserrouter/rules.md b/docs/endpointpolicymanager/browserrouter/rules.md deleted file mode 100644 index 3e8bd6501b..0000000000 --- a/docs/endpointpolicymanager/browserrouter/rules.md +++ /dev/null @@ -1,96 +0,0 @@ -# Understanding Browser Router Rules - -When you make a new Browser Router policy, you have several ways to make site rules: **URL**, -**Wildcard**, **RegEx**, and **Internet Security Zone**. - -![about_policypak_browser_router_14](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_14.webp) - -## Examples - -The following table shows different types of pattern rules and how they would match. Note that -**Wildcard** can be used to match against Schema, Host, Port, and Path. **RegEx** can only be used -to match against Host. - -| Pattern Rule | Example | Matches | -| -------------------------- | ----------------------------------- | ---------------------------------------------------------------------- | -| Specific URL String | www.endpointpolicymanager.com | [www.endpointpolicymanager.com](http://www.endpointpolicymanager.com/) | -| Wildcard String | www.pol\*.com | endpointpolicymanager.com, politicos.com, pollution.org | -| RegEx (Regular Expression) | (.\*)(pol)(.\*).com | SpolE.com, ESpol24.com, pol.com, etc. | -| Windows IE Zone Pattern | Trusted sites, intranet sites, etc. | All trusted sites, intranet sites, etc. | - -When a pattern matches, it is routed to the correct browser, blocked, or delivered to a custom -browser. - -![about_policypak_browser_router_15](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_15.webp) - -**NOTE:** For specific URL strings, **Apply to child URLs** is set to **yes** by default. This means -that any website that falls underneath that URL will also be affected. - -You can also select **Block**, which means Endpoint Policy Manager Browser Router won't launch the -URL in any supported browser (Internet Explorer, Firefox, or Chrome), blocking it from launching. -There is also a special type called **Custom**. This can be set to any application that the -administrator wants an end user to open a URL with. One good use for this is that you can specify a -custom entry to open virtualized browsers when using App-V or ThinApp, or route to an alternate -browser such as Opera, Vivaldi, or anything else that can open HTML pages. - -## Wildcard Matching - -While **RegEx** can only be used to match against the host name, Wildcard matching can be utilized -to match against other parts of a site identifier/URL. Patterns are not case-sensitive. A site -identifier consists of the following: - -``` -[Schema://]host[:port][/path] -``` - -where - -- **Schema** must be http, https, \*, or not specified at all. -- **host** is required and must be either a host name, wildcard host name, or \* for any host. -- **port** is optional, and if no port is specified, all ports match. -- **path** is optional, and specified as either a particular path or wildcard path. If a path is not - specified, it matches all paths on host. - -Examples of wildcard matching are shown below. - -Example 1:  Criteria matching only a host name - -Criteria: `*policy*` - -Description: Matches any port and path on a URL with a matching host name that contains the word -"policy" - -Matching examples: - -- http://www.endpointpolicymanager.com -- https://www.endpointpolicymanager.com -- http://www.endpointpolicymanager.com:1234/ -- http://www.endpointpolicymanager.com:5678/any_other_path - -Example 2:  Criteria matching all hosts and a wildcard path - -Criteria: `*/app/*Create*` - -Description: Matches any host and port with a path containing the word "Create" anywhere in the -path. Since host is always mandatory, we MUST specify \* at the beginning for ANY host: - -Matching examples: - -- http://appsvr/app/Create_user.aspx -- https://appsvr/app/Create_item.aspx -- http://appsvr:99/app/Create_prd.aspx -- http://appsvr/app/Create/newrec.aspx - -Example 3: Criteria matching a host, wildcard path, and specific port - -Criteria:`aa.com:8080/*app*/` - -Description:  Matches the aa.com host (www is implied) on port 8080 with the word "app" anywhere in -the path - -Matching examples: - -- http://www.aa.com:8080/app -- https://www.aa.com:8080/res/app/load.aspx -- http://www.aa.com:8080/lib/resapp.aspx -- http://www.aa.com:8080/ffapp/main.aspx diff --git a/docs/endpointpolicymanager/browserrouter/suppresspopup.md b/docs/endpointpolicymanager/browserrouter/suppresspopup.md deleted file mode 100644 index e84c4d6a0c..0000000000 --- a/docs/endpointpolicymanager/browserrouter/suppresspopup.md +++ /dev/null @@ -1,7 +0,0 @@ -# How do I suppress the pop-up of the Browser Router Chrome Extension at First run? - -When you use the Chrome Pak or Chrome ADMX settings you can use this setting. - -- Navigate to Policy Path: Computer `Configuration\Administrative Templates\Google\Google Chrome\` -- Policy Name: Continue running background apps when Google Chrome is closed -- Policy State: Disabled diff --git a/docs/endpointpolicymanager/cloud/concepts.md b/docs/endpointpolicymanager/cloud/concepts.md deleted file mode 100644 index 0a92ec6757..0000000000 --- a/docs/endpointpolicymanager/cloud/concepts.md +++ /dev/null @@ -1,67 +0,0 @@ -# Concepts, Logons, and Downloads - -In this section, you'll learn about: - -- The basic concepts of Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud -- Logging on to Endpoint Policy Manager Cloud -- The Endpoint Policy Manager Portal and downloading on-prem software from the Portal -- Setting up an on-prem test lab - -It is very easy to get started with Endpoint Policy Manager Cloud, and you can be up and running -within minutes. - -## Endpoint Policy Manager Cloud Concepts - -Endpoint Policy Manager Cloud is, at its core, a way to deliver directives (XML data files) from the -Endpoint Policy Manager Cloud service to client machines, where they are received and processed for -the directives you have licensed. Endpoint Policy Manager Cloud can be used with or without Active -Directory. - -![concepts_logons_and_downloads_437x399](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_437x399.webp) - -![concepts_logons_and_downloads_1_436x375](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_1_436x375.webp) - -Below are some Endpoint Policy Manager Cloud concepts: - -- Admin management station - This is a Windows system which is able to create a directive. This - Windows system connects to Endpoint Policy Manager Cloud and uploads directives. -- Directives - These are files that contain instructions to perform work. All Endpoint Policy - Manager Cloud directives are XML data files you create. -- ComponentsThese are the various functions that Endpoint Policy Manager can perform. For instance, - Endpoint Policy Manager Least Privilege Manager, Endpoint Policy Manager Browser Router, and so - on, are components. -- In-cloud editorsThese are graphical editors you can use within Endpoint Policy Manager Cloud to - create directives (XML data files). -- MMC editorThis is the same Admin Console tool an on-prem customer would typically use to create - directives and deploy them via Group Policy Object (GPO). This is needed to create directives when - there are no corresponding in-cloud editors. -- License poolThis is how many computers (maximum) you are licensed to use with Endpoint Policy - Manager Cloud. -- LicenseOne computer's use of Endpoint Policy Manager Cloud. -- Endpoint Policy Manager Cloud clientThe agent you install on a client computer to join your - Endpoint Policy Manager Cloud account and claim a license. It's the only thing you need to install - on the client machine, and when you do, the client-side extension (CSE) will be automatically - downloaded and will begin to process directives. -- Endpoint Policy Manager CSEThis is the processing piece of PolicyPak. It is automatically - downloaded after the Endpoint Policy Manager Cloud client is installed on the machine. The CSE - performs the work of processing Microsoft GPOs (as XML directives) and also Endpoint Policy - Manager directives (as XML directives). -- EndpointAny Windows machine running any currently supported version of Windows 10. The computer - may or may not be domain-joined. - -Operationally, there are no server requirements of any type with Endpoint Policy Manager Cloud. You -don't need to build anything to actually use Endpoint Policy Manager Cloud. You can use Endpoint -Policy Manager Cloud with or without Active Directory. Endpoint Policy Manager Cloud doesn't require -Group Policy, SCCM, or any on-premise software. Remember: Endpoint Policy Manager Cloud is the -delivery mechanism for your policies. - -With that being said, we strongly recommend you create a small on-prem test lab (more on this later) -that contains one domain controller and one domain-joined Windows 10 machine. When you do this, you -will be able to perform small-scale testing and troubleshooting (taking Endpoint Policy Manager -Cloud out of the equation if necessary). Additionally, because not all of PolicyPak's components -have in-cloud editors, you may need to create directives using the MMC console first, then export -them and use them with Endpoint Policy Manager Cloud afterward. We go into this important topic in -more detail later. - -Tip: When you use the Endpoint Policy Manager Cloud service, you can deliver any Endpoint Policy -Manager setting plus nearly any Microsoft Group Policy setting, even to non-domain-joined machines. diff --git a/docs/endpointpolicymanager/cloud/creditcard.md b/docs/endpointpolicymanager/cloud/creditcard.md deleted file mode 100644 index 9398ed2df9..0000000000 --- a/docs/endpointpolicymanager/cloud/creditcard.md +++ /dev/null @@ -1,10 +0,0 @@ -# How do I start credit card billing with Endpoint Policy Manager SaaS Edition? - -To start Netwrix Endpoint Policy Manager (formerly PolicyPak) SaaS / Cloud billing, you need to go -the Endpoint Policy Manager Portal (not the Cloud Service.) - -Then when you're there, click on **SaaS Billing**, then **Start Subscription**. - -Follow the directions after that. - -![936_1_image001](/img/product_docs/endpointpolicymanager/cloud/936_1_image001.webp) diff --git a/docs/endpointpolicymanager/cloud/downloads.md b/docs/endpointpolicymanager/cloud/downloads.md deleted file mode 100644 index fbb818a9c1..0000000000 --- a/docs/endpointpolicymanager/cloud/downloads.md +++ /dev/null @@ -1,49 +0,0 @@ -# Downloading On-Prem Software from the Portal - -As part of your welcome kit to Endpoint Policy Manager Cloud, you should have received a second -email with access to the Endpoint Policy Manager Customer Portal. The Endpoint Policy Manager -Customer Portal is not the Endpoint Policy Manager Cloud service. The Endpoint Policy Manager -Customer Portal is where you can download the latest install files if you are also an on-prem -customer. The Portal enables you to download the on-prem version of the software (the Bits), AppSets -(for use with Endpoint Policy Manager Application Settings Manager), manuals, and XML examples, -which can be used with Endpoint Policy Manager Least Privilege Manager, Endpoint Policy Manager -Scripts Manager, and so on. - -You might be wondering why you need access to the Portal if nearly everything can be done within the -Endpoint Policy Manager Cloud service. You still need the Endpoint Policy Manager on-prem "Bits" -when using Endpoint Policy Manager Cloud because you will need them to create some directives within -the Windows 10 GPMC MMC console whenever there is no corresponding in-cloud editor for a component. -As such, we recommend you download the Bits and organize them to create a small on-prem test lab. -Your on-prem test lab is 100% free and can be used to test examples without Endpoint Policy Manager -Cloud possibly interfering. This also enhances quick troubleshooting. Moreover, there are always -going to be some advanced policy creation items which can only be done in the MMC console first, -then exported for use with Endpoint Policy Manager cloud. - -The main menu for the Endpoint Policy Manager Customer Portal is shown below. - -![concepts_logons_and_downloads_10_374x437](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_10_374x437.webp) - -Video: For an overview on how to use the Endpoint Policy Manager Customer Portal, please watch this -video: [http://www.endpointpolicymanager.com/customerportal](http://www.endpointpolicymanager.com/customerportal). - -For now, downloading the Bits is sufficient, but you are also welcome to download everything. If you -do, you will get a ZIP file with the following: - -- Manuals for this product and other products -- Examples to use in your Endpoint Policy Manager Cloud Quickstart -- A ZIP file containing pre-configured AppSets for Endpoint Policy Manager Application Settings - Manager -- A ZIP file containing the CSE -- Our on-premise licensing utility (not used at all for Endpoint Policy Manager Cloud) - -The Endpoint Policy Manager on-prem Bits files are shipped as an ISO so you can quickly make use of -the download in virtual environments (which can easily mount ISO files) or to burn your own CDs. - -Below you can see the list of files and directories that are inside the Endpoint Policy Manager ISO -download. - -![concepts_logons_and_downloads_11_624x287](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_11_624x287.webp) - -You won't need most of these items for Endpoint Policy Manager Cloud. Indeed, the only folders you -need are the **Admin Console MSI** folder and the **Client Side Extension (CSE)** folder, as -explained in the next section. diff --git a/docs/endpointpolicymanager/cloud/emailoptout.md b/docs/endpointpolicymanager/cloud/emailoptout.md deleted file mode 100644 index e180478515..0000000000 --- a/docs/endpointpolicymanager/cloud/emailoptout.md +++ /dev/null @@ -1,6 +0,0 @@ -# Why can't I opt out of Emails when I'm an Endpoint Policy Manager Customer? - -Emails are a key component to ensure that your product is up to date, free of bugs, and that you are -made aware of any and all security concerns. As such it is not possible to opt out of emails because -they are part of our commitment to you as a customer. We are also bound legally to inform you of any -such issues. diff --git a/docs/endpointpolicymanager/cloud/gettingstarted.md b/docs/endpointpolicymanager/cloud/gettingstarted.md deleted file mode 100644 index 4cdb3d58ac..0000000000 --- a/docs/endpointpolicymanager/cloud/gettingstarted.md +++ /dev/null @@ -1,27 +0,0 @@ -# Getting Started - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud is a way to deliver the following items: - -- Any Endpoint Policy Manager directive you are licensed for, such as Endpoint Policy Manager Least - Privilege Manager, Endpoint Policy Manager Browser Router, etc. -- Any Microsoft directive you are licensed for, such as Microsoft ADMX settings, Microsoft Group - Policy Preferences settings, and Microsoft Group Policy Security settings. - -This document is a QuickStart Guide for Endpoint Policy Manager Cloud and our full User Guide for -Endpoint Policy Manager Cloud. It will help you understand Endpoint Policy Manager Cloud and how the -Endpoint Policy Manager components work with it. - -**NOTE:** For more details on any of the Endpoint Policy Manager components themselves, see the -related manual for that component. - -Getting started with Endpoint Policy Manager Cloud requires you to talk with Endpoint Policy Manager -Sales. Endpoint Policy Manager Sales will set up your Endpoint Policy Manager Cloud trial account, -which is typically set up as follows: - -- 10 licenses for Endpoint Policy Manager Cloud, valid for 30 days -- Enablement of all components -- Required computer check-in to Endpoint Policy Manager Cloud every 14 days (or the computer's - license is released back into the pool) - -After you're done testing and you're ready to get a pool of licenses, which are good for a year, -contact Netwrixsupport to obtain a license. diff --git a/docs/endpointpolicymanager/cloud/groups.md b/docs/endpointpolicymanager/cloud/groups.md deleted file mode 100644 index 9245636d04..0000000000 --- a/docs/endpointpolicymanager/cloud/groups.md +++ /dev/null @@ -1,12 +0,0 @@ -# How can I move a computer from one Endpoint Policy Manager Cloud group to another via command line? - -The syntax for the command is `ppcloud /move /jointoken:"**********************"` - -This must be run from an elevated command prompt. - -Information on creating jointokens: - -- Manual: - [https://helpcenter.netwrix.com/bundle/endpointpolicymanager_AppendixE/page/Tools.html](https://helpcenter.netwrix.com/bundle/endpointpolicymanager_AppendixE/page/Tools.html) and -- Video: - [Endpoint Policy Manager Cloud: Automatically Join Groups with JOINTOKEN](/docs/endpointpolicymanager/video/cloud/jointoken.md) diff --git a/docs/endpointpolicymanager/cloud/install/mac/client.md b/docs/endpointpolicymanager/cloud/install/mac/client.md deleted file mode 100644 index b91ccec573..0000000000 --- a/docs/endpointpolicymanager/cloud/install/mac/client.md +++ /dev/null @@ -1,65 +0,0 @@ -# What are the step by step instructions to install the MacOS Client for Endpoint Policy Manager Cloud manually? - -![888_1_image001_950x671](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_1_image001_950x671.webp) - -**Step 1 –** First download the MacOS Client for Netwrix Endpoint Policy Manager (formerly -PolicyPak) Cloud as seen here. - -**Step 2 –** Download the Endpoint Policy Manager Cloud PFX file like what's seen here (requires a -password) and keep the file and password handy. - -![888_2_image002_950x256](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_2_image002_950x256.webp) - -**Step 3 –** Next, double-click on the installer to run. When the installer finishes, the Endpoint -Policy Manager command will be installed for all users. - -![888_3_image_10_950x461](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_3_image_10_950x461.webp) - -**Step 4 –** After installation completes you will be asked to "Open Preferences" like what's seen -here. - -![888_4_image_11_950x745](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_4_image_11_950x745.webp) - -**Step 5 –** Select Privacy, then Unlock, and then grant Endpoint Policy Manager access to the Disk -like what's seen here. - -![888_5_image_12_950x864](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_5_image_12_950x864.webp) - -At this point the MacOS Client for Endpoint Policy Manager Cloud is installed, but it is not yet -enrolled in Endpoint Policy Manager Cloud. - -**Step 6 –** Using the SUDO command, register the machine in Endpoint Policy Manager Cloud with the -certificate you downloaded earlier. - -1. Open a terminal window -2. Enter the following command - - `sudo policypak cloud-register --certificate /path/to/certificate.pfx --password 'certificate_password' ` - - Where: - ` /path/to/certificate.pfx` - the folder in which the certificate was downloaded. - - "certificate_password" - the password that was added when exporting the certificate. Export from - step 3. - -**Step 7 –** After completing the operation, the message "`Registered: YES` " should appear in the -terminal window. - -![888_6_image_13_950x238](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_6_image_13_950x238.webp) - -Now the `PolicyPak` command is registered and available to use, but it must be run as root (or under -sudo.) - -![888_7_image_14_950x292](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_7_image_14_950x292.webp) - -**Step 8 –** Sync with Endpoint Policy Manager Cloud with the command - -`sudo policypak sync` - -When you see Synchronized: Yes you are ready to make rules in Endpoint Policy Manager Cloud. - -![888_8_image_15_950x267](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_8_image_15_950x267.webp) - -You should see your Mac in the MacOS | All group like what's seen here. - -![888_9_image_16_950x511](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_9_image_16_950x511.webp) diff --git a/docs/endpointpolicymanager/cloud/install/uninstall.md b/docs/endpointpolicymanager/cloud/install/uninstall.md deleted file mode 100644 index 0f694d98ce..0000000000 --- a/docs/endpointpolicymanager/cloud/install/uninstall.md +++ /dev/null @@ -1,12 +0,0 @@ -# Endpoint Policy Manager Cloud Uninstallation - -When the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client is manually uninstalled -(or the computer account is permanently deleted from within Endpoint Policy Manager Cloud), the -following happens: - -- All acquired licenses from Endpoint Policy Manager Cloud are returned to the pool (if the computer - can make contact with Endpoint Policy Manager Cloud). -- All XML data files that are in the Cloud folder are removed. -- Any Endpoint Policy Manager component will become unlicensed. Different licenses have different - behaviors when they become unlicensed. Check the KB article here for more information: - [What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/license/unlicense/components.md). diff --git a/docs/endpointpolicymanager/cloud/interface/billing.md b/docs/endpointpolicymanager/cloud/interface/billing.md deleted file mode 100644 index f598ce4b4a..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/billing.md +++ /dev/null @@ -1,5 +0,0 @@ -# Billing - -Under the **Billing** tab, you can pay for Endpoint Policy Manager Cloud monthly using your credit -card. There is a video on the page to help walk you through the process. It is recommended you -always have two valid credit cards on file to ensure uninterrupted service. diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/notificationeditor.md b/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/notificationeditor.md deleted file mode 100644 index a09c2de598..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/notificationeditor.md +++ /dev/null @@ -1,4 +0,0 @@ -# Notification Editor - -See the topic [Edit Notification Configuration](/docs/endpointpolicymanager/cloud/interface/companydetails/editnotificationconfiguration.md) for details -on this operation. diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/overview.md b/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/overview.md deleted file mode 100644 index a9a68f4cac..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/overview.md +++ /dev/null @@ -1,13 +0,0 @@ -# General Info - -On the **General Info** tab, you have a few actions to select from. - -![web_interface_and_controls_75_624x208](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/web_interface_and_controls_75_624x208.webp) - -The actions you can take are listed below and explained in the following sections: - -- [Change Email](/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/changeemail.md) -- Change Password (No further information needed, therefore not addressed in the sections below.) -- [Resend Welcome Letter](/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/resendwelcomeletter.md) -- [Login Restrictions Editor](/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/loginrestrictionseditor.md) -- [N](/docs/endpointpolicymanager/cloud/interface/companydetails/editnotificationconfiguration.md)[Notification Editor](/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/notificationeditor.md)ditor diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/overview.md b/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/overview.md deleted file mode 100644 index 96e9d8e631..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/overview.md +++ /dev/null @@ -1,16 +0,0 @@ -# Company Administrators - -For an overview of security features, including roles, watch this video: -[Endpoint Policy Manager Cloud: Immutable Log](/docs/endpointpolicymanager/video/cloud/security/immutablelog.md). - -Your company may have one or more administrators who share access. Those admins may have the same -roles, or different roles that enable different interactions with Endpoint Policy Manager Cloud. Any -specific admin's properties and roles can be accessed via the **Edit** button next to their name. - -![web_interface_and_controls_74_624x169](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/web_interface_and_controls_74_624x169.webp) - -In this window, you can specify the following: - -- General information -- Two-factor options -- Role management diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/rolemanagement.md b/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/rolemanagement.md deleted file mode 100644 index 01a3a11bd5..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/rolemanagement.md +++ /dev/null @@ -1,19 +0,0 @@ -# Role Management - -Endpoint Policy Manager Cloud has a few roles that can be assigned to other admins. Each user's -assigned roles can be seen in the **Role Management** tab. - -![web_interface_and_controls_85_624x118](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/web_interface_and_controls_85_624x118.webp) - -The following roles are available: - -- Authentication Options Admin: An admin with this role can specify which admins can have which 2FA - options. Additionally, they may also set customer-level portal policies as described in the - [Edit Customer-Level Portal Policies](/docs/endpointpolicymanager/cloud/interface/companydetails/editcustomerlevelportalpolicies.md) section. - Specifically, they can force email-based or application-based 2FA for all admins. They can also - set the 2FA one-time password lifetime, as well as the automatic log off on idle time. -- Notification & Logging Options Admin: An admin with this role can use the **Notifications Editor** - For more information, see the - [Edit Notification Configuration](/docs/endpointpolicymanager/cloud/interface/companydetails/editnotificationconfiguration.md) section). -- Customer Admin Manager: An admin with this role can approve newly created admins when other admins - initiate the request. diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/downloads.md b/docs/endpointpolicymanager/cloud/interface/companydetails/downloads.md deleted file mode 100644 index ab12e0d35b..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/downloads.md +++ /dev/null @@ -1,20 +0,0 @@ -# Downloads - -Go to the Downloads section of the Company Details tab to download the Endpoint Policy Manager Cloud -client for your instance of Endpoint Policy Manager Cloud. Once installed on the client machine, the -machine joins your Endpoint Policy Manager Cloud instance. This is the process to acquire licenses, -download directives, auto-install the CSE, and perform other cloud-specific operations. Typically -you would download the 32-bit or 64-bit versions, or both as a bundled ZIP. - -![web_interface_and_controls_86_624x192](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/web_interface_and_controls_86_624x192.webp) - -**CAUTION:** Clients will continue to use the Endpoint Policy Manager Cloud client version they -started with until you specifically tell them to use a later version. Please watchthe following -videoto see how to use groups to keep clients updated: -[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md). - -From time to time you may be asked by Endpoint Policy Manager Support to attempt to use an older -version of the client. In this case, you can click on Download other versions and select an older -version. - -![web_interface_and_controls_87_624x282](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/web_interface_and_controls_87_624x282.webp) diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/overview.md b/docs/endpointpolicymanager/cloud/interface/companydetails/overview.md deleted file mode 100644 index d5960a81eb..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/overview.md +++ /dev/null @@ -1,71 +0,0 @@ -# Company Details - -The **Company Details** tab has several sections. Some sections involve settings related to the look -and feel of things, but many others are security related. - -For an overview of the major Endpoint Policy Manager Cloud security features (2FA, admin roles, -notifications, IP block restrictions, etc.) check out this video: -[Endpoint Policy Manager Cloud: Security Features](/docs/endpointpolicymanager/video/cloud/security/features.md). - -![web_interface_and_controls_70_624x296](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/web_interface_and_controls_70_624x296.webp) - -In the sections that follow,we cover the following items: - -- Company Details: name, time zone, and computer registration mode -- Login restrictions: external IPs that are allowed to connect to Endpoint Policy Manager Cloud -- Company administrators: admins who can participate in your instance of Endpoint Policy Manager - Cloud and their roles -- Downloads: additional information on downloads that was not covered in the Quickstart - -Additionally, we'll explore the actions available to us in the **Company Details** tab: - -- Add company admin -- Revoke company's certificate -- Edit notification configuration -- Customer log -- Edit customer-level portal policies -- User Requests -- Export company certificate as .PFX -- Configure Azure AD Access - -## Company Details Section - -Video: For an overview of this section, see this video: -[Endpoint Policy Manager Cloud: Strict vs. Loose Computer Registration Mode](/docs/endpointpolicymanager/video/cloud/registrationmode.md). - -The **Company Details** section under the **Company Details** tab allows you to change your company -display name and time zone, which is used for reporting on log files. However, the most important -setting in this section is the **Computer registration mode**, which has four options. - -![web_interface_and_controls_71_624x518](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/web_interface_and_controls_71_624x518.webp) - -This setting directs Endpoint Policy Manager Cloud on how to act when an endpoint computer is -already joined to Endpoint Policy Manager Cloud and attempts to re-register or claim another -license. This can occur when the client machine is wiped and reloaded with another operating system, -or when the Endpoint Policy Manager Cloud client is unloaded and then re-loaded. - -Here is how the four modes operate: - -- **Strict (always register a new computer)**- Even if Endpoint Policy Manager Cloud has seen the - hardware UUID or MAC address of the client machine before, it will always create a new secure - certificate connection, and treat the computer as if it has never been seen before. The computer - then loses any existing group membership and is always (only) assigned back to the built-in - **Unassigned** and **All** groups. -- **Loose (allow computers to recovery access by UUID)**- If a computer account already exists (and - matches by hardware UUID only) then use that existing account. If a computer is already a member - of company groups, that membership is maintained. -- **Loose (allow computers to recovery access by UUID or MAC Address)**- If a computer account - already exists (and matches by hardware UUID only, or MAC address) then use that existing account. - If a computer is already a member of company groups, that membership is maintained. -- **Advanced (always register a new computer and keep existing records)**- If a computer account - already exists (and matches by hardware UUID or MAC address) then create a new record in Endpoint - Policy Manager Cloud just as you would do in strict mode. The difference is that the record for - the previous computer is not deleted. Thus multiple computers with the same hardware can be - registered, each with their own unique record in Endpoint Policy Manager Cloud. This scenario is - useful for VDI, where the machines act identical, but you need to register each one in a new way. - -The default behavior is strict mode because it is the most secure. - -**NOTE:** Even in loose mode, Endpoint Policy Manager Cloud still verifies the client using the x509 -certificate embedded into the MSI. Therefore, guessing the UUID or MAC address is not enough for an -unrelated person to join your Endpoint Policy Manager Cloud. diff --git a/docs/endpointpolicymanager/cloud/interface/computergroups/overview.md b/docs/endpointpolicymanager/cloud/interface/computergroups/overview.md deleted file mode 100644 index 815d70d2b7..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/computergroups/overview.md +++ /dev/null @@ -1,59 +0,0 @@ -# Computer Groups - -You are likely to spend most of your time working onthe **Computer Groups** tab. In this tab covers -the following features - -- Groups. There are two types of groups: - - - Built-in groups (created by the system) - - Company groups (created by you) - -- Create policies using the XML data files tab or the in-cloud editors -- Link XML data files to the computer group of your choice - -**NOTE:** The actions that appear on the right when you click on a group are context sensitive. - -![web_interface_and_controls_50_593x200](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_50_593x200.webp) - -This is an example of items and actions that are available when you click a policy. - -![web_interface_and_controls_51_593x184](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_51_593x184.webp) - -In the next sections, we cover the following: - -- Creating policies with the in-cloud editors -- Working with groups - - - Built-in groups - - Company groups - - Policy forecast/modeling report - - Policy link order - - Block inheritance and enforce - - Search box - -## Creating Policies with In-Cloud Editors - -After you click on a group, you can create a policy to link to the group using the in-cloud editor. - -**NOTE:** If you want to create a policy but not link it yet, then use the XML Data Files tab. By -creating the policy there, it will not be linked anywhere until you come back to the **Computer -Groups** tab and perform the link. - -In the example below, we clicked on the **All** group, then selected **Create and link a new -Policy....** When you do this, the **Create policy** dialog appears, and you can select the in-cloud -editor of your choice. - -![web_interface_and_controls_52_624x291](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_52_624x291.webp) - -For details and guidance on using the in-cloud editors, refer back to the previous section on -creating policies. - -**NOTE:** Not all Endpoint Policy Manager nor all Group Policy Preferences types have in-cloud -editors. As such, you need to use your on-prem test lab to create and test the policy first. For -more information, refer to the **Creating a Endpoint Policy Manager Cloud On-Prem Test Lab** and -**Upload XML Data File** sections. - -Once you have your exported policy XML data file, you can select the group, then select Upload and -link a new XML here and then, paste the XML data. - -![web_interface_and_controls_53_623x265](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_53_623x265.webp) diff --git a/docs/endpointpolicymanager/cloud/interface/licensestatus.md b/docs/endpointpolicymanager/cloud/interface/licensestatus.md deleted file mode 100644 index 379bade3c3..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/licensestatus.md +++ /dev/null @@ -1,52 +0,0 @@ -# License Status - -As a reminder, Endpoint Policy Manager Cloud is made up of components, such as Endpoint Policy -Manager Application Settings Manager, Endpoint Policy Manager Least Privilege Manager, etc., which -are licensed in pools. You cannot buy different numbers of licenses for each component, so you need -the exact same number of licenses for all the components. This is represented in the line item -**Base Products**. On this screen you can see how many Endpoint Policy Manager Cloud licenses you -have purchased and how many of them are consumed by connected computers. You can also see any -unlicensed products you might have that are available for purchase. Additionally, you can see two -columns listed as **Consumed** and **Waiting**. When you click on the number within the cell, a -pop-up window appears showing the computers that are consumed or waiting. - -![web_interface_and_controls_1_624x138](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_1_624x138.webp) - -When you click the number in the **Consumed** column, you can see the computers which are actively -taking on a Endpoint Policy Manager Cloud license. You can then determine the first and last check -in. Additionally, you can click **Show state changes** to see every time a computer lost and -re-claimed a license, or Show linked policies to get a quick report of which policies are affecting -the specific computer. - -![web_interface_and_controls_2_624x190](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_2_624x190.webp) - -For instance, clicking on **COMPUTERMDM64** and then **how linked policies** would return the window -shown below. Note that you can sort by the product name (component name), as well as the policy name -(or both), as signified by the 1 and 2 column sorters. Additionally, you can see the last delivery -time for each policy. Or, if the policy has never been received, you can see a blank value. We'll go -into further detail on reporting in a separate section on reports. - -![web_interface_and_controls_3_624x247](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_3_624x247.webp) - -Computers may transition from a licensed state of **consumed** to a state of **waiting**. The -Endpoint Policy Manager Cloud waiting list is used to describe two conditions: - -- Condition #1 - A computer had a license but then went offline for more than (usually) 14 days. - When this happens, the license transitions from consumed to waiting. If the computer comes back - online and there are available licenses (and the computer can communicate with the cloud service), - the license will then transition from waiting back to consumed. - -**NOTE:** If you have available licenses, but computers are unexpectedly transitioning to the -waiting list, this means that the computers are not able to communicate as expected with the -Endpoint Policy Manager Cloud service. After about 14 days, the computers will lose their licenses -and those licenses becomes available. - -- Condition #2: All licenses are already consumed but then you add more computers. This is called - being oversubscribed. Computers cannot claim a license because there are no more licenses - available. You will need to purchase more licenses. When you do, the oversubscribed computers will - then consume an available license at the next check-in time (typically every hour). - -Below you can see that nine computers have transitioned from consumed to waiting. The switch to -waiting for all of those nine computers was due to inactivity, not because of oversubscription. - -![web_interface_and_controls_4_625x326](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_4_625x326.webp) diff --git a/docs/endpointpolicymanager/cloud/interface/overview.md b/docs/endpointpolicymanager/cloud/interface/overview.md deleted file mode 100644 index 8dc73dbd0a..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/overview.md +++ /dev/null @@ -1,27 +0,0 @@ -# Web Interface and Controls - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud has several roles: - -- Acts as a licensing broker, enabling some computers to be licensed through the Endpoint Policy - Manager Cloud client MSI and connection to the Cloud service. -- Stores XML directives which can be created with the in-cloud editors or exported from the on-prem - MMC console. -- Enables a relationship between licensed computers and groups, which allows them to get XML - directives. -- Works as a delivery mechanism for created XML directives. - -The Endpoint Policy Manager Cloud web interface contains the following sections: - -![web_interface_and_controls_624x229](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_624x229.webp) - -In this section, we will go over the tabs in the following order (not the order in which they -actually appear) - -- License Status -- XML Data Files -- File Box -- Computer Groups -- Company Details -- Tools -- Reports -- Billing diff --git a/docs/endpointpolicymanager/cloud/interface/reports.md b/docs/endpointpolicymanager/cloud/interface/reports.md deleted file mode 100644 index d1c916b4c6..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/reports.md +++ /dev/null @@ -1,59 +0,0 @@ -# Reports - -There are two reports under the **Reports** tab: **Computers (Status)** and **Policy Reports (XML -Delivery)**. These reports are discussed in the following sections. - -## Computers (Status) Report - -The **Computers (Status) Report** has several sub-reports, where you can focus in on computers with -a specific status, as shown below. This report shows a table of results with data on computers -currently connected to Endpoint Policy Manager Cloud. The following data is available: computer -name, installed OS, IP address, and computer status for Cloud. - -![web_interface_and_controls_112_624x332](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_112_624x332.webp) - -The status selector on the upper left of the table allows you to filter the results. - -Currently you can sort by thefollowin g criteria: **Acquired** (active), **Waiting List**, -**Revoked**, and **Revoked by Endpoint Policy Manager Software**. The table can be exported and -saved in MS Excel or Word format by clicking the **Save** button and selecting Excel or Word. - -![web_interface_and_controls_114_624x196](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_114_624x196.webp) - -## Policy Reports (XML Delivery) Report - -Video: For an overview of this section, check out this video: -[Endpoint Policy Manager Cloud Reporting Demo](/docs/endpointpolicymanager/video/cloud/reports.md) - -Policy Reports (XML Delivery) Report is a very powerful feature. This report enables you to know -which computers received which XML files. To see this report, select **Add Report**, then pick a -computer group. - -![web_interface_and_controls_115_624x355](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_115_624x355.webp) - -Next, select the scope you would like to examine. The recommended selection is **Select all XML data -files linked to this folder and all parent folders (recommended)**. - -![web_interface_and_controls_116_468x353](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_116_468x353.webp) - -You could also select the option **Select all XML data files linked ONLY to this folder**, which -could select fewer XML data files. - -![web_interface_and_controls_117_468x354](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_117_468x354.webp) - -You can also select **Manually select XML data files from XML repository** and specify specific XML -files to test for. - -Once you have created your report, it is saved for future use but not yet run. When you run your -report, it will have the following organization: - -- All the computers in the group are shown in the first column. -- All the XML files are in all other columns. - -The intersection between computer and XML file demonstrates the date and time the computer got the -most recent XML file (in green), the date and time the computer got an old version of the XML file -(in yellow), and if the XML file was not received at all (in red). - -![web_interface_and_controls_118_499x373](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_118_499x373.webp) - -This allows you to precisely knows which XML policy files were embraced by what machine and when. diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/modify.md b/docs/endpointpolicymanager/cloud/interface/xmldatafiles/modify.md deleted file mode 100644 index 05ed57948c..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/modify.md +++ /dev/null @@ -1,13 +0,0 @@ -# Modify - -If you attempt to edit an XML data file that Endpoint Policy Manager Cloud has an in-cloud editor -for, you will be able to immediately edit the item. - -![web_interface_and_controls_6_624x329](/img/product_docs/endpointpolicymanager/cloud/interface/xmldatafiles/web_interface_and_controls_6_624x329.webp) - -However, since Endpoint Policy Manager Cloud doesn't have in-cloud editors for all items, some items -will not be available for editing, but will be available for updating. In these cases, you would -take an existing Endpoint Policy Manager XML export from the MMC console and enter it into the box. -. - -![web_interface_and_controls_7_624x431](/img/product_docs/endpointpolicymanager/cloud/interface/xmldatafiles/web_interface_and_controls_7_624x431.webp) diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/overview.md b/docs/endpointpolicymanager/cloud/interface/xmldatafiles/overview.md deleted file mode 100644 index 4514c83607..0000000000 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/overview.md +++ /dev/null @@ -1,24 +0,0 @@ -# XML Data Files - -This section describes XML data files, which are a way to interface with the directives you create -with settings that are pre-populated, those which you have uploaded from an on-prem MMC console, and -those which you create with the in-cloud editors. For any existing XML data file, you have the -following functions (icons shown below) - -- Modify -- Show Report -- Download -- Delete -- Duplicate - -You can also expand an item to see which groups an XML directive is specifically linked to. -Additionally, you can perform the following actions, which create new policies: - -- Upload XML Data File -- Create Policy (which uses the in-cloud editors) -- Create Policy From Template -- Import Policies From GPO Backup - -![web_interface_and_controls_5_624x199](/img/product_docs/endpointpolicymanager/cloud/interface/xmldatafiles/web_interface_and_controls_5_624x199.webp) - -These functions and actions are described in more detail in the sections that follow. diff --git a/docs/endpointpolicymanager/cloud/licensing/overview.md b/docs/endpointpolicymanager/cloud/licensing/overview.md deleted file mode 100644 index 8b91cf90e8..0000000000 --- a/docs/endpointpolicymanager/cloud/licensing/overview.md +++ /dev/null @@ -1,110 +0,0 @@ -# Licensing with Endpoint Policy Manager Cloud Components - -Licensing Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud is pretty easy. However, the -following sections give some technical details that will help you be a betterunderstand the process. - -## Editions - -You can license Endpoint Policy Manager Cloud by the following methods: - -- Legacy - If you licensed Endpoint Policy Manager Cloud before 2021, you are considered a customer - in legacy status: Legacy Cloud Monthly or Legacy Cloud Yearly. -- Endpoint Policy Manager SaaS Edition - Endpoint Policy Manager Cloud is the only method offered - within this edition. Licensing is by Monthly Post-Pay Licensing. -- Endpoint Policy Manager Professional Edition - Endpoint Policy Manager Cloud is included within - this edition. Licensing is by Yearly Post-Pay Licensing. -- Endpoint Policy Manager Enterprise Edition - Endpoint Policy Manager Cloud is included within this - edition. Licensing is by Yearly Post-Pay Licensing. - -### Legacy (Pooled Licenses) - -If you are a Endpoint Policy Manager Cloud Edition customer (also known as Legacy), then your model -is a maximum number of licenses that you could possibly consume. In this model you have pre-paid for -proposed usage, and if you go over your usage you need to contact us at Endpoint Policy Manager for -more licenses. For this reason, we strongly advise you to work with our team to transition to the -SaaS Edition, Professional Edition, or Enterprise Edition licenses, where you will enjoy post-pay -billing instead of having to work with a ceiling for the number of licenses you can use. - -![licensing_with_policypak_cloud_623x164](/img/product_docs/endpointpolicymanager/cloud/licensing/licensing_with_endpointpolicymanager_cloud_623x164.webp) - -### SaaS Edition (Monthly Post-Pay Licenses) - -If you have chosen the Endpoint Policy Manager SaaS edition, the only licensing model available to -you is Monthly Post-Pay Licensing. In this this model, you may install the Endpoint Policy Manager -Cloud client on as many computers as you wish. During the billing cycle, we count the number of -computers consumed each day. We charge your credit card automatically based on the highest number -used within the month. The following is an example: - -You start with Endpoint Policy Manager Cloud Saas Edition on April 15. - -During April the following occurs: - -- On April 15, you install the Endpoint Policy Manager Cloud client MSI on 100 computers, and have - thus consumed 100 licenses on Day 1. -- On April 20, you install the Endpoint Policy Manager Cloud client MSI on 200 more computers and - have consumed 300 licenses total. -- On April 25, you install the Endpoint Policy Manager Cloud client MSI on 500 more computers and - have consumed 800 licenses total. -- On April 30, you un-install the Endpoint Policy Manager Cloud client MSI on 100 computers, making - your consumption 700 licenses in total. - -Your monthly highest number for April is 800 and we will automatically bill you for 800 licenses. - -### Professional or Enterprise Edition (Yearly Average Post-Pay Licensing) - -If you have chosen the Endpoint Policy Manager Professional or Enterprise Editions, the only -licensing model available to you is Yearly Post-Pay Licensing. In this this model, you may install -the Endpoint Policy Manager Cloud client on as many computers as you wish. During every month, we -count the number of computers consumed each day and produce an average across that billing cycle. -Every month will have a day with the highest number of computers used on that day. This highest -number is used as the monthly highest number. Then, all the monthly highest numbers for all the -months of the year are added together, then averaged over 12 months. You will then true up your -usage for Endpoint Policy Manager Cloud. You will also true up your usage for any Endpoint Policy -Manager use with Active Directory, SCCM, or MDM. The following is an example: - -- You start with Endpoint Policy Manager Cloud Enterprise Edition on April 15. -- For April the following occurs: - - - On April 15, you install the Endpoint Policy Manager Cloud client MSI on 100 computers, and - have thus consumed 100 licenses on Day 1. - - On April 20, you install the Endpoint Policy Manager Cloud client MSI on 200 more computers - and have consumed 300 licenses total. - - On April 25, you install the Endpoint Policy Manager Cloud client MSI on 500 more computers - and have consumed 800 licenses total. - - On April 30, you uninstall the Endpoint Policy Manager Cloud client MSI on 100 computers, - making your consumption 700 licenses in total. - -- Your monthly highest number for April is 800. -- For May the following occurs: - - - On May 1, you install the Endpoint Policy Manager Cloud client MSI on 300 more computers, and - have thus consumed 1,000 licenses total. - - On May 20, you install the Endpoint Policy Manager Cloud client MSI on 200 more computers and - have consumed 1,200 licenses total. - - On May 25, you install the Endpoint Policy Manager Cloud client MSI on 500 more computers and - have consumed 1,700 licenses total. - - On May 30, you uninstall the Endpoint Policy Manager Cloud client MSI on 300 computers, making - your consumption 1,500 licenses in total. - -- Your monthly highest number for May is 1,700. -- For June the following occurs: - - - On June 1, you uninstall the Endpoint Policy Manager Cloud client MSI on 1,000 computers, - reducing your license count to 700. - - In the remainder of June you neither consume nor reduce your license usage. - -- Your monthly highest number for June is 700. - -- The monthly highest numbers for the remaining months in that 12-month period are the following: - - - July: 1,000 - - August: 1,200 - - September: 900 - - October: 1,000 - - November: 1,500 - - December: 1,500 - - January: 1,000 - - February: 800 - - March: 900 - -In summary, you are charged for the highest number (averaged) in the 12-month period which is 1,083. diff --git a/docs/endpointpolicymanager/cloud/logons.md b/docs/endpointpolicymanager/cloud/logons.md deleted file mode 100644 index 5bc8700e74..0000000000 --- a/docs/endpointpolicymanager/cloud/logons.md +++ /dev/null @@ -1,55 +0,0 @@ -# Logging On to Endpoint Policy Manager Cloud for the First Time - -You should have received credentials to log on to Endpoint Policy Manager Cloud. To log on, go to -the Endpoint Policy Manager home page and click **Customer Login**. Then, select Log In from the -Endpoint Policy Manager Cloud path on the right side of the screen. You may also go to and bookmark -cloud.endpointpolicymanager.com if you want a specific link. - -![concepts_logons_and_downloads_2](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_2.webp) - -Tip: At the actual Endpoint Policy Manager Cloud login page, you may request a forgotten password. -If you're still having trouble, contact your Endpoint Policy Manager sales person. - -You will be placed into **Restricted Mode** in Endpoint Policy Manager Cloud. You must accept the -EULA and also set up two-factor authentication (2FA). - -![concepts_logons_and_downloads_3](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_3.webp) - -You will be prompted and required to perform two-factor authentication. You can use email-based or -application-based authentication (or both). While Google and Microsoft authenticator apps are both -supported, we strongly recommend the Authy app ([authy.com](http://authy.com/)) instead of Google -Authenticator or Microsoft Authenticator. This is because if you lose your device (usually a cell -phone), the authentication token is automatically re-gained from the Authy service. Also, Authy is -free. - -The steps to perform 2FA are shown below. You can select email-based or application-based -authentication. - -![concepts_logons_and_downloads_4](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_4.webp) - -If you select email-based authentication, you will need to verify the 2FA code sent via email. - -![concepts_logons_and_downloads_5](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_5.webp) - -If you select application-based 2FA, then you must use an application like Authy to scan the QR code -and enter in the six-digit password. - -![concepts_logons_and_downloads_6](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_6.webp) - -If you do not complete 2FA, you will not be able to log on to Endpoint Policy Manager Cloud. - -![concepts_logons_and_downloads_7](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_7.webp) - -Once 2FA is completed, you can click **Close**. - -![concepts_logons_and_downloads_8](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_8.webp) - -Finally, once you're logged in to Endpoint Policy Manager Cloud, you'll see the interface. - -![concepts_logons_and_downloads_9](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_9.webp) - -This manual will explore all areas of the Endpoint Policy Manager Cloud interface, but you can see -some details called out above. If you are trying out Endpoint Policy Manager Cloud or you purchased -Endpoint Policy Manager Cloud, you should see the licenses available to you as soon as you log on. -Verify you have the correct number of licenses and your expiration date looks correct. If something -is wrong, please contact your Endpoint Policy Manager sales team member. diff --git a/docs/endpointpolicymanager/cloud/overview.md b/docs/endpointpolicymanager/cloud/overview.md deleted file mode 100644 index 58fb98582c..0000000000 --- a/docs/endpointpolicymanager/cloud/overview.md +++ /dev/null @@ -1,25 +0,0 @@ -# Endpoint Policy Manager Cloud Quick Start - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud is our system for delivering and -enforcing Microsoft Group Policy and all Endpoint Policy Manager special settings to -non-domain-joined, domain-joined on-prem, or remote machines. Endpoint Policy Manager Cloud enables -machines to stay protected, regardless of where they are. It is comprised of separate components to -enable you to control different types of settings. If you are in a hurry to get started, you can -start with a web browser and one Windows 10 machine and see Endpoint Policy Manager immediately in -action. - -Here's the fastest way to get started: - -**Step 1 –** Check out our **Two minute introduction** video then our Quickstart video here: Getting -Started with Cloud > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). Work through the -videos one-by-one to try out all the main features. - -**Step 2 –** Additionally, we strongly recommend you have a mini on-prem test lab for editing and -testing purposes. You should work through each of the videos on the Test Lab Best Practices page and -make sure you have your free-to-use test lab working: Getting Started with Cloud > -[Video Learning Center](/docs/endpointpolicymanager/video/index.md). - -**Step 3 –** Use the rest of the manual to understand the finer points of Endpoint Policy Manager -Cloud including some key security settings. - -Enjoy Endpoint Policy Manager Cloud! diff --git a/docs/endpointpolicymanager/cloud/overview/knowledgebase.md b/docs/endpointpolicymanager/cloud/overview/knowledgebase.md deleted file mode 100644 index 9d9bd9de60..0000000000 --- a/docs/endpointpolicymanager/cloud/overview/knowledgebase.md +++ /dev/null @@ -1,84 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for getting started with Cloud. - -## Getting Started - -- [How do I transition from Endpoint Policy Managerusing Group Policy or SCCM method to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/cloud/transition.md) -- [What are the OS requirements for Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/requirements/cloud.md) -- [When must I use the Endpoint Policy ManagerCloud Client installer versus the on-prem Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/cloud/client.md) -- [Can I use an Endpoint Policy Manager Cloud installer and license for domain-joined and non-domain joined machines?](/docs/endpointpolicymanager/install/cloud/clientdomainnondomain.md) -- [Is there an "Active Directory Connector" to map on-prem OUs and Groups to Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/install/cloud/activedirectory.md) -- [What editors are there in Endpoint Policy Manager Cloud (and when would I need a "Fake DC" to do editing?)](/docs/endpointpolicymanager/cloud/fakedc.md) -- [What are the ways I can install the Endpoint Policy Manager Cloud Client on Remote Machines?](/docs/endpointpolicymanager/install/cloud/clientremote.md) -- [How can I best install Endpoint Policy Manager Cloud for remote clients over a slow link/internet connection?](/docs/endpointpolicymanager/install/cloud/slowinternet.md) -- [How do I start credit card billing with Endpoint Policy Manager SaaS Edition?](/docs/endpointpolicymanager/cloud/creditcard.md) - -## Cloud Portal Security - -- [What data is stored in Endpoint Policy Manager Cloud, and how is that data safely communicated and stored ?](/docs/endpointpolicymanager/cloud/security/datasafety.md) -- [Endpoint Policy Manager Cloud Portal - Adding new company admins - Quickstart](/docs/endpointpolicymanager/cloud/add/administrator.md) - -## Cloud Licensing - -- [How is Endpoint Policy Manager Cloud usage counted and calculated toward my True-Up?](/docs/endpointpolicymanager/license/cloud/usage.md) - -## Client Troubleshooting - -- [How can I see the result of Endpoint Policy Manager Cloud inside the Group Policy Editors?](/docs/endpointpolicymanager/troubleshooting/cloud/grouppolicyeditors.md) -- [Troubleshoot communication from the Cloud Client and Cloud Service](/docs/endpointpolicymanager/troubleshooting/cloud/servicecommunication.md) -- [How can I see if an Endpoint Policy Manager Cloud joined computer is syncing in the background, even if PPCLOUD /Sync appears to fail?](/docs/endpointpolicymanager/troubleshooting/cloud/syncfail.md) -- [How do I transition from Endpoint Policy ManagerCloud to Endpoint Policy Manager Group Policy Edition?](/docs/endpointpolicymanager/troubleshooting/cloud/transition.md) -- [How must my Proxy Server be configured to allow Endpoint Policy Manager Cloud communication?](/docs/endpointpolicymanager/troubleshooting/cloud/proxyserver.md) -- [How to resolve error message "Could not sync with cloud…" caused by disabling TLS 1.0](/docs/endpointpolicymanager/troubleshooting/error/cloud/sync.md) -- [I always use a proxy and the cloud client cannot seem to make contact with the services (see FAQ Item #3 above first.) What else can I try?](/docs/endpointpolicymanager/troubleshooting/cloud/proxyservices.md) -- [I get the message "At least one security token in the message could not be validated" during PPCloud client installation. How do I work around this?](/docs/endpointpolicymanager/troubleshooting/error/cloud/securitytoken.md) -- [I am getting an error about "GPSVC failed at sign-in". This error occurs exactly one time. What does this mean?](/docs/endpointpolicymanager/troubleshooting/error/gpsvcfailed.md) -- [I'm using Cisco Anyconnect and all the computers I register via Endpoint Policy Manager Cloud are being overwritten. Why is this and what can I do?](/docs/endpointpolicymanager/troubleshooting/cloud/integration/ciscoanyconnect.md) -- [My cloud client lost it's join to Endpoint Policy Manager Cloud , and a re-install of the cloud MSI I previously downloaded isn't working / re-syncing. What should I do?](/docs/endpointpolicymanager/troubleshooting/cloud/autoupdates.md) -- [Endpoint Policy Manager Cloud Client: Why are computers appearing in WAITING LIST and how can I fix it?](/docs/endpointpolicymanager/troubleshooting/cloud/waitinglist.md) -- [Endpoint Policy Manager Cloud shows "The license certificate has expired". Why is this?](/docs/endpointpolicymanager/troubleshooting/cloud/expired.md) -- [Two-factor Authentication: You're not receiving code for email-based two-factor authentication](/docs/endpointpolicymanager/troubleshooting/cloud/twofactorauthenticationcode.md) -- [What happens if there is an outage on Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/troubleshooting/cloud/outage.md) -- [What is the Endpoint Policy Manager Cloud client installation error "The remote certificate is invalid according to the validation procedure."](/docs/endpointpolicymanager/troubleshooting/error/cloud/invalidcertificate.md) -- [When rolling out Endpoint Policy Manager Cloud, the Client Side Extension does not get installed with the Cloud Client on initial rollout](/docs/endpointpolicymanager/troubleshooting/cloud/install/clientsideextension.md) -- [Why do I see duplicate computer entries in Endpoint Policy Manager Cloud (Or, what is Loose, Strict and Advanced Registration)?](/docs/endpointpolicymanager/troubleshooting/cloud/registrationmode.md) -- [The Incorrect (non-matching) version of PPPUPDATE is installed on a PPC endpoint](/docs/endpointpolicymanager/troubleshooting/cloud/versions.md) -- [How to enable verbose MSIEXEC logging for the installation of Endpoint Policy Manager Cloud Client MSI/Client Side Extension MSI?](/docs/endpointpolicymanager/troubleshooting/cloud/log/verbose.md) -- [Understanding and working within Endpoint Policy Manager Clouds Computer registration limit.](/docs/endpointpolicymanager/troubleshooting/cloud/registrationlimit.md) -- [My Endpoint Policy Manager Cloud Client or Client Side Extension isn't completing the installation; How do I fix it?](/docs/endpointpolicymanager/troubleshooting/cloud/install/incomplete.md) - -## Cloud Portal Troubleshooting - -- [How do I fully reset my Azure AD connection between Azure and Endpoint Policy Manager Cloud to start over?](/docs/endpointpolicymanager/troubleshooting/cloud/entraid.md) - -## Mac Integration - -- [What are the step by step instructions to install the MacOS Client for Endpoint Policy Manager Cloud manually?](/docs/endpointpolicymanager/cloud/install/mac/client.md) -- [How to get signature info from pkg installer?](/docs/endpointpolicymanager/cloud/install/mac/signature.md) -- [Where are log files for the Endpoint Policy Manager MacOS?](/docs/endpointpolicymanager/troubleshooting/cloud/log/mac.md) -- [How to get SHA of the package](/docs/endpointpolicymanager/cloud/install/mac/sha.md) -- [How to get SigningID of the package?](/docs/endpointpolicymanager/cloud/install/mac/signingid.md) - -## Client Tips, Tricks, and FAQs - -- [What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)](/docs/endpointpolicymanager/cloud/policy/edit.md) -- [How to remove (unlink) all Example policies at once from the All-Built-in Group](/docs/endpointpolicymanager/cloud/unlink.md) -- [How to use Remote Work Delivery Manager to apply Firewall policies](/docs/endpointpolicymanager/cloud/remoteworkdeliverymanager.md) -- [If I want to totally stop using Endpoint Policy ManagerCloud on an endpoint, how would I remove the Endpoint Policy Manager Cloud client pieces remotely?](/docs/endpointpolicymanager/install/cloud/removeendpoint.md) -- [How often does the Endpoint Policy Manager cloud client pull down new or updated directives?](/docs/endpointpolicymanager/cloud/updatefrequency.md) -- [When does Endpoint Policy Managersync to Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/cloud/syncfrequency.md) -- [How do I configure Security Settings | Public Key Policies using Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/cloud/security/publickeypoliciessettings.md) -- [Printers won't come back once removed by user](/docs/endpointpolicymanager/troubleshooting/cloud/printers.md) -- [Using Targeting Editor in Endpoint Policy Manager Cloud Settings](/docs/endpointpolicymanager/cloud/targetingeditor.md) -- [How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/integration/azurevirutaldesktop.md) -- [How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/integration/vdisolutions.md) -- [How do I deploy the Endpoint Policy Manager Cloud Client via command line silently?](/docs/endpointpolicymanager/install/cloud/clientsilent.md) -- [Are Endpoint Policy Manager Cloud policies processed on User or Computer side (and why do I only sometimes see User or Computer side ILT?)](/docs/endpointpolicymanager/cloud/policy/type.md) -- [How can I move a computer from one Endpoint Policy Manager Cloud group to another via command line?](/docs/endpointpolicymanager/cloud/groups.md) -- [How to find which PPCloud Client version & CSE version a registered computer is running from within the Endpoint Policy Manager Cloud portal](/docs/endpointpolicymanager/cloud/version.md) - -## Event Collection - -- [How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?](/docs/endpointpolicymanager/cloud/eventcollection/childgroups.md) -- [ Endpoint Policy Manager Cloud Event Forwarding to Splunk](/docs/endpointpolicymanager/cloud/eventcollection/splunk.md) diff --git a/docs/endpointpolicymanager/cloud/overview/videolearningcenter.md b/docs/endpointpolicymanager/cloud/overview/videolearningcenter.md deleted file mode 100644 index b1a9fd9516..0000000000 --- a/docs/endpointpolicymanager/cloud/overview/videolearningcenter.md +++ /dev/null @@ -1,49 +0,0 @@ -# Video Learning Center - -See the following Video topics for all things installation and upkeep. - -## Getting Started - -- [Endpoint Policy Manager Cloud: Two minute introduction](/docs/endpointpolicymanager/video/cloud/introduction.md) -- [Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) -- [Endpoint Policy ManagerCloud: How to deploy Microsoft Group Policy Settings using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/deploy/grouppolicysettings.md) -- [Endpoint Policy ManagerCloud: How to deploy Endpoint Policy Manager specific settings (using in-cloud editors and exporting from on-prem)](/docs/endpointpolicymanager/video/cloud/deploy/endpointpolicymanagersettings.md) -- [Endpoint Policy ManagerCloud: Use in-cloud ADMX settings maintained by Endpoint Policy Manager for Windows, Office, Chrome and more](/docs/endpointpolicymanager/video/cloud/admxsettings.md) -- [Endpoint Policy ManagerCloud: Upload and use your own ADMX files to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/admxfiles.md) -- [Endpoint Policy Manager Cloud: General Tips about On-Prem to PP Cloud Export](/docs/endpointpolicymanager/video/cloud/integration/onpremiseexport.md) -- [Endpoint Policy Manager Cloud and Security Settings (More examples)](/docs/endpointpolicymanager/video/cloud/securitysettings.md) -- [Endpoint Policy Manager Cloud + GPPrefs (More examples)](/docs/endpointpolicymanager/video/cloud/preferences.md) - -## Test Lab Best Practices - -- [Endpoint Policy Manager Cloud: What you need to get Started](/docs/endpointpolicymanager/video/cloud/testlab/start.md) -- [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) -- [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/cloud/testlab/renameendpoint.md) -- [Endpoint Policy Manager Cloud: On-Prem Test Lab (tying it all together)](/docs/endpointpolicymanager/video/cloud/testlab/onpremise.md) - -## Using with other METHODS (MDM and Group Policy) - -- [Endpoint Policy Manager Cloud + MDM Services: Install Cloud Client + automatically join PPC Groups and get policy.](/docs/endpointpolicymanager/video/cloud/mdm.md) -- [Endpoint Policy ManagerCloud and Endpoint Policy Manager OnPremise – Together using PPCloud Licenses](/docs/endpointpolicymanager/video/cloud/integration/onpremise.md) - -## Security - -- [Endpoint Policy Manager Cloud: Security Features](/docs/endpointpolicymanager/video/cloud/security/features.md) -- [Endpoint Policy Manager Cloud: Immutable Log](/docs/endpointpolicymanager/video/cloud/security/immutablelog.md) -- [Endpoint Policy Manager Cloud Logs and Automatically Pushing via Email](/docs/endpointpolicymanager/video/cloud/security/emaillogs.md) -- [Endpoint Policy Manager Cloud: Adding New Admins](/docs/endpointpolicymanager/video/cloud/add/administrator.md) - -## Tips and Tricks - -- [Install the PP Cloud client with a PP Least Priv Manager Rule](/docs/endpointpolicymanager/video/cloud/install/leastprivilegemanagerrule.md) -- [Endpoint Policy Manager Cloud + Azure AD: Better Together for Computer ILT and Computer Policy Targeting](/docs/endpointpolicymanager/video/cloud/integration/entraid.md) -- [PP Cloud + File Info Viewer: Get file info, without the MMC console](/docs/endpointpolicymanager/video/cloud/integration/fileinfoviewer.md) -- [Endpoint Policy Manager Cloud: Restricted Groups Editor](/docs/endpointpolicymanager/video/cloud/restricted_groups_editor.md) - -## Upkeep and Daily Use - -- [Endpoint Policy Manager Cloud Reporting Demo](/docs/endpointpolicymanager/video/cloud/reports.md) -- [Endpoint Policy Manager Cloud: Strict vs. Loose Computer Registration Mode](/docs/endpointpolicymanager/video/cloud/registrationmode.md) -- [Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) -- [Endpoint Policy Manager Cloud: Automatically Join Groups with JOINTOKEN](/docs/endpointpolicymanager/video/cloud/jointoken.md) -- [How to import GPOs to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/import.md) diff --git a/docs/endpointpolicymanager/cloud/security.md b/docs/endpointpolicymanager/cloud/security.md deleted file mode 100644 index bcdf748eb7..0000000000 --- a/docs/endpointpolicymanager/cloud/security.md +++ /dev/null @@ -1,40 +0,0 @@ -# About Security - -As expected, some data from your organization is stored within Netwrix Endpoint Policy Manager -(formerly PolicyPak) Cloud after it is joined by a computer joins. Below is a list of what is stored -within Endpoint Policy Manager Cloud. - -- Endpoint Policy Manager UUID: This is a random, unique ID generated in the cloud when a computers - joins. It doesn't contain any computer-specific data, but it helps us to identify the computer - when it checks in. -- Fingerprint: This is a SHA256 hash of hardware UUID and OS IDs. This is used as a unique computer - ID in order to generate a unique license. -- MAC address: This is the physical network adapter MAC address. -- BIOS UUID: This is a unique hardware ID assigned to every physical and virtual machine by the - manufacturer. (For more information on BIOS UUID, see - [http://searchsoa.techtarget.com/definition/UUID](http://searchsoa.techtarget.com/definition/UUID)) -- Last known public IP address: This is stored only for reporting and to allow search on the - website. -- OS version and build: This is stored only for reporting. (e.g., Microsoft Windows NT 6.2.9200.0 or - Microsoft Windows NT 6.1.7601 Service Pack 1) -- Computer name: This is the FQDN computer name that has been assigned. -- Check-in times: This is the first check-in date and time and last check-in date and time. - -**NOTE:** At no time are usernames, passwords, organizational units (OUs), or domain names used or -stored within Endpoint Policy Manager Cloud. - -All communication to and from the client machines with Endpoint Policy Manager Cloud is always -encrypted. Below is a description of how the client attempts to communicate with Endpoint Policy -Manager Cloud. - -- The Endpoint Policy Manager Cloud client first tries HTTPS (secure HTTP) using port 443 and an - encrypted Endpoint Policy Manager Cloud certificate that the client received at the time it - joined. -- If that is unsuccessful, then the Endpoint Policy Manager Cloud client tries HTTP using port 80, - but with a message-level algorithm suite that uses RSA15 as the key wrap algorithm, SHA256 for the - signature digest, and 256-bit Basic as the message encryption algorithm. In HTTP mode, the - Endpoint Policy Manager Cloud client verifies the identity of the server using a hard-coded - certificate. - -**NOTE:** Endpoint Policy Manager Cloud will usually work using proxy servers with either HTTP or -HTTPS and should honor system-wide proxy settings. diff --git a/docs/endpointpolicymanager/cloud/syncfrequency.md b/docs/endpointpolicymanager/cloud/syncfrequency.md deleted file mode 100644 index 0221306d54..0000000000 --- a/docs/endpointpolicymanager/cloud/syncfrequency.md +++ /dev/null @@ -1,6 +0,0 @@ -# When does Endpoint Policy Managersync to Endpoint Policy Manager Cloud? - -The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client will sync once an hour after -the computer starts. - -If a computer started at 2:22, the next sync will be at 3:22. diff --git a/docs/endpointpolicymanager/cloud/transition.md b/docs/endpointpolicymanager/cloud/transition.md deleted file mode 100644 index 9bdba8b515..0000000000 --- a/docs/endpointpolicymanager/cloud/transition.md +++ /dev/null @@ -1,266 +0,0 @@ -# How do I transition from Endpoint Policy Managerusing Group Policy or SCCM method to Endpoint Policy Manager Cloud - -Transitioning from Endpoint Policy Manager using Group Policy or SCCM method to Endpoint Policy -Manager Cloud is very straightforward. - -_Remember,_ Once Endpoint Policy Manager settings are created, they are transferable to XML, which -can be used with any method: Group Policy, Intune, SCCM, or Endpoint Policy Manager Cloud. - -This topic assumes you will have policies in the Group Policy editor and want to transfer them to -Endpoint Policy Manager Cloud. The actual current delivery method you are starting from doesn’t -matter. You can start from Group Policy, SCCM, or an MDM service like Intune and transfer over to -Endpoint Policy Manager Cloud. - -Here is an overview of the steps involved in transitioning an existing investment in Endpoint Policy -Manager with Group Policy or SCCM method over to Endpoint Policy Manager Cloud: - -**Step 1 –** Pre-testing that Endpoint Policy Manager Cloud is working at all with the built-in -policies. - -**Step 2 –** Exporting existing Endpoint Policy Manager settings within Group Policy to XML and -importing them into Endpoint Policy Manager Cloud. - -**Step 3 –** Optional: Backup and Restore entire GPO to Endpoint Policy Manager cloud. - -**Step 4 –** Use In-Cloud Editors to create and update rules. - -**Step 5 –** Using Endpoint Policy Manager Cloud to create company groups and/or use Endpoint Policy -Manager Cloud to Azure connector. - -**Step 6 –** Linking Endpoint Policy Manager Cloud XML to Endpoint Policy Manager Cloud Company -Groups or Azure Groups. - -**Step 7 –** Deploying the Endpoint Policy Manager Cloud Client and/or CSE to endpoints. - -**Step 8 –** Removing existing Group Policy, SCCM or Intune based Endpoint Policy Manager setting -settings from machines - -**Step 9 –** Report using Endpoint Policy Manager Cloud to verify expected settings are achieved. - -**Step 10 –** Keeping Endpoint Policy Manager Cloud computers up to date with client software using -Endpoint Policy Manager Cloud Groups. - -## Pre-testing that Endpoint Policy Manager Cloud is working at all with the built-in policies. - -Start by verifying that your Endpoint Policy Manager Cloud account is generally working. See the -[Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) topic for additional -information. - -You will be verifying that your Endpoint Policy Manager Cloud account is licensed, operational and -working as expected. - -## Exporting existing Endpoint Policy Manager settings within Group Policy to XML and importing them into Endpoint Policy Manager Cloud. - -Continue to export your existing invested Endpoint Policy Manager settings into XML format. - -You can export one setting at a time like this: - -![941_1_image-20230521113923-1_950x502](/img/product_docs/endpointpolicymanager/cloud/941_1_image-20230521113923-1_950x502.webp) - -You can export a Collection like this: - -![941_2_image-20230521113923-2_950x589](/img/product_docs/endpointpolicymanager/cloud/941_2_image-20230521113923-2_950x589.webp) - -Or you can export a whole category like this: - -![941_3_image-20230521113923-3](/img/product_docs/endpointpolicymanager/cloud/941_3_image-20230521113923-3.webp) - -You can also export settings en-mass across multiple GPOs using the Endpoint Policy Manager Exporter -Utility. The steps to do that are here -[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/methods/exporterutility.md) - -Then you can upload them straight into Endpoint Policy Manager cloud using the Upload and link a new -XML here. Or you can go to the XML Settings tab (not shown) and also upload them there for later -use. - -![941_4_image-20230521113923-4_950x326](/img/product_docs/endpointpolicymanager/cloud/941_4_image-20230521113923-4_950x326.webp) - -You may also view the XML in notepad and copy/paste the XML straight into Endpoint Policy Manager -cloud using the same setting, Upload and link a new XML here as seen around the 5 minute and 20 -second mark continuing onward. - -See the -[Endpoint Policy ManagerCloud: How to deploy Endpoint Policy Manager specific settings (using in-cloud editors and exporting from on-prem)](/docs/endpointpolicymanager/video/cloud/deploy/endpointpolicymanagersettings.md) topic -for additional information. - -## Optional: Backup and Restore entire GPO to Endpoint Policy Manager cloud - -You might also have a GPO with a lot of settings, which contain Microsoft and/or Endpoint Policy -Manager settings. You can transfer the whole contents of that GPO with a GPO Backup and Endpoint -Policy Manager Cloud Import. - -![941_5_image-20230521113923-5_950x386](/img/product_docs/endpointpolicymanager/cloud/941_5_image-20230521113923-5_950x386.webp) - -The result will be a de-constructed GPO with all relevant parts as XML, available to re-link later -to Company or Azure groups. - -See the [How to import GPOs to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/import.md) topic for -additional information. - -## Use In-Cloud Editors to create and update rules (for most policies) - -Now that all your rules are lifted and shifted from GPO Editor to XML to Cloud, you can use the -in-cloud editors to perform most new policy types and edit existing policies. - -![941_6_image-20230521113923-6_950x448](/img/product_docs/endpointpolicymanager/cloud/941_6_image-20230521113923-6_950x448.webp) - -Here’s an example of how to use the Endpoint Policy Manager Cloud in-cloud editors to create and -edit Endpoint Policy Manager Least Privilege Manager items. - -![941_7_image-20230521113923-7_950x1063](/img/product_docs/endpointpolicymanager/cloud/941_7_image-20230521113923-7_950x1063.webp) - -See the -[Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) topic -for additional information. - -You are advised to maintain a Windows based MMC editing station for testing because not every -editing function may be available in the Endpoint Policy Manager Cloud editors. Most items are, but -a few are not. Details about Endpoint Policy Manager Cloud and Test Lab Best Practices are here: -Getting Started with Cloud > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md). - -## Using Endpoint Policy Manager Cloud to create company groups and/or use the Endpoint Policy Manager Cloud to Azure connector - -Now you can craft your Company Group assignment and then adding computers to it. - -See the [Working with Groups](/docs/endpointpolicymanager/cloud/interface/computergroups/workingwith.md) topic for additional -information. - -An example of crafting your own Company groups, linking existing XMLs, creating new policies and -Adding/Removing computers from these Company Groups can be seen here. - -![941_8_image-20230521113923-8_950x503](/img/product_docs/endpointpolicymanager/cloud/941_8_image-20230521113923-8_950x503.webp) - -Another option is the ability to mate your Endpoint Policy Manager Cloud instance with your Azure -Instance and use Azure Groups as well. You can establish a connection between Endpoint Policy -Manager Cloud and Azure using these steps: - -![941_9_image-20230521113923-9_950x491](/img/product_docs/endpointpolicymanager/cloud/941_9_image-20230521113923-9_950x491.jpeg) - -Then Azure groups will appear at the same level as Company Groups and you can link XML to those -Azure groups. - -![941_10_image-20230521113923-10_950x286](/img/product_docs/endpointpolicymanager/cloud/941_10_image-20230521113923-10_950x286.jpeg) - -Provided the Endpoint Policy Manager Cloud Client is on the machine (one of the next steps), the -computer will pick up the policies in either the Computer Group or Azure Group. (`PPCLOUD /sync` -will show these details.) - -![941_11_image-20230521113923-11_950x295](/img/product_docs/endpointpolicymanager/cloud/941_11_image-20230521113923-11_950x295.jpeg) - -## Linking Endpoint Policy Manager Cloud XML to Endpoint Policy Manager Cloud Company Groups or Azure Groups - -Because your XML policies are now uploaded to Endpoint Policy Manager Cloud, you are ready to link -them over to the Company Group or Azure Group of your choice. Remember that Endpoint Policy Manager -Cloud acts nearly the same as on-prem GPO with the following attributes: - -- Groups are like OUs, though a computer may be in two Endpoint Policy Manager Cloud Groups (where - in on-prem AD it may only be in one.) -- Block Inheritance is available -- Enforced is available -- Precedence is available - -See the [Working with Groups](/docs/endpointpolicymanager/cloud/interface/computergroups/workingwith.md) topic for additional -information. - -## Deploying the Endpoint Policy Manager Cloud Client and/or CSE to endpoints - -Now you’re ready to deliver the Endpoint Policy Manager Cloud client to your machines, which will -join the machines to Endpoint Policy Manager Cloud. - -![941_12_image-20230521113923-12_950x461](/img/product_docs/endpointpolicymanager/cloud/941_12_image-20230521113923-12_950x461.webp) - -**NOTE:** If the machines already have the Endpoint Policy Manager CSE installed, there is no need -to uninstall the Endpoint Policy Manager CSE. It is permitted to pre-install the CSE on the machine -before the Endpoint Policy Manager Cloud client and could actually save you a lot of time during -Endpoint Policy Manager Cloud client rollout. - -There are a myriad of ways to install the Endpoint Policy Manager Cloud client, since it is just an -MSI. When the Cloud Client is installed it will automatically install the Endpoint Policy Manager -CSE if it is not present on the machine like what’s seen here. - -![941_13_image-20230521113923-13_950x691](/img/product_docs/endpointpolicymanager/cloud/941_13_image-20230521113923-13_950x691.webp) - -**NOTE:** The machine may also upgrade to a later CSE if a Endpoint Policy Manager Cloud group -dictates a later CSE; but the CSE will never downgrade. (See the last section in this guide for more -details.) - -Additionally, you may wish to investigate the idea of having computers automatically join the -Endpoint Policy Manager Cloud group of your choice with the Jointoken property. Two videos on that -topic are: - -- [Endpoint Policy Manager Cloud: Automatically Join Groups with JOINTOKEN](/docs/endpointpolicymanager/video/cloud/jointoken.md) -- [Endpoint Policy Manager Cloud + MDM Services: Install Cloud Client + automatically join PPC Groups and get policy.](/docs/endpointpolicymanager/video/cloud/mdm.md) - -**NOTE:** There are some other KB topicswith advanced scenarios on installing the Endpoint Policy -Manager Cloud client for Azure Virtual Desktops, VDI and other scenarios. Please open a ticket at -[Netwrix Support](https://www.netwrix.com/sign_in.html?rf=tickets.html#netwrix-support), if you have -trouble locating those articles. - -**NOTE:** Here's some command line examples to help install the Endpoint Policy Manager Cloud client -silently. See the -[How do I deploy the Endpoint Policy Manager Cloud Client via command line silently?](/docs/endpointpolicymanager/install/cloud/clientsilent.md) topic -for additional information. - -## Removing existing settings to machines (GPO and Non-GPO method) - -Now you are ready to remove existing policy from machines. This will vary depending on the source -method of deploying policy. - -- For GPO, we recommend unlinking the GPO(s) which have Endpoint Policy Manager / now transferred - settings. Then run `GPupdate  /force`,  then   `GPresult /h out1.html` and ensure the settings you - want are now absent from the Group Policy Results. -- For SCCM and MDM/Intune, perform an uninstall of the wrapped up XMLs / MSIs. You can also verify - the XML settings are removed from your endpoint from the Users or Groups or Computer folder. See - the - [What is the processing order of all policies and how are conflicts resolved (and how can I see the final RsOP) of those policies (between GPO, Cloud, XML, etc)?](/docs/endpointpolicymanager/troubleshooting/conflictresolved.md) topic - for additional information. - -## Report using Endpoint Policy Manager Cloud to verify expected settings are achieved - -There are two ways to determine if your endpoint(s) got the policies you expected. - -On the client - -Method one is akin to GP update and you simply run `PPCLOUD /sync` (performs a SYNC then displays) -or Endpoint Policy Manager Cloud /status (no sync, just displays), and you can see any specific -machines' current state and policies. - -![941_14_image-20230521113923-14_950x823](/img/product_docs/endpointpolicymanager/cloud/941_14_image-20230521113923-14_950x823.webp) - -See the [Manually Syncing with PolicyPak Cloud](/docs/endpointpolicymanager/cloud/verify.md#manually-syncing-with-policypak-cloud) -topic for additional information.[](https://helpcenter.netwrix.com/en-US/bundle/Endpoint Policy -Manager_AppendixE/page/Manually_Syncing_with_Endpoint Policy Manager_Cloud.html) - -On the server - -Additionally, you may mass report upon machines using the Endpoint Policy Manager Cloud reporting -mechanism. - -![941_15_image-20230521113923-15_950x386](/img/product_docs/endpointpolicymanager/cloud/941_15_image-20230521113923-15_950x386.webp) - -See the [Endpoint Policy Manager Cloud Reporting Demo](/docs/endpointpolicymanager/video/cloud/reports.md) topic for -additional information. - -Either method will inform you if the settings you lifted and shifted to Endpoint Policy Manager -Cloud are now on the endpoint. - -## Keeping Endpoint Policy Manager Cloud Client and Endpoint Policy Manager CSE up to date - -Finally, it is important to keep the Endpoint Policy Manager Cloud Client and the Endpoint Policy -Manager CSE up to date. Endpoint Policy Manager Company Groups control the versions of the Endpoint -Policy Manager Cloud Client and Endpoint Policy Manager CSE. - -![941_16_image-20230521113923-16_950x529](/img/product_docs/endpointpolicymanager/cloud/941_16_image-20230521113923-16_950x529.webp) - -You should always do small scale testing of upgrades of the Endpoint Policy Manager CSE and Endpoint -Policy Manager Cloud Client version to ensure safety before you roll it out to everyone via the All -group. - -See the -[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) topic -for additional information on the Microsoft Ring methodology, which aligns to Endpoint Policy -Manager best practices. - -See the -[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) topic -for additional information on how to perform small scale testing before large scale upgrades. diff --git a/docs/endpointpolicymanager/cloud/updatefrequency.md b/docs/endpointpolicymanager/cloud/updatefrequency.md deleted file mode 100644 index 2063615a82..0000000000 --- a/docs/endpointpolicymanager/cloud/updatefrequency.md +++ /dev/null @@ -1,6 +0,0 @@ -# How often does the Endpoint Policy Manager cloud client pull down new or updated directives? - -The Netwrix Endpoint Policy Manager (formerly PolicyPak) cloud client pulls down new or updated -directives every 60 minutes while the computer is on. - -You can also run the `PPUPDATE` command or `PPCLOUD /SYNC` which will force an update now. diff --git a/docs/endpointpolicymanager/cloud/version.md b/docs/endpointpolicymanager/cloud/version.md deleted file mode 100644 index cb9b5daeda..0000000000 --- a/docs/endpointpolicymanager/cloud/version.md +++ /dev/null @@ -1,11 +0,0 @@ -# How to find which PPCloud Client version & CSE version a registered computer is running from within the Endpoint Policy Manager Cloud portal - -![975_1_image-20230526004959-1_950x398](/img/product_docs/endpointpolicymanager/cloud/975_1_image-20230526004959-1_950x398.webp) - -**Step 1 –** Login to the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Portal and -select the **Company Details** tab. - -**Step 2 –** Select the **Computer list** report. - -**Step 3 –** View the PPC Client Version and PPC CSE version columns in the **Computer list** -report, filter the columns if needed. diff --git a/docs/endpointpolicymanager/device/devicemanager/helpertool.md b/docs/endpointpolicymanager/device/devicemanager/helpertool.md deleted file mode 100644 index 0df60e0f76..0000000000 --- a/docs/endpointpolicymanager/device/devicemanager/helpertool.md +++ /dev/null @@ -1,43 +0,0 @@ -# Device Manager Helper Tool - -The Endpoint Policy Manager Device Manager Help Tool can help you gather details from Devices, -including those which have been plugged into a system, but are not plugged in now. This can be -helpful on a machine where the user takes the device with them, and you still need to create a -policy for them. - -The Endpoint Policy Manager Device Manager Help Tool can be found in the download in the Endpoint -Policy Manager Extras folder. - -![helper1](/img/product_docs/endpointpolicymanager/device/devicemanager/helper1.webp) - -**NOTE:** The Endpoint Policy Manager Device Manager Helper tool may need local administrative -rights to run and also needs the WinRM service started. - -## Generate a Device List - -Follow the steps to generate a device list that can be used for creating Device Manager policies. - -![helper2](/img/product_docs/endpointpolicymanager/device/devicemanager/helper2.webp) - -**Step 1 –** Open the Endpoint Policy Manager Device Manager Helper. - -The Device Manager Export Wizard displays details for each selection: Disk Drives, Portable Devices, -and/or CD-ROMs. Only pages for detected devices are shown. - -The Device Manager Helper tool enables you to quickly gather Instance Paths for connected and -non-connected devices. - -![helper3](/img/product_docs/endpointpolicymanager/device/devicemanager/helper3.webp) - -**Step 2 –** On the Select Disk Devices window, right-click to automatically copy the detail to the -buffer for later pasting. - -![helper4](/img/product_docs/endpointpolicymanager/device/devicemanager/helper4.webp) - -You can also save the list of all devices at the end of the Wizard using the **Save application list -to this XML** option. - -Then, you may use this list using the previously described wizard pages such as Allow Device by -Serial Number and Allow Device by BitLocker Key, as shown in the example screen below. - -![helper5](/img/product_docs/endpointpolicymanager/device/devicemanager/helper5.webp) diff --git a/docs/endpointpolicymanager/device/devicemanager/overview.md b/docs/endpointpolicymanager/device/devicemanager/overview.md deleted file mode 100644 index 9eedf51a5e..0000000000 --- a/docs/endpointpolicymanager/device/devicemanager/overview.md +++ /dev/null @@ -1,160 +0,0 @@ -# Device Manager - -This manual is designed to be both an overview of what you can do with Endpoint Policy Manager -Device Manager and a Quickstart guide for getting up and running quickly. - -**NOTE:** You may ignore the standard or complete designations in the Endpoint Policy Manager Device -Manager UI. Typically, Endpoint Policy Manager is sold in Enterprise or SaaS editions and in those -configurations you get complete (meaning all the features). - -Before reading this section, please ensure you have read Book 2: Installation Quick Start, which -will help you learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, this manual demonstrates how to use on-prem Active Directory and Group Policy to deploy -Endpoint Policy Manager Device Manager directives. If you don't want to use Group Policy, see the -[MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md) topic to deploy directives for additional information. - -**NOTE:** For an overview of Endpoint Policy Manager Device Manager see the -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) topic for additional information. - -Endpoint Policy Manager Device Manager will manage USB and other removable media devices like -CD-ROMs, DVD ROMs, and phones which plug in and have storage when attached to Windows. - -For an overview of managing USB and other removeable media devices using Endpoint Policy Manager -Device Manager, see the -[Instantly Put the smackdown on USB sticks and CD-ROMs](/docs/endpointpolicymanager/video/device/usbdrive.md) topic for -additional information. - -The basic way to use Endpoint Policy Manager Device Manager is as follows: - -- Block end-users from accessing removable devices -- Create a rule to specify which removable devices a user would need access rights to -- Use On-Prem Group Policy to accept the Endpoint Policy Manager Device Manager policies created - -Alternatively, export the Endpoint Policy Manager Device Manger rules and deliver them in one of -these ways: - -- Microsoft SCCM — See the Deploy Endpoint Policy Manager Settings Using SCCM or Other Management - System! topic for additional information - -- Microsoft Intune — See the - [Block and Allow USB and CD-ROMs with your MDM solution](/docs/endpointpolicymanager/video/device/mdm.md) video overview - for additional information - -- PolicyPak Cloud service — See the - [Block USB sticks using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/device/cloud.md) topic for - additional information - -Then allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to -receive the directives and perform the work. - -**NOTE:** If you use an MDM service or Endpoint Policy Manager cloud service, you can deliver -Endpoint Policy Manager Device Privilege Manager settings even to non-domain-joined machines over -the Internet. - -## Endpoint Policy Device Manager Components - -Endpoint Policy Managerhas the following components: - -- A Management Station — The Endpoint Policy Manager Admin Console MSI must be installed on the - management station where you create GPOs. Once it’s installed, you’ll see the **Endpoint Policy - Manager Settings** > **Endpoint Policy Manager Device Privilege Manager** node, as shown below. - -- The Endpoint Policy Manager CSE — This runs on the client (target) machine and is the same CSE for - all Endpoint Policy Manager components (such as Least Privilege Manager, Device Manager, - Application Settings Manager) - -- Windows Endpoints — In order to use these, they must be licensed for Endpoint Policy Manager - Device Manager using one of the licensing methods - -- Also available is Endpoint Policy Manager Cloud when you purchase Enterprise or SaaS - -Endpoint Policy Manager Cloud enables you to create Endpoint Policy Manager Device Manager -directives using the in-cloud editors and connect endpoints to get Endpoint Policy Manager Device -Manager directives. - -![ppcloud](/img/product_docs/endpointpolicymanager/device/devicemanager/ppcloud.webp) - -While this manual mostly demonstrates concepts using the Group Policy editor, nearly everything can -be done using the Endpoint Policy Manager Cloud editors. Additionally, you can take on-prem MMC -directives and upload them to Endpoint Policy Manager Cloud and take in-cloud directives and -download them back as MMC directives. - -Also, you may use Endpoint Policy Manager Device Manager with any management system you like such as -SCCM, Intune, PDQ deploy or anything else. This is because Endpoint Policy Manager directives may be -exported as XML and wrapped up using the Exporter tool. This A free utility that lets you take -Endpoint Policy Manager Admin Templates Manager and our other products’ XML files and wrap them into -a portable MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune) or your own -systems management software. - -The [MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md) topic explains how to use the Endpoint Policy Manager -Exporter to wrap up any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint -Manager (SCCM and Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. - -This topic will get you going with the concepts and results you’re looking for and then you may -choose whatever delivery method makes sense for your organization. - -## Why you need Endpoint Policy Device Manager - -Microsoft makes it easy to turn off all access to USB sticks and other removable devices. With a -simply GPO or MDM setting that can accomplished. - -Here is exactly how to do that (without using Endpoint Policy Manager Device Manager) when using -ADMX settings via GPOs. - -![device01](/img/product_docs/endpointpolicymanager/device/devicemanager/device01.webp) - -The same may be performed using and MDM service like Intune using similar settings. - -![device02](/img/product_docs/endpointpolicymanager/device/devicemanager/device02.webp) - -The result will be the same where Removable Devices will be stopped. - -![device03](/img/product_docs/endpointpolicymanager/device/devicemanager/device03.webp) - -In this way you can completely shut out all devices for all users for all times. - -Unlike Microsoft policies, Endpoint Policy Manager Device Manager allows customized settings for USB -and other removable devices (henceforth written as devices). - -You can perform the following management on devices: - -- Which on-Prem Active Directory or Azure user can use devices -- What access type those devices has (Read, Read/Write, Full) -- Grant access to a device only if the device has Bitlocker on it -- Specify specific device vendors, device IDs and device revisions -- Specify specific serial numbers for devices - -None of this is possible with the in-box settings with Microsoft GPOs or MDM policies (like Intune). - -**NOTE:** Consider integrating with Netwrix Privilege Secure for Endpoints for additional features -when managing devices: - -- Endpoint Policy Manager Device Manager only deals with aspects of removable data devices. For - other device types, like Bluetooth, Serial Ports, printers and shares, consider Netwrix Endpoint - Protector. See the Device Control topic in the User Manual section of the Netwrix Endpoint - Protector [documentation](https://helpcenter.netwrix.com/category/endpointprotector) for - additional information. -- Endpoint Policy Manager Device Manager doesn't inspect the data as it goes by looking for - patterns. That is, PolicyPak Device Manager is not a traditional "Data Loss Prevention" (DLP) - product. For that functionality, consider Netwrix Endpoint Protector. See the Content Aware - Protection topics in the Administration section of the Netwrix Endpoint Protector - [documentation](https://helpcenter.netwrix.com/category/endpointprotector) for additional - information. -- Endpoint Policy Manager Device Manager isn't trying to protect against non-data devices like - "RubberDucky" devices or similar devices which act as keyboards to perform malicious actions. For - that functionality, consider Netwrix Endpoint Protector. See the Content Aware Protection topics - in the Administration section of the Netwrix Endpoint Protector - [documentation](https://helpcenter.netwrix.com/category/endpointprotector) for additional - information. - -To get started on device policies, create a link a GPO and link it to where your computers are. The -examples use East Sales Desktops. - -You may also use Endpoint Policy Manager Cloud to create these policies, or export your GPOs created -in this example for use with an MDM service like Intune. diff --git a/docs/endpointpolicymanager/device/devicemanager/rules.md b/docs/endpointpolicymanager/device/devicemanager/rules.md deleted file mode 100644 index 250b91c2d4..0000000000 --- a/docs/endpointpolicymanager/device/devicemanager/rules.md +++ /dev/null @@ -1,180 +0,0 @@ -# Admin Approval, Branding, Customization and Automatically Createing Rules - -Admin Approval enables you to anticipate devices without rules and enable users to use your service -desk to help authorize sanctioned devices - temporarily or permanently. - -See the -[Device Manager Admin Approval and Automatic Rules Creation](/docs/endpointpolicymanager/video/device/dmapprovalautorules.md) -topic for additional information on Admin Approval & Branding and Customization. - -This document refers to the person doing the approval as an Approver. This can be someone on your -help desk, security team or yourself. - -There are three parts to Admin Approval: - -- The Endpoint Policy Manager Device Manager policies, which establish Admin Approval and its secret - key -- Securing the secret key (if using Group Policy method) -- The Endpoint Policy Manager Device Privilege Manager Admin Approval Tool - -Start out by creating an Admin Approval policy, as shown below. - -**NOTE:** You can only have one Admin Approval entry per collection and only one will ultimately -apply. - -![aa15](/img/product_docs/endpointpolicymanager/device/devicemanager/aa15.webp) - -Admin Approval has four tabs: - -- General - - - Admin Approval State — **Enable** or **Disable** Admin approval - - Secure Desktop — Endpoint Policy Manager Admin Approval Dialog will present itself by default - on the Windows Secure Desktop. You can change this behavior here. - - Warning message — When a device is schedule to be used for a period of time, this amount of - minutes is when the pop-up notification occurs to the end-user - -- Secret Key - - - Key — Here is where you can create a secret key by choosing either **Derive from Password** or - **Generate Random**. Then, click **Copy**, and, for now, paste the secret key into Notepad. - -- Email - - - Use of Email — **Enabled** or **Disabled**. When Enabled you can provide an email address. - When Disabled you will only get short over the phone codes. - - Send To — The email address you want the long request codes sent to - - Always use email (only) — Turns off the short code method - - Open the message in Notepad Instead — When using the Email method, instead of launching your - desktop's mail app, like Outlook, instead open the request in Notepad. Users can then paste it - into the mail program (Gmail.com) or application of their choice. - -- Misc - - - Custom Message — Optional message to customers about what to do, who to call, what is - permitted etc, to override the default Endpoint Policy Manager Device Manager behavior. - -![aa14](/img/product_docs/endpointpolicymanager/device/devicemanager/aa14.webp) - -## Brand Dialog Using Global Settings (Optional) - -You can brand your dialogs to your corporate standards. This is done in the Global Settings policy -type you saw earlier. - -Below you can see some example of what you may configure. You can even run a pre-test to see what -the user will see before implementation. - -![aa4](/img/product_docs/endpointpolicymanager/device/devicemanager/aa4.webp) - -## Test Admin Approval - -When unknown devices are encountered, the following dialog will appear. Users can use your details -to call the service desk and/or send email requests. - -Requests are then fielded by the Device Manager Admin Approval tool. - -![aa3](/img/product_docs/endpointpolicymanager/device/devicemanager/aa3.webp) - -## Device Manager Admin Approval Tool - -The Device Manager Admin Approval Tool is then used to field requests. This application is -pre-installed whenever the Endpoint Policy Manager Admin Console MSI is installed. Its also -available as a standalone portable application and found in the Endpoint Policy Manager Extras -folder in the download. - -![aa5](/img/product_docs/endpointpolicymanager/device/devicemanager/aa5.webp) - -The first time set up for an Approver requires that the Secret Key found in the policy is placed -into the tool. The Approver also has his own password to sign into the app to open it up. - -![aa6](/img/product_docs/endpointpolicymanager/device/devicemanager/aa6.webp) - -## Admin Approval Tool in Simple Mode - -The Approver can field Simple (over the phone) requests or Email requests. In this example, a -Request code is provided over the phone to an Approver. - -An Approver can set: - -- Permissions — Full access, Read, Read & Write, Read & Execute -- Timeframe — After this amount of time, device must be re-authorized. Permanent, 15 minutes, 1 - hour, 2 hours, 4 hours, 8 hours. -- Uses — Once, 5 times, 10 times, Unlimited -- Expires — Amount of time the Response code is valid for Never (Default), 10 minutes, 1 hour, 12 - hours - -![aa7](/img/product_docs/endpointpolicymanager/device/devicemanager/aa7.webp) - -The Response code will change based upon the Approver inputs. - -**NOTE:** Anytime TimeFrame is set to **Permanent**, it overrides all Uses limits and generates a -warning. For example: Uses set to **Once** and TimeFrame set to **Permanent**. - -![aa8](/img/product_docs/endpointpolicymanager/device/devicemanager/aa8.webp) - -In this combination, Timeframe overrides Uses, meaning that whatever access you give the device is -actually Permanent and not Once. - -To get out of this problem if you get into it, you have two choices: - -- Update the policy by disabling the Global Policy or turning off Device Manager. -- Or on a single machine you may erase the value for the device you granted Permanent access to. See - the - [What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)?](/docs/endpointpolicymanager/device/registry.md) - topic for additional information. - -## Admin Approval Using Email Method - -You can use Admin Approval requests to go through your service desk as email requests. See the -[Endpoint Policy Device Manager and End-User Emails to Support](/docs/endpointpolicymanager/video/device/enduser.md) topic -for additional information. - -The email method will attempt to use your registered mail application. Your email app must be -registered with the .EML extension for this to work as expected. - -## ![aa9](/img/product_docs/endpointpolicymanager/device/devicemanager/aa9.webp) - -The Approver would then field this request, generate a Response code and send it back via email or -copy paste. - -The Email method has details about what the device actually is, versus the Simple method which -cannot provide those details. - -![aa10](/img/product_docs/endpointpolicymanager/device/devicemanager/aa10.webp) - -## Admin Approval Create Rule Button - -The Create Rule button allows you to launch a Wizard which will help generate a rule you can then -use permanently and deliver using Group Policy, MDM or Endpoint Policy Manager Cloud. - -Because the Device Details are now known via the Email method, you can create a permanent rule -similar to the Wizard we saw earlier. - -![aa11](/img/product_docs/endpointpolicymanager/device/devicemanager/aa11.webp) - -In the Wizard you can use the default settings or change the Members and Permissions. - -Finally, save your XML and import it into the MMC editor as a policy or use with Endpoint Policy -Manager Exporter or Endpoint Policy Manager Cloud. - -![aa12](/img/product_docs/endpointpolicymanager/device/devicemanager/aa12.webp) - -## Making a rule directly from an Email Request Code - -If you'd like you can take a Email request code and immediately generate a rule inside the MMC -console. - -Copy the code and then select **New Policy from Audit Event or Admin Approval Code**. - -Paste in the Request code and follow the Wizard to generate the rule which you need. - -![aa13](/img/product_docs/endpointpolicymanager/device/devicemanager/aa13.webp) - -## Make a Rule Directly from an Event on the Endpoint - -You can take Event IDs generated from Endpoint Policy Manager Device Manager, such as this and use -it as the basis to start a rule. - -![event1](/img/product_docs/endpointpolicymanager/device/devicemanager/event1.webp) - -# ![event2](/img/product_docs/endpointpolicymanager/device/devicemanager/event2.webp) diff --git a/docs/endpointpolicymanager/device/overview/knowledgebase.md b/docs/endpointpolicymanager/device/overview/knowledgebase.md deleted file mode 100644 index be93e3167c..0000000000 --- a/docs/endpointpolicymanager/device/overview/knowledgebase.md +++ /dev/null @@ -1,7 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Device Manager. - -- [How to add Devices when serial numbers contain extra characters in the device instance path](/docs/endpointpolicymanager/device/serialnumber.md) -- [Why can MSIs be installed from a USB drive when the only access granted to users is READ access](/docs/endpointpolicymanager/device/usbdrive.md) -- [What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)?](/docs/endpointpolicymanager/device/registry.md) diff --git a/docs/endpointpolicymanager/device/overview/videolearningcenter.md b/docs/endpointpolicymanager/device/overview/videolearningcenter.md deleted file mode 100644 index 1aa1e3523f..0000000000 --- a/docs/endpointpolicymanager/device/overview/videolearningcenter.md +++ /dev/null @@ -1,19 +0,0 @@ -# Video Learning Center - -See the following Video topics for Device Manager. - -## Getting Started - -- [Instantly Put the smackdown on USB sticks and CD-ROMs](/docs/endpointpolicymanager/video/device/usbdrive.md) -- [Allow ONE user (or group) access to USB and/or CD-ROM and DVDs](/docs/endpointpolicymanager/video/device/usbdriveallowuser.md) -- [Authorize USB Sticks by VENDOR type](/docs/endpointpolicymanager/video/device/usbdriveallowvendor.md) -- [Permit specific devices by serial number](/docs/endpointpolicymanager/video/device/serialnumber.md) -- [Restrict access only to Bitlocker drives](/docs/endpointpolicymanager/video/device/bitlockerdrives.md) -- [Endpoint Policy Device Manager and End-User Emails to Support](/docs/endpointpolicymanager/video/device/enduser.md) -- [Device Manager Helper Tool](/docs/endpointpolicymanager/video/device/dmhelpertool.md) -- [Device Manager Admin Approval and Automatic Rules Creation](/docs/endpointpolicymanager/video/device/dmapprovalautorules.md) - -## Methods: Cloud, MDM and SCCM - -- [Block USB sticks using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/device/cloud.md) -- [Block and Allow USB and CD-ROMs with your MDM solution](/docs/endpointpolicymanager/video/device/mdm.md) diff --git a/docs/endpointpolicymanager/device/registry.md b/docs/endpointpolicymanager/device/registry.md deleted file mode 100644 index d77b74e578..0000000000 --- a/docs/endpointpolicymanager/device/registry.md +++ /dev/null @@ -1,58 +0,0 @@ -# What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)? - -On any endpoint, details about what USB and other devices have temporary or permanent access are -stored here: - -HKEY_LOCAL_MACHINE\SOFTWARE\PolicyPak\Client-Side -Extensions\{7FA1BDCB-818A-4EF6-A1B7-EF5F85C2D702}\Admin Approval\ApprovedDevicesStorage - -Here is an example of a device which was approved via the Admin Approval tool. - -![aa1](/img/product_docs/endpointpolicymanager/device/aa1.webp) - -## To determine the Admin Approval End Time for any device: - -**Step 1 –** Grab the **EndTime** and change to **Decimal**. - -**Step 2 –** Input the **EndTime** into this Powershell script. - -``` -$my_time = 1725537001291 -(([System.DateTimeOffset]::FromUnixTimeMilliseconds($my_time)).DateTime.ToLocalTime()).ToString("s") -``` - -An example can be seen here: - -![aa2](/img/product_docs/endpointpolicymanager/device/aa2.webp) - -## To Determine the Permissions within the Registry: - -Permission bit flags: - -- READ 0x80000000 -- WRITE 0x40000000 -- EXECUTE 0x20000000 -- ALL 0x10000000 - -For example, for READ+WRITE permissions, the value is 0xC0000000. - -## Resetting the Device Manager Admin Approval Values - -From time to time you may want to reset the values on a machine such that all devices are reset, and -new Admin Approval values may be set in the future. To do this: - -**Step 1 –** Download PSExec from -[https://learn.microsoft.com/en-us/sysinternals/downloads/psexec](https://learn.microsoft.com/en-us/sysinternals/downloads/psexec) - -**Step 2 –** Run CMD as administator - -**Step 3 –** Execute psexec.exe -i -s regedit - -**Step 4 –** As SYSTEM open Regedit. Find HKEY_LOCAL_MACHINE\SOFTWARE\PolicyPak\Client-Side -Extensions\{7FA1BDCB-818A-4EF6-A1B7-EF5F85C2D702}\Admin Approval\ApprovedDevicesStorage - -**Step 5 –** Delete the whole key **ApprovedDevicesStorage** to reset AA approvals for all devices, -or chose a specific one and delete it. - -**Step 6 –** Restart PPExtensionService.exe (aka Netwrix Endpoint Policy Manager (formerly -PolicyPak) Helper Service.) diff --git a/docs/endpointpolicymanager/editions/overview.md b/docs/endpointpolicymanager/editions/overview.md deleted file mode 100644 index 22187b4e9d..0000000000 --- a/docs/endpointpolicymanager/editions/overview.md +++ /dev/null @@ -1,32 +0,0 @@ -# Editions, Solutions, Paks, and Policies - -In the sections that follow, we will discuss the different editions of Netwrix Endpoint Policy -Manager (formerly PolicyPak) you can choose from, and the solutions, Paks, and policies that are -available with each edition. - -## Editions - -Endpoint Policy Manager is available in one of three editions: - -- Endpoint Policy Manager Enterprise Edition: With this edition, you get all solutions, all Paks, - and all policies. -- Endpoint Policy Manager Professional Edition: With this edition, you get all solutions, a choice - of Paks, and the policies within the Paks you choose. -- Endpoint Policy Manager SaaS Edition: With this edition, you get Endpoint Policy Manager Cloud, - most Paks, and the policies within those Paks. - -To use PolicyPak, you need to delivery policies via a solution method. You can use one method, or -you can start with a method and then use more methods as time goes on. The editions and allowed -solution methods, as well as the relationship between editions and Paks, are shown in the table -below. - -Products and solution methods. - -| Solution Method | Endpoint Policy Manager Enterprise Edition (all Paks) | Endpoint Policy Manager Professional Edition (pick your Paks) | Endpoint Policy Manager SaaS Edition (most Paks) | -| ---------------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------ | -| Active Directory/GPO Method | ✓ | ✓ | X | -| MDM Method | ✓ | ✓ | X | -| Cloud Method | ✓ | ✓ | ✓ | -| Cloud Hybrid Method (MDM or RMM + Endpoint Policy Manager Cloud) | ✓ | ✓ | ✓ | -| Unified Endpoint Management Method | ✓ | ✓ | X | -| Virtualization | ✓ (Single desktops, shared desktops, shared sessions) | ✓ (Single desktops, shared desktops, shared sessions) | ✓ (Single virtualized desktops) | diff --git a/docs/endpointpolicymanager/editions/policies.md b/docs/endpointpolicymanager/editions/policies.md deleted file mode 100644 index 00d79198ee..0000000000 --- a/docs/endpointpolicymanager/editions/policies.md +++ /dev/null @@ -1,218 +0,0 @@ -# Policies - -Endpoint Policy Manager policies are configurable items which perform work on the endpoint. - -**NOTE:** Policies are also known as components, and that wording may be used interchangeably. - -Each policy has a different function, so we are going to briefly explore what these components can -do for you. Remember, you may use any of the solution methods to deploy a policy, provided your -license enables it. - -## Application Settings Manager with Endpoint Policy Manager DesignStudio - -Endpoint Policy Manager Application Settings Manager has over 400 preconfigured AppSets to get you -started managing and locking down pesky applications right away. - -Many popular applications are available, including Internet Explorer, Teams, Acrobat Reader, Java, -Firefox, Office, and more. Additionally, with our Endpoint Policy Manager DesignStudio, you can -design your own Paks for just about any application. With Endpoint Policy Manager Software, it is -easy to configure, manage, and lock down 1, 2, 50, or more in-house or commercial applications. In -conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy Endpoint -Policy Manager Application Settings Manager directives over the Internet, even to non-domain-joined -machines. - -**Note**: For more information on this topic, please see this video: -[What is Endpoint Policy Application Manager (Cloud Edition)](/docs/endpointpolicymanager/video/applicationsettings/cloud.md). - -## Least Privilege Manager - -Endpoint Policy Manager Least Privilege Manager enables your users with standard user rights to get -access to applications in situations where they might need local admin privileges. - -It will also stop attacks from malware, crypto-malware, etc., and will block any application if it -is not installed by an administrator. This is called the Endpoint Policy Manager LPM SecureRun™ -feature. In conjunction with Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy -Manager Least Privilege Manager can deploy directives over the Internet, even to non-domain-joined -machines. - -For more information on this topic, please see this video: -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Privilege Manager. - -**NOTE:** Note that Endpoint Policy Manager Least Privilege Manager has two versions: Standard and -Complete. If a customer is a Endpoint Policy Manager Enterprise or SaaS customer, they get Least -Privilege Manager Complete. If the customer is a Endpoint Policy Manager Professional customer, they -can decide between Least Privilege Manager Standard or Complete. For an overview of the two -versions, check out this page: -[https://www.endpointpolicymanager.com/paks/least-privilege-security-pak/](https://www.endpointpolicymanager.com/paks/least-privilege-security-pak/). - -## Browser Router - -Endpoint Policy Manager Browser Router dictates which browser should open up which web pages for end -users. - -If you have a specific need to open up Edge, Firefox, Chrome, Internet Explorer, or a custom -browser, Endpoint Policy Manager Browser Router can make it easy. It can also dictate which browser -should be the default for websites so the user is not prompted. It can also block access to certain -websites (e.g., Facebook) for all browsers. It can also specify Internet Explorer's document and -enterprise modes on the fly. In conjunction with Endpoint Policy Manager Cloud or your own MDM -service, you can also deliver these Endpoint Policy Manager Browser Router settings over the -Internet to domain-joined and non-domain-joined machines. - -**Note**: For more information on this topic, please see this video: -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Browser Router - -## Java Enterprise Rules Manager - -Endpoint Policy Manager Java Enterprise Rules Manager enables you to choose the version of Java that -specific websites use or block Java websites entirely, even for remote machines via the cloud. - -Making a Java deployment rule set for your enterprise has never been easier or more flexible. In -conjunction with Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy Manager Java -Enterprise Rules Manager can deploy most Microsoft Security settings to computers over the Internet, -even to non-domain-joined machines. - -**Note**: For more information on this topic, please see this -video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Java -Enterprise Rules Manager . - -## Admin Templates Manager - -Endpoint Policy Manager Admin Templates Manager enables you to deploy any Microsoft setting (or -third-party admin template [.admx file]) to either users or computers. - -You can also put Group Policy settings into collections and ensure that they are specifically -targeted with conditions to users and computers . Endpoint Policy Manager Admin Templates Manager -will enable you to deploy Admin Template items without using Group Policy, by using Microsoft SCCM, -Windows Intune, or your own systems management software. In conjunction with Endpoint Policy Manager -Cloud, Endpoint Policy Manager Admin Templates Manager allows you to deploy any Microsoft Admin -Template (or third-party ADMX setting) to computers over the Internet, even to non-domain-joined -machines. - -**Note**: For more information on this topic, please see this -video:[Administrative Templates Manager](/docs/endpointpolicymanager/adminstrativetemplates/overview.md). - -## File Associations Manager - -Endpoint Policy Manager File Associations Manager enables you to map specific file extensions (such -as .pdf) to specific applications, like Acrobat Reader (standard apps and Windows 10 Universal -apps), and handling applications with protocols (such as MAILTO:). - -**Note**: For more information on this topic, please see this video: -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > File Associations -Manager. - -## Preferences Manager - -Endpoint Policy Manager Preferences Manager keepsw Group Policy Preferences working and compliant, -even when the computer goes offline. - -It enables you to deploy Group Policy Preference items without using Group Policy. For instance, by -using Microsoft SCCM, Windows Intune, or your own systems management software. In conjunction with -Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy Manager Preferences Manager -deploys Group Policy Preference items over the Internet, even to non-domain-joined machines. - -**NOTE:** The license for this policy is not provided unless specifically requested by the customer -when Endpoint Policy Manager is used with the Group Policy delivery mechanism. For more details on -why the license is not automatically provided, please see the following link: -[Where is my Endpoint Policy Manager Preferences Component license and how do I request one?](/docs/endpointpolicymanager/preferences/componentlicense.md). - -**Note**: For more information on this topic, please see this -video:[Preferences Manager](/docs/endpointpolicymanager/preferences/overview.md) - -## Security Settings Manager - -Endpoint Policy Manager Security Settings Manager enables you to deploy Group Policy's Security -settings without using Group Policy. - -You can do this by using Microsoft SCCM, Windows Intune, or your own systems management software. In -conjunction with Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy Manager -Security Manager can deploy most Microsoft Security settings to computers over the Internet, even to -non-domain-joined machines. - -**Note**: For more information on this topic, please see this video: -[Security Settings Manager](/docs/endpointpolicymanager/securitysettings/overview.md). - -## Start Screen & Taskbar Manager - -Endpoint Policy Manager Start Screen & Taskbar Manager enables you to map specific applications -(Win32 and WUP apps) and Edge links to specific Windows 10 Start menu groups. - -It gives you granular control to create groups of individual tiles and locks those groups down. -Additionally, you can use this component to pin items to the Windows 10 taskbar. - -**NOTE:** You may wish to watch our Quickstart videos of Endpoint Policy Manager Start Screen & -Taskbar Manager: Start Screen & Task Bar Manager > -[Video Learning Center](/docs/endpointpolicymanager/video/index.md). - -**Note**: For more information on this topic, please see this video: -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Start Screen & Task -Bar Manager - -## Scripts & Triggers Manager - -You can use Endpoint Policy Manager Scripts & Triggers Manager to automate any task, with a script. -You can use triggers to enable the scripts to run at specific times. - -In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can use scripts to -deploy software over the Internet, even to non-domain-joined machines. - -**Note**: For more information on this topic, please see this -video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Scripts & -Triggers Manager. - -## Remote Work Delivery Manager - -You can use Endpoint Policy Manager Remote Work Delivery Manager to automate the delivery of files -from UNC shares or Internet shares, install software, and keep software automatically updated. - -In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy VPN -connections over the Internet, even to non-domain-joined machines. - -**Note**: For more information on this topic, please see this video: Remote Work Delivery Manager > -[Video Learning Center](/docs/endpointpolicymanager/video/index.md). - -## Feature Manager for Windows - -Endpoint Policy Manager Feature Manager lets you select and deselect the Windows features and -optional features that best fit the needs of your users. - -You can also specify or postpone necessary reboots. In conjunction with Endpoint Policy Manager -Cloud or your own MDM service, Endpoint Policy Manager Feature Manager for Windows lets you manage -the Windows features and options on machines over the Internet, even to non-domain-joined machines. - -**Note**: For more information on this topic, please see this -video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Feature Manager for -Windows . - -## Remote Desktop Protocol Manager - -You can use Endpoint Policy Manager Remote Desktop Protocol Manager to enable users to remotely -connect into existing RDP machines. - -In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy policies -that add or remove .rdp file connections over the Internet, even to non-domain-joined machines. - -**Note**: For more information on this topic, please see this -video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md)[Video Learning Center](/docs/endpointpolicymanager/video/index.md)[Video Learning Center](/docs/endpointpolicymanager/video/index.md). - -## Network Security Manager - -You can use Network Security Manager to specify which processes and applications can communicate to -what IP, web addresses and over what protocols. - -**Note**: For more information on this topic, please see this -video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Network Security -Manager - -## Software Package Manager - -You can use Endpoint Policy Manager Software Package Manager to add or remove packages from the -Microsoft Store. - -In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy policies -which add or remove Microsoft Store application connections over the Internet, even to -non-domain-joined machines. - -**Note**: For more information on this topic, please see this video: -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Software Package -Manager. diff --git a/docs/endpointpolicymanager/feature/addremove/collections.md b/docs/endpointpolicymanager/feature/addremove/collections.md deleted file mode 100644 index 2dffbab560..0000000000 --- a/docs/endpointpolicymanager/feature/addremove/collections.md +++ /dev/null @@ -1,18 +0,0 @@ -# Getting Started with Collections - -Endpoint Policy Manager Feature Manager for Windows policies may be contained in the root of the -GPO, or within collections. We recommend that you start out by creating a collection that will -contain the policies. If you put the policies in a collection, it will be easier to manage the -settings. - -Start out by going to **Add** > **New Collection**. From there you can configure the collection -settings. - -![quickstart_adding_and_removing_1](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_1.webp) - -The only item you might want to change regularly is the **Reboot Mode**. For now, change it to -**Asks User**. In your own environment, you might want to select **Prevent**, but don't do this now. - -You can see your collection added. - -![quickstart_adding_and_removing_2](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_2.webp) diff --git a/docs/endpointpolicymanager/feature/addremove/overview.md b/docs/endpointpolicymanager/feature/addremove/overview.md deleted file mode 100644 index 3359504a1b..0000000000 --- a/docs/endpointpolicymanager/feature/addremove/overview.md +++ /dev/null @@ -1,32 +0,0 @@ -# Quick Start - Adding and Removing Features - -**NOTE:** For some video overviews of Netwrix Endpoint Policy Manager (formerly PolicyPak) Feature -Manager for Windows, see -[https://www.endpointpolicymanager.com/products/feature-manager-for-windows.html](https://www.endpointpolicymanager.com/products/feature-manager-for-windows.html). - -In this example we will uninstall and install the following: - -- **Features**: - - - Uninstall the Microsoft XPS Document Writer - - Uninstall SMB 1.0 - - Install .Net 3.5 (including .Net 2.0 and 3.0) Framework - - Install Telnet Client - -- **Optional Features**: - - - Uninstall the XPS Viewer - - Install the Graphics Tools - - Install the GPMC RSAT tools (Optional RSAT Feature; works only with Windows 1809+) - -To begin, log on as a local admin on an test computer and verify that none of the items in the -bullet lists above are currently installed. Then, create and link a group policy object (GPO) to a -location that contains computers. In the example below, created a GPO and linked it to the East -Sales Desktops. - -![quickstart_adding_and_removing](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing.webp) - -Then click **Edit** to edit the GPO. - -**NOTE:** Even if you're using Endpoint Policy Manager Cloud or MDM edition, you still need to -create the policies within a GPO first. diff --git a/docs/endpointpolicymanager/feature/addremove/policies.md b/docs/endpointpolicymanager/feature/addremove/policies.md deleted file mode 100644 index 09950a658d..0000000000 --- a/docs/endpointpolicymanager/feature/addremove/policies.md +++ /dev/null @@ -1,95 +0,0 @@ -# Creating Policies within Collections - -Double-click to go into your collection, where you can now create policies. Go to **Add** > **New -Policies**. Once there you are prompted by the Endpoint Policy Manager Feature Manager for Windows -wizard. - -![quickstart_adding_and_removing_3](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_3.webp) - -Here you can select an install rule, an uninstall rule, or a mixed rule. - -- Install Rule provides a method to install features or optional features. -- Uninstall Rule provides a method to uninstall features or optional features. -- Mixed Rule provides methods both installing and uninstalling. - -For this example, select **Install Rule**, which brings you to the **Select package type** page. - -![quickstart_adding_and_removing_4](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_4.webp) - -The next screen allows you to turn on Windows features. Select the items you want, such as .Net -Framework 3.5 (either, both, or neither of the sub-options) as well as the Telnet Client. -Additionally you should take note of some special items: - -- Supported on - Explains which versions of Windows 10 and Windows Server this item will apply to. -- Feature details - Explains which features depend on the selected feature (and will automatically - be installed), as well as whether a reboot is required or possible. - -![quickstart_adding_and_removing_5](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_5.webp) - -Click **Next** to continue. Then, click on **Add policies to the existing collection**. - -![quickstart_adding_and_removing_6](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_6.webp) - -In The Policies settings window shows which policy items you are about to create. You can optionally -add Item-Level Targeting to any item, so that item will only be installed when the conditions are -true. In the example below you can see that the Telnet Client will only be installed on portable -computers. - -![quickstart_adding_and_removing_7](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_7.webp) - -**NOTE:** You do not need to add Item-Level Targeting for this example, it is just shown here for -future reference. - -The final page of the wizard displays:. - -![quickstart_adding_and_removing_8](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_8.webp) - -Click **Finish**. Thee two items are added to your collection. - -![quickstart_adding_and_removing_9](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_9.webp) - -Now, repeat the process again, this time selecting: - -- **Install Rule** -- **Windows Optional Feature** - -The **Turn Windows optional features ON** page appears. **Select** **Graphics Tools**. - -![quickstart_adding_and_removing_10](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_10.webp) - -Scroll down and find the RSAT category and select **RSAT: Group Policy Management Tools**. - -![quickstart_adding_and_removing_11](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_11.webp) - -Continue, leaving the remainder of the default settings. You can see the policies added to the -collection. - -![quickstart_adding_and_removing_12](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_12.webp) - -Now, let's remove some features and optional features. - -We will add more policies, this time selecting: - -- **Uninstall rule** -- **Windows Features** - -Select the items to uninstall, like Microsoft XPS Document Writer and SMB 1.0. - -![quickstart_adding_and_removing_13](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_13.webp) - -Click **Next** through the remainder of the wizard, accepting the defaults. - -Run through the wizard one more time, selecting: - -- **Uninstall Rule** -- **Windows Optional Feature** - -Then you can select to turn off XPS Viewer. - -![quickstart_adding_and_removing_14](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_14.webp) - -Click **Next** through the remainder of the wizard, accepting the defaults. - -At this point you should have seven policies. - -![quickstart_adding_and_removing_15](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_15.webp) diff --git a/docs/endpointpolicymanager/feature/addremove/test.md b/docs/endpointpolicymanager/feature/addremove/test.md deleted file mode 100644 index 1905205cfd..0000000000 --- a/docs/endpointpolicymanager/feature/addremove/test.md +++ /dev/null @@ -1,20 +0,0 @@ -# Testing Your GPO - -Next, make sure your endpoint is in an organizational unit (OU) to which the GPO would apply. Then -log on as any user. Run GPupdateto push the computer-side GPO changes. This would normally happen in -the background between 90 and 120 minutes later. After the computer gets the GPO, the user is -prompted to reboot. - -![quickstart_adding_and_removing_16](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_16.webp) - -The reboot prompt only occurs because of the setting within the collection. The computer will finish -installing or uninstalling the features upon reboot. - -![quickstart_adding_and_removing_17](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_17.webp) - -Now you can go back and verify those items are added or removed. Below are examples of the final -result. - -![quickstart_adding_and_removing_18](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_18.webp) - -![quickstart_adding_and_removing_19](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_19.webp) diff --git a/docs/endpointpolicymanager/feature/advanced/overview.md b/docs/endpointpolicymanager/feature/advanced/overview.md deleted file mode 100644 index e2157d94ed..0000000000 --- a/docs/endpointpolicymanager/feature/advanced/overview.md +++ /dev/null @@ -1,6 +0,0 @@ -# Advanced Manipulations of Policies and Collections - -In this section we cover a few advanced topics. First, we explore some areas where you can -manipulate policies without the wizard. For instance, we'll start out by showing you how you can -delete policies, edit policies, and edit collections without the wizard. Then, we will also explore -the idea of **Mixed Rule** along with how to create collections within the wizard. diff --git a/docs/endpointpolicymanager/feature/gettoknow.md b/docs/endpointpolicymanager/feature/gettoknow.md deleted file mode 100644 index 30b0743937..0000000000 --- a/docs/endpointpolicymanager/feature/gettoknow.md +++ /dev/null @@ -1,18 +0,0 @@ -# Getting to Know Feature Manager for Windows - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Feature Manager for Windows is contained within -the Endpoint Policy Manager node. Endpoint Policy Manager Feature Manager for Windows MMC snap-in -allows you to create new Endpoint Policy Manager Feature Manager collections or policies. - -**NOTE:** You will only see the Endpoint Policy Manager Feature Manager for Windows node when the -latest Admin Console MSI is installed on the management station. - -![getting_to_know_feature_manager](/img/product_docs/endpointpolicymanager/feature/getting_to_know_feature_manager.webp) - -The functions of collections and policies are as follows: - -- Policies are the rules that perform the work. -- Collections are groupings of policies. - -Both collections and policies may have Item-Level Targeting, which is explained later, but you can -target policies based upon the criteria that you specify. diff --git a/docs/endpointpolicymanager/feature/itemleveltargeting/exportcollections.md b/docs/endpointpolicymanager/feature/itemleveltargeting/exportcollections.md deleted file mode 100644 index ed484e68a5..0000000000 --- a/docs/endpointpolicymanager/feature/itemleveltargeting/exportcollections.md +++ /dev/null @@ -1,30 +0,0 @@ -# Exporting Collections - -In -[Using Item-Level Targeting with Collections and Policies](/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/overview.md) -we explain how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager -directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, your own MDM -service, or Endpoint Policy Manager Cloud. To export a policy for later use using Endpoint Policy -Manager Exporter or Endpoint Policy Manager Cloud, right-click the collection or the policy and -select Export to XML. This will enable you to save an XML file for later use. - -**NOTE:** For a video demonstrating the use of Endpoint Policy Manager Feature Manager for Windows -with Endpoint Policy Manager MDM see -[https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows-mdm.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows-mdm.html). - -Remember that Endpoint Policy Manager Feature Manager for Windows policies can be created and then -exported on the Computer side. For instance, below, you can see a setting being exported. You can -also do this for an entire collection (not shown). - -![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_5.webp) - -**NOTE:** For a video showing how to export policies and use Endpoint Policy Manager Exporter, watch -[https://www.endpointpolicymanager.com/video/deploying-endpointpolicymanager-directives-without-group-policy-endpointpolicymanager-exporter-utility.html](https://www.endpointpolicymanager.com/video/deploying-endpointpolicymanager-directives-without-group-policy-endpointpolicymanager-exporter-utility.html). - -**NOTE:** Exported collections or policies maintain any Item-Level Targeting set within them. If -you've used items that represent Group Membership in Active Directory, then those items will only -function when the machine is domain-joined. - -For more information on how to use exported policies with Endpoint Policy Manager Cloud or Endpoint -Policy Manager MDM see -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md). diff --git a/docs/endpointpolicymanager/feature/itemleveltargeting/overview.md b/docs/endpointpolicymanager/feature/itemleveltargeting/overview.md deleted file mode 100644 index df09eb40e5..0000000000 --- a/docs/endpointpolicymanager/feature/itemleveltargeting/overview.md +++ /dev/null @@ -1,59 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix -Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. -With Endpoint Policy Manager Feature Manager for Windows, Item-Level Targeting can be placed on -collections, as well as policies within collections. - -A collection enables you to group together Endpoint Policy Manager Feature Manager for Windows -policies so they can act together. For instance, you might create a collection for only East Sales -Computers and another for West Sales Computers. Or you might create one for Windows Server 2016 -servers with Exchange, and one for Windows 10 laptops in Sales. - -![using_item_level_targeting](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_1.webp) - -You can also right-click any Endpoint Policy Manager Feature Manager for Windows policy, and select -**Edit Item Level Targeting**. - -![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_1.webp) - -You can also select Item-Level Targeting when a policy is created using the wizard. - -The **Edit Item Level Targeting** menu item brings up the **Targeting Editor**. You can select any -combination of characteristics you want to test for. Administrators familiar with Group Policy -Preferences' Item-Level Targeting will be at home in this interface as it is functionally -equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically. You can also add targeting collections, which group together targeting items in much the -same way parentheses are used in an equation. In this way, you can create a complex determination -about where a policy will be applied. Collections may be set to **And**, **Or** **Is**, or **Is -Not**. - -![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_2.webp) - -Below are some real-world examples of how you can use Item-Level Targeting. - -- Software prerequisites - If you want to configure an application's settings, first make sure the - application is installed on the user's computer before configuring it. You can use File Match or - Registry Match targeting items (or both) to verify a specific version of a file, or a registry - entry is present. (For an example of this, look in the Uninstall registry key.) -- Mobile computers - If you want to deploy settings exclusively for users on mobile PCs, filter the - rule to apply only to mobile PCs by using the **Portable Computer** targeting item. -- Operating system version - You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system. Then, filter each - rule using the **Operating System** targeting item. -- Group membership - You can link the Group Policy Object (GPO) to the whole domain or - organizational unit (OU), but only members within a specific group will pick up and process the - rule settings. -- IP range - You can specify different settings for various IP ranges, like different settings for - the home office and each field office. - -After you're done editing, close the editor. Note that the icon of the policy or collection has -changed to orange, which shows that it now has Item-Level Targeting. - -![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_3.webp) - -When Item-Level Targeting is on, the policy won't apply unless the conditions are **True**. If -Item-Level Targeting is on a collection, then none of the items in the collection will apply unless -the Item-Level Targeting on the collection evaluates to **True**. diff --git a/docs/endpointpolicymanager/feature/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/feature/itemleveltargeting/processorderprecedence.md deleted file mode 100644 index 307da046ed..0000000000 --- a/docs/endpointpolicymanager/feature/itemleveltargeting/processorderprecedence.md +++ /dev/null @@ -1,35 +0,0 @@ -# Understanding Processing Order and Precedence - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So, lower-numbered collection attempt to process first, and higher-numbered collections attempt to -process last. Then, within any collection, each policy is processed in numerical order from lowest -to highest. Below we can see a potential conflict within a collection. Item #4 is installing the -Telnet Client, while Item #11 is uninstalling it. - -![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_4.webp) - -The net effect of this scenario would be that the Telnet Client would be uninstalled because it is -processed later. - -Not shown but also important are multiple collections and nested collections. Within any collection, -there may be other nested collections, as well as policies. As such, each policy and collection is -also processed in numerical order, starting at each level with the lowest-numbered policies and -collections. - -## Merging and Conflicts - -Endpoint Policy Manager Feature Manager for Windows will merge all policies that come from the Group -Policy method (and policies deployed from methods other than Group Policy methods and/or -collections), unless there is a conflict. If there is a conflict, the last policy wins. - -## Precedence - -Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint -Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As -such, the Endpoint Policy Manager engine needs to make a final determination whether there is any -overlap of policies. Here is how the precedence works: - -- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. -- Policies delivered through Endpoint Policy Manager files have the next highest precedence. -- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest - precedence. diff --git a/docs/endpointpolicymanager/feature/overview.md b/docs/endpointpolicymanager/feature/overview.md deleted file mode 100644 index e817f0b4dc..0000000000 --- a/docs/endpointpolicymanager/feature/overview.md +++ /dev/null @@ -1,116 +0,0 @@ -# Feature Manager for Windows - -**NOTE:** Before reading this section, please ensure you have read -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -with the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section on -[MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md)[MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md). - -Endpoint Policy Manager Feature Manager for Windows allows you to perform the following operations -on Windows 10 or Windows Server (2016 and later): - -- Add features to existing Windows machines -- Remove features from existing Windows machines -- Add optional features to existing Windows machines -- Remove optional features from existing Windows machines -- Limit which machines get policies via Item-Level Targeting -- Specify how to handle reboot requests when features need them - -**NOTE:** Watch this video for an overview of Endpoint Policy Manager Feature Manager for Windows: -[https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows.html) - -Endpoint Policy Manager Feature Manager for Windows allows you to do the following: - -- Export the Endpoint Policy Manager Feature Manager for Windows rules and deliver them in one of - these four ways: - - - Microsoft Endpoint Manager (SCCM and Intune) - - Your own systems management software - - A mobile device management (MDM) service - - Endpoint Policy Manager Cloud service - -- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace - the directives and perform the work. - -**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy -settings even to non-domain-joined machines over the Internet. - -## Moving Parts - -- A management station: The Endpoint Policy Manager Admin Console MSI must be installed on the - management station where you create group policy objects (GPOs). Once it is installed, you'll see - the `PolicyPak | PolicyPak Feature Manager` for Windows node. -- The Endpoint Policy Manager CSE: This runs on the client (target) machine and is the same CSE for - all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint - Policy Manager CSE must be present in order to accept Endpoint Policy Manager Feature Manager for - Windows directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and Intune), - KACE, MDM, or similar utilities. -- Endpoints: In order to use these, they must be licensed for Endpoint Policy Manager Feature - Manager for Windows using one of the licensing methods. -- Endpoint Policy Manager Exporter (optional): A free utility that lets you take Endpoint Policy - Manager Admin Templates Manager and our other products' XML files and wrap them into a portable - MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM service, or - your own systems management software. - -## Ins and Outs - -Endpoint Policy Manager Feature Manager for Windows solves several important Windows 10 issues. Its -basic goal is to turn on and off Windows features and optional features. Many IT admins will preset -the features and optional features they want into their workstation and server images, only to find -out later they need to pull back from them, or add another feature or an optional feature. Once your -systems are deployed, it is very difficult to change your mind later and add features, languages, -or, starting with Windows 10 (build 1809), add tools from the Remote Server Admin Toolkit (RSAT). -Endpoint Policy Manager File Delivery Manager automates the process by allowing you to add or remove -whatever features or optional features you want with a few clicks. - -There is an in-box method of managing features and optional features on each machine, which requires -you to address each feature one by one. On any given machine, you can manage features and optional -features. - -![about_policypak_feature_manager](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager.webp) - -There are two ways to manage features: with the Windows Features Control Pane, or the Windows -Settings page . These options can be accessed through the Start Menu. - -![about_policypak_feature_manager_1](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_1.webp) - -![about_policypak_feature_manager_2](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_2.webp) - -With optional features, you can add or subtract the feature you want. Below is an example of what -this looks like. - -![about_policypak_feature_manager_3](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_3.webp) - -An alternate way to perform similar functions is via the DISM command on the command line. For -example, to install the Hyper-V feature on a machine, you would use the DISM command. - -![about_policypak_feature_manager_4](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_4.webp) - -This process can be scripted, but the challenge is that the system will typically reboot when it -wants to, perhaps during a user's session. Additionally, scripts will typically run over and over -again, which is not great, and could cause undesired reboots. This is why Endpoint Policy Manager -Feature Manager for Windows eliminates the need to use scripts to add or remove features. Also, -Endpoint Policy Manager Feature Manager for Windows gives you time back, so you don't have to deal -with adding or removing features and optional features from the build process. So, instead of -presetting these into your image or just dealing with it later, Endpoint Policy Manager Feature -Manager for Windows enables you to manage these settings with policies. - -## Advantages of Using Feature Manager for Windows - -With Endpoint Policy Manager Feature Manager for Windows, the advantages you get are based upon the -policy method you already employ. - -- For those using Group Policy: - - - You can add or remove features for any number of computers (desktops or servers). - - You can use Item-Level Targeting to determine which computers should get which features. - -- For those using Endpoint Policy Manager Cloud and Endpoint Policy Manager MDM: Because your - machines might be roaming, you can use Endpoint Policy Manager to deliver a new policy to install - or uninstall a required feature. diff --git a/docs/endpointpolicymanager/feature/overview/knowledgebase.md b/docs/endpointpolicymanager/feature/overview/knowledgebase.md deleted file mode 100644 index a5fe247418..0000000000 --- a/docs/endpointpolicymanager/feature/overview/knowledgebase.md +++ /dev/null @@ -1,7 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Feature Manager for Windows. - -## Troubleshooting - -- [Endpoint Policy Feature Manager for Windows doesn't appear to be working and we're getting error code 0x800f0954. What can I try?](/docs/endpointpolicymanager/troubleshooting/error/feature/code0x800f0954.md) diff --git a/docs/endpointpolicymanager/feature/overview/videolearningcenter.md b/docs/endpointpolicymanager/feature/overview/videolearningcenter.md deleted file mode 100644 index 524963db33..0000000000 --- a/docs/endpointpolicymanager/feature/overview/videolearningcenter.md +++ /dev/null @@ -1,10 +0,0 @@ -# Video Learning Center - -See the following Video topics for Scripts and Feature Manager for Windows. - -## All Videos - -- [Feature Manager For Windows](/docs/endpointpolicymanager/video/feature/windows.md) -- [Feature Manager For Windows Servers](/docs/endpointpolicymanager/video/feature/windowsservers.md) -- [Feature Manager for Windows + Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/feature/cloud.md) -- [Feature Manager for Windows + MDM](/docs/endpointpolicymanager/video/feature/mdm.md) diff --git a/docs/endpointpolicymanager/fileassociations/collections/gpos.md b/docs/endpointpolicymanager/fileassociations/collections/gpos.md deleted file mode 100644 index dc79d6c37c..0000000000 --- a/docs/endpointpolicymanager/fileassociations/collections/gpos.md +++ /dev/null @@ -1,18 +0,0 @@ -# How does PP File Associations Manager merge between GPOs and/or Collections? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) File Associations Manager works particularly -well, because instead of having one flat file which everyone must use and agree upon, it allows the -use to distribute the directives across Endpoint Policy Manager Collections or GPOs. - -For example, if you have 2 GPOs (or Collections): - -**Step 1 –** GPO1 / Collection1: .`txt -> Notepad.exe`, .`log -> Notepad.exe` - -**Step 2 –** GPO2 / Colleciton2: .`txt -> Sublime.exe`, .`cfg -> Sublime.exe` - -and assuming GPO 2 is processed last based upon natural GP precedence, then you get the following -resulting association list: - -- .`txt -> Sublime.exe`, (Because GPO2 wins in the conflict.) -- .`log-> Notepad.exe`, (Because there are no conflicts.) -- `.cfg -> Sublime.exe` (Because there are no conflicts.) diff --git a/docs/endpointpolicymanager/fileassociations/collections/policies.md b/docs/endpointpolicymanager/fileassociations/collections/policies.md deleted file mode 100644 index b394e85caf..0000000000 --- a/docs/endpointpolicymanager/fileassociations/collections/policies.md +++ /dev/null @@ -1,88 +0,0 @@ -# Collections and Policies - -Endpoint Policy Manager File Associations Manager is contained within the Endpoint Policy Manager -node. Endpoint Policy Manager File Associations Manager MMC snap-in enables you to create a new -Endpoint Policy Manager File Associations Manager policy or collection. You can create policies on -the Computer side or User side. - -**NOTE:** You will only see the Endpoint Policy Manager File Associations Manager node when the -latest Admin Console MSI is installed on the management station. - -The functions of collections and policies are as follows: - -- Collections are groupings of policies. -- Policies are the rules that perform the work. - -Below you can see how to add a new collection or policy. - -![about_policypak_file_associations_4](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_4.webp) - -If you want to follow along with the Quickstart for Endpoint Policy Manager File Associations -Manager in the next section, we suggest you download some applications on your Windows 10 management -station and on your endpoint. - -On the endpoint, add some common file types to the Windows 10 Desktop. We suggest adding the -following files: - -- A PDF file -- An MP4 file -- An XML file -- A Wordpad document with a `MAILTO:` command in it - -Below is an example of all four types of files on the sample Desktop. - -![about_policypak_file_associations_5](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_5.webp) - -Endpoint Policy Manager File Associations Manager is the quickest way to set up, test, and manage -file associations on your machine (the Group Policy Editor machine) if it has the same applications -as the target machines. It is recommended you install the following applications twice, once on your -management station and another on your Windows 10 endpoint. - -- Adobe Acrobat DC (11 or 10) — We suggest the offline MSI installer package, which can be found at - Adobe's [MSI Installer Package](https://get.adobe.com/reader/enterprise/) download. -- A mail program such as Outlook — If that's too much to download and install, you can use something - smaller such as Claws Mail for a quick test. Claws Mail can be downloaded at - [Download Claws Mail](http://www.claws-mail.org/win32/). -- The UWP version of Metro Media Player from the Windows store. - -Acrobat Reader asks if it can be the default PDF viewe. Yet, after the installation occurs, the PDF -is not associated with Acrobat Reader. Instead, Windows 10 Edge is typically the default program to -open PDF files, or Edge is recommended, and the user must make a choice. - -![about_policypak_file_associations_6](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_6.webp) - -When installing Adobe Acrobat Reader DC, the installer asks to be the default PDF viewer. - -![about_policypak_file_associations_7](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_7.webp) - -Edge generally becomes the default when a user opens a PDF file. - -The same problem occurs when you install Outlook or Claws Mail. Outlook and Claws Mail try to -register themselves as a provider for the `MAILTO: protocol`. But after Claws Mail or Outlook is -installed, it is not actually correctly set as the default for `MAILTO: emails`. You can quickly -test this by opening up Wordpad and typing `MAILTO:you@email.com`, . Click the link, and you will -see that it will launch the Windows 10 default mail application instead of Outlook or Claws Mail. - -![about_policypak_file_associations_8](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_8.webp) - -After installing Claws Mail, the program tries to make itself the default for opening emails. - -![about_policypak_file_associations_9](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_9.webp) - -Opening Wordpad and typing `MAILTO:you@email.com` shows that Outlook or Claws Mail is not actually -the default email program. - -The UWP (Windows Universal App in the Windows store) for Metro Media Player Pro is shown below. - -![about_policypak_file_associations_10](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_10.webp) - -In order to successfully complete the Quickstart with Endpoint Policy Manager File Associations -Manager in the next section, make sure you have the following machines set up with the programs and -files listed here: - -- Your machine with the GPMC should have Acrobat Reader, Claws Mail (or Outlook), and the UWP - version of Metro Media Player. -- An example endpoint machine with the Endpoint Policy Manager CSE should have Acrobat Reader, Claws - Mail (or Outlook), and the UWP version of Metro Media Player. -- An example endpoint machine with a PDF file, a MP4 file, a MAILTO: example, and an XML file loaded - on the Desktop. diff --git a/docs/endpointpolicymanager/fileassociations/defaultbrowser.md b/docs/endpointpolicymanager/fileassociations/defaultbrowser.md deleted file mode 100644 index 85ebd705aa..0000000000 --- a/docs/endpointpolicymanager/fileassociations/defaultbrowser.md +++ /dev/null @@ -1,7 +0,0 @@ -# Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser? - -Since File Associations Manager handles protocol associations as well as file type associations, it -may be tempting to map http or https to a particular browser as a way of enforcing a default -browser. That will work until Browser Router has any rules at all in that component, and then -Browser Router takes over. If you want to set a default browser, use Browser Router instead of File -Associations Manager. diff --git a/docs/endpointpolicymanager/fileassociations/helperutility.md b/docs/endpointpolicymanager/fileassociations/helperutility.md deleted file mode 100644 index 900e9a11ba..0000000000 --- a/docs/endpointpolicymanager/fileassociations/helperutility.md +++ /dev/null @@ -1,50 +0,0 @@ -# Using the Helper Utility - -In the Netwrix Endpoint Policy Manager (formerly PolicyPak) File Associations Manager Quickstart -examples, we recommended that your management station have the same applications as your target -computers. However, that is not always practical. There are likely instances where you do not want -to install an application on your machine just for the sake of making a File Association. For -instance, someone in the Sales department may be the only one who has "Sales Application 123" -installed. - -That's where the Endpoint Policy Manager File Associations Manager Helper utility comes in. Run the -Endpoint Policy Manager File Associations Manager Helper on an example endpoint with the application -already installed and to which you want to make a policy association with later. - -**NOTE:** For a video overview demonstrating how to use the Endpoint Policy Manager File -Associations Manager Helper utility, watch this video: -[Endpoint Policy Manager File Associations Manager: Helper Application](/docs/endpointpolicymanager/video/fileassociations/helperapplication.md). - -The Endpoint Policy Manager File Associations Manager Helper is found in the Endpoint Policy Manager -ISO or ZIP download in the Endpoint Policy Manager Extras folder. - -![using_the_helper_utility](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility.webp) - -Follow these steps to setup the Endpoint Policy ManagerPolicyPak File Associations Manager Helper -utility: - -**Step 1 –** Launch the 11,000 kB EXE. When you do, the Endpoint Policy Manager File Associations -Manager Export wizard appears. - -![using_the_helper_utility_1](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_1.webp) - -**Step 2 –** Find a particular file association that already exists on the machine, such as 3mf, and -the application it is already associated with. The application must be registered in order to see it -in the list. - -![using_the_helper_utility_2](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_2.webp) - -**Step 3 –** Select **Include icons in the file (Can dramatically increase file size)**. This -setting is recommended even though the XML might be bigger. You must also choose to **Show file in -folder after finished** and **Open XML in Notepad when save is complete** for examination. - -![using_the_helper_utility_3](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_3.webp) - -**Step 4 –** Take the exported file and import it into a Endpoint Policy Manager File Associations -Manager Group Policy Object (GPO). Note that the option to import from an XML is available when you -create a new entry and click **Select Program**. - -![using_the_helper_utility_4](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_4.webp) - -To import the exported file into a Endpoint Policy Manager File Associations Manager GPO, pull up -the Select Program Association window, and then click on **From XML file** under Import. diff --git a/docs/endpointpolicymanager/fileassociations/insouts/advantages.md b/docs/endpointpolicymanager/fileassociations/insouts/advantages.md deleted file mode 100644 index 6770a83b4e..0000000000 --- a/docs/endpointpolicymanager/fileassociations/insouts/advantages.md +++ /dev/null @@ -1,44 +0,0 @@ -# Advantages of Using File Associations Manager - -With Endpoint Policy Manager File Associations Manager, you don't have to build the perfect -workstation and then export all the file associations at one time, making sure to get it all correct -the first time, or rebuilding the perfect workstation over and over again. Additionally, if your -organization makes a change, for example, to 7-Zip instead of WinZip, and wants to quickly change -your .zip associations, you don't have to rebuild your perfect workstation and repeat the process -over and over. - -With Endpoint Policy Manager File Associations Manager, you only need to: - -- deploy your application as you normally would, using Microsoft Endpoint Manager (SCCM and Intune) - or PDQ Deploy, and -- use Endpoint Policy Manager File Associations Manager to make the association between the - extension the application. - -In addition, it is very easy to have different associations for each computer group by making simple -policies for your associations using Endpoint Policy Manager File Associations Manager. Because -Group Policy creation is distributed (that is, different people can create different GPOs), you can -leverage Endpoint Policy Manager File Associations Manager when different people have different -needs. In the case of a conflict of two associations, the rules of Group Policy precedence will take -effect. - -Endpoint Policy Manager File Associations Manager uses the same basic method and policy settings -that the in-box Microsoft method uses. That is, Endpoint Policy Manager File Associations Manager -will create its own associations XML file (one per computer). It works with Microsoft's method -(using the XML file and corresponding Group Policy setting), but adds functionality. - -However, both methods have some known limitations. First, after the associations are set, users can -still work around these methods and try to associate different applications to file extensions. -However, those user-created associations will be wiped out the next time they log on and the policy -is applied again. Next, both methods only take effect when the Group Policy is set on the computer -and the user is required to log off and then log on again. Additionally, both methods only work when -the machine is domain-joined. So even though Endpoint Policy Manager MDM and Endpoint Policy Manager -Cloud can deliver a wide variety of settings to non-domain-joined machines, neither the in-box -Microsoft method, nor Endpoint Policy Manager File Associations Manager, can configure machines -unless the machine is domain-joined. Finally, both methods will not affect a user logging onto the -computer the first time. The policy will take effect on the second login after the computer gets the -Group Policy update. - -**NOTE:** For a video demonstrating how neither Endpoint Policy Manager File Associations Manager -nor Microsoft's method can affect a user until the second login, see the -[Endpoint Policy Manager File Associations Manager: Understanding the First Login](/docs/endpointpolicymanager/video/fileassociations/firstlogin.md) -topic for additional information.. diff --git a/docs/endpointpolicymanager/fileassociations/insouts/overview.md b/docs/endpointpolicymanager/fileassociations/insouts/overview.md deleted file mode 100644 index f9e5e12536..0000000000 --- a/docs/endpointpolicymanager/fileassociations/insouts/overview.md +++ /dev/null @@ -1,7 +0,0 @@ -# Ins and Outs - -Endpoint Policy Manager File Associations Manager solves several important Windows 10 issues, but -the basic goal is to map a file extension, like .pdf, to an application, like Adobe Acrobat Reader. -This sounds easy to do, but it is actually very difficult. In this section, we'll examine the -history around file associations, explain Microsoft's way to perform file associations, and explain -how Endpoint Policy Manager File Associations Manager works and what its limitations are. diff --git a/docs/endpointpolicymanager/fileassociations/insouts/windows10.md b/docs/endpointpolicymanager/fileassociations/insouts/windows10.md deleted file mode 100644 index f1c3e6ab8c..0000000000 --- a/docs/endpointpolicymanager/fileassociations/insouts/windows10.md +++ /dev/null @@ -1,56 +0,0 @@ -# Managing Windows 10 File Associations with the In-Box Method - -If you did not 't have Endpoint Policy Manager File Associations Manager, you could still manage -file associations on Windows 10 and later. However, the process can be difficult and is not -particularly user-friendly. - -**NOTE:** The following steps outline what you could do without Endpoint Policy Manager File -Associations Manager. Do not perform these steps with Endpoint Policy Manager File Associations -Manager because this will result in conflicts. - -The following is the Microsoft-sanctioned way to establish file associations for Windows 8.1 and -Windows 10: - -**Step 1 –** Create machine with all applications you might need. - -**Step 2 –** Correctly set all of the file associations. - -**Step 3 –** Use the built-in command `DISM` and export the associations to an XML file. The command -would be something like: - -``` -Dism /Online /Export-DefaultAppAssociations:\AppAssoc.xml -``` - -**Step 4 –** Use Group Policy to ensure that specific computers use this XML file. - -The exported file from this process might look something like this: - -![about_policypak_file_associations_2](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations_2.webp) - -**Step 5 –** Next, you would use the Group Policy setting called **Set a default associations -configuration file**. - -![about_policypak_file_associations_3](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations_3.webp) - -The disadvantages of using the in-box method for Windows 10 are as follows: - -- You need a perfectly set machine for each new application deployment -- You will likely need different exported XML files, one for each different machine or organization - type -- You might need to segment your computers into different organizational units (OUs) if you have - different associations -- You need to follow this process even if you have just one or two applications you want to map -- To get the best experience, you need to do this for all associations a user is ever going to click - on -- The entire XML file must be perfect and not have any variations - -In summary, - -- When your needs change, there is nothing dynamic about the process -- This process is entirely manual -- This process requires a lot of effort to build the perfect machine for each different computer - group, export the files one by one for each group, and ensure all computers get the correct file - -All this becomes time consuming every time you update and roll out an application that will be the -registered extension or protocol. diff --git a/docs/endpointpolicymanager/fileassociations/insouts/windows7.md b/docs/endpointpolicymanager/fileassociations/insouts/windows7.md deleted file mode 100644 index 66a0c1c796..0000000000 --- a/docs/endpointpolicymanager/fileassociations/insouts/windows7.md +++ /dev/null @@ -1,23 +0,0 @@ -# Managing Windows 7 File Associations with Group Policy Preferences - -Several years ago, managing file associations with Group Policy used to be quite easy. Group Policy -Preferences had a specific item type that dynamically set which extensions would open in which -applications. This is still available within the Microsoft Group Policy Editor by going to **User -Configuration** > **Preferences** > **Control Panel Settings** > **Folder Options** > **New** > -**Open With**. - -![about_policypak_file_associations](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations.webp) - -This older method of setting file associations is still available in the Microsoft Group Policy -Editor on the User side with Windows 7 and 8. - -Next, select the file extension and the associated program. You can also choose to **Set as -Default**. - -![about_policypak_file_associations_1](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations_1.webp) - -This method worked well on Windows XP to Windows 8, but stopped working with Windows 8.1. - -Endpoint Policy Manager File Associations Manager fills in this gap. If you are already accustomed -to using Group Policy (with Group Policy Preferences) to manage file associations, then Endpoint -Policy Manager File Associations Manager will be a familiar way to perform that work. diff --git a/docs/endpointpolicymanager/fileassociations/itemleveltargeting/overview.md b/docs/endpointpolicymanager/fileassociations/itemleveltargeting/overview.md deleted file mode 100644 index 9a0939a1cd..0000000000 --- a/docs/endpointpolicymanager/fileassociations/itemleveltargeting/overview.md +++ /dev/null @@ -1,74 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix -Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. -With Endpoint Policy Manager File Associations Manager, Item-Level Targeting can be used on -collections, as well as Endpoint Policy Manager File Associations Manager policies within -collections. - -A collection enables you to group together Endpoint Policy Manager File Associations Manager -policies so they can act together. For instance, you might want to create one collection that -targets only your East Sales computers, and another collection that targets your West Sales -computers. Or you might want to create a collection for Windows 10 machines and one for Windows -Server 2016 RDS. - -![using_item_level_targeting](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting.webp) - -![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_1.webp) - -Below you can see the two collections that we have created that can hold other collections or -policies. It also shows how you can apply Item-Level Targeting for a collection. - -![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_2.webp) - -To change the Item-Level Targeting, right-click any Endpoint Policy Manager File Associations -Manager policy, and select **Edit Item Level Targeting**. - -![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_3.webp) - -The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select any -combination of characteristics you want to test for. Administrators familiar with Group Policy -Preferences' Item-Level Targeting will be at home in this interface as it is functionally -equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically. You can also add targeting collections, which group together targeting items in much the -same way parentheses are used in an equation. In this way, you can create a complex determination -about where a policy will be applied. Collections may be set to **And**, **Or**, **Is**, or **Is -Not**. - -The screenshot below demonstrates the basic capabilities of the Targeting Editor. Also, note that -Endpoint Policy Manager File Associations Manager cannot filter by user group since the node is only -available on the Computer side, and Endpoint Policy Manager File Associations Manager is only valid -for Windows 8.1 and later. - -![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_4.webp) - -In this example, the Pak would only apply to Windows 10 machines when the machine is portable, and -the user is in the FABRIKAM\Traveling Sales Users group. - -Below are some real-world examples of how you can use Item-Level Targeting. - -- Software prerequisites — If you want to configure an application's settings, first make sure the - application is installed on the user's computer before configuring it. You can use File Match or - Registry Match targeting items (or both) to verify a specific version of a file or a registry - entry is present. (For an example of this, look in the Uninstall registry key.) -- Mobile computers — If you want to deploy settings exclusively for users on mobile PCs, then filter - the rule to apply only to mobile PCs by using the **Portable Computer** targeting item. -- Operating system version — You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system. Then filter each - rule using the **Operating System** targeting item. -- Group membership — You can link the Group Policy Object (GPO) to the whole domain or - organizational unit (OU), but only members within a specific group will pick up and process the - rule settings. -- IP range — You can specify different settings for various IP ranges, like different settings for - the home office and each field office. - -Close the editor when you are done. Note that the icon for the policy or collection has changed to -orange, which shows that it now has Item-Level Targeting. - -![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_5.webp) - -When Item-Level Targeting is on, the policy won't apply unless the conditions evaluate to True, and -if Item-Level Targeting is on for a collection, then none of the items in the collection will apply -unless the Item-Level Targeting on the collection evaluates to True. diff --git a/docs/endpointpolicymanager/fileassociations/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/fileassociations/itemleveltargeting/processorderprecedence.md deleted file mode 100644 index 7d2809dfb2..0000000000 --- a/docs/endpointpolicymanager/fileassociations/itemleveltargeting/processorderprecedence.md +++ /dev/null @@ -1,42 +0,0 @@ -# Understanding Processing Order and Precedence - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So lower-numbered collections attempt to process first, and higher-numbered collections attempt to -process last. Then, within any collection, each policy is processed in numerical order from lowest -to highest. - -![using_item_level_targeting_6](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_6.webp) - -![using_item_level_targeting_7](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_7.webp) - -## Merging and Conflicts - -Endpoint Policy Manager File Associations Manager will merge all GPOs (or non-Group Policy methods) -and collections, unless there is a conflict. This is especially important because, instead of having -one flat file that everyone must use and agree upon, you can distribute the directives across -Endpoint Policy Manager collections or GPOs. Then, everything that doesn't conflict will merge -perfectly. - -For example, let's consider that you have two GPOs (or collections) that look like the following: - -- `GPO1/Collection1: "TXT -> Notepad.exe", "LOG -> Notepad.exe"` -- `GPO2/Collection2: "TXT -> Sublime.exe", "CFG -> Sublime.exe"` - -Assuming GPO 2 or Collection 2 is processed last (based upon natural GP precedence), the result will -be the following association list: - -- `TXT -> Sublime.exe` (because GPO2 "wins" in the conflict) -- `LOG -> Notepad.exe` (because there are no conflicts) -- `CFG -> Sublime.exe` (because there are no conflicts) - -## Precedence - -Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint -Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As -such, the Endpoint Policy Manager engine needs to make a final determination whether there is any -overlap of policies. Here is how the precedence works: - -- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. -- Policies delivered through Endpoint Policy Manager files have the next highest precedence. -- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest - precedence. diff --git a/docs/endpointpolicymanager/fileassociations/oemdefaultassociations.md b/docs/endpointpolicymanager/fileassociations/oemdefaultassociations.md deleted file mode 100644 index 384f933e09..0000000000 --- a/docs/endpointpolicymanager/fileassociations/oemdefaultassociations.md +++ /dev/null @@ -1,16 +0,0 @@ -# What happens if I use MDT, or in-box Group Policy or MDM to set OEMDefaultAssociations.XML BEFORE Endpoint Policy Manager File Associations Manager ? - -If you attempt to: - -- Pre-set the file associations in the image or -- Set using Group Policy via the "Set a default associations configuration file" or -- Attempt to set it using MDM… - -Then that method will win over Endpoint Policy Manager File Associations Manager, and you will not -get the Endpoint Policy Manager File Associations Manager benefits. - -Therefore, use only Endpoint Policy Manager File Associations Manager and not the above methods to -achieve File Associations goals. Remove any in-box Group Policy settings, etc, which are attempting -to set File Associations and use only Endpoint Policy Manager to do it. - -![660_1_faq4-img1](/img/product_docs/endpointpolicymanager/fileassociations/660_1_faq4-img1.webp) diff --git a/docs/endpointpolicymanager/fileassociations/overview.md b/docs/endpointpolicymanager/fileassociations/overview.md deleted file mode 100644 index 94e38fe795..0000000000 --- a/docs/endpointpolicymanager/fileassociations/overview.md +++ /dev/null @@ -1,70 +0,0 @@ -# File Associations Manager - -**CAUTION:** Even though Endpoint Policy Manager MDM and Endpoint Policy Manager Cloud can deliver a -wide variety of Endpoint Policy Manager and Group Policy settings to non-domain-joined machines, -neither the in-box Microsoft method, nor Endpoint Policy Manager File Associations Manager, can -configure machines unless the machine is domain-joined. - -This is a self-imposed limitation by Microsoft on this Windows 10 feature. - -## About File Associations Manager - -**NOTE:** Before reading this section, please ensure you have read -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section on Advanced Concepts on Group -Policy and non–Group Policy methods (MEMCM, KACE, and MDM service or Netwrix Endpoint Policy Manager -(formerly PolicyPak) Cloud), located in the -[Endpoint Privilege Manager Implementation QuickStart Guide](/docs/endpointpolicymanager/leastprivilege/pplpmimplementationguide.md) -to deploy your directives. - -Endpoint Policy Manager File Associations Manager enables you to perform the following operations in -Windows 10: - -- Set up file associations for extensions such as .pdf with Acrobat Reader or FoxIT Pro Reader, or - .zip with WinZip or 7-Zip -- Set up protocol associations like MAILTO: or FTP: to specific applications -- Map an entire category of Windows 10 items -- Map a file extension to a Windows 10 "universal" application, such as Universal Windows Platform - (UWP)/Metro applications - -**NOTE:** For an overview of Endpoint Policy Manager File Associations Manager, see -[https://www.endpointpolicymanager.com/products/endpointpolicymanager-file-associations-manager.html](https://www.endpointpolicymanager.com/products/endpointpolicymanager-file-associations-manager.html). - -The basic way to use Endpoint Policy Manager File Associations Manager is as follows: - -- Create rules to express which file extensions should launch which applications. -- Export the Endpoint Policy Manager File Associations Manager rules and deliver them using: - - - Microsoft Endpoint Manager (SCCM and Intune) or your own on-prem systems management software - - A mobile device management (MDM) service - - Endpoint Policy Manager Cloud service - -- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace - the directives and perform the work. - -**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can even deliver Group Policy -settings to non-domain-joined machines over the Internet. - -## Moving Parts - -- A management station: The Endpoint Policy Manager Admin Console MSI must be installed on the - management station where you create Group Policy Objects (GPOs). Once installed, you'll see the - Endpoint Policy Manager | Endpoint Policy Manager File Associations Manager node. -- The Endpoint Policy Manager CSE: This runs on the client (target) machine and is the same CSE for - all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint - Policy Manager CSE must be present in order to accept Endpoint Policy Manager File Associations - Manager directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and Intune), - KACE, MDM, or similar utilities. -- Endpoints: In order to use these, they must be licensed for Endpoint Policy Manager File - Associations Manager using one of the licensing methods. -- The Endpoint Policy Manager Exporter (optional): A free utility that lets you take Endpoint Policy - Manager Admin Templates Manager and our other products' XML files and wrap them into a "portable" - MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM service, or - your own systems management software. diff --git a/docs/endpointpolicymanager/fileassociations/overview/knowledgebase.md b/docs/endpointpolicymanager/fileassociations/overview/knowledgebase.md deleted file mode 100644 index 485e714464..0000000000 --- a/docs/endpointpolicymanager/fileassociations/overview/knowledgebase.md +++ /dev/null @@ -1,17 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for File Associations Manager. - -## Troubleshooting - -- [Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?](/docs/endpointpolicymanager/fileassociations/defaultbrowser.md) -- [How does PP File Associations Manager merge between GPOs and/or Collections?](/docs/endpointpolicymanager/fileassociations/collections/gpos.md) -- [What happens if I use MDT, or in-box Group Policy or MDM to set OEMDefaultAssociations.XML BEFORE Endpoint Policy Manager File Associations Manager ?](/docs/endpointpolicymanager/fileassociations/oemdefaultassociations.md) -- [Why is Browser Router's "Default Browser" or File Associations Manager's configuration not working when I also have a Default Associations Configuration file?](/docs/endpointpolicymanager/troubleshooting/fileassociations/defaultassociationsconfiguration.md) -- [How do I revert to "Legacy File Associations Methods & Features" if directed (especially for LTSB/LTSC)?](/docs/endpointpolicymanager/troubleshooting/fileassociations/legacy.md) - -## Tips and Tricks - -- [How can I make Cortana and other web searches to use system default browser instead of Microsoft Edge?](/docs/endpointpolicymanager/troubleshooting/fileassociations/cortana.md) -- [How can I associate .HTM files with a specific browser, like Internet Explorer?](/docs/endpointpolicymanager/troubleshooting/fileassociations/specificbrowser.md) -- [How can I open images with Windows Photo Viewer?](/docs/endpointpolicymanager/troubleshooting/fileassociations/windowsphotoviewer.md) diff --git a/docs/endpointpolicymanager/fileassociations/overview/videolearningcenter.md b/docs/endpointpolicymanager/fileassociations/overview/videolearningcenter.md deleted file mode 100644 index b648d78189..0000000000 --- a/docs/endpointpolicymanager/fileassociations/overview/videolearningcenter.md +++ /dev/null @@ -1,29 +0,0 @@ -# Video Learning Center - -For more information on File Associations Manager see the following videos. - -## Getting Started - -- [Endpoint Policy Manager File Associations Manager: Manage Windows 10 & 11 File Associations](/docs/endpointpolicymanager/video/fileassociations/windows10.md) -- [Endpoint Policy Manager File Associations Manager: Apply once (and drift)](/docs/endpointpolicymanager/video/fileassociations/applyonce.md) -- [Associate Programs to Universal Windows Apps (Metro Apps)](/docs/endpointpolicymanager/video/fileassociations/universalwindowsapps.md) -- [Manage all File Associations with the PPFAM Wizard](/docs/endpointpolicymanager/video/fileassociations/wizard.md) -- [Endpoint Policy Manager File Associations Manager: Use our preconfigured advice](/docs/endpointpolicymanager/video/fileassociations/preconfiguredadvice.md) - -## Methods: Cloud, MDM, SCCM, PDQ, etc. - -- [Managing File Associations with an MDM service](/docs/endpointpolicymanager/video/fileassociations/mdm.md) -- [Endpoint Policy Manager Cloud: Managing File Assocations](/docs/endpointpolicymanager/video/fileassociations/cloud.md) -- [Setting Default File Associations with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/fileassociations/pdqdeploy.md) -- [Using File Association Manager in the Endpoint Policy Manager Cloud environment](/docs/endpointpolicymanager/video/fileassociations/cloudusage.md) - -## Tips and Tricks - -- [Force IE to use Adobe Reader for PDFs](/docs/endpointpolicymanager/video/fileassociations/adobereader.md) -- [Endpoint Policy Manager: How to get mailto: to open in Office 365](/docs/endpointpolicymanager/video/fileassociations/mailto.md) -- [Windows 10 File Associations: Set, Change and Remove Easily](/docs/endpointpolicymanager/video/fileassociations/windows10modify.md) -- [File Associations Manager Helper Tool](/docs/endpointpolicymanager/video/fileassociations/helpertool.md) -- [Endpoint Policy Manager File Associations Manager: Understanding the First Login](/docs/endpointpolicymanager/video/fileassociations/firstlogin.md) -- [Endpoint Policy Manager File Associations Manager: Helper Application](/docs/endpointpolicymanager/video/fileassociations/helperapplication.md) -- [Endpoint Policy Manager File Associations Trick: Acro Reader AND Writer](/docs/endpointpolicymanager/video/fileassociations/acroreader.md) -- [Endpoint Policy Manager File Associations: Don't ask questions (even when you did it right)](/docs/endpointpolicymanager/video/fileassociations/windows10questions.md) diff --git a/docs/endpointpolicymanager/gettingstarted.md b/docs/endpointpolicymanager/gettingstarted.md deleted file mode 100644 index 22ccc162ed..0000000000 --- a/docs/endpointpolicymanager/gettingstarted.md +++ /dev/null @@ -1,120 +0,0 @@ -# Getting Started - -To help get you started, this topic points you towards videos that will get you on the road and -working with Netwrix Endpoint Policy Manager (formerly PolicyPak) quickly. - -## The Portal and Downloads - -In order to get the latest Endpoint Policy Manager downloads, you need access to the Endpoint Policy -Manager Customer Portal (shown in Figure 1). You can only get access to the portal from a Endpoint -Policy Manager sales associate. - -![getting_started_right_away](/img/product_docs/endpointpolicymanager/getting_started_right_away.webp) - -Figure 1. Inside the Endpoint Policy Manager Customer Portal. - -**NOTE:** Video: For an overview on how to use the Endpoint Policy Manager Customer Portal and -understand subscriptions, please watch the following video: -[https://www.endpointpolicymanager.com/video/endpointpolicymanager-portal-how-to-download-endpointpolicymanager-and-get-free-training.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-portal-how-to-download-endpointpolicymanager-and-get-free-training.html) - -Go to the Download section and select "Download Everything (Bits, Paks, Manuals but not Advice)," -and you will get a ZIP file with manuals. You will also receive the following: - -- A ZIP file containing all pre-configured AppSets for Endpoint Policy Manager Application Settings - Manager -- An ISO or ZIP file with the Endpoint Policy Manager installation files and licensing utility - -The Endpoint Policy Manager installation files are delivered as both ZIP and ISO so you can use -Endpoint Policy Manager in virtual environments (which can easily mount ISO files) or burn a CD of -the contents. - -You may also want to utilize the free 7-Zip program to open ZIP or ISO downloads and extract the -files. Download 7-Zip from [http://www.7-zip.org/](http://www.7-zip.org/). In Figure 2, you can see -the list of files and directories that are inside the Endpoint Policy Manager ZIP or ISO download. - -![getting_started_right_away_1](/img/product_docs/endpointpolicymanager/getting_started_right_away_1.webp) - -Figure 2. The folders that are inside the download. - -Following is a description of what each folder contains and where it should be installed. - -### Licensing for All On-Premise Products - -The licensing for All On-Premise Products contains the licensing utility needed to request and -implement Endpoint Policy Manager license keys. We will be discussing the utility (LT.exe) later. - -### Admin Console MSI for all On-Premise Products - -The Admin Console MSI for all On-Premise Products is installed on your management stations (wherever -you have the GPMC) or in the location where you wish to create Endpoint Policy Manager directives. -This installation also has the Endpoint Policy Manager Exporter and Group Policy Object (GPO) touch -utility (both are explained later). Once this is installed, you'll see a Endpoint Policy Manager -node whenever you edit a GPO. You can choose between a 32-bit and a 64-bit file. - -### Client-Side Extension (CSE) for All On-Premise Products - -The Client-Side Extension (CSE) for All On-Premise Products is installed on every client machine -(Windows 7 and later, Terminal Services (RDS), and Citrix). You can choose between a 32-bit and a -64-bit file. - -### PolicyPak ADMX (Troubleshooting) - -Endpoint Policy Manager ADMX (Troubleshooting) is meant to be used in conjunction with minor -configuration changes or working with tech support. These are ADMX files that can be placed in your -local or central Group Policy store to provide configurable options. - -### PolicyPak Application Manager Extras - -Endpoint Policy Manager Application Manager Extras contains the Endpoint Policy Manager DesignStudio -installer, which is used to create your own AppSets for Endpoint Policy Manager Application Settings -Manager. - -### PolicyPak Extras - -Endpoint Policy Manager Extras contains some miscellaneous utilities and helper tools. - -### PolicyPak Group Policy Compliance Reporter - -Endpoint Policy Manager Group Policy Compliance Reporter contains the Endpoint Policy Manager Group -Policy Compliance Reporter console and Endpoint Policy Manager Group Policy Compliance Reporter -server (optional) for Group Policy reporting. Note that the Compliance Reporter must be specifically -licensed. - -## Get Licensed - -With the exception of Endpoint Policy Manager Cloud (which is self licensed), Endpoint Policy -Manager requires the endpoint to be licensed to work with the components you wish to use. Therefore, -for Endpoint Policy Manager to work after you download everything from the portal, you need to do -the following: - -**Step 1 –** Request a license and send that key to Sales for processing. You can watch a video on -how to request a license at the following link: -[How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md). - -**Step 2 –** Receive a license and install it. You can watch a video on how to install the license -you receive at the following -link:[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md). - -## Get Started with the GPO Method - -Most customers want to use Endpoint Policy Manager with Group Policy. You can watch the getting -started video on how to install and run some initial tests at the following link: -[Endpoint Policy Manager with Group Policy Method: Getting Started](/docs/endpointpolicymanager/video/grouppolicy/gettingstarted.md). - -## GetStarted with the Endpoint Policy Manager Cloud Method - -If you want to get started right away with Endpoint Policy Manager Cloud, watch this video for a -quick overview: [Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md). - -## Get Started with Your MDM Provider or UEM Tool - -Getting started with your mobile device management (MDM) provider or UEM tool takes a few more steps -than is covered in one video. In this case, instead of a single video, we recommend you watch each -of the videos at the links below in order to get prepared to use Endpoint Policy Manager with your -MDM provider. - -- For video overviews of using Endpoint Policy Manager with an MDM service see: Getting Started with - MDM > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). -- For video overviews of using Endpoint Policy Manager with a UEM tool like SCCM see: Getting - Started with Endpoint Policy Manager (Misc) > - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md). diff --git a/docs/endpointpolicymanager/gettingstarted/history.md b/docs/endpointpolicymanager/gettingstarted/history.md deleted file mode 100644 index baeb07941b..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/history.md +++ /dev/null @@ -1,132 +0,0 @@ -# How has Endpoint Policy Manager Evolved over the years? - -Every year Netwrix Endpoint Policy Manager (formerly PolicyPak) continues to add new features for -customers. Here is a list of new functions and milestones along with their release years. - -Before 2017 - -- Endpoint Policy Manager Application Settings Manager: Manage 500+ applications and keep them - secure -- Endpoint Policy Manager Browser Router: Open the right browser for the right website -- Endpoint Policy Manager Java Rules Manager: Map the right version of Java for the right website - -2017 - -- New Component: File Associations Manager: Quickly map PDF, MAILTO:, and others to the right apps. -- Reduce GPOs and convert them to use for MDM: - [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/administrativetemplates/reducegpos.md) -- Least Privilege Manager: SecureRun(TM) blocks Ransomware - [Events](/docs/endpointpolicymanager/video/leastprivilege/events.md) -- New Component: New Endpoint Policy Manager Start Screen & Taskbar Manager: Manage Windows 10 tile - layouts perfectly. - -2018 - -- New Component: Endpoint Policy Manager Scripts Manager: Perform any function via BAT, .JS or - PowerShell -- Least Privilege Manager Helper Tools: Enable Standard users to update Network Card and Printer - settings, plus uninstall applications - [Overcome Network Card, Printer, and Remove Programs UAC prompts](/docs/endpointpolicymanager/video/leastprivilege/uacprompts.md) - -2019 - -- Least Privlege Discovery Auditing, Block & Allow UWP applications, Manage Security of Child - Processes -- IE Sitelist to Browser Router import -- Least Privilege Manager Block PowerShell Malware - attacks:[Block PowerShell in General, Open up for specific items](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/powershellblock.md) -- New Component — Endpoint Policy Manager Feature Manager for Windows. Quickly add / remove features - from Windows 10 & Windows Server. - -2020 - -- New Component — Endpoint Policy Manager RDP Manager: Enable remote work users to have .RDP files - to connect to your resources. -- Browser Router - New Edge Support / IE In Edge Mode - [Manage Internet Explorer 11 and Edge Compatibility, Enterprise Modes and IE-in-Edge Mode](/docs/endpointpolicymanager/video/browserrouter/ie.md) -- Browser Router Apply Once then Drift - [Endpoint Policy Manager Browser Router: Set the Windows 10 Default Browser (once) then drift](/docs/endpointpolicymanager/video/browserrouter/defaultwindows10.md) -- File Associations Manager Apply Once then Drift - [Endpoint Policy Manager File Associations Manager: Apply once (and drift)](/docs/endpointpolicymanager/video/fileassociations/applyonce.md) -- File Associations Manager Apply settings on USER side -- Added Triggers to Endpoint Policy Manager Scripts & Triggers: Run a script at VPN launch or many - other events -- Added Email method for PPLPM Admin Approval - [Using Email / Long Codes](/docs/endpointpolicymanager/video/leastprivilege/longcodes.md) -- New Component — Remote Work Delivery Manager: Deliver software to Windows 10 via SMB share, Amazon - S3 or other cloud services -- Least Privlege Manager: Automatically block unsigned Applications - [Least Privilege Manager: Block All Unsigned with SecureRun](/docs/endpointpolicymanager/video/leastprivilege/securerun/preventunsigned.md) -- Compliance Reporter now 10x faster - -2021 - -- New Component: Endpoint Policy Manager VPN Manager: Enable remote work users to have Always On and - standard VPN connections. -- CSE and MMC are now Multi-Domain compatible -- Updated licensing where Professional and Enterprise customers can use Endpoint Policy Manager with - Active Directory, with SCCM, with MDM and/or Endpoint Policy Manager Cloud - -2022 - -- Device Manager: Block WPD / Phones that act like media players -- Cloud: More in-cloud editors -- Least Privilege Manager + Netwrix sbPam Integration -- Least Privilege Manager: Native support for changing IP and adding Printers -- Least Privilege Manager: Force user to re-authenticate with Self Elevate -- Least Privilege Manager: Certificate Rules with Wildcards -- Least Privilege Manager: Send Long Codes to Notepad instead of opening up in mail program -- Router Neutral Site Support -- Cloud: 10x faster login -- Cloud: Jointoken sharing between admins -- Cloud + Least Privilege Manager: Store events and make rules -- Least Privilege Manager for Macintosh and PPCLOUD -- New Component: Preferences 2.0 Drive Maps -- New Component: Preferences 2.0 Registry -- New Component: Preferences 2.0 Printers -- Updated Feature: MMC Snap-in allows Cut/Paste for most rules and collections -- Updated Feature: GPO Export Manager v2 (Export Everything) -- New Feature: Enable/Disable for policies / collections - -2023 - -- ARM Client Support -- New Component: Endpoint Policy Manager Shortcuts -- New Component: Network Control Manager -- New License Option: Enterprise Full (Aka Enterprise+) -- New Method for Package Manager: WinGet Policy type -- PP Device Manager: BitLocker volume ID and Serial ID can be set in Device Manager policy -- MMC: Endpoint Policy Manager and Netwrix Auditor Integration -- MMC: Reporting History of Endpoint Policy Manager items -- Endpoint Policy Manager and Netwrix Privilege Secure: UI Updates, Lite licenses for Netwrix - Privilege Secure customers and Netwrix Privilege Secure to Endpoint Policy Manager upgrade path -- Update: Improved clarity of when you're licensed and what for -- Cloud: Azure Group Integration -- Cloud: Improved PP Cloud Sync Method -- Cloud: Splunk Integration (since retired) -- Cloud: Immutable log improvements -- Least Privilege Manager: Optional force re-authenticate with Self Update -- Least Privilege Manager: Wildcards in CN matches -- Least Privilege Manager: Right-click Run As improvements -- MAC Improvements: Direct Rules, Local and Cloud Logging, SUDO Rules. -- Least Privilege Manager: NTFS Traverse (aka "Overcome ACLs") - -2024 - -- Least Privilege Manager: Parent Process Filter (aka Install New Teams) -- Least Privilege Manager: Windows 11 Style Menus -- Least Privilege Manager Admin Approval: Automatic Rule Creation from Admin Approval Tool -- Least Privilege Manager: Automatic Rule Creation from Audit Event (improvements) -- Least Privilege Manager: Process Interception (aka Double-click behavior) changeable to Natural, - Admin Approval, or Self Elevate -- Least Privilege Manager: DFS Paths resolution on client -- Least Privilege Manager: Elevate UWP and Windows Store Apps -- Least Privilege Manager: Least Privilege Manager + Netwrix Privilege Secure Self Elevate working - together -- Network Security Manager DNS name Support -- Grace Period Pop-Ups removal (Licensing Notices now in Event Logs) -- Device Manager Automatic Rules Creation from Device Manager Admin Approval tool -- Device Manager Admin Approval and Branding -- Endpoint Policy Manager CSE Process Exclusions to actively exclude entanglement in other systems -- Standalone (non-MMC) Policy Editor -- MMC: GPO What changed, history and rollback diff --git a/docs/endpointpolicymanager/gettingstarted/overview/knowledgebase.md b/docs/endpointpolicymanager/gettingstarted/overview/knowledgebase.md deleted file mode 100644 index 0321e2012a..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/overview/knowledgebase.md +++ /dev/null @@ -1,84 +0,0 @@ -# Knowledge Base - -The following topics can help you getting started with Endpoint Policy Manager (Misc). - -## Getting Started - -- [Endpoint Policy Manager Support and Resources](/docs/endpointpolicymanager/gettingstarted/fastest.md) -- [Does Endpoint Policy Manager have a Quick Start Guide?](/docs/endpointpolicymanager/gettingstarted/quickstart/guide.md) -- [Does Endpoint Policy Manager have an Installation Quick Start Guide?](/docs/endpointpolicymanager/gettingstarted/quickstart/guideinstall.md) -- [How has Endpoint Policy Manager Evolved over the years?](/docs/endpointpolicymanager/gettingstarted/history.md) -- [How does Endpoint Policy Manager support (and not support) Windows 11?](/docs/endpointpolicymanager/requirements/support/windows11.md) -- [How does Endpoint Policy Manager support (and not support) Windows 7?](/docs/endpointpolicymanager/requirements/support/windows7.md) -- [Endpoint Policy Manager ARM Support Supportability Statement](/docs/endpointpolicymanager/requirements/support/arm.md) -- [How does Endpoint Policy Managerhandle right-click menus in Windows 11 / Why does "Copy with Endpoint Policy Manager SecureCopy™" always show in Windows 11?](/docs/endpointpolicymanager/gettingstarted/rightclick.md) -- [How must I prepare for my Endpoint Policy Manager QuickStart / Onboarding?](/docs/endpointpolicymanager/gettingstarted/prepare.md) - -## Tips, Tricks, and FAQs - -- [How can use Item Level Targeting to apply a Group Policy Preferences or Endpoint Policy Manager item when the user is not a member of Domain Admins and also is not a member of the local Admin group?](/docs/endpointpolicymanager/itemleveltargeting/applypreferences.md) -- [Is the Security Group Item Level Targeting (ILT) option recursive or not?](/docs/endpointpolicymanager/itemleveltargeting/securitygroup.md) -- [Which Endpoint Policy Manager emails can / can't I opt out of ?](/docs/endpointpolicymanager/tips/emailoptout.md) -- [How can I use Item Level Targeting to specify a specific Windows 10 build and/or LTSC/LTSB?](/docs/endpointpolicymanager/itemleveltargeting/windows11.md) -- [How can I fix MMC display problems when my admin console uses high DPI?](/docs/endpointpolicymanager/tips/mmcdisplay.md) -- [How do I make an Item Level Target for Server 2016 or Server 2019 (on-prem, MDM or Endpoint Policy Manager Cloud) ?](/docs/endpointpolicymanager/itemleveltargeting/windowsserver2019.md) -- [How can I use Item Level Targeting to query Azure AD Groups?](/docs/endpointpolicymanager/itemleveltargeting/entraidgroups.md) -- [Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash?](/docs/endpointpolicymanager/tips/onpremisecloud.md) -- [How does Endpoint Policy Manager perform Folder Redirection or OneDrive Known Folder Move (KFM) with Endpoint Policy Manager Group Policy, Endpoint Policy ManagerMDM or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/tips/folderredirection.md) -- [Can I embed the Endpoint Policy ManagerClient Side Extension and/or Endpoint Policy Manager Cloud client into a master image for VDI, MDT, Ghost, Citrix, etc?](/docs/endpointpolicymanager/tips/embedclient.md) -- [Which components within the Endpoint Policy Manager product family will work with what operating system?](/docs/endpointpolicymanager/requirements/support/operatingsystem.md) -- [How do I get Azure AD SIDs and use them with Item Level Targeting?](/docs/endpointpolicymanager/itemleveltargeting/entraidsids.md) -- [How does Endpoint Policy Manager handle STIGs and/or CIS Benchmarks and/or other 3rd party Advice?](/docs/endpointpolicymanager/tips/thirdpartyadvice.md) -- [Are the services installed with Endpoint Policy Manager required? Can I disable them if I'm only using a single component?](/docs/endpointpolicymanager/tips/services.md) -- [Which Windows Client and Server are currently supported by Endpoint Policy Manager?](/docs/endpointpolicymanager/requirements/support/windows.md) -- [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/tips/eventlogs.md) -- [How can I use Item Level Targeting to specify Windows Virtual Desktops (WVD) Multi-session Windows?](/docs/endpointpolicymanager/itemleveltargeting/virtualdesktops.md) -- [List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/tips/eventcategories.md) -- [How do I make an Item Level Target for Windows 10 or Windows 11 endpoints](/docs/endpointpolicymanager/itemleveltargeting/windowsendpoint.md) - -## Portal Questions - -- [How do I create a Secondary (or Accounting) contact within the Portal to enable another person to participate in Endpoint Policy Manager (including downloads, updates, etc.)?](/docs/endpointpolicymanager/cloud/adduser.md) -- [Two-Factor Authentication in the Endpoint Policy Manager Portal](/docs/endpointpolicymanager/cloud/twofactorauthentication.md) -- [Why can't I opt out of Emails when I'm an Endpoint Policy Manager Customer?](/docs/endpointpolicymanager/cloud/emailoptout.md) -- [How can I use a checksum to validate the Endpoint Policy Manager download?](/docs/endpointpolicymanager/cloud/cheksum.md) -- [Portal login troubleshooting](/docs/endpointpolicymanager/troubleshooting/cloud/login.md) -- [Changing a portal users information](/docs/endpointpolicymanager/cloud/profileupdate.md) - -## Troubleshooting (General) - -- [What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) -- [Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus?](/docs/endpointpolicymanager/troubleshooting/antivirus.md) -- [During CSE installation on a VM the following message is displayed indicating a reboot will be needed](/docs/endpointpolicymanager/troubleshooting/install/clientsideextension.md) -- [What is the processing order of all policies and how are conflicts resolved (and how can I see the final RsOP) of those policies (between GPO, Cloud, XML, etc)?](/docs/endpointpolicymanager/troubleshooting/conflictresolved.md) -- [Why do I get ">Endpoint Policy ManagerBrowser Router couldn't connect to Endpoint Policy Manager extension service. Please contact support"?](/docs/endpointpolicymanager/troubleshooting/browserrouter.md) -- [How do I submit a process dump (PROCDUMP) and Process Monitor (PROCMON) capture of a hanging process?](/docs/endpointpolicymanager/troubleshooting/hangingprocess.md) -- [How do I manually collect logs if PPLOGS as User or Admin does not launch?](/docs/endpointpolicymanager/troubleshooting/log/manual.md) -- [How do I ensure that settings will revert when the policy no longer applies (by Group Policy, File, or Endpoint Policy Manager Cloud)?](/docs/endpointpolicymanager/troubleshooting/settingsrevert.md) -- [What are the services installed by Endpoint Policy Manager?](/docs/endpointpolicymanager/install/services.md) -- [I see many instances of the Endpoint Policy Manager Watcher service running on my clients, is that normal?](/docs/endpointpolicymanager/troubleshooting/watcherservice.md) -- [What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?](/docs/endpointpolicymanager/install/clientsideextension/guids.md) -- [How do I turn on Debug logging if asked?](/docs/endpointpolicymanager/troubleshooting/log/debug.md) -- [How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support?](/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/index.md) -- [How can I increase the depth of what Endpoint Policy Manager reports (minidump files).](/docs/endpointpolicymanager/troubleshooting/log/minidumpfiles.md) -- [What are the advanced CSE troubleshooting registry debugging items?](/docs/endpointpolicymanager/troubleshooting/clientsideextension/registrydebug.md) -- [How can I present a custom dialog (or no dialog) if Browser Router (or the CSE) stops working or crashes?](/docs/endpointpolicymanager/troubleshooting/customdialog.md) -- [Troubleshooting Item Level Targeting (ILT) Evaluations when using the Endpoint Policy Manager ILT Engine](/docs/endpointpolicymanager/troubleshooting/itemleveltargeting/evaluations.md) -- [How to use ProcMon to track changes over time to specific registry keys](/docs/endpointpolicymanager/troubleshooting/procmon.md) -- [How can I use Powershell to automatically say yes to the PPLOGS prompt?](/docs/endpointpolicymanager/troubleshooting/powershell/pplogsprompt.md) -- [Why do I get crashes and blue screens when using Endpoint Policy Manager with Forcepoint DLP?](/docs/endpointpolicymanager/troubleshooting/forepointdlp.md) - -## Endpoint Policy Manager & Netwrix Auditor - -- [How do I configure the MMC snap-in to open GPOs in Netwrix Auditor?](/docs/endpointpolicymanager/integration/auditor/mmcsnapin.md) -- [How can I minimize or eliminate requests to authenticate to Netwrix Auditor (and what permissions are needed to see Endpoint Policy Manager's Netwrix Auditor Reports?)](/docs/endpointpolicymanager/integration/auditor/permissions.md) - -## Non-Domain Joined Troubleshooting - -- [Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)?](/docs/endpointpolicymanager/troubleshooting/nondomain/limitations.md) -- [Which items in Chrome will, and will not work when non-domain joined?](/docs/endpointpolicymanager/troubleshooting/nondomain/chrome.md) -- [How to use Scripts Manager to manually install and enable Endpoint Policy Manager Browser Router for new Edge Chromium?](/docs/endpointpolicymanager/troubleshooting/nondomain/edge.md) - -## Endpoint Policy Manager & Change Management Utilities - -- [Understanding the Difference Between Endpoint Policy Manager and GPO Change Management Tools](/docs/endpointpolicymanager/troubleshooting/changemanagementtools.md) diff --git a/docs/endpointpolicymanager/gettingstarted/overview/videolearningcenter.md b/docs/endpointpolicymanager/gettingstarted/overview/videolearningcenter.md deleted file mode 100644 index c77f605479..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/overview/videolearningcenter.md +++ /dev/null @@ -1,76 +0,0 @@ -# Video Learning Center - -See the following Video topics for getting started with Endpoint Policy Manager (Misc). - -## Getting Started (Misc) - -- [Endpoint Policy ManagerPortal: How to download Endpoint Policy Manager and get free training](/docs/endpointpolicymanager/video/gettingstarted/freetraining.md) -- [Endpoint Policy ManagerSolution Methods: Group Policy, MDM, UEM Tools, and Endpoint Policy Manager Cloud compared.](/docs/endpointpolicymanager/video/gettingstarted/solutionmethods.md) -- [Endpoint Policy Manager Extras: SID EXPORTER](/docs/endpointpolicymanager/video/gettingstarted/sidexporter.md) -- [Endpoint Policy Manager CSE and Admin console with ARM machines](/docs/endpointpolicymanager/video/gettingstarted/arm.md) -- [Endpoint Policy Manager Standalone Editor Introduction](/docs/endpointpolicymanager/video/gettingstarted/editor.md) - -## Troubleshooting - -- [Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md) -- [Gathering and Uploading Logs](/docs/endpointpolicymanager/video/troubleshooting/logs.md) -- [Process Monitor 101](/docs/endpointpolicymanager/video/troubleshooting/processmonitor.md) -- [How to make a GPO backup for us to use atEndpoint Policy Manager ](/docs/endpointpolicymanager/video/troubleshooting/gpobackup.md) -- [Endpoint Policy Manager User PowerShell to find all Endpoint Policy Manager GPOs](/docs/endpointpolicymanager/video/troubleshooting/powershell.md) -- [Endpoint Policy Manager CSE Troubleshooting: Unlicense all components, and re-license the one to isolate](/docs/endpointpolicymanager/video/troubleshooting/unlicense.md) -- [Troubleshooting ILT with the ILT Validator Tool](/docs/endpointpolicymanager/video/troubleshooting/itemleveltargeting.md) -- [Endpoint Policy Manager: Exclude Processes via ADMX](/docs/endpointpolicymanager/video/gettingstarted/admx.md) - -## Upgrading and Maintenance - -- [Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem](/docs/endpointpolicymanager/video/troubleshooting/backupoptions.md) -- [Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) - -## Endpoint Policy Manager & Netwrix Auditor - -- [Endpoint Policy Manager and Netwrix Auditor - Demo](/docs/endpointpolicymanager/video/integration/auditordemo.md) -- [Endpoint Policy Manager and Netwrix Auditor - Setup Steps](/docs/endpointpolicymanager/video/integration/auditorsetup.md) - -## Methods: SCCM (and Other On-prem Tools) - Deploying Real Microsoft GPO and Endpoint Policy Manager Settings - -- [Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/methods/exporterutility.md) -- [Deploy Real Group Policy using SCCM or Other Management System!](/docs/endpointpolicymanager/video/methods/sccmgrouppolicy.md) -- Deploy Endpoint Policy Manager Settings Using SCCM or Other Management System! - -## Endpoint Policy Manager and Windows Virtual Desktops (WVD) - -- [Endpoint Policy Manager & WVD (Windows Virtual Desktop) Getting Started](/docs/endpointpolicymanager/video/windowsvirtualdesktops/gettingstarted.md) -- [Endpoint Policy Manager + WVD: Elevate the installation of the Remote Deskop app](/docs/endpointpolicymanager/video/windowsvirtualdesktops/elevateinstall.md) -- [Endpoint Policy Manager + WVD: Elevate application inside WVD and bypass UAC prompts](/docs/endpointpolicymanager/video/windowsvirtualdesktops/elevateapplication.md) -- [Endpoint Policy Manager + WVD: Manage the Start Screen and Taskbar](/docs/endpointpolicymanager/video/windowsvirtualdesktops/startscreen.md) -- [Endpoint Policy Manager + WVD: Manage Applications Settings](/docs/endpointpolicymanager/video/windowsvirtualdesktops/applicationsettings.md) -- [Endpoint Policy Manager + WVD: Reducing number of GPOs and using "GPOs with Brains"](/docs/endpointpolicymanager/video/windowsvirtualdesktops/admintemplatemanager.md) -- [Endpoint Policy Manager + WVD: Browser Router ... the right browser for the right website.](/docs/endpointpolicymanager/video/windowsvirtualdesktops/browserrouter.md) -- [Endpoint Policy Manager + Windows Virtual Desktop .. Better Together Tour](/docs/endpointpolicymanager/video/windowsvirtualdesktops/tour.md) -- [Endpoint Privilege Manager + Windows Virtual Desktop](/docs/endpointpolicymanager/video/windowsvirtualdesktops/leastprivilege.md) - -## Endpoint Policy Manager and FSLogix - -- [Endpoint Policy Manager + FSLogix ... Managing your Browsers with App Masking.](/docs/endpointpolicymanager/video/fslogix/appmasking.md) -- [Endpoint Policy Manager and FSLogix Profiles: Better Together](/docs/endpointpolicymanager/video/fslogix/profiles.md) -- [Endpoint Policy Manager + FSLogix: Manage the Windows 10 Start Menu](/docs/endpointpolicymanager/video/fslogix/startmenu.md) -- [Endpoint Policy Manager + FSLogix: Set default browser based upon if the browser is masked or revealed](/docs/endpointpolicymanager/video/fslogix/browserdefault.md) -- [Endpoint Policy Manager + FSLogix: The Right Browser for the Right Website](/docs/endpointpolicymanager/video/fslogix/broswerright.md) -- [Endpoint Policy Manager + FSLogix: Setting browser configuration based upon which browser you actually have.](/docs/endpointpolicymanager/video/fslogix/browserconfiguration.md) -- [Endpoint Policy Manager + FSLogix: Elevating applications when needed (and available by FSLogix)](/docs/endpointpolicymanager/video/fslogix/elevatingapplications.md) - -## Endpoint Policy Manager & Cameyo - -- [Endpoint Policy Manager + Cameyo: Overcoming UAC prompts for Published Applications](/docs/endpointpolicymanager/video/cameyo/uacprompts.md) -- [Endpoint Policy Manager Browser Router + Cameyo: Right Browser for the Right Website](/docs/endpointpolicymanager/video/cameyo/browserright.md) -- [Endpoint Policy Manager and Cameyo: Start Screen and Taskbar Magic Tricks](/docs/endpointpolicymanager/video/cameyo/startscreen.md) -- [Cameyo and Endpoint Policy Manager Application Settings Manager](/docs/endpointpolicymanager/video/cameyo/applicationsettings.md) - -## Endpoint Policy Manager & Change Management Utilities - -- [Endpoint Policy Manager MMC: Showing History of items you create](/docs/endpointpolicymanager/video/changemanagementutilities/history.md) -- [Endpoint Policy Manager and AGPM](/docs/endpointpolicymanager/video/changemanagementutilities/advancedgrouppolicymanagement.md) -- [Endpoint Policy Manager and Quest's GPOADmin Tool](/docs/endpointpolicymanager/video/changemanagementutilities/gpoadmintool.md) -- [Endpoint Policy Manager Integrates with NetIQ GPA](/docs/endpointpolicymanager/video/changemanagementutilities/netiq.md) -- [Endpoint Policy Manager and Quest (ScriptLogic) ActiveAdministrator](/docs/endpointpolicymanager/video/changemanagementutilities/scriptlogicactiveadministrator.md) -- [Endpoint Policy Manager and SDM CHANGE MANAGER](/docs/endpointpolicymanager/video/changemanagementutilities/sdmchangemanager.md) diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/cloud.md b/docs/endpointpolicymanager/gettingstarted/quickstart/cloud.md deleted file mode 100644 index 1ef67fe6fd..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/cloud.md +++ /dev/null @@ -1,44 +0,0 @@ -# Endpoint Policy Manager Cloud Delivery Quick Start - -For an overview of delivery via PolicyPak Cloud, see the -[Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) video . - -Follow the steps below to carry out the Endpoint Policy Manager cloud delivery: - -**Step 1 –** Install the Endpoint Policy Manager Cloud Client on an example endpoint - -Log on to [cloud.endpointpolicymanager.com](http://cloud.endpointpolicymanager.com/) with the credentials provided to you -via email from Netwrix sales. In the Company tab download the PolicyPak Cloud Client MSI for your -PolicyPak Cloud tenant. - -Install it by hand on a few Windows 10 or Windows 11 endpoints. Alternatively, use your software -deployment tool (like Intune) to deliver the CSE to a few endpoints. See the -[Endpoint Policy Manager Cloud + MDM Services: Install Cloud Client + automatically join PPC Groups and get policy.](/docs/endpointpolicymanager/video/cloud/mdm.md) -video of using Intune to bootstrap the PolicyPak cloud client install. - -The Endpoint Policy Manager Cloud Client automatically installs the PolicyPak CSE at the same time. - -**NOTE:** Each time you install the Endpoint Policy Manager Cloud Client you will consume one of -your 10 example licenses - -**Step 2 –** (optional, recommended): Install the Endpoint Policy Manager Admin Console on a -management machine with the GPMC pre-installed - -In the download, find the **Admin Console MSI**. Install it by hand on your machine. Your machine -needs to also have the GPMC pre-installed from Microsoft. We recommend you have both the Endpoint -Policy Manager Admin Console and the GPMC installed on a “fake DC” exclusively for editing purposes. -See the [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) video for -details and how to do this. - -**NOTE:** If you bypass this step, you can still use the Endpoint Policy Manager in-cloud editors, -but some options may not be available to you for editing without an on-prem editor station. - -**Step 3 –** Start creating policies using Endpoint Policy Manager Cloud - -If you want to make Microsoft Group Policy settings via Endpoint Policy Manager Cloud, see the -[Endpoint Policy ManagerCloud: How to deploy Microsoft Group Policy Settings using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/deploy/grouppolicysettings.md)video. - -If you want to make Endpoint Policy Manager specific settings (like Endpoint Policy Manager Least -Privilege Manager, etc.) via Endpoint Policy Manager Cloud, see the -[Endpoint Policy ManagerCloud: How to deploy Endpoint Policy Manager specific settings (using in-cloud editors and exporting from on-prem)](/docs/endpointpolicymanager/video/cloud/deploy/endpointpolicymanagersettings.md) -video. diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/guide.md b/docs/endpointpolicymanager/gettingstarted/quickstart/guide.md deleted file mode 100644 index 6ee4210c09..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/guide.md +++ /dev/null @@ -1,4 +0,0 @@ -# Does Endpoint Policy Manager have a Quick Start Guide? - -Yes, see the [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md) topic to help you get -started with Netwrix Endpoint Policy Manager (formerly PolicyPak) immediately. diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/guideinstall.md b/docs/endpointpolicymanager/gettingstarted/quickstart/guideinstall.md deleted file mode 100644 index 82138373d9..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/guideinstall.md +++ /dev/null @@ -1,4 +0,0 @@ -# Does Endpoint Policy Manager have an Installation Quick Start Guide? - -Yes, see the [Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md) topic for information on how to install -Netwrix Endpoint Policy Manager (formerly PolicyPak) . diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/mdm.md b/docs/endpointpolicymanager/gettingstarted/quickstart/mdm.md deleted file mode 100644 index f600efd0ae..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/mdm.md +++ /dev/null @@ -1,34 +0,0 @@ -# MDM / Intune Delivery Quick Start - -For a video overview of MDM delivery via Intune, see the -[Endpoint Policy Manager and Microsoft Intune](/docs/endpointpolicymanager/video/mdm/microsoftintune.md). The installation -steps are below. - -**Step 1 –** Install the Endpoint Policy Manager Client on an example endpoint. - -In the download, find the **Client Side Extensions (CSE)** folder. Install it by hand on a few -Windows 10 or Windows 11 endpoints. Alternatively, use your software deployment tool (like Intune) -to deliver the CSE to a few endpoints. - -**Step 2 –** Install the Endpoint Policy Manager Admin Console on a management machine with the GPMC -pre-installed - -In the download, find the **Admin Console MSI** and install it manually on your machine. Your -machine needs to also have the GPMC pre-installed from Microsoft. It is recommended that you have -both the Endpoint Policy Manager Admin Console and the GPMC installed on a “fake DC” exclusively for -editing purposes. See the -[How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) video for details -and how to do this. - -**Step 3 –** Install your license key or rename your example endpoint to have computer in the name. - -**NOTE:** If you got a license file back from the Netwrix sales team, you can import it to enable -computers in the locations (scope) you requested. Alternatively, you can merely rename an endpoint -have the word Computer in the name, and the computer will act fully licensed. - -Follow the [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) -video to install an MDM license file. - -Check the -[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) -topic to see how to rename a computer or perform alternative licensing. diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md b/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md deleted file mode 100644 index 196f129e9a..0000000000 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md +++ /dev/null @@ -1,14 +0,0 @@ -# Netwrix Endpoint Policy Manager Quick Start - -Getting Started - -First, download the Netwrix Endpoint Policy Manager (formerly PolicyPak) software from the portal at -endpointpolicymanager.com. See the -[Endpoint Policy ManagerPortal: How to download Endpoint Policy Manager and get free training](/docs/endpointpolicymanager/video/gettingstarted/freetraining.md) -topic for video details on downloading. - -Next, Netwrix Endpoint Policy Manager (formerly PolicyPak) enables you to deliver settings via Group -Policy, MDM or PolicyPak Cloud. - -**_RECOMMENDED:_** Use Group Policy for your Quick Start. However, any delivery method may be used -as appropriate. diff --git a/docs/endpointpolicymanager/gpoexport/overview/knowledgebase.md b/docs/endpointpolicymanager/gpoexport/overview/knowledgebase.md deleted file mode 100644 index da2d2e3be6..0000000000 --- a/docs/endpointpolicymanager/gpoexport/overview/knowledgebase.md +++ /dev/null @@ -1,39 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for GPO Export Merge, Admin Templates, and Preferences -2.0. - -## GPO Export Manager: Getting Started - -- [Which security settings can be exported by GPO Export Manager?](/docs/endpointpolicymanager/gpoexport/securitysettings.md) -- [Why must some GPPreferences items be run in User Context?](/docs/endpointpolicymanager/gpoexport/usercontext.md) - -## Admin Templates Manager: Tips and Tricks - -- [Which settings can be managed with the Admin Templates Manager component?](/docs/endpointpolicymanager/adminstrativetemplates/settings.md) -- [How do I disable elements in Office (Outlook, etc.) using Endpoint Policy Manager and ADMX files?](/docs/endpointpolicymanager/adminstrativetemplates/disableofficeelements.md) - -## Admin Templates Manager: Troubleshooting - -- [What Admin Console MSI and CSE versions are supported for Endpoint Policy Manager Admin Templates Manager ?](/docs/endpointpolicymanager/adminstrativetemplates/versions.md) -- [I created a Collection and/or items, but I don't see them in the Group Policy settings report. Why and how can I fix it?](/docs/endpointpolicymanager/troubleshooting/administrativetemplates/settingsreport.md) -- [I've created a collection in the Administrative Templates Manager and I've added policies to that collection. However, they are not showing up in the main window.](/docs/endpointpolicymanager/troubleshooting/administrativetemplates/missingcollections.md) -- [I get a "Policy Duplicates" error when adding new policies using Endpoint Policy Manager Admin Templates Manager. What should I do?](/docs/endpointpolicymanager/troubleshooting/error/admintemplates/policyduplicates.md) -- [I get a "Namespace already defined" error when making new Endpoint Policy Manager Admin Templates Manager policies. What is this?](/docs/endpointpolicymanager/troubleshooting/error/admintemplates/namespacealreadydefined.md) -- [How to Mitigate Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)](/docs/endpointpolicymanager/troubleshooting/administrativetemplates/vulnerability/windowsprintspooler.md) - -## Exporting Group Policy Preferences / Using Endpoint Policy Preferences Manager - -- [Where is my Endpoint Policy Manager Preferences Component license and how do I request one?](/docs/endpointpolicymanager/preferences/componentlicense.md) -- [Which settings can be managed with the Preferences Manager component?](/docs/endpointpolicymanager/preferences/settings.md) -- [How To deploy a TCP/IP Printer using Group Policy Preferences in Endpoint Policy Manager Cloud ](/docs/endpointpolicymanager/preferences/printerdeploy.md) -- [Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around?](/docs/endpointpolicymanager/troubleshooting/preferences/domainjoined.md) -- [How to deliver network drive mappings using Group Policy Preferences on the computer side](/docs/endpointpolicymanager/preferences/drivemappings.md) -- [How to enable and start a service using Group Policy Preferences](/docs/endpointpolicymanager/preferences/startservice.md) -- [How do I use passwords with Group Policy Preferences items within Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/preferences/passwords.md) - -## Exporting Group Policy Security Settings / Using Endpoint Policy Manager Security Settings Manager - -- [Can I use Endpoint Policy Manager Cloud to deliver certificates ?](/docs/endpointpolicymanager/gpoexport/delivercertificates.md) -- [Why Won't my Windows Security Settings Export using GPO Export Manager](/docs/endpointpolicymanager/troubleshooting/gpoexport/securitysettings.md) -- [Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings?](/docs/endpointpolicymanager/troubleshooting/gpoexport/onpremisecloud.md) diff --git a/docs/endpointpolicymanager/gpoexport/overview/videolearningcenter.md b/docs/endpointpolicymanager/gpoexport/overview/videolearningcenter.md deleted file mode 100644 index 8e112919be..0000000000 --- a/docs/endpointpolicymanager/gpoexport/overview/videolearningcenter.md +++ /dev/null @@ -1,37 +0,0 @@ -# Video Learning Center - -See the following Video topics for GPO Export Merge, Admin Templates, and Preferences 2.0. - -## Exporting to Cloud, MDM, and SCCM: Getting Started - -- [Export Real GPO settings for use with PP Cloud or any MDM Service.](/docs/endpointpolicymanager/video/gpoexport/realgposettings.md) -- [Use your GPOs with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/gpoexport/cloudimport.md) -- [Endpoint Policy Export Manager with MDM (like Intune)](/docs/endpointpolicymanager/video/gpoexport/mdm.md) -- [Endpoint Policy Manager Exporter and SCCM: Deploy real GPOs via SCCM](/docs/endpointpolicymanager/video/gpoexport/sccm.md) -- [GPO MERGE TOOL REVERSE](/docs/endpointpolicymanager/video/gpoexport/mergetool.md) - -## Admin Templates Manager: Getting Started - -- [Endpoint Policy Manager Admin Templates: Collections and Item Level Targeting](/docs/endpointpolicymanager/video/administrativetemplates/collections.md) -- [Endpoint Policy Manager Admin Templates Manager: Switched Policies (without Loopback)](/docs/endpointpolicymanager/video/administrativetemplates/switchedpolicies.md) - -## Admin Templates Methods: Cloud, MDM, SCCM, etc. - -- [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/mdm/exportgpos.md) -- [Endpoint Policy Manager Cloud: Deploy Group Policy Admin template settings over the internet](/docs/endpointpolicymanager/video/administrativetemplates/deployinternet.md) - -## Admin Templates: Tips & Tricks - -- [The Ultimate Guide to Managing Screensavers](/docs/endpointpolicymanager/video/administrativetemplates/screensavers.md) - -## Getting Started: Preferences 2.0 - -- [Endpoint Policy Manager Preferences: Printers (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/consolidateprinter.md) -- [Endpoint Policy Manager Preferences: Drive Maps (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/drivemaps.md) -- [Endpoint Policy Manager Preferences: Registry Items (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/consolidateregistry.md) -- [Endpoint Policy Manager Preferences: Shortcuts (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/shortcuts.md) - -## Exporting Group Policy Preferences / Using Endpoint Policy Preferences Manager - -- [Deliver GPPrefs items without using loopback mode](/docs/endpointpolicymanager/video/preferences/delivergpprefs.md) -- [Endpoint Policy Manager Cloud: Use PP Cloud to create a new local user on your endpoints](/docs/endpointpolicymanager/video/preferences/cloudlocaluser.md) diff --git a/docs/endpointpolicymanager/gpoexport/securitysettings.md b/docs/endpointpolicymanager/gpoexport/securitysettings.md deleted file mode 100644 index 996b849cde..0000000000 --- a/docs/endpointpolicymanager/gpoexport/securitysettings.md +++ /dev/null @@ -1,31 +0,0 @@ -# Which security settings can be exported by GPO Export Manager? - -Over thirteen types of security settings can be managed with Netwrix Endpoint Policy Manager -(formerly PolicyPak) Security Settings Manager, including: - -- Account Policies - - Password Policy - - Account Lockout Policy - - Kerberos Policy -- Local Policies - - Audit Policy - - User Rights Assignment - - Security Options -- Event Log Settings -- Restricted Groups -- System Services -- Registry -- File System -- Windows Firewall With Advanced Security -- Pubic Key Policies -- Software Restriction Policies -- Network Access Protection -- Applocker (Application Control Policies) - -**NOTE:** The following items are NOT supported by Endpoint Policy Manager Security Settings -Manager: - -- IP Security -- Wired Network (IEEE 802.3) Policies -- Wireless Network (IEEE 802.11) Policies -- Advanced Audit Policies diff --git a/docs/endpointpolicymanager/grouppolicy/overview/knowledgebase.md b/docs/endpointpolicymanager/grouppolicy/overview/knowledgebase.md deleted file mode 100644 index 71edf7cb26..0000000000 --- a/docs/endpointpolicymanager/grouppolicy/overview/knowledgebase.md +++ /dev/null @@ -1,20 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for getting started with Group Policy. - -## Troubleshooting - -- [How can I find the name of a GPO located within a PP Log file?](/docs/endpointpolicymanager/troubleshooting/log/grouppolicy/guid.md) -- [How does caching of item level targeting work when Microsoft ILT (Preferences ILT) is used?](/docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cachepreferences.md) -- [How does caching of Item Level Targeting work when Endpoint Policy Manager ILT (ILT 2.0 Engine) is used?](/docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cacheengine.md) -- [How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support (when using Preferences ILT engine)?](/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/preferences.md) -- [Microsoft August 2024 Updates Breaking New Item-Level Targeting in GPOs](/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/index.md) -- [The Group Policy "Reporting ADM" appears to stop functioning in one GPO. What can I do to fix it?](/docs/endpointpolicymanager/troubleshooting/reportingadm.md) - -## Tips, Tricks and FAQs - -- [How to insert User information in any Application via Group Policies?](/docs/endpointpolicymanager/grouppolicy/insertuserinfo.md) - -## Endpoint Policy Manager Group Policy - -- [How to use PDQ Deploy to collect PPLOGS from remote computers then save them to a network location](/docs/endpointpolicymanager/grouppolicy/pdqdeploy.md) diff --git a/docs/endpointpolicymanager/grouppolicy/overview/videolearningcenter.md b/docs/endpointpolicymanager/grouppolicy/overview/videolearningcenter.md deleted file mode 100644 index 410b09d5bd..0000000000 --- a/docs/endpointpolicymanager/grouppolicy/overview/videolearningcenter.md +++ /dev/null @@ -1,20 +0,0 @@ -# Video Learning Center - -See the following Video topics for getting started with Group Policy. - -## Getting Started - -- [Endpoint Policy Manager Explained: In about two minutes](/docs/endpointpolicymanager/video/grouppolicy/explained.md) -- [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) -- [Admin Console And CSE Installation](/docs/endpointpolicymanager/video/grouppolicy/install.md) -- [Endpoint Policy Manager with Group Policy Method: Getting Started](/docs/endpointpolicymanager/video/grouppolicy/gettingstarted.md) -- [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/grouppolicy/renameendpoint.md) -- [Integration with Group Policy (Basics: Installation, Backup, Restore and Reporting !)](/docs/endpointpolicymanager/video/grouppolicy/integration.md) - -## Tips and Tricks - -- [Manual editing Item Level Targeting to affect local Admins and other local accounts](/docs/endpointpolicymanager/video/grouppolicy/itemleveltargeting/editmanual.md) -- [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/mdm/exportgpos.md) -- [Expand Modular View of Endpoint Policy Manager Components in the GPMC back to the Flat Legacy View](/docs/endpointpolicymanager/video/grouppolicy/flatlegacyview.md) -- [Trim the MMC console for OU admins](/docs/endpointpolicymanager/video/grouppolicy/mmcconsole.md) -- [Prevent a Remote Desktop Connection Drop During GP Update](/docs/endpointpolicymanager/video/troubleshooting/grouppolicy/remotedesktopconnection.md) diff --git a/docs/endpointpolicymanager/grouppolicy/pdqdeploy.md b/docs/endpointpolicymanager/grouppolicy/pdqdeploy.md deleted file mode 100644 index c3df4a5ffc..0000000000 --- a/docs/endpointpolicymanager/grouppolicy/pdqdeploy.md +++ /dev/null @@ -1,38 +0,0 @@ -# How to use PDQ Deploy to collect PPLOGS from remote computers then save them to a network location - -**NOTE:** You need to be running PDQ Deploy in Enterprise mode to use this functionality. - -**Step 1 –** Create a new PDQ Deploy package and give it a descriptive name. - -**Step 2 –** Under Steps choose **Command**. - -![784_1_hf-faq-914-img-01](/img/product_docs/endpointpolicymanager/grouppolicy/784_1_hf-faq-914-img-01.webp) - -**Step 3 –** Give the Step a descriptive name, like Collect PPLOGS as User, then, under **Details -tab** > **Command** type or paste in the command below. Replace \\server\share with a valid network -path for your environment. **Note**: Users must be able to create files under the network path you -choose. - -`echo y|pplogs /out:\\server\share\pplogs\%computername%\pplogs-%computername%-%username%.zip` - -![784_3_hf-faq-914-img-02_950x110](/img/product_docs/endpointpolicymanager/grouppolicy/784_3_hf-faq-914-img-02_950x110.webp) - -**Step 4 –** Under the **Options** tab set the **Run As** to **Logged on User**, then click **Save** -to save your progress so far. - -![784_5_hf-faq-914-img-03_950x134](/img/product_docs/endpointpolicymanager/grouppolicy/784_5_hf-faq-914-img-03_950x134.webp) - -**Step 5 –** Select the **New Step** dropdown and choose **Command** from the dropdown list. - -![784_7_hf-faq-914-img-04](/img/product_docs/endpointpolicymanager/grouppolicy/784_7_hf-faq-914-img-04.webp) - -**Step 6 –** Give the Step a descriptive name, like. Collect PPLOGS as Admin), and then under -**Details tab** > **Command** type or paste in the command below, replacing \\server\share with a -valid network path for your environment. - -`echo y|pplogs /out:\\server\share\pplogs\%computername%\pplogs-%computername%-admin.zip` - -**Step 7 –** Click **Save**, then test your deployment. Once the deployment has executed -successfully check your network share to see the results. - -![784_9_hf-faq-914-img-05](/img/product_docs/endpointpolicymanager/grouppolicy/784_9_hf-faq-914-img-05.webp) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/concepts.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/concepts.md deleted file mode 100644 index 29b167af09..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/concepts.md +++ /dev/null @@ -1,4 +0,0 @@ -# Concepts and Quick Start - -In the sections below, we'll discuss some important GPCR concepts and then jump into the Quickstart -guide. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/domainmultiple.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/domainmultiple.md deleted file mode 100644 index 619c293e0e..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/domainmultiple.md +++ /dev/null @@ -1,108 +0,0 @@ -# How can I use Group Policy Compliance Reporter with multiple domains? - -First – make sure you have GPCR implemented in the primary domain correctly. - -## Group Policy Compliance Reporter Implementation - -**Step 1 –** Make sure you have the latest download of Compliance Reporter, which you should have if -you recently downloaded the BITS from the portal - -**Step 2 –** Pick a server where you want to run Compliance Reporter - -**Step 3 –** Work through this video to install Compliance Reporter - -- [Installing Compliance Reporter Server and Client](/docs/endpointpolicymanager/video/gpocompilancereporter/install.md) - -**Step 4 –** Work through this video to setup Compliance Reporter and for machines to report in -(this is the Server version) - -- [Setting up Client-less Endpoint Auditing (Push Mode with Server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepush.md) - -## From within the videos above, here is a summary of some important steps: - -Preparatory Steps (before installing GPCR) - -**Step 1 –** Determine the AD Computer security group to be used - -1. Used for 2 Purposes - - - for Server to Accept RSOP uploads - - for ILT on the Scheduled Task GPO (optional) - -**Step 2 –** Confirm that a shortname will work for Auditor path, recommend FQDN - -1. Ie. Are you using DNS Suffix Search Lists in the primary domain and in other domains such that a - shortname will resolve into its FQDN correctly -2. In most cases, its safer to use the FQDN of the GPCR server - -**Step 3 –** Will we have access to Create GPO from Server or do we need to export - -1. Ie. Will the account that the admin/engineer is logged into while using GPCR have - access/permissions to create GPO's - -**Step 4 –** Recommended to Import `ADMX` files (for troubleshooting, further configuration, -logging, etc.) - -1. We have some Netwrix Endpoint Policy Manager (formerly PolicyPak) ADMX templates and among those - are several settings specific to GPCR that allows for enabling additional logging and managing - when and how often RSOP checkins occur -2. Recommend to have those imported to the domain Central Store of all domains to be available if - needed - -**Step 5 –** Understand pros and cons of doing all computers or just selections from certain sites -that are representative of the site and its population (and how the AD group plays into that) - -1. In domains that have a few hundred to a low thousand and are all well connected in large - locations, it is often ok to deploy the scheduled task GPO to all machines for all to check in -2. However for larger domains, and also when remote sites might be less well connected, having lower - bandwidth, its recommended to identify segments of computers to be "representatives" of their - population. That is, choose some number at a location to receive the GPO and be the - representatives of what machines at that location are receiving. - - This cuts down on bandwidth used and load on the server -3. The AD group created earlier can be used, by only having those computers desired as members. - -## Overall Server Setup Steps (detailed in videos links above) - -**Step 1 –** Install Server piece - -- This is a Windows Service - -**Step 2 –** Install Server Console - -- Often on same server as server service, but could be another server as well - -**Step 3 –** Configure Server settings via Console - -1. Will need the AD Group created for this step -2. Will need the server name (shortname or FQDN) for this step -3. Will need to be able to create a GPO or export and import later for this step - -![758_1_image-20200130171300-1_950x485](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/758_1_image-20200130171300-1_950x485.webp) - -## Enabling Other Domains to connect to GPCR - -**Step 1 –** Now that you have the server up and running in the primary domain, the following steps -are needed in each additional domain. - -**Step 2 –** Copy the GPO you created (during step 3 above configuring server) from Domain 1 to -Domain 2 and deploy it there - -1. Do a GPO Backup from Domain 1 -2. Copy the Backup folder to a server on Domain 2 -3. Restore GPO to Domain 2 -4. This article describes the general process of backing up and restoring GPO's, specifically in the - "About Backup and Import (between domains)" section - - [https://www.endpointpolicymanager.com/pp-blog/backing-up-your-gpos-with-and-without-policypak-data-dont-get-burned](https://www.endpointpolicymanager.com/pp-blog/backing-up-your-gpos-with-and-without-policypak-data-dont-get-burned) - -**Step 3 –** Create an AD group with the SAME NAME as the AD Group in Domain 1 - -**Step 4 –** Add computers in Domain 2 to the new Domain 2 AD Group - -### NOTE – Why a Group in each Domain is Required - -- Currently GPCR cannot innumerate members of a Domain Local group that are not in the same domain. - Even with a two way forest trust in place -- Therefore the workaround as noted above is to create the corresponding local domain group of the - same name as the primary GPCR domain - - ![758_3_image-20200130171300-2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/758_3_image-20200130171300-2.webp) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/install.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/install.md deleted file mode 100644 index 800d28f9f0..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/install.md +++ /dev/null @@ -1,198 +0,0 @@ -# Installing and Configuring Endpoint Policy Manager GPCR for use with SQL Server using SQL Authentication - -This document will step through preparing for and installing the GPCR server and Admin Client -software, and assumes MS SQL Server is installed on a separate, accessible server, using default -settings. - -## Configuring Active Directory - -Set who is allowed to access the GPCR client and what computers will have their data collected. - -**Step 1 –** Create a security group in the domain (e.g. GPCR Admin) and populate it with and -administrators that require access to the GPCR client (admin console) - -**Step 2 –** Create a security group in the domain (e.g. GPCR Computers) and populate it with -individual computers or other computer groups (e.g. Domain Computers) that will participate the -compliance reporting. - -## Configuring SQL Server - -### Set server Authentication - -Authentication must be set to allow both SQL and windows authentication - -**Step 1 –** Open "Microsoft SQL Server Management Studio" and connect to your server instance - -**Step 2 –** Right-click on SQL server instance and click "Properties" - -**Step 3 –** On the Server Properties page click on the "Security" tab and set the Server -authentication to "SQL Server and Windows Authentication" - -![673_1_image-20200430140138-1](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_1_image-20200430140138-1.webp) - -**Step 4 –** Click OK to Close - -**Step 5 –** If changed, restart MSSQLSERVER service - -### Create DB Admin - -Create an administrative SQL account within SSMS to own and access the GPCR database. - -**Step 1 –** Expand "Security", right-click "Logins" and select "New Login" - -**Step 2 –** On General tab - -1. Set Login name, e.g. "GPCR_DBAdmin" -2. Select radio button "SQL Server authentication" and set password -3. Uncheck "Enforce password policy" - - ![673_3_image-20200430140138-2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_3_image-20200430140138-2.webp) - -**Step 3 –** Click on "Server Roles" tab and select "public" and "sysadmin" roles - -![673_5_image-20200430140138-3](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_5_image-20200430140138-3.webp) - -**Step 4 –** Save and close - -### Create Empty DB - -GPCR requires an empty SQL database be present during the installation - -**Step 1 –** In Microsoft SSMS, right-click on "Databases" and select "New Database" - -![673_7_image-20200430140138-4_471x171](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_7_image-20200430140138-4_471x171.webp) - -**Step 2 –** Enter name for database (e.g. GPCR) - -**Step 3 –** Set Owner as DB admin created earlier (GPCR_DBAdmin in example) - -**Step 4 –** Place DB and log files where desired, if different from default - -**Step 5 –** Save and close - -## Ensuring Connectivity - -Ensure communication is open between GPCR Client and SQL server - -### Enable DTC - -The following is run on both the Netwrix Endpoint Policy Manager (formerly PolicyPak) GPCR Client -computer (Where the Admin Console is installed) and the remote SQL Server - -**Step 1 –** Open Component Services - -1. Open the "run" box (Win-R), type `"dcomcnfg"` and click OK - -![673_9_image-20200430140138-5](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_3_image-20200327172830-3.webp) - -**Step 2 –** Expand Console Root -> Component Services -> Computers -> My Computer -> Distributed -Transaction Coordinator, Right-Click on Local DTC and click Properties - -![673_11_image-20200430140138-6](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_5_image-20200327172830-4.webp) - -**Step 3 –** On the Security tab -> Security Settings and Configure as follows: - -1. Check "Network DTC Access" -2. Check "Allow Inbound" and "Allow Outbound" -3. Select "No Authentication Required" -4. Check "Enable SNA LU 6.2 Transactions" -5. Click OK - - ![673_13_image-20200430140138-7](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_7_image-20200327172830-5.webp) - -**Step 4 –** The MSDTC service will need to be restarted for the changes to take affect – Click YES -to restart now or NO to restart manually later. - -### Enable Firewall Rules - -Enable DTC through the firewall on both Endpoint Policy Manager GPCR Server and the remote SQL -Server - -**Step 1 –** Open the Windows Defender Firewall - -**Step 2 –** Click on "Allow an app or feature through Windows Defender Firewall" - -![673_15_image-20200430140138-8](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_9_image-20200327172830-6.webp) - -**Step 3 –** Find "Distributed Transaction Coordinator", check and check the appropriate Network -profile (e.g. Domain). - -![673_17_image-20200430140138-9](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_11_image-20200327172830-7.webp) - -**Step 4 –** Click OK to save and close - -## Installing GPCR - -When installing GPCR, download the latest bits from Endpoint Policy Manager. It is our -recommendation that when downloading the latest software version, to grab "everything" (latest bits -plus Paks, manuals and guidance). They can be found at -[https://portal.endpointpolicymanager.com/downloads/everything](https://portal.endpointpolicymanager.com/downloads/everything) - -### GPCR Server - -These steps assume that this is the first time GPCR has been installed. If previously installed, you -will also be prompted to choose between the previously configured database and admin group, and the -setting new values for each. - -**Step 1 –** In the downloaded ISO or ZIP, open "Endpoint Policy Manager Group Policy Compliance -Reporter" folder and run Endpoint Policy Manager GP Compliance Reporter (Server).msi - -**Step 2 –** Click "Next >" through first screen - -**Step 3 –** GPCR requires that Server and client (admin console) be at version 20.3.2366.420 at -minimum. select "Yes, I confirm" and "Next >" to continue - -**Step 4 –** Accept agreement and "Next >" to continue - -**Step 5 –** Change installation or just click "Next >" to accept default (recommended) and continue - -**Step 6 –** Click "Change" and find domain security group created earlier (GPCR Admin in example) -and click "Next >" - -![673_19_image-20200430140138-10](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_19_image-20200430140138-10.webp) - -**Step 7 –** Select "Microsoft SQL Server and "Next >" - -![673_21_image-20200430140138-11](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_21_image-20200430140138-11.webp) - -**Step 8 –** Configure Connection to SQL Server - -1. Server = Hostname or IP address of SQL server -2. Uncheck "Trusted Connection …" -3. Type in Username and password of SQL account created earlier -4. Click "Refresh" to get list of Databases on SQL server and select empty DB created earlier -5. Next > - - ![673_23_image-20200430140138-12](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_23_image-20200430140138-12.webp) - -**Step 9 –** Install -> click yes if prompted for \*.msi - -### GPCR Client - -The GPCR Client (Admin Console) can be installed on any computer. It is recommended that it be -installed on the computer that is used for Group Policy Administration. - -**NOTE:** The client itself is not licensed and thereby can be installed on as many computers as -required. - -**Step 1 –** In the downloaded ISO or ZIP, open "Endpoint Policy Manager Group Policy Compliance -Reporter" folder and run Endpoint Policy Manager GP Compliance Reporter (Admin Console).msi - -**Step 2 –** Click "Next >" through first screen - -**Step 3 –** GPCR requires that Server and client (admin console) be at version 20.3.2366.420 or -higher. Select "Yes, I confirm" and "Next >" to continue - -**Step 4 –** Accept agreement and "Next >" to continue - -**Step 5 –** Change installation or just click "Next >" to accept default (recommended) and continue - -**Step 6 –** Select desired application shortcuts and click "Next >" - -**Step 7 –** Install -> click yes if prompted for \*.msi - -### GPCR General configuration - -For information on completing the GPCR configuration wizard, setting up Auditing and Licensing, and -for general usage, please refer to the manual. In addition, review the KB video -[Installing Compliance Reporter Server and Client](/docs/endpointpolicymanager/video/gpocompilancereporter/install.md) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/basis.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/license/basis.md deleted file mode 100644 index e2aadc346d..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/basis.md +++ /dev/null @@ -1,5 +0,0 @@ -# Is Endpoint Policy Manager Group Policy Compliance Reporter licensed on a per-user basis or a per-computer basis? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) products are always licensed on -a per-computer basis. Any desktop, laptop, VDI and/or concurrent Terminal Services/Citrix -connections count as a license. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/compliancereports.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/license/compliancereports.md deleted file mode 100644 index b74e644598..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/compliancereports.md +++ /dev/null @@ -1,9 +0,0 @@ -# I want to generate Compliance reports on Microsoft GP Preferences/Admin Templates and/or Security Settings. Which license do I need? - -You require the PAID license. - -Reporting on Microsoft products (including GP Preferences, Admin Templates and Security Settings) -via Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy Compliance Reporter is only -available via the Paid License. - -The Free License allows reporting on Endpoint Policy Manager products only. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/expire.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/license/expire.md deleted file mode 100644 index 3b65059ab9..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/expire.md +++ /dev/null @@ -1,14 +0,0 @@ -# What happens if I try to use Endpoint Policy ManagerGroup Policy Compliance Reporter in unlicensed places? What happens if the Endpoint Policy Manager Group Policy Compliance Reporter license expires? - -If you try to request reports from "unlicensed places" here is what happens: - -If that unlicensed place IS licensed for Netwrix Endpoint Policy Manager (formerly PolicyPak) -On-Prem, you will get data back only for Endpoint Policy Manager Application Manager. - -If that unlicensed place is NOT licensed for Endpoint Policy Manager On-Prem, you will get no data -back. - -Anytime a computer's Active Directory account is moved to an un-licensed OU, or move the computer to -another domain (or the license simply expires), then Endpoint Policy Manager - -Group Policy Compliance reporter will stop reporting on those target computers. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/minimum.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/license/minimum.md deleted file mode 100644 index d4ca5415b9..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/minimum.md +++ /dev/null @@ -1,5 +0,0 @@ -# Is there a minimum purchase for Endpoint Policy Manager Group Policy Compliance Reporter? - -For a quote for Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy Compliance -Reporter, call us at 800-883-8002 or -click [https://www.endpointpolicymanager.com/licensing-faq-ppgpcr/support-sharing/about-us/contact-us-for-a-trial-download.html](https://www.endpointpolicymanager.com/licensing-faq-ppgpcr/support-sharing/about-us/contact-us-for-a-trial-download.html). diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/multiyear.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/license/multiyear.md deleted file mode 100644 index 4848d71381..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/multiyear.md +++ /dev/null @@ -1,10 +0,0 @@ -# What if I pay for multiple years of Endpoint Policy Manager Group Policy Compliance Reporter in advance? - -By paying for multiple-years in advance for Netwrix Endpoint Policy Manager (formerly PolicyPak) -Suite (On-Prem Edition), you then lock in your per-computer license cost for the duration of your -term. - -Every year you get one-year license keys and However, you are still required to "True up" every year -and pay for any overage should your computer count increase from last year. - -We give you a one year key, and when you true up, we give you the key for the next year. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/tool.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/license/tool.md deleted file mode 100644 index 9c54bd375c..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/tool.md +++ /dev/null @@ -1,17 +0,0 @@ -# What if I don't run the license tool to "True-Up" my Endpoint Policy Manager Group Policy Compliance Reporter every year? - -You must run the license tool every year to get an updated license file for Netwrix Endpoint Policy -Manager (formerly PolicyPak) Group Policy Compliance Reporter. If you fail to run the True-Up, then -your one-year license expires and the product simply stops working. - -For Endpoint Policy Manager Group Policy Compliance Reporter, you will not be able to see if those -target computers are in or out of compliance any longer. - -Endpoint Policy Manager Group Policy Compliance Reporter stops reporting on clients exactly one -year after the license file is originally generated for each product. - -So, at the 11th month mark, we automatically remind you to run the Endpoint Policy Manager License -Management tool to perform a "True-Up." We will continue to send email reminders and make a best -effort to call you if we see you're getting close to lapsing. At the one year anniversary, Endpoint -Policy Manager Group Policy Compliance Reporter will stop functioning – unless you get a new license -file from us each year. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/userlimit.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/license/userlimit.md deleted file mode 100644 index 0d61052a4d..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/userlimit.md +++ /dev/null @@ -1,6 +0,0 @@ -# How many people can use Endpoint Policy Manager Group Policy Compliance Reporter? - -Unlimited Administrators may use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Group -Policy Compliance Reporter console. - -You only pay for endpoints to report data. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/overview.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/overview.md deleted file mode 100644 index 15d62f24c4..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/overview.md +++ /dev/null @@ -1,28 +0,0 @@ -# Pull and Push Modes - -Figure 3 below demonstrates how the pull and push modes work in GPCR. The details of each mode are -discussed in the following sections. - -![gpcr_concepts_and_quickstart_2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/gpcr_concepts_and_quickstart_2.webp) - -Figure 3. Endpoint Policy Manager GPCR working in pull mode (gray arrows) and in push mode (black -arrows). - -## Pull Mode - -In pull mode with Endpoint Policy Manager GPCR, each administrator acts as an island. Administrators -query each endpoint (target) computer and pull their data. The endpoint must be on and available to -accept requests. For instance, the endpoint's firewall must be off and the required ports must -accept requests. - -## Push Mode - -Push mode in Endpoint Policy Manager GPCR uses the Endpoint Policy Manager GPCR server. -Administrators can still request (pull) data directly from endpoints, like in pull mode, but they -can also take advantage of the server with clientless auditing, through which endpoints deliver -their data directly to a central server. This enables all endpoints the ability to push their data -up whenever Group Policy applies or changes on an endpoint. In this way, endpoints are not required -to be on at the time administrators want to query their status. As soon as Group Policy applies, -data is automatically delivered to the shared database on the designated Endpoint Policy Manager -GPCR server. Additionally, since all data is centrally stored in a server, administrators can share -all tests or results. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/history.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/history.md deleted file mode 100644 index 64240dd1a8..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/history.md +++ /dev/null @@ -1,10 +0,0 @@ -# History - -The "History" button allows you to re-visit to a scenario you tested before. After you click on the -button, click "OK." The tests (in the defined order) and snapshot you used will be populated back -into the Results pane, as shown in Figure 32. This can be handy when you want to repeat a test and -don't want to have to populate the tests or the snapshot again. - -![gpcr_concepts_and_quickstart_33](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/gpcr_concepts_and_quickstart_33.webp) - -Figure 32. The "History" button populates the Results pane with a test scenario you used before. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/overview.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/overview.md deleted file mode 100644 index 0717b90c56..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/overview.md +++ /dev/null @@ -1,17 +0,0 @@ -# Standalone (Pull) Mode Quick Start - -**NOTE:** For an overview of Endpoint Policy Manager GPCR in pull mode, watch this video -[Using Pull Mode (with or without PPGPCR server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepull.md). - -Endpoint Policy Manager GPCR has three panes in which you can perform work: - -- Snapshots: This is where you create sets of computers you want to query. -- Tests: This is where you define tests that you want to validate. -- Results: This is where you select a specific snapshot and a test and get results (see Figure 11) - -![gpcr_concepts_and_quickstart_12](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/gpcr_concepts_and_quickstart_12.webp) - -Figure 11. The Results pane of the GPCR client (admin console). - -Endpoint Policy Manager GPCR starts on the Snapshots pane. We'll start on this pane and move through -each of the panes in the sections below. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/concepts.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/concepts.md deleted file mode 100644 index 2a0a8372f3..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/concepts.md +++ /dev/null @@ -1,34 +0,0 @@ -# Push Mode Concepts - -Once the designated server is licensed and the Endpoint Policy Manager GPCR client (admin console) -can connect to it, you can choose to set up the clientless auditing feature. Auditing enables all -licensed machines (endpoints) to push their Group Policy results data to a central server -automatically, without anything being installed on them. This gives administrators the ability to -query machines anytime because the last known Group Policy data is always up-to-date and on the -server. See Figure 42 for a diagram of how Endpoint Policy Manager GPCR Server with push mode -receives information from Endpoint Policy Manager GPCR endpoints. - -![gpcr_server_with_push_mode_6](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_6.webp) - -Figure 42. Auditing with GPCR Server in push mode. - -The process for receiving information is as follows: - -**Step 1 –** A GPO delivers a scheduled task to all endpoint machines. - -**Step 2 –** When Group Policy runs (triggers) on the endpoint, the endpoint runs the auditor EXE -(PPGPCR.Auditor.exe) which lives on a file share. - -**NOTE:** This can be any server at all and not necessarily the same server running the Endpoint -Policy Manager GPCR server. - -**Step 3 –** Data (the RSOP report) is generated on the client and processed for delivery. - -**Step 4 –** About one minute later, data is pushed from the Endpoint Policy Manager GPCR endpoint -to the designated server. - -Data is then stored in the database, where Endpoint Policy Manager GPCR clients (admin consoles) can -see, in real time, the latest settings from across the network. - -**NOTE:** The server will only accept data from computers which are specifically enabled to do so -via an Active Directory group. This will be discussed in more detail in the next section. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/install.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/install.md deleted file mode 100644 index 44d5845886..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/install.md +++ /dev/null @@ -1,45 +0,0 @@ -# Installation and Uninstallation - -We recommend that installation of the GPCR Server Edition be on a server (Server 2008 R2 or higher). -However, Endpoint Policy Manager GPCR in push mode doesn't need to be installed on a server at all, -and could be installed on any machine (Windows 7 or higher). To start the installation, find the -Endpoint Policy Manager GP Compliance Reporter (Server).msi file, as shown in Figure 36. - -![gpcr_server_with_push_mode](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode.webp) - -Figure 36. GPCR server MSI. - -**Step 1 –** To install Endpoint Policy Manager GP Compliance Reporter, click on the MSI file and -start the wizard (Figure 37). - -![gpcr_server_with_push_mode_1](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_1.webp) - -Figure 37. The Endpoint Policy Manager Group Policy Compliance Reporter Server Setup Wizard. - -**Step 2 –** Next, choose the domain group that will have rights to the Endpoint Policy Manager GPCR -server as shown in Figure 38. - -**NOTE:** To see a video on Compliance Reporter and specific group membership requirements, see the -following link: -[Enhanced Security for Server](/docs/endpointpolicymanager/video/gpocompilancereporter/securityenhanced.md). - -![gpcr_server_with_push_mode_2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_2.webp) - -Figure 38. Choosing the domain group that will have access to the GPCR server. - -**Step 3 –** Then select which type of database you want to use (see Figure 39). You can choose -Microsoft SQL Server Compact if you only expect a small amount of data for processing and testing. -However, in most cases, Microsoft SQL Server is recommended. - -![gpcr_server_with_push_mode_3](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_3.webp) - -Figure 39. Selecting the type of database. - -**Step 4 –** Once the installation process is complete, close the wizard. - -**NOTE:** If you need to uninstall Endpoint Policy Manager GPCR Server, use Add/Remove Programs and -uninstall Endpoint Policy Manager. Then, remove - -`C:\ProgramData\PolicyPak\PolicyPak Group Policy Compliance Reporter Server` and all subfolders. -Additionally, remove the Endpoint Policy Manager Group Policy Compliance Reporter (endpoint) license -from the Group Policy Object (GPO). diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/overview.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/overview.md deleted file mode 100644 index 5517a1eebf..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/overview.md +++ /dev/null @@ -1,25 +0,0 @@ -# Server with Push Mode - -In the following sections, we'll discuss how to set up GPCR Server and use it with push mode. - -**CAUTION:** The Netwrix Endpoint Policy Manager (formerly PolicyPak) GPCR server doesn't lock out -administrators when they are editing the same test. - -## Introduction - -The goal of push mode with Endpoint Policy Manager GPCR is twofold: - -- To use the Endpoint Policy Manager GPCR server as a centralized repository for client endpoint - computers to push their Group Policy (RSOP) data for later analysis. -- To accept incoming requests from multiple Endpoint Policy Manager GPCR clients (admin consoles), - store the data, and ensure that multiple administrators cannot modify the data at the same time. - -**CAUTION:** You must use the Endpoint Policy Manager GPCR server in order for multiple -administrators to share the same data. If you point the Endpoint Policy Manager GPCR client (admin -console) to a file share (using standalone mode), there is no guarantee that the Endpoint Policy -Manager GPCR data will not be corrupted when multiple admins try to access it at the same time. - -## Licensing - -Endpoint Policy Manager GPCR Server does not require any extra licensing to be used. Only computer -endpoints must be licensed for GPCR. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/overview.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/overview.md deleted file mode 100644 index 4cfdd79081..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/overview.md +++ /dev/null @@ -1,26 +0,0 @@ -# Setup and Clientless Auditing - -**Step 1 –** To set up clientless auditing, click the "Audit Setup..." button, as shown in -Figure 43. - -**NOTE:** For a video overview of this section, see the following link: Setup and Clientless -Auditing. - -![gpcr_server_with_push_mode_7](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/gpcr_server_with_push_mode_7.webp) - -Figure 43. Setting up clientless auditing. - -**Step 2 –** When you click on "Audit Setup...," you are provided two choices: do the complete setup -or change the security group (see Figure 44). Choose the option, "Create and deploy a scheduled task -to run the auditor executable and submit audit data." - -![gpcr_server_with_push_mode_8](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/gpcr_server_with_push_mode_8.webp) - -Figure 44. Two options for setting up clientless auditing. - -**Step 3 –** Then you can perform each step in the Audit Setup Wizard, as shown in Figure 45. These -steps are covered in the following sections. - -![gpcr_server_with_push_mode_9](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/gpcr_server_with_push_mode_9.webp) - -Figure 45. The Audit Setup Wizard. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/trial.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/trial.md deleted file mode 100644 index 40266b7d2b..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/trial.md +++ /dev/null @@ -1,4 +0,0 @@ -# How does Trial mode for Endpoint Policy Manager Group Policy Compliance Reporter work? - -See this -article: [What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/overview.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/overview.md deleted file mode 100644 index 806a447393..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/overview.md +++ /dev/null @@ -1,21 +0,0 @@ -# Group Policy Compliance Reporter - -Thank you for trying or purchasing Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy -Compliance Reporter (GPCR). Endpoint Policy Manager GPCR reports whether something you wanted -delivered by Group Policy actually was delivered by the Group Policy engine. Endpoint Policy Manager -GPCR is made up of the following components: - -- GPCR client (also known as the admin console): This is the main interface for Endpoint Policy - Manager GPCR. -- GPCR endpoints: These are the machines you wish to get Group Policy data from. -- GPCR server (optional): This enables endpoints to push data to a common collection point and - enables multiple administrators to share results and reuse each other's completed work. - -This document is both our QuickStart Guide and our full User Guide for Endpoint Policy Manager GPCR -and will help you understand the Endpoint Policy Manager GPCR system. For details on our other -products,  see theEndpoint Policy Manager website. After your testing is complete and you're ready -to license Endpoint Policy Manager GPCR, send an email to -[sales@endpointpolicymanager.com](mailto:sales@endpointpolicymanager.com) or call (800) 883-8002. - -**NOTE:** You may also wish to watch our Quickstart videos of Endpoint Policy Manager GPCR if you're -in a hurry: [Concepts and Quick Start](/docs/endpointpolicymanager/grouppolicycompliancereporter/concepts.md). diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/overview/knowledgebase.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/overview/knowledgebase.md deleted file mode 100644 index ccaa067bf6..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/overview/knowledgebase.md +++ /dev/null @@ -1,35 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Endpoint Policy Manager GP Compliance Reporter. - -## Getting Started - -- [What scenarios is PPGPCR not well suited for today?](/docs/endpointpolicymanager/grouppolicycompliancereporter/scenarios.md) -- [Do I need the Group Policy Compliance Reporter product if I use Endpoint Policy ManagerCloud or Endpoint Policy Manager MDM? (Or, how do I get delivery reports for Group Policy, Cloud or MDM directives?)](/docs/endpointpolicymanager/grouppolicycompliancereporter/deliveryreports.md) -- [What are the storage requirements when using PPGPCR with SQL server?](/docs/endpointpolicymanager/requirements/gpocompilancereporter/sqlserver.md) -- [Installing and Configuring Endpoint Policy Manager GPCR for use with SQL Server using SQL Authentication](/docs/endpointpolicymanager/grouppolicycompliancereporter/install.md) - -## Getting Licensed - -- [Is Endpoint Policy Manager Group Policy Compliance Reporter licensed on a per-user basis or a per-computer basis?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/basis.md) -- [What kinds of licenses are there for Endpoint Policy Manager Group Policy Compliance Reporter?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/types.md) -- [How many people can use Endpoint Policy Manager Group Policy Compliance Reporter?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/userlimit.md) -- [I want to generate Compliance reports on Microsoft GP Preferences/Admin Templates and/or Security Settings. Which license do I need?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/compliancereports.md) -- [Can I share Compliance Reports, tests and history across my team?](/docs/endpointpolicymanager/grouppolicycompliancereporter/shareacrossteam.md) -- [What's the difference between Pull Mode, Push Mode and Standalone and Server components in the Group Policy Compliance Reporter?](/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/difference.md) -- [How does Trial mode for Endpoint Policy Manager Group Policy Compliance Reporter work?](/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/trial.md) -- [Is there a minimum purchase for Endpoint Policy Manager Group Policy Compliance Reporter?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/minimum.md) -- [What happens if I try to use Endpoint Policy ManagerGroup Policy Compliance Reporter in unlicensed places? What happens if the Endpoint Policy Manager Group Policy Compliance Reporter license expires?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/expire.md) -- [What is "Truing Up" for On-Premise products?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/trueup.md) -- [What if I don't run the license tool to "True-Up" my Endpoint Policy Manager Group Policy Compliance Reporter every year?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/tool.md) -- [What if I pay for multiple years of Endpoint Policy Manager Group Policy Compliance Reporter in advance?](/docs/endpointpolicymanager/grouppolicycompliancereporter/license/multiyear.md) - -## Troubleshooting - -- [How can I use Group Policy Compliance Reporter with multiple domains?](/docs/endpointpolicymanager/grouppolicycompliancereporter/domainmultiple.md) -- [What Server-side items should I send to Tech Support if asked?](/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/serverside.md) -- [What does "Unsupported item" mean in PPGPCR reports and tests?](/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/unsupporteditem.md) -- [GPCR Snapshot fails with error "System.InvalidOperationException" when using a remote SQL server and one is a clone of the other](/docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexception.md) -- [When using a remote SQL Server, GPCR Snapshot fails with error "System.InvalidOperationException" and "MSDTC has been disabled" in Debug log](/docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexceptionmsdtc.md) -- [When does the Auditor process send up events to the server?](/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/processauditor.md) -- [How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?](/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/logenhanced.md) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/overview/videolearningcenter.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/overview/videolearningcenter.md deleted file mode 100644 index 450b4893c6..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/overview/videolearningcenter.md +++ /dev/null @@ -1,27 +0,0 @@ -# Video Learning Center - -See the following Video topics for Endpoint Policy Manager GP Compliance Reporter. - -## What does it do, and why do I need it? - -- [2 Minute Quick Overview for Managers](/docs/endpointpolicymanager/video/gpocompilancereporter/overviewmanager.md) -- [7 Minute Technical Overview for IT Pros](/docs/endpointpolicymanager/video/gpocompilancereporter/overviewtechnical.md) -- [Standalone Mode](/docs/endpointpolicymanager/video/gpocompilancereporter/modestandalone.md) -- [Server Mode](/docs/endpointpolicymanager/video/gpocompilancereporter/modeserver.md) - -## Getting Started - -- [Installing Compliance Reporter Server and Client](/docs/endpointpolicymanager/video/gpocompilancereporter/install.md) -- [Using Pull Mode (with or without PPGPCR server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepull.md) -- [Setting up Client-less Endpoint Auditing (Push Mode with Server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepush.md) -- [Enhanced Security for Server](/docs/endpointpolicymanager/video/gpocompilancereporter/securityenhanced.md) - -## Using Endpoint Policy Manager Group Policy Compliance Reporter - -- [Endpoint Policy Manager GP Compliance Reporter: Using an Existing GPO as a test](/docs/endpointpolicymanager/video/gpocompilancereporter/existinggpos.md) -- [Take existing GPOs and quickly bring them into PPGPCR (and keep them updated)](/docs/endpointpolicymanager/video/gpocompilancereporter/importgpos.md) -- [Import STIG files to make your applications more secure](/docs/endpointpolicymanager/video/gpocompilancereporter/importstig.md) - -## Troubleshooting - -- [Open required firewall ports](/docs/endpointpolicymanager/video/gpocompilancereporter/firewallports.md) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/client.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/client.md deleted file mode 100644 index b634e2a268..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/client.md +++ /dev/null @@ -1,31 +0,0 @@ -# Client (Admin Console) Installation - -Installation of the Endpoint Policy Manager GPCR client (admin console) should occur on each Group -Policy administrator's machine. There are no usage or licensing restrictions on the number of -installations of the Endpoint Policy Manager GPCR client (admin console) or on the number of -administrators using it. The Endpoint Policy Manager GPCR client (admin console) itself is not -licensed, but the endpoints you want to report on are. Installation of the GPCR client (admin -console) may be on any Windows 10 machine, 2012 Server machine or higher. It must have .NETFramework -3.5, and the Microsoft GPMC must be installed on the machine where you run the Endpoint Policy -Manager GPCR. - -To get started, run the Endpoint Policy Manager GPCR client (admin console) installation MSI and go -through the wizard, as shown in Figure 5. - -![gpcr_concepts_and_quickstart_6](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_6.webp) - -Figure 5. Using the wizard to install the Endpoint Policy Manager GPCR admin console. - -Beginning with version 21.1.2693.656, you cannot connect to an older version of the server. To -progress to the next step in the wizard you must accept this condition, as shown in Figure 6. - -![gpcr_concepts_and_quickstart_7](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_7.webp) - -Figure 6. The confirmation window. - -When you do this, the Endpoint Policy Manager GPCR client will appear on the Windows 10 or Windows -Server Start menu, as shown in Figure 7. - -![gpcr_concepts_and_quickstart_8](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_8.webp) - -Figure 7. Endpoint Policy Manager GPCR in the Start menu. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/licensing.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/licensing.md deleted file mode 100644 index 7d56071fd4..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/licensing.md +++ /dev/null @@ -1,99 +0,0 @@ -# Licensing Information - -Neither the Endpoint Policy Manager GPCR server nor the client (admin console) require a license; -but the endpoint does. - -**NOTE:** Watch this video to see how to request a license: -[How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md). - -**NOTE:** To install the license file received from Endpoint Policy Manager, see the following -video: -[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md). - -Note that since the Endpoint Policy Manager client (admin console) does not need to be licensed, you -may run unlimited numbers of it in any organizational unit (OU). The Endpoint Policy Manager client -does not have to receive license files in order to work properly. - -## Licenses and Reporting - -Table 1 provides more detail as to what is reported through Endpoint Policy Manager GPCR. - -Table 1: GPCR reporting. - -| If the target (endpoint) computer has… | Endpoint Policy Manager GPCR will… | -| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| No license | Return nothing in the RSOP report | -| The word "computer" in the name | Report everything: all Endpoint Policy Manager settings, Microsoft Admin Templates settings, Microsoft Group Policy Preferences settings, and Microsoft Security settings A computer acts as if it had a Endpoint Policy Manager GPCR license. | -| A Endpoint Policy Manager GPCR endpoint license | Report everything: all Endpoint Policy Manager settings, Microsoft Admin Templates settings, Microsoft Group Policy Preferences settings, and Microsoft Security settings The client machine will be fully licensed. | - -In order to get Microsoft data (policies, security, and preferences), license all endpoints for -Endpoint Policy Manager GPCR reporting. You may also license Endpoint Policy Manager GPCR endpoints -if you are not licensed for other Endpoint Policy Manager products. You are not required to purchase -other AppSets or policies if you only want to engage in Group Policy reporting via the Endpoint -Policy Manager GPCR. To get licensed, run the licensing tool (LT) to generate a license request key -(LRK), then send it to Endpoint Policy Manager Sales. - -## Supported Group Policy Settings for Reporting - -Supported and unsupported Group Policy settings within a GPO or test are shown in Table 2. - -Table 2: Group Policy supported and unsupported settings. - -| Data type | User Policies | Computer Policies | -| ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Endpoint Policy Manager settings (all) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Group Policy Admin Templates (all ADM(X) templates and settings) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Group Policy Security Settings | | | -| Windows | Security | | | -| Account Policies | Password Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Account Policies | Account Lockout Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Account Policies | Kerberos Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Local Policies | Audit Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Local Policies | User Rights Assignment | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Local Policies | Security Options | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Event log | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Windows Settings | | | -| Name resolution policy | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Scripts | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Policy-based QoS | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Public key policies | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | -| Software restriction policies | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | -| Restricted groups | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| System services | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Registry | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| File | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Wired network (IEEE 802.3) policies | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Windows firewall with advanced security | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Network list manager policies | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Wireless network (IEEE 802.11) policies | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Network access protection | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Application control policies (Applocker) | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| IP security policies on Active Directory | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Advanced audit policy configuration | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Group Policy Preferences (all are supported except those listed below) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Group Policy Preference data sources | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Scheduled tasks (immediate XP, scheduled XP) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Power options and scheme (for Windows XP) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| ODBC data source | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Folder options | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp)\* | -| Start menu (for XP) | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | -| Internet Explorer (5, 6, and 7) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Registry collection (special registry item type) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Folder redirection | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | -| Internet Explorer maintenance | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | -| Group Policy software install | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | -| Any third-party Group Policy Extension not from Endpoint Policy Manager | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | - -\*File type actions are not in the RSOP and thus show as "missing" in PPGPCR. - -**NOTE:** Endpoint Policy Manager GPCR is licensed per computer; if a particular endpoint is not -licensed, it will not return data. - -**NOTE:** It may look like there are more unsupported settings than supported settings. However, the -settings that are supported cover the top 90% of tasks that administrators typically do with Group -Policy and the unsupported settings cover the bottom 10%. We will be expanding coverage as needed in -the future. - -Endpoint Policy Manager Sales can send you a working Endpoint Policy Manager GPCR key. To install -the key, follow these instructions: -[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md). diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/overview.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/overview.md deleted file mode 100644 index 821fdb8cfa..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/overview.md +++ /dev/null @@ -1,6 +0,0 @@ -# Getting Ready - -In this initial Quickstart, we will be using the Endpoint Policy Manager GPCR client (admin console) -in pull mode only. For information about how use the Endpoint Policy Manager GPCR server in push -mode (which enables administrators to store and share data plus perform clientless auditing), see -the section called "GPCR Server with Push Mode." diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/shareacrossteam.md b/docs/endpointpolicymanager/grouppolicycompliancereporter/shareacrossteam.md deleted file mode 100644 index 4d2ca86e74..0000000000 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/shareacrossteam.md +++ /dev/null @@ -1,7 +0,0 @@ -# Can I share Compliance Reports, tests and history across my team? - -Yes, this is possible using the server component of the Netwrix Endpoint Policy Manager (formerly -PolicyPak) Group Policy Compliance Reporter. - -When the server component is used you can store and share tests, reports and history from a central -on-premise server across an entire team of Administrators. diff --git a/docs/endpointpolicymanager/install/antivirus.md b/docs/endpointpolicymanager/install/antivirus.md deleted file mode 100644 index ab80ab8273..0000000000 --- a/docs/endpointpolicymanager/install/antivirus.md +++ /dev/null @@ -1,152 +0,0 @@ -# How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE? - -With some Antivirus and other security engines it is necessary to exclude some Netwrix Endpoint -Policy Manager (formerly PolicyPak) items. - -Endpoint Policy Manager acts as part of the operating system, and, as such, can occasionally -conflict with some Antivirus programs. (McAfee, Sophos, etc.) - -Additionally, you can tell Endpoint Policy Manager to avoid conflict with Antivirus and security -engines if you know what processes are getting entangled. If you wish to do that, please see -[PolicyPak: Exclude Processes via ADMX](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/Video/GettingStarted/ADMX.htm) -for general how-to directions. - -We suggest proactively excluding the two processes below which could be blocked and prevented from -performing their jobs. - -- `PPWatcherSvc*.exe` (with \* being either the 32- or 64-bit version) -- `PPExtensionService.exe` (with \* being either the 32- or 64-bit version) - -You might need to also exclude these: - -- `%Programdata%\PolicyPak.` -- `%localappdata%\PolicyPak` - -For 32-bit machines: - -- `C:\Program Files\PolicyPak` -- `C:\ProgramData\PolicyPak` -- `C:\Program Files (x86)\PolicyPak\Application Manager\Client\*\PPReapplyOnLaunch32.dll ` (\* - should be replaced with your installed CSE version, i.e. 21.10.2943) -- `C:\Program Files (x86)\PolicyPak\Application Manager\Client\*\PPAppMgrClient.dll ` (\* should be - replaced with your installed CSE version, i.e. 21.10.2943) - -For 64-bit machines: - -- `C:\program files (x86)\PolicyPak` -- `C:\Program Files\PolicyPak` -- `C:\ProgramData\PolicyPak` -- `C:\Program Files\PolicyPak\Application Manager\Client\*\PPReapplyOnLaunch64.dll` (\* should be - replaced with your installed CSE version, i.e. 21.10.2943) -- `C:\Program Files\PolicyPak\Application Manager\Client\*\PPAppMgrClient.dll` (\* should be - replaced with your installed CSE version, i.e. 21.10.2943) -- `C:\Program Files\PolicyPak\Device Manager\Client\*\PPDMClient.dll` (\* should be replaced with - your installed CSE version, i.e. 21.10.2943) - -**CAUTION:** The above location paths must be matched to your installed CSE version. - -To cover all the bases please also exclude PPWatchersvc64.exe and PPWatchersvc32.exe from the -Exploit Mitigation feature. - -For SOPHOS users who receive: APCViolation exploit prevented in Endpoint Policy Manager Watcher -Service: - -- Check the Event details and then make an exception in the Exploit Protection setting -- The typical workaround is to add PPWatersvc64.exe as an exclusion to the Exploit Mitigation - -## IVANTI Heat Customers - -There are a couple of issues to keep in mind: - -First, please read -[ivanti forms Troubleshooting Application Conflicts for additional information.](https://forums.ivanti.com/s/article/Troubleshooting-application-conflicts-with-LES?language=en_US) - -The basic approach is to rename these files and then reboot to see if conflicts still occur. - -- `C:\Windows\System32\sxwmon64.dll` -- `32-bit: C:\Windows\System32\sxwmon32.dll` -- `64-bit: C:\Windows\SysWow64\sxwmon32.dll` - -## FORTINET Customers - -FortiNet / FortiClient version 6.0.8.0261 will not install the latest CSE and displays the following -error message during installation: - -![54_1_image](/img/product_docs/endpointpolicymanager/install/54_1_image.webp) - -Symptom: Error message when installing CSE: Could not write value `ExplorerCommandHandler` to key -`\SOFTWARE\Classes\exefile\shell\runasspecial` - -- The workaround is to update FortiClient to version 6.0.9.0277 or higher. - -## More Information / Micorosft A/V Products - -For more details on Windows Defender exclusions in general, please see -[The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/). - -## CARBON BLACK Customers - -During the installation of the Endpoint Policy Manager  CSE, you may encounter the following error -message: - -![54_2_image-20230330120114-2](/img/product_docs/endpointpolicymanager/install/54_2_image-20230330120114-2.webp) - -To work around this issue please add the following BYPASS policies for Endpoint Policy Manager as -shown below. - -![54_3_image-2](/img/product_docs/endpointpolicymanager/install/54_3_image-2.webp) - -## DEFENDER Customers - -During installation or removal of the Endpoint Policy Manager CSE you may run into this error: - -![defendererror](/img/product_docs/endpointpolicymanager/install/defendererror.webp) - -The Windows Application log will also show the following Error: - -Product: Netwrix Endpoint Policy Manager (formerly PolicyPak) Client-Side Extension -- Error 1721. -There is a problem with this Windows Installer package. A program required for this install to -complete could not be run. - -![defendererrorevent](/img/product_docs/endpointpolicymanager/install/defendererrorevent.webp) - -To work around this issue you need to add the following folder exclusions under **Attack Surface -Reduction** > **Attack Surface Rules**: - -- `C:\Program Files\PolicyPak\` -- `C:\ProgramData\PolicyPak\` - -![defendereditpolicy](/img/product_docs/endpointpolicymanager/install/defendereditpolicy.webp) - -See the Cloudbrothers article -[The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/) -for additional information on Windows Defender exclusions. - -## Netskope Customers - -For Netskope customers, this workaround was provided by another customer and may or may not work in -your circumstance. - -If when installing the Endpoint Policy Manager Cloud client, you get the experience below: - -![netskopeandcloud](/img/product_docs/endpointpolicymanager/install/netskopeandcloud.webp) - -Follow the steps to resolve Netskope errors. - -**Step 1 –** Create a `certpinned` app bypass including the 3 processes` ppcloudsvc.exe`, -`ppcloud.exe`, `rundll32.exe`. See Netskope's article -[Creating a Custom Certificate Pinned Application](https://docs.netskope.com/en/creating-a-custom-certificate-pinned-application/#creating-a-custom-certificate-pinned-application) -for additional information. - -**Step 2 –** Create a local domain bypass for `cloud-agent.endpointpolicymanager.com`. - -Explanation of Root Cause - -Many installed applications use embedded certificates for TLS communication. Netskope grabs all -https traffic for SSL decryption. This is not an issue when it comes to browsers because Netskope -swaps the certificate to something else that machines trust. However, with application certificates -(cert pinned apps), Netskope is unable to make the switch since the cert is embedded in the -application. - -These steps above provide a workaround for Netskope + Endpoint Policy Manager Cloud installation -issues. diff --git a/docs/endpointpolicymanager/install/citrixapplayering.md b/docs/endpointpolicymanager/install/citrixapplayering.md deleted file mode 100644 index 1b1365267a..0000000000 --- a/docs/endpointpolicymanager/install/citrixapplayering.md +++ /dev/null @@ -1,7 +0,0 @@ -# I want to use Endpoint Policy Managerwith Citrix App Layering (aka Unidesk). At which layer should I implement the Endpoint Policy Manager Client Side Extension? - -Citrix App Layering lets you add packages at the OS, PLATFORM or APP LAYER. - -While it ispossible that Netwrix Endpoint Policy Manager (formerly PolicyPak) should work at any -layer, we recommend the OS layer since Endpoint Policy Manager acts as part of the operating system -and is tightly integrated with Group Policy. diff --git a/docs/endpointpolicymanager/install/clientsideextension.md b/docs/endpointpolicymanager/install/clientsideextension.md deleted file mode 100644 index 761d327b6e..0000000000 --- a/docs/endpointpolicymanager/install/clientsideextension.md +++ /dev/null @@ -1,102 +0,0 @@ -# Deploying the Client-Side Extension to Multiple Clients - -The Netwrix Endpoint Policy Manager (formerly PolicyPak) directives you create are not performed on -clients unless the Endpoint Policy Manager client-side extension (CSE) is on the target machine and -the CSE is licensed. You may use any of the following methods to install the CSE for the first time -on your target machines: - -- One-by-one installation (good for test labs) -- Group Policy Software Installation (not recommended) -- Third-party software delivery mechanism (such as PDQ Deploy) -- Microsoft Endpoint Configuration Manager (MEMCM) software delivery -- Microsoft Endpoint Manager Intune software delivery -- Installation with startup scripts -- Building the Endpoint Policy Manager CSE into your virtual desktop infrastructure (VDI), desktop, - or laptop image -- Bootstrapping the CSE via RMM or another mobile device management (MDM) tool - -There's not a single right way to do this, but to make the installation as painless as possible, we -have included a few suggestions in the sections below to help you through the process. - -The Endpoint Policy Manager CSE ships as an MSI file and, as such, is very flexible in the initial -deployment and upkeep. - -In the next section, we will discuss the following three main ideas: - -- Using our recommended tool, PDQ Deploy -- Deploying the CSE using Group Policy Software Installation and upgrading an older version using - Group Policy Software Installation (not recommended) -- Using the PolicyPak's built-in CSE auto-update feature (which allows the programs to silently - download, update, and report on performing updates) - -## PDQ Deploy - -Our recommended tool of choice to get the Endpoint Policy Manager CSE deployed to multiple machines -is PDQ Deploy. PDQ Deploy has a free mode and a paid mode, which is reasonably priced. You can see -how to deploy a package with PDQ Deploy please see the -[Managing Group Policy using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/integration/pdqdeploy.md) -topic for additional information. - -## MDM, UEM, or RMM Tools - -Because the Endpoint Policy Manager CSE ships as an MSI file, you can quickly get this deployed -using Microsoft Endpoint Configuration Manager (MEMCM) software delivery, Microsoft Endpoint Manager -Intune software delivery, KACE, LANDesk, or anything else that deploys an MSI. Consult your tool's -documentation for MSI deployment best practices. - -## Group Policy Software Installation - -**NOTE:** You can also use Microsoft Group Policy Software Installation to deploy the Endpoint -Policy Manager CSE. However, software delivery (and removal) by Group Policy Software Installation -can be unreliable, and this method is not recommended. - -If you do choose to use it, the process can usually done in four steps: - -**Step 1 –** Set up a share or DFS point for which all clients have Read access. In our examples, -we've set up a share named Endpoint Policy Manager. - -**Step 2 –** Copy the Endpoint Policy Manager Client-Side Extension x32.msi for 32-bit systems or -Endpoint Policy Manager Client-Side Extension x64.msi for 64-bit systems to that share. - -**Step 3 –** Create a Group Policy Object (GPO) and link it to the organizational unit (OU) -containing the target computers. - -**Step 4 –** Use Group Policy Software Installation to deploy that file to all target computers. - -**NOTE:** To see a demonstration of this section, please watch these two tutorial videos: -[Mass Deploy the Endpoint Policy Manager CSE using GPSI](/docs/endpointpolicymanager/archive/massdeploy.md) and -[Upgrading the CSE using GPSI](/docs/endpointpolicymanager/archive/upgrading.md). In this example, we've created a GPO named -Deploy PP Client and linked it to East Sales Desktops. - -![Deploying Client Side](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_350x474.webp) - -**Step 5 –** Next, right-click the GPO and select **Edit**. Once you're inside the Group Policy -Editor, scroll down to **Computer** > **Configuration** > **Software Settings** > **Software -Installation**. Right-click, and select **New** > **Package**. - -![deploying_the_client_side_1_620x359](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_1_620x359.webp) - -**Step 6 –** Once this is complete, type in the server and share names you used. In our example, our -server is `\\DC-Computer` and our share is Endpoint Policy Manager. Then select the Endpoint Policy -Manager CSE Setup x64.msi file, and click **Open**. Next, choose **Assigned**, and select **OK**. - -![deploying_the_client_side_2_620x389](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_2_620x389.webp) - -![deploying_the_client_side_3_550x381](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_3_550x381.webp) - -When you're done, the GPO should look like this:. - -![deploying_the_client_side_4_1200x309](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_4_1200x309.webp) - -**Step 7 –** Repeat this process until both the x86 and x64 MSIs appear. - -![deploying_the_client_side_5_1200x240](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_5_1200x240.webp) - -**NOTE:** Be sure that the source field is pointing to a network path (e.g., `\\server\share`) and -not a local path (e.g., `c:\something\`). - -If you have an older version of the Endpoint Policy Manager CSE and wish to update it using Group -Policy Software Installation, it's easy to do. - -For more information on how to perform an upgrade using Group Policy Software Installation. See the -[Upgrading the CSE using GPSI](/docs/endpointpolicymanager/archive/upgrading.md) topic for additional information. diff --git a/docs/endpointpolicymanager/install/cloud/activedirectory.md b/docs/endpointpolicymanager/install/cloud/activedirectory.md deleted file mode 100644 index 3a32f076e3..0000000000 --- a/docs/endpointpolicymanager/install/cloud/activedirectory.md +++ /dev/null @@ -1,4 +0,0 @@ -# Is there an "Active Directory Connector" to map on-prem OUs and Groups to Endpoint Policy Manager Cloud? - -No, there is no Active Directory connector. Our feedback is that most companies don't want something -reaching into their Active Directory and causing a security concern. diff --git a/docs/endpointpolicymanager/install/cloud/client.md b/docs/endpointpolicymanager/install/cloud/client.md deleted file mode 100644 index 7ea92b06a6..0000000000 --- a/docs/endpointpolicymanager/install/cloud/client.md +++ /dev/null @@ -1,22 +0,0 @@ -# When must I use the Endpoint Policy ManagerCloud Client installer versus the on-prem Endpoint Policy Manager CSE? - -The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Client is the software you download -to enable a machine to join your instance of Endpoint Policy Manager Cloud, claim a license, and -download policies. - -The Endpoint Policy Manager Cloud Client will also download the Endpoint Policy Manager Client Side -Extension to process of the policies. - -When you install the Endpoint Policy Manager cloud client, the CSE is downloaded from the cloud -service automatically at the same time. - -To keep the Endpoint Policy Manager Cloud Client up to date, as well as the Endpoint Policy Manager -Client Side Extension, you need to be proactive. - -Please see this article for keeping things proactive: - -[https://www.endpointpolicymanager.com/resources/pp-blog/using-rings-to-test-and-update-the-policypak-client-side-extension-and-how-to-stay-supported/](https://www.endpointpolicymanager.com/resources/pp-blog/using-rings-to-test-and-update-the-policypak-client-side-extension-and-how-to-stay-supported/) - -This video also has some important information on how to perform updates: - -[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) diff --git a/docs/endpointpolicymanager/install/cloud/clientdomainnondomain.md b/docs/endpointpolicymanager/install/cloud/clientdomainnondomain.md deleted file mode 100644 index 2c239f9eb9..0000000000 --- a/docs/endpointpolicymanager/install/cloud/clientdomainnondomain.md +++ /dev/null @@ -1,7 +0,0 @@ -# Can I use an Endpoint Policy Manager Cloud installer and license for domain-joined and non-domain joined machines? - -Yes, you can install the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Client for all -Windows machines: non-domain joined and domain joined. That being said, the opposite is not true. -You cannot install the on-prem CSE and have it connect to the cloud service. You need the cloud -client to claim a cloud license, and that can be used for either/both Domain Joined and non-DJ -machines. diff --git a/docs/endpointpolicymanager/install/cloud/removeendpoint.md b/docs/endpointpolicymanager/install/cloud/removeendpoint.md deleted file mode 100644 index 1f1c88fdb7..0000000000 --- a/docs/endpointpolicymanager/install/cloud/removeendpoint.md +++ /dev/null @@ -1,7 +0,0 @@ -# If I want to totally stop using Endpoint Policy ManagerCloud on an endpoint, how would I remove the Endpoint Policy Manager Cloud client pieces remotely? - -If you use Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud UI and use the **Delete -permanently** command, the next time the Cloud Client syncs to the Cloud Service all cloud pieces -(Cloud agent and Cloud CSE) are physically removed from the endpoint automatically. - -![588_1_image001](/img/product_docs/endpointpolicymanager/install/cloud/588_1_image001.webp) diff --git a/docs/endpointpolicymanager/install/node.md b/docs/endpointpolicymanager/install/node.md deleted file mode 100644 index b0c740e8b8..0000000000 --- a/docs/endpointpolicymanager/install/node.md +++ /dev/null @@ -1,8 +0,0 @@ -# I installed the Admin Console MSI, but I don't see the Endpoint Policy Manager node when I go to edit a GPO. Why? - -For Windows 7 users, ensure you have .Net Framework 3.5 installed on your management station. Later -versions of .Net Framework are not compatible with Netwrix Endpoint Policy Manager (formerly -PolicyPak) on Windows 7. - -For users running Windows 8 and later, ensure you have .Net Framework 4.0 or higher installed on -your management station. diff --git a/docs/endpointpolicymanager/install/overview/knowledgebase.md b/docs/endpointpolicymanager/install/overview/knowledgebase.md deleted file mode 100644 index e2000e28a9..0000000000 --- a/docs/endpointpolicymanager/install/overview/knowledgebase.md +++ /dev/null @@ -1,70 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for all things installation and upkeep. - -## Method GPO: Initial Install - -- [Does Endpoint Policy Manager admin console need to be installed on Domain Controller (DC)?](/docs/endpointpolicymanager/install/adminconsole.md) -- [I installed the Admin Console MSI, but I don't see the Endpoint Policy Manager node when I go to edit a GPO. Why?](/docs/endpointpolicymanager/install/node.md) -- [What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?](/docs/endpointpolicymanager/install/methods.md) -- [When I edit the GPO, the settings don't seem to "stick"](/docs/endpointpolicymanager/troubleshooting/savesettings.md) - -## Method SCCM: Initial Install (or other systems) - -- [How do I deploy the Endpoint Policy Manager CSE via SCCM (or other systems management system) ?](/docs/endpointpolicymanager/install/sccm.md) - -## Method PDQ Deploy (recommended) - -- [Managing Group Policy using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/integration/pdqdeploy.md) - -## AntiVirus and other System Software - -- [I want to use Endpoint Policy Managerwith Citrix App Layering (aka Unidesk). At which layer should I implement the Endpoint Policy Manager Client Side Extension?](/docs/endpointpolicymanager/install/citrixapplayering.md) -- [How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md) -- [Why am I prompted about a Digitally Signed Driver for Endpoint Policy Manager CSE (and how do I work around it)?](/docs/endpointpolicymanager/troubleshooting/install/digitallysigneddriver.md) -- [Why won't the Endpoint Policy Manager services start, with an error like (or similar to) "Verify that you have sufficient privileges to start system services."?](/docs/endpointpolicymanager/troubleshooting/error/install/sufficientprivileges.md) - -## Performance Related Questions - -- [I see many instances of the Endpoint Policy Manager Watcher (ppWatcher) service running on my clients, is that normal? And how can I check memory usage?](/docs/endpointpolicymanager/troubleshooting/watcherservicememoryusage.md) -- [How would I verify if Endpoint Policy Manager Client Side Extension is / is not causing high or CPU disk slowdowns?](/docs/endpointpolicymanager/troubleshooting/cpuslowdown.md) - -## Install and Upgrade Troubleshooting - -- [The CSE won't uninstall or allow in-place upgrade. What should I do?](/docs/endpointpolicymanager/troubleshooting/install/uninstall.md) -- [How do I troubleshoot slow logins (or other login problems), user profile issues, explorer.exe or other Windows problems? What if I'm having problems on ONE (or very few PCs)?](/docs/endpointpolicymanager/troubleshooting/slowlogins.md) -- [What can I do if I installed a new CSE version and it's causing problems (slowdowns or other issues?)](/docs/endpointpolicymanager/troubleshooting/install/newversionissues.md) -- [How do I enable a STANDARD USER to see the COMPUTER SIDE RsOP ?](/docs/endpointpolicymanager/troubleshooting/computersidersop.md) -- [I am getting an error about "GPSVC failed at sign-in". This error occurs exactly one time. What does this mean?](/docs/endpointpolicymanager/troubleshooting/error/gpsvcfailed.md) -- [The removal of the assignment of application Endpoint Policy Manager Client-Side Extension (32bit) from policy failed](/docs/endpointpolicymanager/troubleshooting/assignmentremovalfailed.md) - -## Misc Installation questions - -- [What if I accidentally install the 32 bit version of Endpoint Policy Manager on a 64 bit machine or vice versa?](/docs/endpointpolicymanager/troubleshooting/bitversion.md) -- [Why does Endpoint Policy Manager require a CSE / client installation piece? I want to do it all using what Microsoft ships in the box but don't want to install anything else.](/docs/endpointpolicymanager/install/clientsideextension/why.md) -- [How can I fix Outlook To-Do bar flashing when GP or Endpoint Policy Manager does a background refresh?](/docs/endpointpolicymanager/troubleshooting/outlook.md) -- [What must I install on Windows 7 to make Endpoint Policy Manager work as expected?](/docs/endpointpolicymanager/requirements/windows7.md) - -## Best Practices / Keeping up to Date with releases - -- [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) -- [What are the Endpoint Policy Manager Build and Version numbers?](/docs/endpointpolicymanager/troubleshooting/versions.md) -- [When should I upgrade or not upgrade the Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/upgrade/frequency.md) -- [How often is Endpoint Policy Manager updated? And, must I update to the latest version? Are all versions supported?](/docs/endpointpolicymanager/install/update/frequency.md) -- [How to trigger an update of the Endpoint Policy ManagerClient Side Extension and Cloud Client via command line using Endpoint Policy Manager Cloud versus Group Policy (OnPrem) Edition](/docs/endpointpolicymanager/install/update/commandline.md) - -## Updating Endpoint Policy Manager with Active Directory / GPOs - -- [How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?](/docs/endpointpolicymanager/install/ringsupgrade.md) -- [CSE Autoupdate Update.Config file Usage and Parameters (before CSE 2725)](/docs/endpointpolicymanager/install/update/config.md) -- [How can I use the Endpoint Policy ManagerPowerShell module to know which GPOs have any Endpoint Policy Manager data or directives?](/docs/endpointpolicymanager/troubleshooting/powershell/datadirectives.md) - -## Backup and Restore - -- [Endpoint Policy Manager details with GPO contents appear deleted. How can I restore them?](/docs/endpointpolicymanager/troubleshooting/restoredetails.md) - -## Uninstallation or Rollback of Endpoint Policy Manager - -- [How do I uninstall Endpoint Policy Manager?](/docs/endpointpolicymanager/install/uninstall.md) -- [How to Rollback CSE version from newer to older using PowerShell](/docs/endpointpolicymanager/troubleshooting/clientsideextension/rollback.md) -- [How can I uninstall the Least Privilege Manager client for MacOS?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/uninstall.md) diff --git a/docs/endpointpolicymanager/install/overview/videolearningcenter.md b/docs/endpointpolicymanager/install/overview/videolearningcenter.md deleted file mode 100644 index 009f0b5edf..0000000000 --- a/docs/endpointpolicymanager/install/overview/videolearningcenter.md +++ /dev/null @@ -1,7 +0,0 @@ -# Video Learning Center - -See the following Video topics for all things installation and upkeep. - -## Method GPO (and Active Directory): Keeping up to date - -- [Auto-updating the CSE](/docs/endpointpolicymanager/video/install/autoupdate.md) diff --git a/docs/endpointpolicymanager/install/powershell.md b/docs/endpointpolicymanager/install/powershell.md deleted file mode 100644 index 6b3b87ad75..0000000000 --- a/docs/endpointpolicymanager/install/powershell.md +++ /dev/null @@ -1,172 +0,0 @@ -# Endpoint Policy Manager and PowerShell - -Netwrix Endpoint Policy Manager (formerly PolicyPak) has a PowerShell module that can perform some -key tasks. As of the writing of this manual, the PowerShell cmdlets can perform licensing steps and -discover Endpoint Policy Manager items within a Group Policy Object (GPO). The Endpoint Policy -Manager PowerShell module is located in the Endpoint Policy Manager Extras folder you downloaded. - -![policypak_and_powershell_1200x787](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_1200x787.webp) - -Run the Endpoint Policy Manager PowerShell Tools installer. The Endpoint Policy Manager PowerShell -modules will be installed to `>c:\Program Files\PolicyPak1\Tools\Modules\PolicyPak`. - -At a Powershell prompt run the command `>Import-Module endpointpolicymanager.psd1.` If you add the -`>-verbose `command you will see all of the available cmdlets. - -![policypak_and_powershell_1_1200x974](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_1_1200x974.webp) - -## Endpoint Policy Manager PowerShell and Licensing Endpoint Policy Manager - -To import a module, you need to call `>Import-Module Endpoint Policy Manager `in PowerShell. At the -time of the publication of this manual, all Endpoint Policy Manager cmdlets are for a licensing -component that requires the following commands: - -- Importing cmdlet '`Get-PPCses`' -- Importing cmdlet '`Get-PPGPOs`' -- Importing cmdlet '`Get-RegisteredCses`' -- Importing cmdlet '`Register-PPLicenses`' -- Importing cmdlet '`Test-PPLicense`' -- Importing cmdlet '`Disable-InactiveComputers`' -- Importing cmdlet '`Get-InactiveComputers`' -- Importing cmdlet '`Get-PPLicenses`' -- Importing cmdlet '`Register-PPLicense`' -- Importing cmdlet '`New-PPLicenseRequestFile`' - -To generate a new Endpoint Policy Manager license request, there are two methods. Method 1 requires -using the existing Microsoft cmdlet Get-ADOrganizationalUnit as shown below. - -`># New-PPLicenseRequest` - -`>Import-Module ActiveDirectory` - -`>Import-Module PolicyPak` - -`>$scope = Get-ADOrganizationalUnit -Filter {(name -eq "OU2") -or (name -like "Domain*") -or (name -like "Real*")} -Property * | FT DistinguishedName -A -HideTableHeaders | Out-String` - -`>$som = Get-ADOrganizationalUnit -Filter {(name -like "Real*") -or (name -like "Domain*")} -Property * | FT DistinguishedName -A -HideTableHeaders | Out-String` - -`>New-PPLicenseRequestfile "C:\Temp\request1.xml" -Scope $scope -Som $som -Verbose ` - -The request output is shownbelow. - -![policypak_and_powershell_2](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_2.webp) - -**NOTE:** To understand scope versus SOM, see -[Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager?](/docs/endpointpolicymanager/license/activedirectory/scope.md). - -Method 2 requires indicating specific organizational units (OUs), as shown below. In this example, -the scope is the whole domain, but the SOM is the Sales OU within the Fabrikam.com domain. Below is -an example script which requests a new license file from a specific SOM and scope. - -`># New-PPLicenseRequest` - -`>Import-Module ActiveDirectory` - -`>Import-Module PolicyPak` - -`>$scope = "DC=Fabrikam, DC=com" ` - -`>$som = "OU=Sales, DC=Fabrikam, DC=com"` - -`>New-PPLicenseRequestFile "E:\Downloads\adcomputer.text.new.xml" -scope $scope -som $som -Verbose` - -`>#---` - -![policypak_and_powershell_3_1200x833](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_3_1200x833.webp) - -The next cmdlet enables you to determine how many computers are not active. - -`># Get-InactiveComputers` - -`>Import-Module PolicyPak` - -`>Get-InactiveComputers -LastLoginTime 90 -inu -Verbose` - -`>#---` - -The result from this cmdlet is shown below. - -![policypak_and_powershell_4_950x333](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_4_950x333.webp) - -``` ->The next cmdlet disables inactive computers.># Disable-InactiveComputers ->Import-Module PolicyPak ->Disable-InactiveComputers -LastLoginTime 900 -Verbose ->#--- -``` - -You can then see the machines are disabled: - -![policypak_and_powershell_5_1200x561](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_5_1200x561.webp) - -When the next cmdlet is run, you can see if the license file you got from Endpoint Policy Manager -was valid. Note that you might have to run the cmdlet on each Endpoint Policy Manager license file -you get. - -``` -># Test-PPlicense>Import-Module PolicyPak ->Test-PPlicense  ->"C:\Users\server\Desktop_licenses\license_1.xml" -verbose ->Test-PPlicense  ->"C:\Users\server\Desktop_licenses\license1.xml" -verbose ->Test-PPlicense  ->"C:\Users\server\Desktop_licenses\license2.xml" -verbose ->Test-PPlicense  ->"C:\Users\server\Desktop_licenses\FIRSTLicense-Request-Key.xml" -verbose ->#--- -``` - -You can then see that the license is valid: - -![policypak_and_powershell_6_950x148](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_6_950x148.webp) - -When the next cmdlet is run, you can create a new GPO and link it to the scope. - -``` -># Register-PPlicense>Import-Module PolicyPak ->Register-PPlicense  ->"C:\Users\server\Desktop_licenses\license1.xml" -e $True -verbose  -``` - -You can then see the successful installation: - -![policypak_and_powershell_7_1200x328](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_7_1200x328.webp) - -The next cmdlet will specify a GPO by GUID. - -``` ->#Register-PPlicense >"C:\Users\server\Desktop_licenses\license1.xml" -e $True -mgpo "96A61654-8363-444B-97AC-47D466FE12EE" -verbose  ->#--- -># Get-PPlicenses ->Import-Module PolicyPak ->Get-PPlicenses -Verbose ->#--- -``` - -The result is shown below. You can see the GPO name, scope, expiration date of the license, Endpoint -Policy Manager license version type, and validation status of the license. - -![policypak_and_powershell_8_1200x803](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_8_1200x803.webp) - -## Endpoint Policy Manager PowerShell and Discovery - -Endpoint Policy Manager can help you discover which GPOs contain Endpoint Policy Manager directives. -After you have performed the import of the Endpoint Policy Manager module with Import-Module -PolicyPak, you can use cmdlets like the following examples: - -- `>Get-PPCses`: shows Endpoint Policy Manager client-side extension (CSE) names and guids -- `>Get-PPGPOs -cse "Security"`: same as above, but searches for CSEs with "security" in the name - (case insensitive) -- `>Get-RegisteredCses`: shows CSEs registered in the system -- `>Get-PPGPOs | Format-Table -wrap`: shows all GPOs with any Endpoint Policy Manager product as a - table (You can see this in Figure 26 below.) -- `>Get-PPGPOs | Select -ExpandProperty "GPO"`:  shows all GPOs with Endpoint Policy Manager - products as names only -- `>Get-PPGPOs -cse "Security" | Select -ExpandProperty "GPO"`: shows all GPOs with any Endpoint - Policy Manager products with "security" in the title -- `>Get-PPGPOs -cse "E0088A46-AB54-4FBD-A733-303C58244C5E"`: shows all GPOs based on CSE GUID - -![Text - -Description automatically -generated](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_9_850x594.webp) diff --git a/docs/endpointpolicymanager/install/services.md b/docs/endpointpolicymanager/install/services.md deleted file mode 100644 index c90b0c63f1..0000000000 --- a/docs/endpointpolicymanager/install/services.md +++ /dev/null @@ -1,53 +0,0 @@ -# What are the services installed by Endpoint Policy Manager? - -Group Policy has its own services which handle the deployment and enforcement of policy when -initiated manually or on a defined interval. - -You can see the Group Policy Client Service from Microsoft here. This is what downloads GPOs, which -may or may not contain Netwrix Endpoint Policy Manager (formerly PolicyPak) data. - -![322_1_grouppolicyclient](/img/product_docs/endpointpolicymanager/install/322_1_grouppolicyclient.webp) - -Endpoint Policy Manager provides (via Group Policy, Endpoint Policy Manager Cloud or MDM delivery) a -vast array of powerful and unique policies not possible with Group Policy alone. Many of these -unique policies must be enforced in real-time. - -There are 3 services created by the CSE. - -- Endpoint Policy Manager Helper Service (64-bit) -- Endpoint Policy Manager Watcher Service (64-bit) -- Endpoint Policy Manager Watcher Service (32-bit) - -![322_2_policypakservices](/img/product_docs/endpointpolicymanager/install/322_2_endpointpolicymanagerservices.webp) - -The Endpoint Policy Manager services provide this real-time enforcement of policies. For instance, -when you use Endpoint Policy Manager to perform the following: - -- Setting and locking down application settings (PP Application Manager) -- Making sure users only execute allowed applications (PP Least Priv / SecureRun). -- Allowing users to [run applications or access settings that require administrative privileges - without giving them full - privileges](https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html on their - system.) (PP Least Priv.) -- Manage Java control (PP Java Rules Manager.) - -The Watcher Services for PP Application Manager does what it implies: watches items in real-time. -This implements the AppLock and some real-time enforcement. - -We need three services because we support both 32 & 64 bit applications (on 64-bit machines). - -The Watcher Service is also involved in the PolicyPak CSE Auto-Updater. When the Watcher Service is -disabled, you cannot perform the automatic on-prem update of the CSE. For more information on the -automatic update feature, see the -[Rings with Endpoint Policy Manager and Active Directory](/docs/endpointpolicymanager/install/upgrade/rings/activedirectory.md) topic. - -The Helper Service is required, handles a variety of functions, and is used across all of PP's -components. We need more services than just Group Policy because we do much more than Group Policy -can by itself. - -The Group Policy service from Microsoft simply downloads and applies GPOs and passes the data onward -to a corresponding Client Side Extension. - -Endpoint Policy Manager's components are also architected as Client Side Extensions, but CSEs cannot -continue to perform duties in real-time, only services can do that. Therefore, Endpoint Policy -Manager has some services to watch over and perform items in realtime. diff --git a/docs/endpointpolicymanager/install/uninstall.md b/docs/endpointpolicymanager/install/uninstall.md deleted file mode 100644 index f7c1b97e28..0000000000 --- a/docs/endpointpolicymanager/install/uninstall.md +++ /dev/null @@ -1,45 +0,0 @@ -# How do I uninstall Endpoint Policy Manager? - -We suggest you read this all the way through before you attempt to uninstall Netwrix Endpoint Policy -Manager (formerly PolicyPak). - -You uninstall Endpoint Policy Manager the same way you installed it, but in reverse. In short, the -steps are: - -**Step 1 –** Delete GPOs which have Endpoint Policy Manager licensing information. - -**Step 2 –** Delete GPOs which have Endpoint Policy Manager directives (or delete the Endpoint -Policy Manager entries within the GPOs.) - -**Step 3 –** Remove the CSE from all client computers. Use Add/Remove Programs to do this manually, -or use your software installation software to perform the removal. - -**Step 4 –** Remove the Endpoint Policy Manager GPMC add-on from your management stations. - -**Step 5 –** Remove the Paks in the Central Store, or, if you used Share Based storage, remove the -share and delete the Pak files. - -Endpoint Policy Manager doesn't leave any trace on your domain, because the directives are contained -within the GPOs. - -That being said, if you merely delete the GPOs and/or remove the CSEs, you might leave data on the -machine. This might be desired or undesired. You should plan accordingly before performing the -removal steps above. - -In order to get revert to work, depending on the component or item type, you may need to pre-set up -your revert process in advance. - -For Endpoint Policy Manager Application Manager and all Group Policy Preferences settings you need -to expressly declare in advance what the revert behavior should be. By default, neither Endpoint -Policy Manager Application Manager nor the Group Policy Preferences will automatically revert when -you uninstall the Client Side Extension. You would be leaving the last written data behind. For more -information, please see -[How do I ensure that settings will revert when the policy no longer applies (by Group Policy, File, or Endpoint Policy Manager Cloud)?](/docs/endpointpolicymanager/troubleshooting/settingsrevert.md) - -Then, beyond that, most Endpoint Policy Manager specific settings will stop working and let you -continue onward. For more information on this process, please see -[What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/license/unlicense/components.md) - -Finally, there is a specific cosmetic issue with regards to Endpoint Policy Manager Browser Router -removal and Default Browser. For more information on this issue and how to deal with it, please see -[When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS "default browser". Why is that and is there a workaround?](/docs/endpointpolicymanager/troubleshooting/browserrouter/install/defaultbrowser.md). diff --git a/docs/endpointpolicymanager/install/update/commandline.md b/docs/endpointpolicymanager/install/update/commandline.md deleted file mode 100644 index fdd406c47d..0000000000 --- a/docs/endpointpolicymanager/install/update/commandline.md +++ /dev/null @@ -1,50 +0,0 @@ -# How to trigger an update of the Endpoint Policy ManagerClient Side Extension and Cloud Client via command line using Endpoint Policy Manager Cloud versus Group Policy (OnPrem) Edition - -## Using Endpoint Policy Manager Cloud - -From a CMD prompt, run `ppcloud /cseupdatenow` or`ppcloud /update` (both commands do the same thing) -Check for updated cloud client and client-side extensions and install them, if any are available. - -From more information seeRecommendations when using Netwrix Endpoint Policy Manager (formerly -PolicyPak) Cloud: Rings and Rollouts in the topic below. - -- [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) - -**NOTE:** When using the commands above both the CSE and PPC client will be updated if new versions -are available. - -## Using Endpoint Policy Manager Group Policy (OnPrem) Edition - -From a CMD prompt run `ppupdate`followed by one of the switches in the examples provided below. - -**NOTE:** These switches are dependent on having the CSE MSI files present in the Central Store See -Active Directory Options 2 & 3 in the KB below for more information. - -[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) - -Examples: - -``` -ppupdate /cseupdate -``` - -Forces CSE to immediately re-read `update.config` - -Check for updates will be performed on schedule. - -``` -ppupdate /cseupdatenow -``` - -Forces CSE to immediately re-read `update.config`, checks for updates and installs them if any are -available. - -Using this option will also reset the schedule. - -``` -ppupdate /cseupdatenow /force  -``` - -When specified along with /cseupdatenow, forces CSE to check for updates even when automatic updates -are disabled in `update.config`. This option is useful for those who want to check for updates on -their own schedule. diff --git a/docs/endpointpolicymanager/install/update/frequency.md b/docs/endpointpolicymanager/install/update/frequency.md deleted file mode 100644 index 40c748c50a..0000000000 --- a/docs/endpointpolicymanager/install/update/frequency.md +++ /dev/null @@ -1,31 +0,0 @@ -# How often is Endpoint Policy Manager updated? And, must I update to the latest version? Are all versions supported? - -There are several parts to Netwrix Endpoint Policy Manager (formerly PolicyPak) -[What items and components are licensed, and what components are free?](/docs/endpointpolicymanager/license/components.md) - -When people ask us how often Endpoint Policy Manager is updated, they usually want to know when Paks -and/or the CSE are updated. - -The Paks are updated as needed. See -[AppSets: What is the official support policy for the pre-configured AppSets?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/supportpolicy.md) - -The CSE is updated for emergency bug fixes right away. The CSE is updated for low-priority bug fixes -about 3 to 4 times a year. We typically launch new features at the same time. - -You don't need to update to other parts of Endpoint Policy Manager, like the MMC snap in, GPOTouch -utility, and License Utility. These are also updated as needed. - -From a Endpoint Policy Manager supportability perspective, we only ever truly support the currently -shipping version. - -That being said, you're welcome to use the version you want until one of three things occurs: - -- There's a feature you want to take advantage of that's only in a newer version -- A bug that's fixed that's only on the CSE -- A bug / feature that's only fixed when both the Pak and CSE are updated - -So, if you found a bug which could only be fixed inside the CSE, we would simply update the latest -shipping CSE version and put out the next shipping version for all customerswith the bug fix. - -In this way, the closer you are to latest version the easier the transition to the latest version -will be, should the need arise. diff --git a/docs/endpointpolicymanager/install/upgrade/frequency.md b/docs/endpointpolicymanager/install/upgrade/frequency.md deleted file mode 100644 index 9270c19054..0000000000 --- a/docs/endpointpolicymanager/install/upgrade/frequency.md +++ /dev/null @@ -1,25 +0,0 @@ -# When should I upgrade or not upgrade the Endpoint Policy Manager CSE? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE is updated from time to time to add -features and fix bugs. - -Generally, when we publish an update, we either say: - -- This is a recommended update for all customers or This is a minor update to fix the following - issues. -- It's up to you to read the build notes and decide if you should upgrade. -- But in general, if this is a recommended update for all customers, then you should almost - certainly do that. - -That being said, if you are not at the latest version of the PP CSE, and you open a support ticket, -one of the first troubleshooting steps we ask of all customers is to get on the latest CSE on one or -two affected test machines. - -If a bug is identified in the latest shipping build, then we will supply a fix and publish a new -update. - -In oher words, Endpoint Policy Manager ONLY supports and makes fixes for the latest CSE, and never -supports any older CSEs. - -So the best practice is to stay updated so that if you do find an issue that requires attention, the -problem is not compound by being months or years behind. diff --git a/docs/endpointpolicymanager/install/upgrade/overview.md b/docs/endpointpolicymanager/install/upgrade/overview.md deleted file mode 100644 index a5d19a4307..0000000000 --- a/docs/endpointpolicymanager/install/upgrade/overview.md +++ /dev/null @@ -1,47 +0,0 @@ -# Upgrade Guidance - -How to Stay Supported - -Only the latest client-side extension (CSE) in the Portal or Netwrix Endpoint Policy Manager -(formerly PolicyPak) Cloud, the one with the most fixes and features, is fully supported. - -**NOTE:** To better understand Endpoint Policy Manager build and version numbers, see the -[What are the Endpoint Policy Manager Build and Version numbers?](/docs/endpointpolicymanager/troubleshooting/versions.md) -topic for additional information. - -Just because you are unable to stay current (or nearly current) with the Endpoint Policy Manager CSE -rollouts, does not mean that you lose support. You are always supported, regardless of the CSE -version you have on your machine. However, if you find a bug, problem, inconsistency, or other -issue, then Endpoint Policy Manager support will direct you to update (at least) one machine with -the very latest CSE on it for investigation. We will also ask for log files from that machine after -you have reproduced the issue. In other words, as a general rule, we will typically not begin to -investigate your issue unless you can reproduce it on a machine with the latest CSE. There is no -value in investigating old CSE behavior because the problem could already be fixed in the latest -version, and logging improvements could be present in the latest CSEs. Additionally, if your request -involves us investigating the log files, similarly, we will not ask for nor investigate any log -files unless the problem is reproducible on the latest CSE. - -From a practical perspective, you should attempt to have your Windows 10 machines on a CSE that was -shipped at least within the last full year. Six months is better, and three months is even better. -Upgrades should go smoothly from any CSE to any other CSE, but those are not expressly tested. We -only test the previous CSE to current CSE upgrade path. Therefore, when you stay as close to our -currently shipping CSE as possible, you're likely going to get the best experience, latest testing, -and fewest problems overall.A best practice is to stay up to date on the latest version available. - -Furthermore, because corporate PCs are typically full of applications, system software, and possibly -other unusual circumstances, we strongly recommend you have at least one clean machine for ongoing -testing. A clean machine would have the following installed: - -- Latest version of Windows 10 -- Latest version of Microsoft Edge -- Latest version of Chrome or other browsers -- Onlysoftware that Endpoint Policy Manager might be controlling, such as that required with - Endpoint Policy Manager Application Settings Manager, Endpoint Policy Manager Least Privilege - Manager, Endpoint Policy Manager Start Screen & Taskbar Manager, etc. -- Not much else, and specifically, no third-party system software or A/V software other than - Endpoint Policy Manager. - -This way you can install the latest Endpoint Policy Manager CSE by hand and do some testing of a new -CSE before you attempt to roll it out to more client machines. Then, if you encounter a bug, you can -quickly validate your bug report and collect logs from a machine that is available whenever you need -it, not just when the user is available. diff --git a/docs/endpointpolicymanager/install/upgrade/rings/activedirectory.md b/docs/endpointpolicymanager/install/upgrade/rings/activedirectory.md deleted file mode 100644 index c7c89f0edc..0000000000 --- a/docs/endpointpolicymanager/install/upgrade/rings/activedirectory.md +++ /dev/null @@ -1,104 +0,0 @@ -# Rings with Endpoint Policy Manager and Active Directory - -There are several ways to make rings when you have machines joined to Active Directory using a -third-party software installation mechanism, or the Endpoint Policy Manager built-in CSE updater. We -describe these options in the sections that follow. - -## Third-Party Software Deployment Tools - -The first option for using rings with Endpoint Policy Manager and Active Directory is to make rings -with third-party software deployment tools. This is the recommended method for using rings. Chances -are you already have some kind of on-prem software deployment system to perform your software -updates, like, for example: - -- PDQ Deploy (recommended by us here at Endpoint Policy Manager for on-prem software installs) -- Microsoft SCCM -- KACE - -Whichever software deployment tool you are using, we recommend you make the following three rings -for your CSE rollout: - -- Allocate 2–5% of your computers to get the latest CSE update (as soon as possible). If something - goes wrong, you will know about it now and can get support. -- If all goes well, increase the percentage of computers receiving the update to 10–50%. -- If there are no issues, increase that to 50–100%. - -The idea of rings (or collections, groups, etc.) varies from tool to tool in the following ways: - -- For SCCM, you use collections and make them act like rings. The rule you create would essentially - look for no CSE or an earlier CSE version.For( more information on this, see the Microsoft article - on - [How to create collections in Configuration Manager](https://learn.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections) -- For PDQ Deploy, you use targets and make them act like rings. You can select Active Directory - groups, text files with specific computers, PDQ Inventory groups, and other group lists. For more - information on this, see PDQ's article - [Optimizing Deployment](https://documentation.pdq.com/PDQDeploy/13.0.3.0/index.html?optimize-deploy.htm) - for additional information. -- For other on-prem tools, see your corresponding documentation. - -**NOTE:** While it's possible to deploy the Endpoint Policy Manager CSE via Microsoft's Group Policy -software installation, it is not recommended. The best practice to deploy the Endpoint Policy -Manager CSE, should you have no on-prem software deployment tool, is the free version of PDQ Deploy. -For more information, see the video series at -[https://www.endpointpolicymanager.com/integration/endpointpolicymanager-and-pdq.html](https://www.endpointpolicymanager.com/integration/endpointpolicymanager-and-pdq.html). - -## Endpoint Policy Manager CSE Auto-Updater - -The second way to use rings with Endpoint Policy Manager and Active Directory is by using the -built-in Endpoint Policy Manager CSE update mechanism. This is an excellent choice when using rings -since not everyone has a third-party software deployment tool. - -**NOTE:** While it is possible to deploy the Endpoint Policy Manager CSE via Microsoft's Group -Policy software installation, it is not recommended. Our official recommended way to deploy the -client is via a tool like PDQ Deploy, SCCM, etc. - -As an alternative, you can use the Endpoint Policy Manager CSE Auto-Updater. The general idea with -this process is that if you put the CSE in the Central Store, then the CSE will automatically look -for updates, perform the update, and optionally report on the update. - -To implement the idea of rings, we have added this capability to the configurable options of the CSE -Auto-Updater. The CSE Auto-Updater will honor one of two types of rings procedures: - -- Ring Type 1: Use specific dates and times to make rings and perform a rollout. With this type, you - set specific dates and times for the machines to get the updates. -- Ring Type 2: Use a relative number of hours to make rings and perform a rollout. With this type, - you separate your rings by the number of hours between updates. - -See the -[How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?](/docs/endpointpolicymanager/install/ringsupgrade.md) topic -for additional information. - -## Endpoint Policy Manager CSE Auto-Updater in Reverse - -The third option for using rings with Active Directory is to use the built-in Endpoint Policy -Manager CSE update mechanism in an alternative manner. You can use a similar technique as Option 2, -which uses an `update.config` file, but in reverse. - -**Step 1 –** Place the updated CSE in the Central Store. - -**Step 2 –** Create the `update.config` file, and specify that the technique will be disabled and -always be off. You do this with the `Enabled=False` parameter. - -**Step 3 –** Clients can only be upgraded when an admin (or system wide script) runs -`ppupdate /cseupdatenow /force`. - -**Step 4 –** This command will override the `Enabled=False` parameter and force an update on clients -with the latest CSE from the Central Store. - -**Step 5 –** You can automate this signal using a script, Endpoint Policy Manager Scripts & -Triggers, SCCM, or any other another technique, and the machine will upgrade. - -## Endpoint Policy Manager Remote Work Delivery Manager - -The last way to use rings with Active Directory is by using Endpoint Policy Manager Remote Work -Delivery Manager to specify an update. This is not strongly recommended, but could work, depending -on your situation. In this process you can create the rings using Active Directory groups or any -other targeting, and then sending a CSE update to specific machines as you see fit. - -**NOTE:** See the -[How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?](/docs/endpointpolicymanager/remoteworkdelivery/updateclientsideextension.md) -topic for additional information. - -See the -[Using Remote Work Delivery Manager to Update the Endpoint Policy Manager Client Side Extension](/docs/endpointpolicymanager/video/remoteworkdelivery/updateclientsideextension.md)video for -additional information. diff --git a/docs/endpointpolicymanager/install/upgrade/rings/cloud.md b/docs/endpointpolicymanager/install/upgrade/rings/cloud.md deleted file mode 100644 index ade7f2ee08..0000000000 --- a/docs/endpointpolicymanager/install/upgrade/rings/cloud.md +++ /dev/null @@ -1,31 +0,0 @@ -# Rings with Endpoint Policy Manager Cloud - -In Endpoint Policy Manager Cloud, because the concept of groups is already used, you can consider a -Endpoint Policy Manager Cloud group like a ring. You can choose a group and manually specify to use -a particular version of the CSE on that group. You can also specify to use a particular version of -the CSE or Cloud Client everywhere (using the special "ALL" groups). Therefore, the following steps -are recommended: - -**Step 1 –** Set up a group of 2–5% of your computers. When a new CSE or Cloud Client is released, -you should opt in and use this group to start testing and verify success. If there is a problem, you -can raise it to the Endpoint Policy Manager support team and we will work with you. - -**Step 2 –** If all goes well, you can roll out the latest CSE and/or Cloud Client to more Endpoint -Policy Manager Cloud groups. It only takes one click within the group to select the CSE or Cloud -Client version. Your target rollout for the new CSE and/or Cloud Client should be around 30–50% of -your Windows machines. If an issues occurs, you can raise it to the support team and we willl work -with you. - -**Step 3 –** After you have rolled out to 50% of your machines, you should be confident enough to -roll it out to all machines. When ready, pick the remaining Endpoint Policy Manager Cloud groups and -select the latest CSE and/or Endpoint Policy Manager Cloud client to opt-in more groups. - -**Step 4 –** Alternatively, use the special **All** group to finish your upgrade and mass upgrade -the remaining PCs all at once (after completing some testing). - -See the -[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) -topic for additional information on this process. - -**NOTE:** Update the CSE first or the Cloud Client first in the test groups and let each part of the -software update. Upgrading both at the same time is supported but is not recommended. diff --git a/docs/endpointpolicymanager/install/upgrade/rings/mdm.md b/docs/endpointpolicymanager/install/upgrade/rings/mdm.md deleted file mode 100644 index eabf7199b1..0000000000 --- a/docs/endpointpolicymanager/install/upgrade/rings/mdm.md +++ /dev/null @@ -1,20 +0,0 @@ -# Rings with Endpoint Policy Manager and an MDM Service - -The concept of rings with regard to Windows 10 updates and upgrades is built into Microsoft Intune -(and perhaps other MDM services). You can see Microsoft Intune's example of rings here -[https://www.anoopcnair.com/software-update-patching-options-with-intune/](https://www.anoopcnair.com/software-update-patching-options-with-intune/). -However, the specific idea of using rings to deploy any other software, like the Endpoint Policy -Manager CSE, is not something native to an MDM service. Therefore, you will need to create computer -groups, then assign software to those groups. In Intune (and most other MDM services), groups can be -simple or dynamic. You might want to create the following three groups: - -- Simple group: Hand-picked machines which represent 2–5% of your estate. -- 30% dynamic group: A group you define with 30% of your Windows 10 computers. -- Dynamic group with the remainder (31-100%): A group you define with the remainder of your Windows - 10 computers. - -By making the groups dynamic, as computers get enrolled into your MDM service they will -automatically be part of the first or second dynamic group. But because the first group is a simple -group with hand-picked machines, those machines are the only ones that will get the initial rollout -of a new CSE. Then, because the Endpoint Policy Manager CSE is an MSI, you can use the MSI -deployment method with your MDM service to target to these groups. diff --git a/docs/endpointpolicymanager/install/upgrade/rings/overview.md b/docs/endpointpolicymanager/install/upgrade/rings/overview.md deleted file mode 100644 index 86073cb05b..0000000000 --- a/docs/endpointpolicymanager/install/upgrade/rings/overview.md +++ /dev/null @@ -1,84 +0,0 @@ -# Understanding Rings - -The most important part of upgrading Netwrix Endpoint Policy Manager (formerly PolicyPak) is to -avoid updating of all your computers at once. You should be performing your updates and rollouts in -a controlled fashion. Endpoint Policy Manager acts as part of the operating system and helps you -manage important security and configuration items, but since no product is bug free, Endpoint Policy -Manager cannot guarantee that any updated client-side extension (CSE) will work 100% with what you -already have. As such, you should test newly provided CSEs on a small group first and verify that -they are working the way you expect before you deploy them out to all your machines. - -What we want to avoid is a situation where you mass-deploy an untested CSE to 100% of your machines -and then find that you have some problem you need to back out of since, which can be very time -consuming and difficult to do. Instead, if you test the CSE before mass rollout you avoid these -potential issues and will have increased confidence to roll it out to all your machines. - -Endpoint Policy Manager is not alone in wanting to ensure your confidence during updates. Indeed, -Microsoft also has this same concern and the same recommendation against upgrading all machines at -the same time. Ever since Windows 10 shipped, Microsoft has recommended a ring approach to updating -Windows. This is because Windows is constantly updated, every month for bug fixes and twice a year -for huge upgrades. When Windows itself gets updated, there are controls available to help you -segregate machines so you know in advance which machines will get which new software. These separate -groups are known as deployment rings, update rings, or just rings. We recommend you get familiar -with Microsoft's idea of rings using the following resources: - -- Microsoft documentation: - [Prepare a servicing strategy for Windows client updates](https://learn.microsoft.com/en-us/windows/deployment/update/waas-servicing-strategy-windows-10-updates) -- Endpoint Policy Manager's blog post: - [Windows Update for Business (WuFB): A Simplified Guide](https://www.endpointpolicymanager.com/resources/pp-blog/windows-update-business/) -- Microsoft Ignite's talk about rings: - [Strategic and tactical considerations for ring-based Windows 10 deployments](https://www.youtube.com/watch?v=omwelzp-Hlw) -- Jeremy's MDM book (Chapter 9): [MDMandGPanswers.com/book](https://www.mdmandgpanswers.com/books) - -The basic idea behind rings is the following: - -**Step 1 –** Allocate 2–5% of your computers to get the latest update (as soon as possible). If -something goes wrong, you will know about it now, and not later when you've rolled it out to your -whole estate. - -**Step 2 –** If all goes well, increase the percentage of computers with the update to 10–50%. - -**Step 3 –** If there are no issues, increase that to 51–100%. - -These segmentation blocks are what is referred to as rings. An example of this process is described -in this Microsoft's article -[Use CSPs and MDMs to configure Windows Update for Business](https://learn.microsoft.com/en-us/windows/deployment/update/waas-wufb-csp-mdm). -The basic idea is that you put a delay between your rings. - -- Initial Pilots (2-5%): No delay; machines get the Microsoft updates immediately. -- Fast Ring (10-50%): 5-day delay. -- Slow Ring (51-100%): 10-day delay. - -![71_1_hfkb-1094-img-01](/img/product_docs/endpointpolicymanager/install/71_1_hfkb-1094-img-01.webp) - -Microsoft updates can be a little complicated because they also deal with channels, or the types of -versions you want to install. Additionally, Microsoft's model is more complex than Endpoint Policy -Manager's model, because the updates are required and forced. Microsoft Quality Updates (i.e., -bugfixes) are required to be performed within 30 days (or they will be installed automatically) and -Microsoft Upgrades (i.e., new versions of Windows) are required to be performed within 365 days (or -they will be installed automatically). - -However, Endpoint Policy Manager doesn't have any of those requirements or any method to force an -update. Instead, our lifecycle is pretty simple. - -- Every 4 to 6 weeks, Endpoint Policy Manager ships a new CSE with bug fixes and new features. -- That version goes into the Endpoint Policy Manager Portal and is also available for use within - Endpoint Policy Manager Cloud. -- When the monthly update occurs, we notify all customers (primary and secondary technical - contacts). -- If some known issue occurs within the month, we will occasionally release a hotfix build and - generally make no announcement. -- Whichever is the latest CSE in the Portal or Endpoint Policy Manager Cloud, is the only version of - the Endpoint Policy Manager CSE that is supported. - -This means that you only need to keep one simple MSI up to date on your endpoints to be at the -latest build. - -Remember that when you use Endpoint Policy Manager with Active Directory (SCCM or GPO) or with your -MDM service, the latest CSE isn't magically pushed from us to your PCs. For Endpoint Policy Manager -Cloud customers, the latest CSE isn't dictated to your endpoints either. In all cases it's an -admin's choice to opt-in to use the latest CSE and specify where exactly he or she wants to get -started using it. - -In the follow sections, we'll provide our recommendations for various Endpoint Policy Manager -products on how to implement a ring policy for Endpoint Policy Manager CSE updates. diff --git a/docs/endpointpolicymanager/install/upgrade/settings.md b/docs/endpointpolicymanager/install/upgrade/settings.md deleted file mode 100644 index 9e6e28bb0b..0000000000 --- a/docs/endpointpolicymanager/install/upgrade/settings.md +++ /dev/null @@ -1,57 +0,0 @@ -# Specific Upgrades for Application Settings Manager - -Application Settings Manager has a few extra parts that need updating when Netwrix Endpoint Policy -Manager (formerly PolicyPak) the client-side extension (CSE) and tools are updated. We'll discuss -those specific parts in the following sections. - -For a video overview of this topic, see -[Keeping Application Settings Manager and Paks up to date](/docs/endpointpolicymanager/video/applicationsettings/uptodate.md). - -## Updating the AppSets - -Your download contains the latest pre-configured AppSets with various AppSet definition fixes and -usually even more additional AppSets. If you have any AppSets you've created yourself, you should -recompile them for the latest version. Check the video above for an overview on mass-recompilationx. - -If you're using the Central Store, first make a backup of your existing Endpoint Policy Manager DLL -AppSets for safekeeping. If you're using a local store, make a backup of your local Endpoint Policy -Manager DLL AppSet files for safekeeping. Next, follow one of the two options below to update the -AppSets: - -- Option 1: Manual. Copy over the AppSets you're using, thus overwriting the old AppSets in the - Central Store or a local store. -- Option 2: Automatic (Recommended). Use the Endpoint Policy Manager GPOTouch utility to update the - AppSets in the Central Store and local store automatically and to update each GPO (described in - more detail below). - -## Updating the Admin Console and Endpoint Policy Manager DesignStudio - -For Endpoint Policy Manager Application Settings Manager, update your Endpoint Policy Manager -DesignStudio on any machine where it is currently installed. You do not need to update the Microsoft -C++ compiler to the latest version because Endpoint Policy Manager DesignStudio can use C++ Express -Edition 2008 or later without issue. This will also update the Endpoint Policy Manager GPOTouch and -Endpoint Policy Manager GPO Exporter utilities. Update your own administrative machines with the -latest Endpoint Policy Manager Admin Console.MSI (32- or 64-bit) to update the GPMC and the Endpoint -Policy Manager Exporter and Endpoint Policy Manager GPOTouch utilities. - -## Secondary Application Settings Manager Backup - -For extra protection within each Endpoint Policy Manager Application Settings Manager definition, -you can choose to open the definition and then click the **Options** button. Then, select **Export -XML Settings Data**. - -![specific_upgrades_for_application_624x386](/img/product_docs/endpointpolicymanager/install/upgrade/specific_upgrades_for_application_624x386.webp) - -**NOTE:** This step is optional but will provide a second backup of your Endpoint Policy Manager -Application Settings Manager definitions in case of a mishap and is therefore recommended. - -## Updating Each GPO - -Every GPO contains directives with Endpoint Policy Manager Application Settings Manager data, which -must be opened and updated. If a GPO contains multiple Endpoint Policy Manager Application Settings -Manager directives, each one must be updated, or touched. You can either manually touch a GPO or use -Endpoint Policy Manager GPOTouch. It is recommended to use the Endpoint Policy Manager GPOTouch -utility to update each GPO automatically with the latest version of the AppSet DLL file. - -To see a video overview of how to manually touch a GPO, see -[GPOTouch Utility](/docs/endpointpolicymanager/video/applicationsettings/touchutility.md). diff --git a/docs/endpointpolicymanager/integration/auditor/mmcsnapin.md b/docs/endpointpolicymanager/integration/auditor/mmcsnapin.md deleted file mode 100644 index 6f0cb70375..0000000000 --- a/docs/endpointpolicymanager/integration/auditor/mmcsnapin.md +++ /dev/null @@ -1,71 +0,0 @@ -# How do I configure the MMC snap-in to open GPOs in Netwrix Auditor? - -For a video overview of this process see -[Endpoint Policy Manager and Netwrix Auditor - Setup Steps](/docs/endpointpolicymanager/video/integration/auditorsetup.md) - -**NOTE:** Only the latest Endpoint Policy Manager MMC console supports the Endpoint Policy Manager → -Netwrix Auditor. Make sure to use the Endpoint Policy Manager download and install the latest MMC -console. - -## Initial Setup for Netwrix Auditor - -**Step 1 –** In Netwrix Auditor, determine where you Report Manager URL is. The item is found in -Netwrix Auditor under **Settings** > **Audit Database** > **Report Manager UR**. - -![970_1_image-20231016154007-8_950x412](/img/product_docs/endpointpolicymanager/integration/auditor/970_1_image-20231016154007-8_950x412.webp) - -**Step 2 –** Click on the link to open up Report Manager in SQL Server Reporting Services (SSRS). - -**Step 3 –** Create a new SSRS Folder and give it any name you like. - -![970_2_image-20231016154007-9_950x454](/img/product_docs/endpointpolicymanager/integration/auditor/970_2_image-20231016154007-9_950x454.webp) - -**Step 4 –** Enter the folder you just created then upload the` .RDL` file provided from the -Endpoint Policy Manager Extras Folder. - -![970_3_image-20231016154007-10_950x605](/img/product_docs/endpointpolicymanager/integration/auditor/970_3_image-20231016154007-10_950x605.webp) - -**Step 5 –** The result after the upload is shown below.. - -![970_4_image-20231016154007-11](/img/product_docs/endpointpolicymanager/integration/auditor/970_4_image-20231016154007-11.webp) - -**Step 6 –** Click the report to get the reference string you'll use in future steps. This will -contain the Netwrix Auditor server, up to and including the specific URL which expresses just before -the report name. - -![970_5_image-20231016154007-12_950x839](/img/product_docs/endpointpolicymanager/integration/auditor/970_5_image-20231016154007-12_950x839.webp) - -As an example, the string should look like this: -http://NetwrixAuditorServer/Reports_SQLEXPRESS/report/PolicyPak - -**Step 7 –** Keep this string handy in Notepad or similar for thenext steps. - -## Using the PolicyPak MMC to Call Netwrix Auditor - -**Step 1 –** Use the latest Endpoint Policy Manager MMC to configure your management machine to use -Netwrix Auditor . Left click on the Netwrix Endpoint Policy Manager node, then right-click to **Open -in Netwrix Auditor**.  Input the string you collected earlier. - -![970_6_image-20231016154007-13_950x582](/img/product_docs/endpointpolicymanager/integration/auditor/970_6_image-20231016154007-13_950x582.webp) - -## Optional Configuration: Use PolicyPak ADMX to configure the value automatically - -**Step 1 –** If you have many Endpoint Policy Manager administrators using the MMC snap-in and you -wish to mass-configure this value, you may do so via the Endpoint Policy Manager `ADMX `Files. - -Always use the latest Endpoint Policy Manager ` ADMX` files, are available in the Endpoint Policy -Manager download. - -Please see [Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md) to begin -using, or update the Endpoint Policy Manager ADMX settings - -**Step 2 –** After the ` ADMX` files are in place, create a Group Policy Object and target it for -your MMC management stations. - -**NOTE:** Endpoint Policy Manager CSE will ignore this policy because it is exclusively regarding -the MMC snap-in. - -![970_7_image-20231016154007-14_950x683](/img/product_docs/endpointpolicymanager/integration/auditor/970_7_image-20231016154007-14_950x683.webp) - -**Step 3 –** Going forward, the ADMX setting will command the MMC snap-in and it will be -unconfigurable. diff --git a/docs/endpointpolicymanager/integration/auditor/permissions.md b/docs/endpointpolicymanager/integration/auditor/permissions.md deleted file mode 100644 index 1a8b0c3dc8..0000000000 --- a/docs/endpointpolicymanager/integration/auditor/permissions.md +++ /dev/null @@ -1,49 +0,0 @@ -# How can I minimize or eliminate requests to authenticate to Netwrix Auditor (and what permissions are needed to see Endpoint Policy Manager's Netwrix Auditor Reports?) - -While using the Netwrix Endpoint Policy Manager (formerly PolicyPak) MMC to view Netwrix Auditor -data, you might be prompted for Username and Password credentials. There are a few things you need -to do to minimize or eliminate these requests. An example authentication request can be seen here. - -![969_1_image-20231017185713-1_950x344](/img/product_docs/endpointpolicymanager/integration/auditor/969_1_image-20231017185713-1_950x344.webp) - -**NOTE:** First, note that if your browser is Firefox you must set the "URIS / SPNEGO" settings to -passthru authentication requests. One way to do this is via Endpoint Policy Manager Application -Settings Manager with these instructions: -[Firefox: How do I use the NTLM passthru (URIS) settings in the Firefox / about:config AppSets?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/ntlmpassthru.md). -You may also use the Firefox ADMX settings to perform a similar option. - -If you are using Edge as your default browser, these steps are un-necessary and you will likely not -be prompted for credentials. - -However, you might also be denied access to the specific Endpoint Policy Manager report, like what's -seen here. - -![969_2_image-20231017185713-2_950x355](/img/product_docs/endpointpolicymanager/integration/auditor/969_2_image-20231017185713-2_950x355.webp) - -**Step 1 –** To correct for this and ensure the highlighted user in the previous screenshot (or -group the person is a member of) has access, you there are a few ways to accomplish the task. - -- Way #1: Configure the access for that user or a group to the Netwrix Auditor data as described - here: - [Role-Based Access and Delegation (netwrix.com)](https://helpcenter.netwrix.com/bundle/Auditor_10.6/page/Content/Auditor/Admin/MonitoringPlans/Delegation.htm) -- Way #2: Manually adjust SQL Server Reporting Services and grant proper access.. - -You will need main credentials to SQL Server Reporting Services before beginning. - -**Step 2 –** Then from the Home screen, click the three dots next to the Endpoint Policy Manager -reporting folder (note it could have a different name if it was set up in a unique fashion.) Then -click Manage. - -![969_3_image-20231017185713-3_950x439](/img/product_docs/endpointpolicymanager/integration/auditor/969_3_image-20231017185713-3_950x439.webp) - -**Step 3 –** Then add in your DOMAIN\GROUP or DOMAIN\USER like what's seen here and select Browser -role and select OK (figure on the left). - -The result can be seen in the figure on the right. - -![969_4_image-20231017185713-4_950x351](/img/product_docs/endpointpolicymanager/integration/auditor/969_4_image-20231017185713-4_950x351.webp) - -Final result can be seen here where the user is now permitted to see the Endpoint Policy Manager -report. - -![969_5_image-20231017185713-5_950x730](/img/product_docs/endpointpolicymanager/integration/auditor/969_5_image-20231017185713-5_950x730.webp) diff --git a/docs/endpointpolicymanager/integration/auditor/reports.md b/docs/endpointpolicymanager/integration/auditor/reports.md deleted file mode 100644 index fea82d9892..0000000000 --- a/docs/endpointpolicymanager/integration/auditor/reports.md +++ /dev/null @@ -1,150 +0,0 @@ -# How to use Netwrix Auditor to Report on Endpoint Policy Manager events - -This topic shows you how to generate reports for interesting events from the Endpoint Policy Manager -event logs, that you can then use to create LPM policies as needed. - -## Report - -![1325_1](/img/product_docs/endpointpolicymanager/integration/auditor/1325_1.webp) - -Policy created in LPM using the report details above. - -![1325_2](/img/product_docs/endpointpolicymanager/integration/auditor/1325_2.webp) - -## Getting Started - -In order to receive Endpoint Policy Manager reports for events via Netwrix Auditor, you need to -complete the following steps. - -**Step 1 –** Creating a monitoring plan for Endpoint Policy Manager events. - -**Step 2 –** Configuring sources, filters, events, database settings. - -**Step 3 –** Optional: configure alerts. - -## Creating a monitoring plan for Endpoint Policy Manager events - -Navigate to **Start** > Netwrix Auditor > Netwrix Auditor **Event Log Manager**. - -On the main page, you are prompted to select a monitoring plan. Click **Add** to add new plan. - -![1325_3](/img/product_docs/endpointpolicymanager/integration/auditor/1325_3.webp) - -**Step 1 –** Give the new plan a descriptive name and select **Enable event log collection**. Then -add a **Notification recipient** email address. You can specify one or more email addresses for -users to receive daily Event Log collection status notifications. Use a semicolon to separate -addresses. - -![1325_4](/img/product_docs/endpointpolicymanager/integration/auditor/1325_4.webp) - -**Step 2 –** In the **General** tab enter credentials for the account that will be used to collect -data from the endpoints. Use an account that has local admin rights on the endpoints, and one that -can also read Active directory. Then click the **Add** button next to the Monitored computers -section. - -![1325_5](/img/product_docs/endpointpolicymanager/integration/auditor/1325_5.webp) - -**Step 3 –** Choose how you would like to add monitored computers, either by Computer name, by -Active Directory container, or via IP Range. - -![1325_6](/img/product_docs/endpointpolicymanager/integration/auditor/1325_6.webp) - -**NOTE:** You can add multiple types of computer items to your monitoring plan. - -![1325_7](/img/product_docs/endpointpolicymanager/integration/auditor/1325_7.webp) - -**Step 4 –** In the **Notifications** tab you can configure SMTP settings. - -![1325_8](/img/product_docs/endpointpolicymanager/integration/auditor/1325_8.webp) - -**Step 5 –** Under the **Audit Database** tab you can review and verify your database settings. -Netwrix Auditor Event Log Manager synchronizes Audit Database and reports settings with the default -Audit Database configuration from Netwrix Auditor Server. If this option is disabled, contact your -Netwrix Auditor Global administrator and make sure that these settings are properly configured in -Netwrix Auditor Server. See the Audit Database topic in the -[Netwrix Auditor > Configuration Documentation](https://helpcenter.netwrix.com/category/auditor_configuration) -for additional information. - -![1325_9](/img/product_docs/endpointpolicymanager/integration/auditor/1325_9.webp) - -**Step 6 –** In the **Advanced** tab you can check if Network traffic compression is enabled -(recommended). Also, you can specify the notification delivery time. - -![1325_10](/img/product_docs/endpointpolicymanager/integration/auditor/1325_10.webp) - -**Step 7 –** Filter out the desired events and get them into the Netwrix Auditor Reports. To do so, -get back to the **General** tab and configure the **Audit archiving filters**. - -![1325_11](/img/product_docs/endpointpolicymanager/integration/auditor/1325_11.webp) - -**Step 8 –** Once there, you can add the filtering in the Inclusive filters section. Click **Add** -to proceed. - -In the next window, we need to specify the following parameters: - -- Filter name -- Description for the filter -- Event log – here we need to type in Endpoint Policy Manager manually, as it is not available in - the drop down list. -- Write to – here you can select the location to store filtered events, either a long-term archive - or a database. It is recommended to use both locations. - -![1325_12](/img/product_docs/endpointpolicymanager/integration/auditor/1325_12.webp) - -**Step 9 –** Depending on targeted events, in the **Event Fields** tab you may enlist the event IDs -to capture. See the -[List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/tips/eventcategories.md) topic for -additional information on event IDs. - -For example, here is the list of event IDs related to Endpoint Policy Manager Least Privilege -Manager Global Audit events: - -![1325_13](/img/product_docs/endpointpolicymanager/integration/auditor/1325_13.webp) - -You may adjust the settings in the**Events Fields filtering** section according to your needs. - -Once the configuration is done, you may click **OK** and save all your progress so far. - -**Step 10 –** Go back to the main monitoring plan configuration window for Netwrix Auditor Event Log -Manager, and click **Configure** under alerts filtering: - -![1325_14](/img/product_docs/endpointpolicymanager/integration/auditor/1325_14.webp) - -Then click **Add** to add a new alert. - -![1325_15](/img/product_docs/endpointpolicymanager/integration/auditor/1325_15.webp) - -**Step 11 –** In the next window add alerts for any event IDs as needed using the screenshots below -as a guide. - -**NOTE:** There is no need to configure anything under the **Insertion Strings** tab at this time. - -Single Event Alert Example: - -![1325_16](/img/product_docs/endpointpolicymanager/integration/auditor/1325_16.webp) - -![1325_17](/img/product_docs/endpointpolicymanager/integration/auditor/1325_17.webp) - -Group of Specific Events Alert Example: - -![1325_18](/img/product_docs/endpointpolicymanager/integration/auditor/1325_18.webp) - -![1325_19](/img/product_docs/endpointpolicymanager/integration/auditor/1325_19.webp) - -This is all the configuration required for Netwrix Auditor Event Log Manager to report on Endpoint -Policy Manager Events. - -**Step 12 –** Now, if you would like to review the event log reports, start the Netwrix Auditor -software and go to the **Reports** section. There, navigate to the following report path: -**Predefined** > **Windows Server**> **Event Log** > **All events by Computer** and click **View**. - -![1325_20](/img/product_docs/endpointpolicymanager/integration/auditor/1325_20.webp) - -Here you can specify the conditions and filters to represent in the report, such as date range, -Event level etc. - -![1325_21](/img/product_docs/endpointpolicymanager/integration/auditor/1325_21.webp) - -**NOTE:** You can click on the interactive link in the **Date** column to see event details: - -![1325_22](/img/product_docs/endpointpolicymanager/integration/auditor/1325_22.webp) diff --git a/docs/endpointpolicymanager/integration/pdqdeploy.md b/docs/endpointpolicymanager/integration/pdqdeploy.md deleted file mode 100644 index d8365c5cf6..0000000000 --- a/docs/endpointpolicymanager/integration/pdqdeploy.md +++ /dev/null @@ -1,137 +0,0 @@ -# Managing Group Policy using Endpoint Policy Manager and PDQ Deploy - -Microsoft MVP Jeremy Moskowitz and Shane from Admin Arsenal demonstrate the setup and advantages of -using Netwrix Endpoint Policy Manager (formerly PolicyPak) and PDQ Deploy together to manage the -heck out of your group policy. - -### Managing Group Policy using PolicyPak and PDQ Deploy - -Shane: Hey, I'm Shane from Admin Arsenal. Today, we have Jeremy Moskowitz. You probably already know -of this man: GPanswers, the founder of Endpoint Policy Manager, Microsoft MVP, Enterprise Mobility. -This guy is the bee's knees. We're going to talk about how you've already got Active Directory, now -let's add some muscle to it. This is the guy that we're going to talk to. - -Jeremy: Thank you. What we're going to do is we're going to show you a better together story. In -this video, we're going to do a setup of getting Endpoint Policy Manager ready. If you decide that -you like what you see in this series of videos and you want to try Endpoint Policy Manager and/or -PDQ Deploy better together, this is video number one in order for you to get started. - -Let me give you the lash-up of where we're at with our setup here. We have "Active Directory" and -"Group Policy" ready to go. I just want to show how we have our setup here. In "Active Directory" -we've already got our "Users and Computers." Let me show you where they live just so you can see how -to follow along. - -For instance, our users are hanging out under "Standard Users." We have "User1" and "User2." If we -look at "Deadwood Computers/Workstations/Standard Computers," we've got "COMPUTER1" and "COMPUTER2." -We try to make it very complicated. We've got these two computers and two users, and these are who -we're going to manage. - -The first thing we want to do is show you a before shot before we show you an after shot. If you -take any given "Group Policy Object," it doesn't really matter. We'll call it "aaa." If we look -inside, you've seen this a million times. You know there's the user side and computer side. There's -"Policies" and "Preferences." - -What we just said is we're going to add a little muscle to this by adding the Endpoint Policy -Manager node. This is super easy. You probably want to do this step by hand. You could use PDQ -Deploy to do it, but just to make things easier for this demonstration, I just want to go to the -downloaded Endpoint Policy Manager, which you get my contacting Endpoint Policy Manager first of -all. Then you go to the "Admin Console MSI for all On-Prem -[https://dev.endpointpolicymanager.com/products/](https://dev.endpointpolicymanager.com/products/)," and you just install -the admin. - -I'm pretty sure this machine is x86, right?. - -Shane: No, it's x64. - -Jeremy: Oh, it's x64. Okay, great. It doesn't matter. Whichever on you have, it will work. This step -takes a moment or two. Once this is done, you've increased your ability to create new directives -inside your Group Policy editor. We'll go ahead and wait for this to finish. That's it. It just -takes a moment, and we're ready to go. - -We'll go ahead and "Close" that. Now let's look at the after shot. We'll go ahead and take a look. -We now have a new node here in the Group Policy editor enabling you to do more stuff. We're going to -cover what that stuff is in this series of videos. We're not super concerned about the stuff right -now. We're just getting set up. That's thing number one. I'll go ahead and close this. - -Step number two is one of the superpowers that Endpoint Policy Manager has is the ability to manage -Flash, Firefox, Java, Internet Explorer. You name it, we have a way to manage it. We have these -definitions or Pak files that there's a handful of ways to do it, but the best way is to get them on -one domain controller which is to say your Central Store for Endpoint Policy Manager. - -What we're going to do here is we're going to take the Endpoint Policy Manager stuff, and I've -already got all the Paks listed here. You can see we have over 400. - -Shane: Wow. - -Jeremy: We have "430" Paks as of this recording. We're going to… - -Shane: There's your "SYSVOL" in "venice." We're going to use "venice." - -Jeremy:That's the one, "venice." I'll move this one to the left, this one to the right. I'll just -pick a couple of guys just to show you how quick and easy it is. Let's say you want to do "Java -Version 8 u 77." I'm just pulling this one out of my ear here. We'll go ahead and go to "SYSVOL," -domain name, "Policies." - -You might already have an existing what's called "PolicyDefinitions" folder. Now that's Microsoft. -Endpoint Policy Manager is going to be – I know, wait for it, this is super complicated – "Endpoint -Policy Manager." - -Shane:If you're lost by creating a folder, you probably need a couple of other videos. - -Jeremy: Yeah, this is not the tool for you. We'll go ahead and create the "Endpoint Policy Manager" -folder and drag-and-drop in one of our Pak definition files. Now look at that. You're going to be -able to manage the heck out of "Java Version 8 u 77.". - -If you want to take WinZip, let me go ahead and find it. "WinZip 14 to 17" is a good one. We'll go -ahead and copy that guy right there. That's it. If you want to pick and choose the ones you want, -it's super easy to do. - -Let's go ahead and go back to the after shot again. We'll go to "aaa" and take a look at that one -more time. If we take a look, we can go to user or computer, "Endpoint Policy Manager." Take a look -at "Application Settings Manager," which is the thing we're going to spend some time on in our first -videos. Right click, "New Application," there we are. Those are the Paks we just dragged in, ready -to go. - -If we want to manage the heck out of "WinZip" which we'll probably do in our next video, you just -double click it. We'll cover this in the next video, but we've now officially set up a handful of -Paks. If you want to do Flash, Firefox, Java, etc., you just drag the right Pak file in and you're -ready to go. - -That's it. There's one more step, and that's where he's going to come in. You need to deploy our -moving part, that client side extension, to enhance your Group Policy experience on your endpoints. -You're going to cover how to get that deployed.. - -Shane: Yeah, we'll get that out there. We're going to use "PDQ Deploy." It's a free download. We're -going to show you using the Enterprise level version. - -Jeremy: " You can close that right out. We're done with that. - -Shane: Okay. But if you're using the free version, you're just going to need to do two packages if -you have both 64-bit and 32-bit targets. I'm just going to create a "New Package" here. We'll call -this "Endpoint Policy Manager CSE," the client side extensions, perfect. - -Then our "Step 1" is an install step. This is where you choose your MSI or your EXE files or your -batch files, etc. We are going to go out to, I'll put this on a file share somewhere. There we go. -We'll do the 64-bit for right now. It's an MSI, so there are no other properties that you need to -add. We're just going to hit "Save" on that. - -There's our "Endpoint Policy Manager CSE," and we'll go ahead and deploy. Obviously, you could -choose targets from your Active Directory OU or etc., but since we know the names of these computers -we'll just do it for the sake of this. - -Jeremy: But you could pick your entire domain. You could cherry pick OUs. - -Shane: Yes, you can choose targets from "Active Directory," "PDQ Inventory," "Spiceworks," etc. -We'll hit "Deploy Now." I didn't name that step, but it's okay. You can see that it's kicking off -the client side extension install right away. Jeremy has got those. The MSI is ready to go. It's -sweet. - -Jeremy: The best part is no reboot required. Once you get it deployed out there, Endpoint Policy -Manager is automatically working, ready to rock from moment zero. You don't have to wait for a -reboot or schedule a reboot. We're just ready to rock since it's installed. That's it. Endpoint -Policy Manager is fully deployed. We have it all ready to go, and we're ready to actually do some -work with Endpoint Policy Manager and PDQ. - -Shane: So see us on the next video. We'll talk to you later. - -Jeremy: Bye. diff --git a/docs/endpointpolicymanager/integration/privilegesecure/credentialbased/policymatch.md b/docs/endpointpolicymanager/integration/privilegesecure/credentialbased/policymatch.md deleted file mode 100644 index 55f92405e0..0000000000 --- a/docs/endpointpolicymanager/integration/privilegesecure/credentialbased/policymatch.md +++ /dev/null @@ -1,6 +0,0 @@ -# Credential Based Policy Match - -Credential Based Policy Match takes a matching process and uses Netwrix Privilege Secure to act on -another user’s behalf. In this example we will launch `NotepadP.exe` as `EastSalesUser1`, -but Netwrix Privilege Secure will broker the connection and actually launch the process as -`EastSalesAdmin9` from Active Directory. diff --git a/docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/client.md b/docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/client.md deleted file mode 100644 index 582785a9a1..0000000000 --- a/docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/client.md +++ /dev/null @@ -1,41 +0,0 @@ -# Getting Started: Client - -If you already have the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE installed on your -desired endpoint, great! That’s it, you’re done. However, in the Netwrix Privilege Secure download, -you will also find the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE available within the -Netwrix Privilege Secure download as a courtesy. - -Therefore, you may use either the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE found -either within the Netwrix Privilege Secure download, or the Netwrix Endpoint Policy Manager -(formerly PolicyPak) CSE found in the Netwrix Endpoint Policy Manager (formerly PolicyPak) download. - -**NOTE:** See the -[Netwrix Privilege Secure Client - Getting Started with MMC with/without Endpoint Policy Manager ](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecure.md)video -for a demo on the relationship of the Netwrix Privilege Secure and Netwrix Endpoint Policy Manager -(formerly PolicyPak) downloads and their moving parts. - -**CAUTION:** It might be best to use the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE -download since the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE download may have -bugfixes, etc., which may not yet be available in the Netwrix Privilege Secure download due to lag -time. - -**NOTE:** The interaction between Netwrix Privilege Secure and Netwrix Endpoint Policy Manager -(formerly PolicyPak) CSE does notneed to be licensed. When you evaluate or purchase Netwrix -Privilege Secure, the major Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege -Manager management and elevation functions are automatically available to you without needing to -install any specific endpoint license. - -- The Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager directives which - are distributed as part ofNetwrix Privilege Secure server performing the brokering\*will work even - if unlicensed. -- The Netwrix Endpoint Policy Manager (formerly PolicyPak) specific items where there is no Netwrix - Privilege Secure server involved require a license. - -You can see the difference in the list view as seen here. - -![getting_started_client](/img/product_docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/getting_started_client.webp) - -In the next section we will see how to create Netwrix Endpoint Policy Manager (formerly PolicyPak) + -Netwrix Privilege Secure policies which will not need an endpoint license to work out of the box. -Again, the idea is that you are already paying for an Netwrix Privilege Secure license, and because -Netwrix Privilege Secure is involved in the policy, those policies work on the endpoint for free. diff --git a/docs/endpointpolicymanager/integration/privilegesecure/mmc.md b/docs/endpointpolicymanager/integration/privilegesecure/mmc.md deleted file mode 100644 index 0ba18f2791..0000000000 --- a/docs/endpointpolicymanager/integration/privilegesecure/mmc.md +++ /dev/null @@ -1,37 +0,0 @@ -# How does the Netwrix Privilege Secure MMC UI relate to the Endpoint Policy Manager MMC UI? - -In the Netwrix Privilege Secure download you will find NPS for Endpoint Group Policy Snap-in x64 and -x86 installers. - -![972_1_image](/img/product_docs/endpointpolicymanager/integration/privilegesecure/972_1_image.webp) - -This MSI is meant to increase what is possible with a Group Policy editor and let you create NPS -Endpoint rules (aka Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager) -rules. - -When you install the NPS Endpoint Group Policy Snap-In on a machine (which has the Group Policy -Editor and/or Group Policy Management Console) you will see the Netwrix Privilege Secure node and -Least Privilege Manager within it. All GPOs l have the same look and feel and editing ability. - -![972_2_image-20230627090846-2_950x515](/img/product_docs/endpointpolicymanager/integration/965_1_image-20230627091218-5_950x515.webp) - -If you want to upgrade to Endpoint Policy Manager and see both Netwrix Privilege Secure and all the -other Endpoint Policy Manager nodes, you need to install the Endpoint Policy Manager Admin Console. -This can be installed on top of the Privilege Secure Admin Console, or installed directly. - -![972_3_image-20230627090846-3_950x70](/img/product_docs/endpointpolicymanager/integration/privilegesecure/972_3_image-20230627090846-3_950x70.webp) - -The result can be seen here with Netwrix Privilege Secure / Least Privilege Manager and all the -Endpoint Policy Manager nodes. - -![972_4_image-20230627090846-4_950x534](/img/product_docs/endpointpolicymanager/integration/privilegesecure/972_4_image-20230627090846-4_950x534.webp) - -The Endpoint Policy Manager Admin Console MSI is a superset of the Privilege Secure Console MSI. - -**CAUTION:** It is technically possible to upgrade to the latest version of the Privilege Secure -Console MSI after installing some version of the Endpoint Policy Manager Admin Console MSI. If you -do this, you will remove the Endpoint Policy Manager nodes and be left only with the Netwrix -Privilege Secure node. Any Endpoint Policy Manager data and directives will still be in the GPO and -active. Therefore it is recommended if you upgrade to Endpoint Policy Manager Admin Console MSI, -then you maintain your console with upgrades only via the Endpoint Policy Manager Admin Console MSI -and don't attempt a re-install of Privilege Secure Console MSI. diff --git a/docs/endpointpolicymanager/integration/privilegesecure/overview.md b/docs/endpointpolicymanager/integration/privilegesecure/overview.md deleted file mode 100644 index b65ac50b43..0000000000 --- a/docs/endpointpolicymanager/integration/privilegesecure/overview.md +++ /dev/null @@ -1,30 +0,0 @@ -# Endpoint Policy Manager & Netwrix Privilege Secure - -The Endpoint Policy Manager CSE is the agent for Netwrix Privilege Secure. When paired together, you -get the following benefits: - -- You are able to launch applications (elevated or not) from a local desktop, and have them brokered - by the Netwrix Privilege Secure server -- Applications will launch with Netwrix Privilege Secure 2fa (built-in or 3rd party) -- Applications may launch elevated if desired -- The whole screen can be recorded and sent up to the Netwrix Privilege Secure server for - safekeeping and analysis - -Therefore, instead of relying on RDP to remote control into a server to perform a privileged -operation, maintaining a second set of credentials, and having nothing recorded for posterity, you -can use the Better Together power of Netwrix Privilege Secure and Endpoint Policy Manager CSE. - -The best part is, if you are only interested in the Endpoint Policy Manager + Netwrix Privilege -Secure Better Together story, you only have to pay for the Netwrix Privilege Secure licenses. That -is, there is no required endpoint license when Netwrix Privilege Secure is used alongside a Endpoint -Policy Manager directive (where Netwrix Privilege Secure is involved.) You will see more as we go -along but, if you are using Netwrix Privilege Secure and want to try out the power of Endpoint -Policy Manager, that is included in your Netwrix Privilege Secure license. - -**NOTE:** See the -[Netwrix Privilege Secure Client - Getting Started with MMC with/without Endpoint Policy Manager ](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecure.md)video -for a demo on the relationship of the Netwrix Privilege Secure and Endpoint Policy Manager downloads -and moving parts. - -**NOTE:** All Netwrix Privilege Secure + Endpoint Policy Manager documentation from Netwrix -Privilege Secure can be found in [Netwrix Privilege Secure for Endpoints Documentation](https://helpcenter.netwrix.com/category/privilegesecure_endpoints). diff --git a/docs/endpointpolicymanager/integration/privilegesecure/resourcebased/policymatch.md b/docs/endpointpolicymanager/integration/privilegesecure/resourcebased/policymatch.md deleted file mode 100644 index 25dc006762..0000000000 --- a/docs/endpointpolicymanager/integration/privilegesecure/resourcebased/policymatch.md +++ /dev/null @@ -1,37 +0,0 @@ -# Resource Based Policy Match - -Resource Based Policy Match will take a matching process and then use Netwrix Privilege Secure to -perform a whole activity set, like creating a new Domain Admin account. - -In this example we will launch MMC Active Directory Users and Computers as `EastSalesUser1`, but -Netwrix Privilege Secure will broker the connection and actually launch the process as a domain -admin. - -Resource Based Policy Matches tie back to a specific Netwrix Privilege Secure Activity Name. - -![resource_based_policy_match](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match.webp) - -Here on the Netwrix Privilege Secure server, locate the Policy and verify that the name is an exact -match. - -![resource_based_policy_match_1](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_1.webp) - -Then, to match a specific process configure the Endpoint Policy Manager Least Privilege Manager -policy as a Combo rule: - -- Path condition: %SYSTEMROOT%\System32\mmc.exe -- Command-line condition: Strict Equality for dsa.msc - -![resource_based_policy_match_2](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_2.webp) - -Now whenever mmc.exe dsa.msc is run from the command line, Endpoint Policy Manager Least Privilege -Manager will send the connection back to Netwrix Privilege Secure for processing. - -You’ll run the command as `EastSalesUser1`, and give your Active Directory credentials, Two-Factor -(brokered by Netwrix Privilege Secure), and wait for the Activity Session to be created. - -![resource_based_policy_match_3](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_3.webp) - -The result is that a new Domain Admin account is created for this one session and deleted after use. - -![resource_based_policy_match_4](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_4.webp) diff --git a/docs/endpointpolicymanager/itemleveltargeting/securitygroup.md b/docs/endpointpolicymanager/itemleveltargeting/securitygroup.md deleted file mode 100644 index df8867c3f3..0000000000 --- a/docs/endpointpolicymanager/itemleveltargeting/securitygroup.md +++ /dev/null @@ -1,6 +0,0 @@ -# Is the Security Group Item Level Targeting (ILT) option recursive or not? - -The Security Group Item Level Targeting (ILT) option is Direct by default, when Primary Group is -unchecked, but Recursive when it is checked. - -![561_1_overall-faq-s1p5](/img/product_docs/endpointpolicymanager/itemleveltargeting/561_1_overall-faq-s1p5.webp) diff --git a/docs/endpointpolicymanager/itemleveltargeting/virtualdesktops.md b/docs/endpointpolicymanager/itemleveltargeting/virtualdesktops.md deleted file mode 100644 index 09e8ae2d82..0000000000 --- a/docs/endpointpolicymanager/itemleveltargeting/virtualdesktops.md +++ /dev/null @@ -1,16 +0,0 @@ -# How can I use Item Level Targeting to specify Windows Virtual Desktops (WVD) Multi-session Windows? - -![642_1_1](/img/product_docs/endpointpolicymanager/itemleveltargeting/642_1_1.webp) - -The query you want is: - -**Step 1 –** The Operating System is Windows 10 - -**Step 2 –** and the WMI Query:select \* from Win32_OperatingSystem, where OperatingSystemSKU = 175 - -The result will look like this: - -![642_2_2](/img/product_docs/endpointpolicymanager/itemleveltargeting/642_2_2.webp) - -**NOTE:** For other unusual SKUs and information on how to get the ID, see the Microsoft article on -[OperatingSystemSKU Enum.](https://learn.microsoft.com/en-us/dotnet/api/microsoft.powershell.commands.operatingsystemsku?view=powershellsdk-1.1.0) diff --git a/docs/endpointpolicymanager/itemleveltargeting/windows11.md b/docs/endpointpolicymanager/itemleveltargeting/windows11.md deleted file mode 100644 index a88ad7234a..0000000000 --- a/docs/endpointpolicymanager/itemleveltargeting/windows11.md +++ /dev/null @@ -1,107 +0,0 @@ -# How can I use Item Level Targeting to specify a specific Windows 10 build and/or LTSC/LTSB? - -**Step 1 –** To target a specific Windows 10 Build, start out by using the Operating System item and -selecting Windows 10. - -**Step 2 –** Then select either: - -- WMI Query, or -- Registry match. - -![14_1_faq-4-rev-1-img-1](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_1_faq-4-rev-1-img-1.webp) - -**Step 3 –** If you choose WMI Query to detect the build number, enter the following in the Query -field: - -``` -SELECT * FROM Win32_OperatingSystem WHERE BuildNumber = "15063" -``` - -This would select Windows 1703, which is that build number. - -![14_2_faq-4-rev-1-img-2](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_2_faq-4-rev-1-img-2.webp) - -**CAUTION:** Note that you want to place a whole number and not a number with decimal places. The -BUILDNUMBER field is actually nota numeric value, but a stringvalue and must match exactly. - -**Step 4 –** If you choose REGISTRY Query to detect the build number, search for the following item -in the Registry: - -``` -Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | CurrentBuildNumber -``` - -![14_3_faq-4-rev-1-img-3](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_3_faq-4-rev-1-img-3.webp) - -**Step 5 –** Use the Registry Match item as follows for a specific Build number. - -![14_4_faq-4-rev-1-img-4](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_4_faq-4-rev-1-img-4.webp) - -Other build numbers you can use are: - -| | | -| ----- | ------------------------ | -| 10586 | Windows 10, version 1511 | -| 14393 | Windows 10, version 1607 | -| 15063 | Windows 10, version 1703 | -| 16299 | Windows 10, version 1709 | -| 17134 | Windows 10, version 1803 | -| 17763 | Windows 10, version 1809 | - -## How to Query for Minor Build Numbers - -From time to time, you might want to target a machine with an unusual build number. - -For instance, Windows 1809 had two revisions with the same build ID of 17763. These were the -original shipping version (which was pulled from Microsoft due to quality concerns), and then the -final build which was broadly deployed - -Each of these Windows 1809 builds has the Build number of 17763, but has a minor version of .1 for -the first release and .253 for the second release. - -You can see examples of the first and second Windows 1809 releases below. - -First release of Windows 1809 build 17763: - -![14_5_faq-4-rev-1-img-5](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_5_faq-4-rev-1-img-5.webp) - -Second release of Windows 1809 build 17763: - -![14_6_faq-4-rev-1-img-6](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_6_faq-4-rev-1-img-6.webp) - -The Value you want to match with an ILT Registry Match is this: - -``` -Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | UBR -``` - -UBR stands for Update Build Revision. - -This Item Level Target expresses: - -When Machine is Windows 10, and - -- When build is 17763 (Windows 1809) and -- When build's UBR is .1 (first version of 1809). - -![14_7_faq-4-rev-1-img-7](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_7_faq-4-rev-1-img-7.webp) - -## How to Query for CB/CBB vs. LTSB/LTSC - -Additionally, if you wanted to be specific and target LTSB/LTSC builds of Windows 10, you use a WMI -query filter which would specify: - -``` -SELECT OperatingSystemSKU FROM Win32_OperatingSystem WHERE OperatingSystemSKU = 125 -``` - -Or, if you want to target CB/CBB builds: - -``` -SELECT OperatingSystemSKU FROM Win32_OperatingSystem WHERE OperatingSystemSKU = 4 - -``` - -Here's an example: - -![14_8_faq-4-rev-1-img-8](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_8_faq-4-rev-1-img-8.webp) diff --git a/docs/endpointpolicymanager/javaenterpriserules/exportcollections.md b/docs/endpointpolicymanager/javaenterpriserules/exportcollections.md deleted file mode 100644 index ca021d0552..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/exportcollections.md +++ /dev/null @@ -1,14 +0,0 @@ -# Exporting Collections - -Appendix A explains how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy -Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, your -own MDM service, or Endpoint Policy Manager Cloud. To export a policy for later use using Endpoint -Policy Manager Exporter or Endpoint Policy Manager Cloud, right-click the collection or the policy -and select **Export to XML**. This will enable you to save an XML file, which you can use later. - -![using_policypak_java_rules_13](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_13.webp) - -**NOTE:** Exported collections or policies maintain any Item-Level Targeting that has already been -set. Also, note that Endpoint Policy Manager Java Rules Manager policies are always contained within -collections, even if you export one single policy. In other words, a collection is automatically -created at export time even if you export a single policy. diff --git a/docs/endpointpolicymanager/javaenterpriserules/gettingstarted.md b/docs/endpointpolicymanager/javaenterpriserules/gettingstarted.md deleted file mode 100644 index 46e31206e8..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/gettingstarted.md +++ /dev/null @@ -1,110 +0,0 @@ -# Quick Start - -**NOTE:** Watch this video for an overview of Java Rules Manager: See -[Use Endpoint Policy Manager Cloud to choose which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/cloud.md) -Netwrix Endpoint Policy Manager (formerly PolicyPak). - -Endpoint Policy Manager Java Rules Manager editor is within the Endpoint Policy Manager node. -Endpoint Policy Manager Java Rules Manager enables you to create a new Endpoint Policy Manager Java -Rules Manager policy or collection. - -**NOTE:** You will only see the Java Rules Manager node when you have the latest Endpoint Policy -Manager Admin Console MSI installed on your management station. - -![quickstart_policypak_java](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java.webp) - -Endpoint Policy Manager Java Rules Manager rules can only be created on the Computer side. If you -attempt to use the user-side configuration node, you will receive a message explaining that you need -to use the Computer side. This is because Endpoint Policy Manager Java Rules Manager rules affect -the system and all users on the machine. In other words, all users must honor the Endpoint Policy -Manager Java Rules Manager rule set, even though it can be filtered by using Item-Level Targeting -(explained later). - -Endpoint Policy Manager Java Rules Manager policies can use collections. If you want to keep things -organized, you can create a collectioni Endpoint Policy Manager and then put Java Rules policies (or -other collections) inside the collection. - -![quickstart_policypak_java_1](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_1.webp) - -![quickstart_policypak_java_2](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_2.webp) - -Endpoint Policy Manager Java Rules Manager has a precedence order. This happens if you decide to -have multiple policies, collections, and Group Policy Objects (GPOs), or if you choose to use -something other than Group Policy to deliver settings. - -**Step 1 –** For the Quickstart, we recommend creating a collection on the Computer side. Within -that collection, create a new Endpoint Policy Manager Java Rules Manager policy, such as the one -shown below. In this example, we are making a rule for [https://java.com ](https://java.com)by using -Java 7 U 51. (Note that this is https, notjust http). - -![quickstart_policypak_java_3](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_3.webp) - -**Step 2 –** Once you click **OK** you will receive an entry similar to the one shown below. - -![quickstart_policypak_java_4](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_4.webp) - -**Step 3 –** If you would like to follow along with this Quickstart, create two more Endpoint Policy -Manager Java Rules Manager policies in the same collection. The next one will make a rule so that -[http://javatester.org ](http://javatester.org)will run with Java 8 U 25. (Note that this URL is -http, nothttps). - -![quickstart_policypak_java_5](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_5.webp) - -**Step 4 –** Click **OK** to save the entry.. - -**Step 5 –** Create another policy that will block `https://*.nasa.gov/`.Note that this URL is -https. - -![quickstart_policypak_java_6](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_6.webp) - -**Step 6 –** When complete, your entries will look like this:. - -![quickstart_policypak_java_7](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_7.webp) - -Here is what each column in the above figure means: - -- Policy Name — This is the name you gave the policy. Default browser is always named Default - Browser. -- Manage Type — The method to perform the mapping of the Java applet to the version of Java you want - to use (explained in more detail later). -- Rule — In this example, this is the location/URL you chose to manage. -- Enabled (True/False) — A policy entry can be enabled, which means it will go to work. If you need - to temporarily stop a policy entry from applying, you can disable it (set it to False). -- Item-Level Targeting (No/Yes) — We will describe this column later on in the section - [Using Item-Level Targeting with Collections and Policies](/docs/endpointpolicymanager/javaenterpriserules/itemleveltargeting.md). -- Comment — Any entry can have a comment option, which is used to explain why you made the decision. - -**Step 7 –** On the endpoint, reboot the computer or run GPupdate so the GPO with the policies that -affect the computer will apply. - -**NOTE:** Logging in as a test user will not work in this case since these Endpoint Policy Manager -entries are on the Computer side and are only processed when the computer is updated (at reboot or -GPupdate). - -**Step 8 –** Now try out Endpoint Policy Manager Java Rules Manager by doing the following: - -- Open Internet Explorer and visit [java.com](http://www.java.com/). Next, click **Do I have Java?** - Instead of showing the latest version of Java installed on your machine, you should see that you - have Java 7 U 51. -- Open Firefox and visit [www.javatester.org](http://www.javatester.org/). Then click **Test this - version of Java**. You should see Java 1.8.0_25, that is, Java 8 U 25. - -![quickstart_policypak_java_8](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_8.webp) - -**Step 9 –** On either browser, visit -[https://atcsim.arc.nasa.gov/version/index.html](https://atcsim.arc.nasa.gov/version/index.html). -When you visit the NASA website, you will receive a prompt warning you that the web certificate is -out of date and will be received (which is not related to Java). Continue to run the applet. The -result is shown below. - -![quickstart_policypak_java_9](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_9.webp) - -**Step 10 –** Click **OK**. Next, click the **Error: Click for details** message. When you do this, -another message will pop-up. - -![quickstart_policypak_java_10](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_10.webp) - -This ends the Endpoint Policy Manager Java Rules Manager Quickstart, which demonstrated the power of -Endpoint Policy Manager Java Enterprise Rules Manager in the fastest amount of time. Note that -prompts for various Java-related items might be received during your Quickstart. To overcome this, -please see section on [Overcoming Java Prompts](/docs/endpointpolicymanager/javaenterpriserules/prompts/overview.md). diff --git a/docs/endpointpolicymanager/javaenterpriserules/itemleveltargeting.md b/docs/endpointpolicymanager/javaenterpriserules/itemleveltargeting.md deleted file mode 100644 index 9f5fc62f74..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/itemleveltargeting.md +++ /dev/null @@ -1,61 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint -Policy Manager to target or filter where specific policies will apply. With Endpoint Policy Manager -Java Rules Manager, Item-Level Targeting can be placed on collections as well as Java Rules Manager -policies within collections. - -**Step 1 –** To start, right-click the collection, and select **Change Item Level Targeting**. - -![quickstart_policypak_java_2](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_2.webp) - -**Step 2 –** Within a Java Rules Manager policy, you can dictate an Item-Level Targeting policy by -clicking on **Item-Level Targeting**. - -![using_policypak_java_rules_7](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_7.webp) - -**Step 3 –** The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select -any combination of characteristics you want to test for. Administrators familiar with Group Policy -Preferences' Item-Level Targeting will be at home in this interface as it is functionally -equivalent. - -**Step 4 –** You can apply one or more targeting items to a policy, which enables targeting items to -be joined logically. You can also add targeting collections, which group together targeting items in -much the same way parentheses are used in an equation. In this way, you can create a complex -determination about where a policy will be applied. Collections may be set to **And**, **Or**, -**Is**, or **Is Not**. - -![using_policypak_java_rules_8](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_8.webp) - -Below are some real-world examples of how you can use Item-Level Targeting. - -- Software prerequisites — If you want to configure an application's settings, first make sure the - application is installed on the user's computer before configuring it. You can use File Match or - Registry Match targeting items (or both) to verify a specific version of a file or a registry - entry is present. (For an example of this, look in the Uninstall registry key.) -- Mobile computers — If you want to deploy settings exclusively for users on mobile PCs, then filter - the rule to apply only to mobile PCs by using the Portable Computer targeting item. -- Operating system version — You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system. Then filter each - rule using the Operating System targeting item. -- Group membership — You can link the Group Policy Object (GPO) to the whole domain or - organizational unit (OU), but only members within a specific group will pick up and process the - rule settings. -- IP range — You can specify different settings for various IP ranges, like different settings for - the home office and each field office. - -**Step 5 –** Close the editor when done. The collection's icon will have changed to orange, which -indicates it now has Item-Level Targeting on the whole collection. In other words, none of the items -in the collection will apply unless the Item-Level Targeting on the collection evaluates to True. - -![using_policypak_java_rules_9](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_9.webp) - -Within the collection, setting Item-Level Targeting within any policy results in the icon turning -orange. The Item-Level Targeting column will indicate if Item-Level Targeting is on (Yes) or off -(No). - -![using_policypak_java_rules_10](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_10.webp) - -In this way, you can have granular control over policies and collections. First, filter with -Item-Level Targeting on a collection, and then filter any specific rule if any Item-Level Targeting -is applied there. diff --git a/docs/endpointpolicymanager/javaenterpriserules/overview.md b/docs/endpointpolicymanager/javaenterpriserules/overview.md deleted file mode 100644 index e47fdf71b0..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/overview.md +++ /dev/null @@ -1,79 +0,0 @@ -# Java Enterprise Rules Manager - -**NOTE:** Before reading this section, please ensure you have read Book 2: -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section in Appendix A: -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) to deploy your -directives. - -The goals of Netwrix Endpoint Policy Manager (formerly PolicyPak) Java Rules Manager are as follows: - -- Dictate specific versions of Java that should be utilized by specific Java applets (usually housed - within specific webpages). -- Reduce or eliminate prompts to end users about Java. -- Continue to run unknown or unnamed Java applets with the most secure version of Java. - -Java Rules Manager enables you to map the version of Java you want to use in individual -circumstances. It is the fastest way to implement Oracle's Java Deployment Rule Set feature (which -will be explained later). PolicyPak is not reinventing the wheel or tricking Java. Instead, it works -alongside Oracle's sanctioned method for the mapping of Java versions to Java applets. - -**NOTE:** See this video -[Use Endpoint Policy Manager Cloud to choose which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/cloud.md) for -an overview of Endpoint Policy Manager Java Rules Manager. - -For instance, you might want to ensure that the following policies are running on your machine: - -- Use Java 7 U 51 for when end users go to www.internal.com/app1. -- Use Java 8 U 25 for when end users go to www.internal.com/app2. -- Block specific Java applets from running in specific websites. -- Use the latest version of Java for all other sites and circumstances. - -PolicyPak Java Rules Manager enables you to perform the following functions: - -- Assemble settings (policies) into collections. -- Set Item-Level Targeting on policies and collections. -- Deliver policies to the Computer side (without Group Policy Loopback mode). -- Create exact criteria for when specific Java versions should open in a browser. -- Export policies or collections as XML files for use with PolicyPak Exporter and PolicyPak Cloud. - See [Exporting Collections](/docs/endpointpolicymanager/javaenterpriserules/exportcollections.md) for additional information. -- Set custom messages when blocking a Java applet. - -To use the Quickstart for PolicyPak Java Rules Manager, we recommend you have one endpoint (Windows -7 or later) configured with the following browsers and Java versions: - -- Internet Explorer 11 -- Firefox (latest ESR version still supports Java) -- Chrome (latest) -- Java 7 (our examples will use Java 7 U 51) -- Java 8 (our examples will use Java 8 U 25) -- The latest version of Java (Java 8 U 111 as of this manual's publication) - -It is recommended that you test the endpoint (Windows 7 or later) with all these versions of Java, -as well as Internet Explorer, Firefox, and Chrome. - -![about_policypak_java_rules](/img/product_docs/endpointpolicymanager/javaenterpriserules/about_endpointpolicymanager_java_rules.webp) - -Even though there are more advanced scenarios, this will get you going quickly. - -There are a few basic ways you can use PolicyPak Java Rules Manager. - -- First, create a Microsoft Group Policy Object (GPO) using PolicyPak Java Rules Manager. If you use - Group Policy as the delivery mechanism, then that directive is deployed to client machines. -- Alternatively, export the PolicyPak Java Rules Manager rules and deliver them via the following - applications: - - - Microsoft Endpoint Manager (SCCM and Intune) - - Your own systems management software - - PolicyPak Cloud service - - The client machine with the PolicyPak client-side extension (CSE) - -**NOTE:** If you use the PolicyPak Cloud service, you can deliver Group Policy settings even to -non-domain-joined machines over the Internet. diff --git a/docs/endpointpolicymanager/javaenterpriserules/overview/knowledgebase.md b/docs/endpointpolicymanager/javaenterpriserules/overview/knowledgebase.md deleted file mode 100644 index f4f7152c96..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/overview/knowledgebase.md +++ /dev/null @@ -1,13 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Java Enterprise Rules Manager. - -## Getting Started - -- [I'm using Endpoint Policy Manager Java Rules Manager, but I still get Java prompts when visiting a webpage, or attempting to run a Java applet. What can I do?](/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/javaprompts.md) -- [How are wildcards supported when used with IP addresses in the Java Rules Manager MMC console?](/docs/endpointpolicymanager/javaenterpriserules/wildcards.md) -- [How does Endpoint Policy Manager Java Rules Manager work with Virtualized Browsers and/or Java?](/docs/endpointpolicymanager/javaenterpriserules/virtualizedbrowsers.md) -- [How are URLs evaluated within Endpoint Policy Manager Java Rules Manager?](/docs/endpointpolicymanager/javaenterpriserules/evaluateurls.md) -- [Does Endpoint Policy Manager Java Rules Manager work with 64-bit versions of Java?](/docs/endpointpolicymanager/requirements/support/javaenterpriserules/version64bit.md) -- [What is the earliest version / what versions of Java are required for Java Rules Manager to work with?](/docs/endpointpolicymanager/requirements/support/javaenterpriserules/versionjava.md) -- [Why is the latest Java version installed being used instead of the version specified by Java Rules Manager?](/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/versionlatest.md) diff --git a/docs/endpointpolicymanager/javaenterpriserules/overview/videolearningcenter.md b/docs/endpointpolicymanager/javaenterpriserules/overview/videolearningcenter.md deleted file mode 100644 index 537470d584..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/overview/videolearningcenter.md +++ /dev/null @@ -1,27 +0,0 @@ -# Video Learning Center - -See the following Video topics for Java Enterprise Rules Manager. - -## Getting Started - -- [Use Group Policy to dictate which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/gettingstarted.md) - -- [Endpoint Policy ManagerJava Rules Manager and Endpoint Policy Manager Browser Router: Better Together](/docs/endpointpolicymanager/video/javaenterpriserules/browserrouter.md) - -- [Block ALL Java (with some exceptions)](/docs/endpointpolicymanager/video/javaenterpriserules/block.md) - -- [Using item Level Targeting to Specify which version of Java to use](/docs/endpointpolicymanager/video/javaenterpriserules/itemleveltargeting.md) - -- [Endpoint Policy Manager Java Rules Manager... Import from Oracle's Deployment Rule Sets](/docs/endpointpolicymanager/video/javaenterpriserules/oracledeploymentrulesets.md) - -## Methods: SCCM, XML, MDM, Cloud, PDQ, Citrix, etc. - -- [Deploy and Manage Java with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/javaenterpriserules/integration/pdqdeploy.md) -- [Deploying Multiple Versions of Java to the Same Endpoint Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/javaenterpriserules/versionsmultiple.md) -- [Use Endpoint Policy Manager Cloud to choose which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/cloud.md) -- [Use SCCM, KACE, etc to specify different websites for different Java](/docs/endpointpolicymanager/video/javaenterpriserules/sccm.md) -- [Manage Java with Java Rules Manager and your MDM service](/docs/endpointpolicymanager/video/javaenterpriserules/mdm.md) - -## Troubleshooting - -- [Endpoint Policy Manager Java Rules Manager: XML Surgery](/docs/endpointpolicymanager/video/javaenterpriserules/xmlsurgery.md) diff --git a/docs/endpointpolicymanager/javaenterpriserules/processorderprecedence.md b/docs/endpointpolicymanager/javaenterpriserules/processorderprecedence.md deleted file mode 100644 index 3f975efa85..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/processorderprecedence.md +++ /dev/null @@ -1,28 +0,0 @@ -# Understanding Processing Order and Precedence - -When you use Endpoint Policy Manager Java Rules Manager you might have multiple policies and/or -conflicting settings. When you do, you should attempt to troubleshoot by understanding the -processing order and precedence order as explained in the following sections. - -## Processing Order - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So, lower-numbered collections attempt to process first, and higher-numbered collections attempt to -process last. Then, within any collection, each policy is processed in numerical order from lowest -to highest. - -![using_policypak_java_rules_11](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_11.webp) - -![using_policypak_java_rules_12](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_12.webp) - -## Precedence - -Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint -Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As -such, the Endpoint Policy Manager engine needs to make a final determination whether there is any -overlap of policies. Here is how the precedence works: - -- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. -- Policies delivered through Endpoint Policy Manager files have the next highest precedence. -- Policies delivered through Endpoint Policy Manager k Group Policy directives have the highest - precedence. diff --git a/docs/endpointpolicymanager/javaenterpriserules/prompts/firefox.md b/docs/endpointpolicymanager/javaenterpriserules/prompts/firefox.md deleted file mode 100644 index 6b5d087413..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/prompts/firefox.md +++ /dev/null @@ -1,12 +0,0 @@ -# Type 2: Java Messages for Firefox - -When an end user encounters a Java applet on a website, they are asked to Activate Java, and to -Allow Now or Allow and Remember appear - -![overcoming_java_prompts_1](/img/product_docs/endpointpolicymanager/javaenterpriserules/prompts/overcoming_java_prompts_1.webp) - -![overcoming_java_prompts_2](/img/product_docs/endpointpolicymanager/javaenterpriserules/prompts/overcoming_java_prompts_2.webp) - -See -[Firefox: How do I set "Allow Now", "Allow and Remember" or "Block Plugin" as plug-ins are requested?](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/ApplicationSettings/Preconfigured/Firefox/AllowRemember.htm) -for additional information. diff --git a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/overview.md b/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/overview.md deleted file mode 100644 index d6687a2d43..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/overview.md +++ /dev/null @@ -1,4 +0,0 @@ -# Type 3: Java Messages for Internet Explorer - -You likely want to eliminate messages about Java when users are using Internet Explorer. The tips in -this section can help you to do just that. diff --git a/docs/endpointpolicymanager/javaenterpriserules/prompts/overview.md b/docs/endpointpolicymanager/javaenterpriserules/prompts/overview.md deleted file mode 100644 index 2a7c71beeb..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/prompts/overview.md +++ /dev/null @@ -1,9 +0,0 @@ -# Overcoming Java Prompts - -Java applets work in Internet Explorer and Firefox. They do not work in Chrome or Microsoft Edge. -Therefore, you will receive Java prompts, which apply to the following browsers: - -- Type 1 — Firefox AND Internet Explorer (These are generic Java messages, which could apply to - either browser.) -- Type 2 — Firefox -- Type 3 — Internet Explorer diff --git a/docs/endpointpolicymanager/javaenterpriserules/usage.md b/docs/endpointpolicymanager/javaenterpriserules/usage.md deleted file mode 100644 index 23d5ed30f9..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/usage.md +++ /dev/null @@ -1,9 +0,0 @@ -# Using Java Rules Manager - -In this section, you will learn how to do the following: - -- Create the right Java rules for the right circumstances -- Modify rules with Item-Level Targeting -- Understand the processing order of rules -- Learn how to export collections and rules to deploy using Microsoft Endpoint Manager (SCCM and - Intune) or Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud diff --git a/docs/endpointpolicymanager/javaenterpriserules/wildcards.md b/docs/endpointpolicymanager/javaenterpriserules/wildcards.md deleted file mode 100644 index 186f11719a..0000000000 --- a/docs/endpointpolicymanager/javaenterpriserules/wildcards.md +++ /dev/null @@ -1,30 +0,0 @@ -# How are wildcards supported when used with IP addresses in the Java Rules Manager MMC console? - -Supported syntaxes: - -- 192.168.2.2 -- 81.22.2.1 -- 255.255.255.255 -- 251.251.251.251 -- 12.12.\* -- 12.\* - -Unsupported syntax examples: - -- 12.\*.\* -- 12.\*.\*.\* -- 12.12.\*.12 -- 12.\*.12.\* -- 12.\*.12.12 -- 12.\*.\*.12 - -Some more examples: - -- \*.238.1.3 – Works -- \*.1.3 – Works -- \*.3 – works fine loaded java 7_80 - -Rules which will not work: - -- 137.238.1.\* – will not work; Java isn't loaded -- 137.238.1.\*/is/javatest/ – will not work; Java isn't loaded diff --git a/docs/endpointpolicymanager/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase.md deleted file mode 100644 index 162a67c8bc..0000000000 --- a/docs/endpointpolicymanager/knowledgebase.md +++ /dev/null @@ -1,29 +0,0 @@ -# Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles - -In the following topics, you will find the Endpoint Policy Manager Knowledge Base articles and Video -Learning Center sessions: - -| | | | -| ------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -| ![allthingslicensing](/img/product_docs/endpointpolicymanager/allthingslicensing.webp) | All Things Licensing | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![gettingstartedmisc](/img/product_docs/endpointpolicymanager/gettingstartedmisc.webp) | Getting Started with Endpoint Policy Manager (Misc) | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![gettingstartedcloud](/img/product_docs/endpointpolicymanager/gettingstartedcloud.webp) | Getting Started with Cloud | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![allthingsinstallationupkeep](/img/product_docs/endpointpolicymanager/allthingsinstallationupkeep.webp) | All Thinks Installation & Upkeep | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![gettingstartedgrouppolicy](/img/product_docs/endpointpolicymanager/gettingstartedmisc.webp) | Getting Started with Group Policy | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![gettingstartedmdm](/img/product_docs/endpointpolicymanager/gettingstartedmdm.webp) | Getting Started with MDM | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![gpoexportmergeadmintemplatespreferences](/img/product_docs/endpointpolicymanager/gpoexportmergeadmintemplatespreferences.webp) | GPO Export Merge, Admin Templates & Preferences 2.0 | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![fileassociationsmanager](/img/product_docs/endpointpolicymanager/fileassociationsmanager.webp) | File Associations Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![browserrouter](/img/product_docs/endpointpolicymanager/browserrouter.webp) | Browser Router | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![leastprivilegemanager](/img/product_docs/endpointpolicymanager/leastprivilegemanager.webp) | Least Privilege Manager Windows and Mac | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![devicemanager](/img/product_docs/endpointpolicymanager/devicemanager.webp) | Device Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![networksecuritymanager](/img/product_docs/endpointpolicymanager/networksecuritymanager.webp) | Network Security Manager | - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![javaenterpriserulesmanager](/img/product_docs/endpointpolicymanager/javaenterpriserulesmanager.webp) | Java Enterprise Rules Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![startscreentaskbarmanager](/img/product_docs/endpointpolicymanager/startscreentaskbarmanager.webp) | Start Screen & Task Bar Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![scriptstriggersmanager](/img/product_docs/endpointpolicymanager/scriptstriggersmanager.webp) | Scripts & Triggers Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![featuremanagerwindows](/img/product_docs/endpointpolicymanager/featuremanagerwindows.webp) | Feature Manager for Windows | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![remoteworkdeliverymanager](/img/product_docs/endpointpolicymanager/remoteworkdeliverymanager.webp) | Remote Work Delivery Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![rdpmanager](/img/product_docs/endpointpolicymanager/rdpmanager.webp) | Endpoint Policy Manager RDP Manager | - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![softwarepackagemanager](/img/product_docs/endpointpolicymanager/softwarepackagemanager.webp) | Software Package Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![applicationmanager](/img/product_docs/endpointpolicymanager/applicationmanager.webp) | Application Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![gpcompliancereporter](/img/product_docs/endpointpolicymanager/gpcompliancereporter.webp) | Endpoint Policy Manager GP Compliance Reporter | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | -| ![archive](/img/product_docs/endpointpolicymanager/archive.webp) | Archive | - [Archive](/docs/endpointpolicymanager/archive/overview.md) | diff --git a/docs/endpointpolicymanager/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/_category_.json new file mode 100644 index 0000000000..aa816f1619 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/_category_.json new file mode 100644 index 0000000000..45d459a3f4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "All Things Installation And Upkeep", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/_category_.json new file mode 100644 index 0000000000..91d03fa362 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "AntiVirus And Other System Software", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md new file mode 100644 index 0000000000..946720d9e6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md @@ -0,0 +1,158 @@ +--- +title: "How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?" +description: "How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?" +sidebar_position: 20 +--- + +# How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE? + +With some Antivirus and other security engines it is necessary to exclude some Netwrix Endpoint +Policy Manager (formerly PolicyPak) items. + +Endpoint Policy Manager acts as part of the operating system, and, as such, can occasionally +conflict with some Antivirus programs. (McAfee, Sophos, etc.) + +Additionally, you can tell Endpoint Policy Manager to avoid conflict with Antivirus and security +engines if you know what processes are getting entangled. If you wish to do that, please see +[PolicyPak: Exclude Processes via ADMX](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/Video/GettingStarted/ADMX.htm) +for general how-to directions. + +We suggest proactively excluding the two processes below which could be blocked and prevented from +performing their jobs. + +- `PPWatcherSvc*.exe` (with \* being either the 32- or 64-bit version) +- `PPExtensionService.exe` (with \* being either the 32- or 64-bit version) + +You might need to also exclude these: + +- `%Programdata%\PolicyPak.` +- `%localappdata%\PolicyPak` + +For 32-bit machines: + +- `C:\Program Files\PolicyPak` +- `C:\ProgramData\PolicyPak` +- `C:\Program Files (x86)\PolicyPak\Application Manager\Client\*\PPReapplyOnLaunch32.dll ` (\* + should be replaced with your installed CSE version, i.e. 21.10.2943) +- `C:\Program Files (x86)\PolicyPak\Application Manager\Client\*\PPAppMgrClient.dll ` (\* should be + replaced with your installed CSE version, i.e. 21.10.2943) + +For 64-bit machines: + +- `C:\program files (x86)\PolicyPak` +- `C:\Program Files\PolicyPak` +- `C:\ProgramData\PolicyPak` +- `C:\Program Files\PolicyPak\Application Manager\Client\*\PPReapplyOnLaunch64.dll` (\* should be + replaced with your installed CSE version, i.e. 21.10.2943) +- `C:\Program Files\PolicyPak\Application Manager\Client\*\PPAppMgrClient.dll` (\* should be + replaced with your installed CSE version, i.e. 21.10.2943) +- `C:\Program Files\PolicyPak\Device Manager\Client\*\PPDMClient.dll` (\* should be replaced with + your installed CSE version, i.e. 21.10.2943) + +**CAUTION:** The above location paths must be matched to your installed CSE version. + +To cover all the bases please also exclude PPWatchersvc64.exe and PPWatchersvc32.exe from the +Exploit Mitigation feature. + +For SOPHOS users who receive: APCViolation exploit prevented in Endpoint Policy Manager Watcher +Service: + +- Check the Event details and then make an exception in the Exploit Protection setting +- The typical workaround is to add PPWatersvc64.exe as an exclusion to the Exploit Mitigation + +## IVANTI Heat Customers + +There are a couple of issues to keep in mind: + +First, please read +[ivanti forms Troubleshooting Application Conflicts for additional information.](https://forums.ivanti.com/s/article/Troubleshooting-application-conflicts-with-LES?language=en_US) + +The basic approach is to rename these files and then reboot to see if conflicts still occur. + +- `C:\Windows\System32\sxwmon64.dll` +- `32-bit: C:\Windows\System32\sxwmon32.dll` +- `64-bit: C:\Windows\SysWow64\sxwmon32.dll` + +## FORTINET Customers + +FortiNet / FortiClient version 6.0.8.0261 will not install the latest CSE and displays the following +error message during installation: + +![54_1_image](/img/product_docs/endpointpolicymanager/install/54_1_image.webp) + +Symptom: Error message when installing CSE: Could not write value `ExplorerCommandHandler` to key +`\SOFTWARE\Classes\exefile\shell\runasspecial` + +- The workaround is to update FortiClient to version 6.0.9.0277 or higher. + +## More Information / Micorosft A/V Products + +For more details on Windows Defender exclusions in general, please see +[The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/). + +## CARBON BLACK Customers + +During the installation of the Endpoint Policy Manager  CSE, you may encounter the following error +message: + +![54_2_image-20230330120114-2](/img/product_docs/endpointpolicymanager/install/54_2_image-20230330120114-2.webp) + +To work around this issue please add the following BYPASS policies for Endpoint Policy Manager as +shown below. + +![54_3_image-2](/img/product_docs/endpointpolicymanager/install/54_3_image-2.webp) + +## DEFENDER Customers + +During installation or removal of the Endpoint Policy Manager CSE you may run into this error: + +![defendererror](/img/product_docs/endpointpolicymanager/install/defendererror.webp) + +The Windows Application log will also show the following Error: + +Product: Netwrix Endpoint Policy Manager (formerly PolicyPak) Client-Side Extension -- Error 1721. +There is a problem with this Windows Installer package. A program required for this install to +complete could not be run. + +![defendererrorevent](/img/product_docs/endpointpolicymanager/install/defendererrorevent.webp) + +To work around this issue you need to add the following folder exclusions under **Attack Surface +Reduction** > **Attack Surface Rules**: + +- `C:\Program Files\PolicyPak\` +- `C:\ProgramData\PolicyPak\` + +![defendereditpolicy](/img/product_docs/endpointpolicymanager/install/defendereditpolicy.webp) + +See the Cloudbrothers article +[The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions](https://cloudbrothers.info/en/guide-to-defender-exclusions/) +for additional information on Windows Defender exclusions. + +## Netskope Customers + +For Netskope customers, this workaround was provided by another customer and may or may not work in +your circumstance. + +If when installing the Endpoint Policy Manager Cloud client, you get the experience below: + +![netskopeandcloud](/img/product_docs/endpointpolicymanager/install/netskopeandcloud.webp) + +Follow the steps to resolve Netskope errors. + +**Step 1 –** Create a `certpinned` app bypass including the 3 processes` ppcloudsvc.exe`, +`ppcloud.exe`, `rundll32.exe`. See Netskope's article +[Creating a Custom Certificate Pinned Application](https://docs.netskope.com/en/creating-a-custom-certificate-pinned-application/#creating-a-custom-certificate-pinned-application) +for additional information. + +**Step 2 –** Create a local domain bypass for `cloud-agent.endpointpolicymanager.com`. + +Explanation of Root Cause + +Many installed applications use embedded certificates for TLS communication. Netskope grabs all +https traffic for SSL decryption. This is not an issue when it comes to browsers because Netskope +swaps the certificate to something else that machines trust. However, with application certificates +(cert pinned apps), Netskope is unable to make the switch since the cert is embedded in the +application. + +These steps above provide a workaround for Netskope + Endpoint Policy Manager Cloud installation +issues. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/citrixapplayering.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/citrixapplayering.md new file mode 100644 index 0000000000..b30cd095f0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/citrixapplayering.md @@ -0,0 +1,13 @@ +--- +title: "I want to use Endpoint Policy Managerwith Citrix App Layering (aka Unidesk). At which layer should I implement the Endpoint Policy Manager Client Side Extension?" +description: "I want to use Endpoint Policy Managerwith Citrix App Layering (aka Unidesk). At which layer should I implement the Endpoint Policy Manager Client Side Extension?" +sidebar_position: 10 +--- + +# I want to use Endpoint Policy Managerwith Citrix App Layering (aka Unidesk). At which layer should I implement the Endpoint Policy Manager Client Side Extension? + +Citrix App Layering lets you add packages at the OS, PLATFORM or APP LAYER. + +While it ispossible that Netwrix Endpoint Policy Manager (formerly PolicyPak) should work at any +layer, we recommend the OS layer since Endpoint Policy Manager acts as part of the operating system +and is tightly integrated with Group Policy. diff --git a/docs/endpointpolicymanager/troubleshooting/install/digitallysigneddriver.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/digitallysigneddriver.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/install/digitallysigneddriver.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/digitallysigneddriver.md index 2f831b1c41..003b4aac8c 100644 --- a/docs/endpointpolicymanager/troubleshooting/install/digitallysigneddriver.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/digitallysigneddriver.md @@ -1,3 +1,9 @@ +--- +title: "Why am I prompted about a Digitally Signed Driver for Endpoint Policy Manager CSE (and how do I work around it)?" +description: "Why am I prompted about a Digitally Signed Driver for Endpoint Policy Manager CSE (and how do I work around it)?" +sidebar_position: 30 +--- + # Why am I prompted about a Digitally Signed Driver for Endpoint Policy Manager CSE (and how do I work around it)? When installing the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE, you get the following diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/sufficientprivileges.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/sufficientprivileges.md new file mode 100644 index 0000000000..f7eb527a58 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/sufficientprivileges.md @@ -0,0 +1,24 @@ +--- +title: "Why won't the Endpoint Policy Manager services start, with an error like (or similar to) \"Verify that you have sufficient privileges to start system services.\"?" +description: "Why won't the Endpoint Policy Manager services start, with an error like (or similar to) \"Verify that you have sufficient privileges to start system services.\"?" +sidebar_position: 40 +--- + +# Why won't the Endpoint Policy Manager services start, with an error like (or similar to) "Verify that you have sufficient privileges to start system services."? + +If you get an error while starting the Netwrix Endpoint Policy Manager (formerly PolicyPak) +services, such as this… + +``` +Product: Policypak Client-Side Extension -- Error 1920. Service Policypak ' Watcher Service (64-bit)' (PPWatcherSvc64) failed to start. Verify that you have sufficient privileges to start system services. +``` + +It's likely your Antivirus is preventing Endpoint Policy Manager from operating. We know at least +Carbon Black will prevent Endpoint Policy Manager from running unless it's exempted. + +For more information +[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md). + +Example of error and results in Event log: + +![97_1_carbonblack1](/img/product_docs/endpointpolicymanager/troubleshooting/error/install/97_1_carbonblack1.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/backupandrestore/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/backupandrestore/_category_.json new file mode 100644 index 0000000000..1a01a8e73e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/backupandrestore/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Backup And Restore", + "position": 100, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/restoredetails.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/backupandrestore/restoredetails.md similarity index 83% rename from docs/endpointpolicymanager/troubleshooting/restoredetails.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/backupandrestore/restoredetails.md index daf527ae40..f76a2d7080 100644 --- a/docs/endpointpolicymanager/troubleshooting/restoredetails.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/backupandrestore/restoredetails.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager details with GPO contents appear deleted. How can I restore them?" +description: "Endpoint Policy Manager details with GPO contents appear deleted. How can I restore them?" +sidebar_position: 10 +--- + # Endpoint Policy Manager details with GPO contents appear deleted. How can I restore them? First, you can always restore ANY GPO if you have a full GPO backup.  If you have a GPO backup, then diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/_category_.json new file mode 100644 index 0000000000..5ad1c8c88b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Best Practices Keeping Up To Date With Releases", + "position": 80, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/commandline.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/commandline.md new file mode 100644 index 0000000000..29fb5c1917 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/commandline.md @@ -0,0 +1,56 @@ +--- +title: "How to trigger an update of the Endpoint Policy ManagerClient Side Extension and Cloud Client via command line using Endpoint Policy Manager Cloud versus Group Policy (OnPrem) Edition" +description: "How to trigger an update of the Endpoint Policy ManagerClient Side Extension and Cloud Client via command line using Endpoint Policy Manager Cloud versus Group Policy (OnPrem) Edition" +sidebar_position: 50 +--- + +# How to trigger an update of the Endpoint Policy ManagerClient Side Extension and Cloud Client via command line using Endpoint Policy Manager Cloud versus Group Policy (OnPrem) Edition + +## Using Endpoint Policy Manager Cloud + +From a CMD prompt, run `ppcloud /cseupdatenow` or`ppcloud /update` (both commands do the same thing) +Check for updated cloud client and client-side extensions and install them, if any are available. + +From more information seeRecommendations when using Netwrix Endpoint Policy Manager (formerly +PolicyPak) Cloud: Rings and Rollouts in the topic below. + +- [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) + +**NOTE:** When using the commands above both the CSE and PPC client will be updated if new versions +are available. + +## Using Endpoint Policy Manager Group Policy (OnPrem) Edition + +From a CMD prompt run `ppupdate`followed by one of the switches in the examples provided below. + +**NOTE:** These switches are dependent on having the CSE MSI files present in the Central Store See +Active Directory Options 2 & 3 in the KB below for more information. + +[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) + +Examples: + +``` +ppupdate /cseupdate +``` + +Forces CSE to immediately re-read `update.config` + +Check for updates will be performed on schedule. + +``` +ppupdate /cseupdatenow +``` + +Forces CSE to immediately re-read `update.config`, checks for updates and installs them if any are +available. + +Using this option will also reset the schedule. + +``` +ppupdate /cseupdatenow /force  +``` + +When specified along with /cseupdatenow, forces CSE to check for updates even when automatic updates +are disabled in `update.config`. This option is useful for those who want to check for updates on +their own schedule. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency.md new file mode 100644 index 0000000000..a64e58033c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency.md @@ -0,0 +1,31 @@ +--- +title: "When should I upgrade or not upgrade the Endpoint Policy Manager CSE?" +description: "When should I upgrade or not upgrade the Endpoint Policy Manager CSE?" +sidebar_position: 30 +--- + +# When should I upgrade or not upgrade the Endpoint Policy Manager CSE? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE is updated from time to time to add +features and fix bugs. + +Generally, when we publish an update, we either say: + +- This is a recommended update for all customers or This is a minor update to fix the following + issues. +- It's up to you to read the build notes and decide if you should upgrade. +- But in general, if this is a recommended update for all customers, then you should almost + certainly do that. + +That being said, if you are not at the latest version of the PP CSE, and you open a support ticket, +one of the first troubleshooting steps we ask of all customers is to get on the latest CSE on one or +two affected test machines. + +If a bug is identified in the latest shipping build, then we will supply a fix and publish a new +update. + +In oher words, Endpoint Policy Manager ONLY supports and makes fixes for the latest CSE, and never +supports any older CSEs. + +So the best practice is to stay updated so that if you do find an issue that requires attention, the +problem is not compound by being months or years behind. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency_1.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency_1.md new file mode 100644 index 0000000000..d931e6932b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency_1.md @@ -0,0 +1,37 @@ +--- +title: "How often is Endpoint Policy Manager updated? And, must I update to the latest version? Are all versions supported?" +description: "How often is Endpoint Policy Manager updated? And, must I update to the latest version? Are all versions supported?" +sidebar_position: 40 +--- + +# How often is Endpoint Policy Manager updated? And, must I update to the latest version? Are all versions supported? + +There are several parts to Netwrix Endpoint Policy Manager (formerly PolicyPak) +[What items and components are licensed, and what components are free?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_1.md) + +When people ask us how often Endpoint Policy Manager is updated, they usually want to know when Paks +and/or the CSE are updated. + +The Paks are updated as needed. See +[AppSets: What is the official support policy for the pre-configured AppSets?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/supportpolicy.md) + +The CSE is updated for emergency bug fixes right away. The CSE is updated for low-priority bug fixes +about 3 to 4 times a year. We typically launch new features at the same time. + +You don't need to update to other parts of Endpoint Policy Manager, like the MMC snap in, GPOTouch +utility, and License Utility. These are also updated as needed. + +From a Endpoint Policy Manager supportability perspective, we only ever truly support the currently +shipping version. + +That being said, you're welcome to use the version you want until one of three things occurs: + +- There's a feature you want to take advantage of that's only in a newer version +- A bug that's fixed that's only on the CSE +- A bug / feature that's only fixed when both the Pak and CSE are updated + +So, if you found a bug which could only be fixed inside the CSE, we would simply update the latest +shipping CSE version and put out the next shipping version for all customerswith the bug fix. + +In this way, the closer you are to latest version the easier the transition to the latest version +will be, should the need arise. diff --git a/docs/endpointpolicymanager/install/rings.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md similarity index 97% rename from docs/endpointpolicymanager/install/rings.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md index 4313644274..86a3db7e3c 100644 --- a/docs/endpointpolicymanager/install/rings.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md @@ -1,3 +1,9 @@ +--- +title: "Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)" +description: "Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)" +sidebar_position: 10 +--- + # Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported) This topic will cover how to best pre-test a Client-Side Extension (CSE) roll-out (with or without @@ -203,7 +209,7 @@ of the CSE Auto-Updater. The CSE Auto-Updater will honor one of two types of rin you will set your rings apart with number of hours between updates. See the -[How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?](/docs/endpointpolicymanager/install/ringsupgrade.md) topic +[How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/ringsupgrade.md) topic for additional information. ### Active Directory Option 3: Using the Built-in Endpoint Policy Manager CSE Update mechanism in an alternate manner. @@ -230,7 +236,7 @@ Manager Remote Work Delivery Manager. You could create the rings using Active D any other targeting, then, shoot down a CSE update to specific machines as you saw fit. See the -[How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?](/docs/endpointpolicymanager/remoteworkdelivery/updateclientsideextension.md) +[How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/updateclientsideextension.md) and [Using Remote Work Delivery Manager to Update the Endpoint Policy Manager Client Side Extension](/docs/endpointpolicymanager/video/remoteworkdelivery/updateclientsideextension.md) topics for additional information. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/versions.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/versions.md new file mode 100644 index 0000000000..001af57f7e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/versions.md @@ -0,0 +1,66 @@ +--- +title: "What are the Endpoint Policy Manager Build and Version numbers?" +description: "What are the Endpoint Policy Manager Build and Version numbers?" +sidebar_position: 20 +--- + +# What are the Endpoint Policy Manager Build and Version numbers? + +Endpoint Policy Manager on-premise suite doesn't have traditional "1.0", "2.0" product versions. + +We simply have "the latest" and if you're a customer in good standing, you get to utilize that build +and upgrade anytime. + +There are various places you'll see the version number of the build, the CSE, and Paks (for Endpoint +Policy Manager Application Manager). + +In the Customer Portal, you'll see the BUILD number demonstrated like this … in this example the +build is 834.. + +![217_1_image002](/img/product_docs/endpointpolicymanager/troubleshooting/217_1_image002.webp) + +Here's how to read it: + +- So the NUMBER represents the Endpoint Policy Manager CSE version. The CSE is the part that's + installed on the endpoint / client machine. +- The LETTER represents how many times the download had been updated with MINOR updates. + +Perhaps there was a bugfix update to the Endpoint Policy Manager Admin Console MSI, after the CSE +was shipped. In that case the build number stays the same, but the letter is increased by one (a to +b) to show that something new is inside the download. + +When the CSE is installed on a client machine, you can see the version by running the PPupdate tool +and see the version number: + +**NOTE:** At no time will you see a, b, c, etc in the actual CSE (See picture below.) + +You'll only see the CSE ID which should match the build number. + +Older builds, like 761 will show it like this: + +![217_2_image0011](/img/product_docs/endpointpolicymanager/troubleshooting/217_2_image0011.webp) + +Newer builds, like 834 will show it like this: + +![217_3_image004](/img/product_docs/endpointpolicymanager/troubleshooting/217_3_image004.webp) + +You can also see the same number in Programs / Features in Windows like this: + +![217_4_image005](/img/product_docs/endpointpolicymanager/troubleshooting/217_4_image005.webp) + +What do the numbers BEFORE the build mean? + +- 15 is 2015. +- 12 is December. +- 834 is the build number. +- Anything after that is the minor increment number. + +For Endpoint Policy Manager Application Manager Paks, you might see Paks represented with the build +number of the Endpoint Policy Manager DesignStudio version that compiled the Pak. + +In this screenshot, you can see the original style and the new style: + +- Original style (4.2.785.1) means build 785 of the DesignStudio compiled the Pak. +- New Style (15.12.827.19) means build 827 of the DesignStudio compiled the Pak. + +![217_5_image006](/img/product_docs/endpointpolicymanager/troubleshooting/217_5_image006.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/_category_.json new file mode 100644 index 0000000000..e9500a3d2f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Install And Upgrade Troubleshooting", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/assignmentremovalfailed.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/assignmentremovalfailed.md new file mode 100644 index 0000000000..479e609b08 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/assignmentremovalfailed.md @@ -0,0 +1,20 @@ +--- +title: "The removal of the assignment of application Endpoint Policy Manager Client-Side Extension (32bit) from policy failed" +description: "The removal of the assignment of application Endpoint Policy Manager Client-Side Extension (32bit) from policy failed" +sidebar_position: 60 +--- + +# The removal of the assignment of application Endpoint Policy Manager Client-Side Extension (32bit) from policy failed + +When using Group Policy Software Deployment to install the Policy Pak CSE the following error +message is generated in the System Event log: + +``` +"The removal of the assignment of application Policypak Client-Side Extension (32bit) from policy … failed. The error was : %%2" +``` + +![336_1_image-20200111180227-1_950x451](/img/product_docs/endpointpolicymanager/troubleshooting/336_1_image-20200111180227-1_950x451.webp) + +To resolve this error, uncheck "Make this 32-bit X86 application available to Win64 computers" +checkbox for the 32bit Endpoint Policy Manager Client-Side Extension in the Group Policy Software +Deployment policy. diff --git a/docs/endpointpolicymanager/troubleshooting/computersidersop.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/computersidersop.md similarity index 89% rename from docs/endpointpolicymanager/troubleshooting/computersidersop.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/computersidersop.md index 8e87d9f6bb..b97b397d26 100644 --- a/docs/endpointpolicymanager/troubleshooting/computersidersop.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/computersidersop.md @@ -1,3 +1,9 @@ +--- +title: "How do I enable a STANDARD USER to see the COMPUTER SIDE RsOP ?" +description: "How do I enable a STANDARD USER to see the COMPUTER SIDE RsOP ?" +sidebar_position: 40 +--- + # How do I enable a STANDARD USER to see the COMPUTER SIDE RsOP ? If asked by support for a GPRESULT /R GPRESULT /H or GPRESULT /X report, the default behavior of diff --git a/docs/endpointpolicymanager/troubleshooting/error/gpsvcfailed.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/gpsvcfailed.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/error/gpsvcfailed.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/gpsvcfailed.md index 9782cf4d7e..92d7d1629b 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/gpsvcfailed.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/gpsvcfailed.md @@ -1,3 +1,9 @@ +--- +title: "I am getting an error about \"GPSVC failed at sign-in\". This error occurs exactly one time. What does this mean?" +description: "I am getting an error about \"GPSVC failed at sign-in\". This error occurs exactly one time. What does this mean?" +sidebar_position: 50 +--- + # I am getting an error about "GPSVC failed at sign-in". This error occurs exactly one time. What does this mean? If GP finds a non-Microsoft CSE it'll reconfigure itself into its own service host which causes diff --git a/docs/endpointpolicymanager/troubleshooting/install/newversionissues.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/newversionissues.md similarity index 90% rename from docs/endpointpolicymanager/troubleshooting/install/newversionissues.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/newversionissues.md index aade9672db..38b021af24 100644 --- a/docs/endpointpolicymanager/troubleshooting/install/newversionissues.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/newversionissues.md @@ -1,3 +1,9 @@ +--- +title: "What can I do if I installed a new CSE version and it's causing problems (slowdowns or other issues?)" +description: "What can I do if I installed a new CSE version and it's causing problems (slowdowns or other issues?)" +sidebar_position: 30 +--- + # What can I do if I installed a new CSE version and it's causing problems (slowdowns or other issues?) Here's what you should try on ONE affected machine… diff --git a/docs/endpointpolicymanager/troubleshooting/slowlogins.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/slowlogins.md similarity index 90% rename from docs/endpointpolicymanager/troubleshooting/slowlogins.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/slowlogins.md index 8e725bea6e..557cfa626a 100644 --- a/docs/endpointpolicymanager/troubleshooting/slowlogins.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/slowlogins.md @@ -1,3 +1,9 @@ +--- +title: "How do I troubleshoot slow logins (or other login problems), user profile issues, explorer.exe or other Windows problems? What if I'm having problems on ONE (or very few PCs)?" +description: "How do I troubleshoot slow logins (or other login problems), user profile issues, explorer.exe or other Windows problems? What if I'm having problems on ONE (or very few PCs)?" +sidebar_position: 20 +--- + # How do I troubleshoot slow logins (or other login problems), user profile issues, explorer.exe or other Windows problems? What if I'm having problems on ONE (or very few PCs)? The answer to this problem is a little different if you're just starting out with Netwrix Endpoint @@ -66,7 +72,7 @@ an older Client Side Extension, we won't ever fix that one. We only ever fix the sure BEFORE YOU CONTINUE that you've tested the problem out with the LATEST Client Side Extension. **Step 2 –** Perform an exclusion to your AntiVirus/Antimalware using -[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md) +[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md) **Step 3 –** Uninstall (not just disable) your AntiVirus/Antimalware. Does that clear it up? @@ -83,7 +89,7 @@ We can take a "first look" at your log files… but there are no guarantees here jump out and just tell us what it is. Do NOT attach this to an EMAIL. You must get an SRX first by emailing support, then, in the AUTORESPONSE, you'll get directions for how to UPLOAD your log files. Here is how to get us log files and results reports (perform EVERY step): -L[Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus?](/docs/endpointpolicymanager/troubleshooting/antivirus.md) +L[Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/antivirus.md) The items above are generally the causes of change and problems. Therefore, to get us close to the goal, your team will have to narrow it down. @@ -92,7 +98,7 @@ One thing to TRY (but this is not a solution, this just narrows it down for us) Policy Manager DRIVER. Sometimes the DRIVER can get in the way of things. Knowing the DRIVER is a problem can be helpful. Only test this out if installing the LATEST Client Side Extension doesn't clear up the -problem.[What can I do if I installed a new CSE version and it's causing problems (slowdowns or other issues?)](/docs/endpointpolicymanager/troubleshooting/install/newversionissues.md). +problem.[What can I do if I installed a new CSE version and it's causing problems (slowdowns or other issues?)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/newversionissues.md). ## Troubleshooting Scenario 1 (best): Bring up a new machine and triangulate where the problem is @@ -139,7 +145,7 @@ extensions). result? **Step 5 –** Here is how to get us log files and results reports (perform EVERY step): -[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) +[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) ## Troubleshooting Scenario 3 (also less good): Bring up a "deployed" machine and install old Endpoint Policy Manager CSEs to reveal the problem @@ -159,4 +165,4 @@ anymore we can look to see what changed on OUR side and then build a new Client version for you to test. **Step 4 –** Here is how to get us log files and results reports (perform EVERY -step):[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) +step):[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/uninstall.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/uninstall.md new file mode 100644 index 0000000000..b0e8a5334e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/uninstall.md @@ -0,0 +1,90 @@ +--- +title: "The CSE won't uninstall or allow in-place upgrade. What should I do?" +description: "The CSE won't uninstall or allow in-place upgrade. What should I do?" +sidebar_position: 10 +--- + +# The CSE won't uninstall or allow in-place upgrade. What should I do? + +The issue of the CSE not allowing an uninstall or an updrage isn't a problem with the Netwrix +Endpoint Policy Manager (formerly PolicyPak) CSE. This is a problem with the MSI database that +contains the contents of what is registered or not. + +One quick fix we have seen is to rename the newest CSE you get from us to something unique. For +instance, `endpointpolicymanager-CSE-SETUPx64-BUILD12345.MSI`, then retry your upgrade. Users have reported that +this can fix the problem by fooling the MSI database. + +If that does not work, you might see a dialog similar to this when trying to install/uninstall. Even +if you revert to a previous version, it is still likely that the CSE won't uninstall. + +![116_1_msiuu2-image-005](/img/product_docs/endpointpolicymanager/troubleshooting/install/116_1_msiuu2-image-005.webp) + +## Resolution + +Microsoft has a one-off fix to deal with broken MSIs that get stuck. Start with this solution from +Microsoft to test on one machine. See Microsoft's article +[Fix problems that block programs from being installed or removed](https://support.microsoft.com/en-us/topic/fix-problems-that-block-programs-from-being-installed-or-removed-cca7d1b6-65a9-3d98-426b-e9f927e1eb4d) +for the procedure on this solution. + +If the procedure from Microsoft's article is unsuccessful, try the following steps on one machine. + +**Step 1 –** Remove existing CSE version to allow a re-installation of the newest CSE, download +MSICUU from this link: +[https://www.endpointpolicymanager.com/pp-files/msicuu2.zip](https://www.endpointpolicymanager.com/pp-files/msicuu2.zip) + +**Step 2 –** Then launch it and select the CSE version and click **Remove**. + +![116_2_msiuu2-image-006](/img/product_docs/endpointpolicymanager/troubleshooting/install/116_2_msiuu2-image-006.webp) + +**Step 3 –** Manually install the latest Endpoint Policy Manager CSE, and verify it worked as +expected. + +If that succeeds, follow these steps. + +**Step 1 –** Test a scriptversion of that on some machines. + +**Step 2 –** Try to deploy the new CSE to some machines. + +**Step 3 –** Run the script on the remainder of your machines. + +**Step 4 –** Deploy the new CSE to the remainder of your machines. + +If you don't already have a tool you use to deploy the Endpoint Policy Manager CSE, we recommend you +use PDQ Deploy [(www.PDQ.com](https://www.pdq.com/)). There is a free and a paid version of the +tool, either version will work. + +Once the new CSE is deployed to the remainder of your machines, follow these steps. + +**Step 1 –** Download our +[`MSIZAP` and batch file](https://www.endpointpolicymanager.com/pp-files/ppMSIzapscript-4191.zip). + +**NOTE:** `MSIZAP` is a command line version of `MSICUU` that was used in the previous steps.. + +**Step 2 –** Locate the batch file included in the download. + +**Step 3 –** Run the batch file which will perform the uninstall using `MSIZAP`. It only works if +you put the old versions in another location. You'll see if you open up the batch file, which is +much clearer. + +**NOTE:** If the batch file needs updating and doesn't contain the MSI codes for the version you are +trying to uninstall, please work with your Netwrix support rep who can get that updated for you. + +After the batch file has been run, follow these steps. + +**Step 1 –** Manually test the batch file on a handful of machines. + +**Step 2 –** Verify that it worked. + +**Step 3 –** Don't try to run the script on all your machines yet. + +**Step 4 –** Try PDQ Deploy to get the latest CSE on those endpoints. + +**Step 5 –** Run the script on the remainder of your machines. + +**Step 6 –** Continue to use PDQ deploy to get the rest of the machines CSEs installed. + +**Step 7 –** Rename the latest CSE to be a unique name while attempting your upgrade. This might +yield more success, according to at least one customer report. + +The machines are now updated with a new CSE. If this solution was unsuccessful, contact your Netwrix +support representative for additional assistance. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..5d0131755f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/knowledgebase.md @@ -0,0 +1,76 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for all things installation and upkeep. + +## Method GPO: Initial Install + +- [Does Endpoint Policy Manager admin console need to be installed on Domain Controller (DC)?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/adminconsole.md) +- [I installed the Admin Console MSI, but I don't see the Endpoint Policy Manager node when I go to edit a GPO. Why?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/node.md) +- [What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/methods.md) +- [When I edit the GPO, the settings don't seem to "stick"](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/savesettings.md) + +## Method SCCM: Initial Install (or other systems) + +- [How do I deploy the Endpoint Policy Manager CSE via SCCM (or other systems management system) ?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodsccminitialins/sccm.md) + +## Method PDQ Deploy (recommended) + +- [Managing Group Policy using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/pdqdeploy.md) + +## AntiVirus and other System Software + +- [I want to use Endpoint Policy Managerwith Citrix App Layering (aka Unidesk). At which layer should I implement the Endpoint Policy Manager Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/citrixapplayering.md) +- [How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md) +- [Why am I prompted about a Digitally Signed Driver for Endpoint Policy Manager CSE (and how do I work around it)?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/digitallysigneddriver.md) +- [Why won't the Endpoint Policy Manager services start, with an error like (or similar to) "Verify that you have sufficient privileges to start system services."?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/sufficientprivileges.md) + +## Performance Related Questions + +- [I see many instances of the Endpoint Policy Manager Watcher (ppWatcher) service running on my clients, is that normal? And how can I check memory usage?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/watcherservicememoryusage.md) +- [How would I verify if Endpoint Policy Manager Client Side Extension is / is not causing high or CPU disk slowdowns?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/cpuslowdown.md) + +## Install and Upgrade Troubleshooting + +- [The CSE won't uninstall or allow in-place upgrade. What should I do?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/uninstall.md) +- [How do I troubleshoot slow logins (or other login problems), user profile issues, explorer.exe or other Windows problems? What if I'm having problems on ONE (or very few PCs)?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/slowlogins.md) +- [What can I do if I installed a new CSE version and it's causing problems (slowdowns or other issues?)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/newversionissues.md) +- [How do I enable a STANDARD USER to see the COMPUTER SIDE RsOP ?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/computersidersop.md) +- [I am getting an error about "GPSVC failed at sign-in". This error occurs exactly one time. What does this mean?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/gpsvcfailed.md) +- [The removal of the assignment of application Endpoint Policy Manager Client-Side Extension (32bit) from policy failed](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/assignmentremovalfailed.md) + +## Misc Installation questions + +- [What if I accidentally install the 32 bit version of Endpoint Policy Manager on a 64 bit machine or vice versa?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/bitversion.md) +- [Why does Endpoint Policy Manager require a CSE / client installation piece? I want to do it all using what Microsoft ships in the box but don't want to install anything else.](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/why.md) +- [How can I fix Outlook To-Do bar flashing when GP or Endpoint Policy Manager does a background refresh?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/outlook.md) +- [What must I install on Windows 7 to make Endpoint Policy Manager work as expected?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/windows7.md) + +## Best Practices / Keeping up to Date with releases + +- [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) +- [What are the Endpoint Policy Manager Build and Version numbers?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/versions.md) +- [When should I upgrade or not upgrade the Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency.md) +- [How often is Endpoint Policy Manager updated? And, must I update to the latest version? Are all versions supported?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/frequency_1.md) +- [How to trigger an update of the Endpoint Policy ManagerClient Side Extension and Cloud Client via command line using Endpoint Policy Manager Cloud versus Group Policy (OnPrem) Edition](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/commandline.md) + +## Updating Endpoint Policy Manager with Active Directory / GPOs + +- [How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/ringsupgrade.md) +- [CSE Autoupdate Update.Config file Usage and Parameters (before CSE 2725)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/config.md) +- [How can I use the Endpoint Policy ManagerPowerShell module to know which GPOs have any Endpoint Policy Manager data or directives?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/datadirectives.md) + +## Backup and Restore + +- [Endpoint Policy Manager details with GPO contents appear deleted. How can I restore them?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/backupandrestore/restoredetails.md) + +## Uninstallation or Rollback of Endpoint Policy Manager + +- [How do I uninstall Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall.md) +- [How to Rollback CSE version from newer to older using PowerShell](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/rollback.md) +- [How can I uninstall the Least Privilege Manager client for MacOS?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall_1.md) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/_category_.json new file mode 100644 index 0000000000..789a8360f2 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Method GPO Initial Install", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/install/adminconsole.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/adminconsole.md similarity index 85% rename from docs/endpointpolicymanager/install/adminconsole.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/adminconsole.md index cb4582e298..9405e76180 100644 --- a/docs/endpointpolicymanager/install/adminconsole.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/adminconsole.md @@ -1,3 +1,9 @@ +--- +title: "Does Endpoint Policy Manager admin console need to be installed on Domain Controller (DC)?" +description: "Does Endpoint Policy Manager admin console need to be installed on Domain Controller (DC)?" +sidebar_position: 10 +--- + # Does Endpoint Policy Manager admin console need to be installed on Domain Controller (DC)? No. The Netwrix Endpoint Policy Manager (formerly PolicyPak) admin console does NOT need to be diff --git a/docs/endpointpolicymanager/install/methods.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/methods.md similarity index 87% rename from docs/endpointpolicymanager/install/methods.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/methods.md index 131f7e18f6..bdcbf13f28 100644 --- a/docs/endpointpolicymanager/install/methods.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/methods.md @@ -1,3 +1,9 @@ +--- +title: "What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?" +description: "What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?" +sidebar_position: 30 +--- + # What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine? There are two ways to install the GPMC. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/node.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/node.md new file mode 100644 index 0000000000..782375bc32 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/node.md @@ -0,0 +1,14 @@ +--- +title: "I installed the Admin Console MSI, but I don't see the Endpoint Policy Manager node when I go to edit a GPO. Why?" +description: "I installed the Admin Console MSI, but I don't see the Endpoint Policy Manager node when I go to edit a GPO. Why?" +sidebar_position: 20 +--- + +# I installed the Admin Console MSI, but I don't see the Endpoint Policy Manager node when I go to edit a GPO. Why? + +For Windows 7 users, ensure you have .Net Framework 3.5 installed on your management station. Later +versions of .Net Framework are not compatible with Netwrix Endpoint Policy Manager (formerly +PolicyPak) on Windows 7. + +For users running Windows 8 and later, ensure you have .Net Framework 4.0 or higher installed on +your management station. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/savesettings.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/savesettings.md new file mode 100644 index 0000000000..fa6610b1b3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/savesettings.md @@ -0,0 +1,16 @@ +--- +title: "When I edit the GPO, the settings don't seem to \"stick\"" +description: "When I edit the GPO, the settings don't seem to \"stick\"" +sidebar_position: 40 +--- + +# When I edit the GPO, the settings don't seem to "stick" + +This is a problem on DCs where they hold files open. So edits appear to work, until you close and +reopen the GPO and find out that they aren't applying at all. + +Apply this KB to apply to all your DCs: + +[https://support.microsoft.com/en-us/kb/2791372](https://support.microsoft.com/en-us/kb/2791372) + +Then retry the Netwrix Endpoint Policy Manager (formerly PolicyPak) operation. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/_category_.json new file mode 100644 index 0000000000..e59076ae3d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Method PDQ Deploy Recommended", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/pdqdeploy.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/pdqdeploy.md new file mode 100644 index 0000000000..4a70c6d3b9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/pdqdeploy.md @@ -0,0 +1,143 @@ +--- +title: "Managing Group Policy using Endpoint Policy Manager and PDQ Deploy" +description: "Managing Group Policy using Endpoint Policy Manager and PDQ Deploy" +sidebar_position: 10 +--- + +# Managing Group Policy using Endpoint Policy Manager and PDQ Deploy + +Microsoft MVP Jeremy Moskowitz and Shane from Admin Arsenal demonstrate the setup and advantages of +using Netwrix Endpoint Policy Manager (formerly PolicyPak) and PDQ Deploy together to manage the +heck out of your group policy. + +### Managing Group Policy using PolicyPak and PDQ Deploy + +Shane: Hey, I'm Shane from Admin Arsenal. Today, we have Jeremy Moskowitz. You probably already know +of this man: GPanswers, the founder of Endpoint Policy Manager, Microsoft MVP, Enterprise Mobility. +This guy is the bee's knees. We're going to talk about how you've already got Active Directory, now +let's add some muscle to it. This is the guy that we're going to talk to. + +Jeremy: Thank you. What we're going to do is we're going to show you a better together story. In +this video, we're going to do a setup of getting Endpoint Policy Manager ready. If you decide that +you like what you see in this series of videos and you want to try Endpoint Policy Manager and/or +PDQ Deploy better together, this is video number one in order for you to get started. + +Let me give you the lash-up of where we're at with our setup here. We have "Active Directory" and +"Group Policy" ready to go. I just want to show how we have our setup here. In "Active Directory" +we've already got our "Users and Computers." Let me show you where they live just so you can see how +to follow along. + +For instance, our users are hanging out under "Standard Users." We have "User1" and "User2." If we +look at "Deadwood Computers/Workstations/Standard Computers," we've got "COMPUTER1" and "COMPUTER2." +We try to make it very complicated. We've got these two computers and two users, and these are who +we're going to manage. + +The first thing we want to do is show you a before shot before we show you an after shot. If you +take any given "Group Policy Object," it doesn't really matter. We'll call it "aaa." If we look +inside, you've seen this a million times. You know there's the user side and computer side. There's +"Policies" and "Preferences." + +What we just said is we're going to add a little muscle to this by adding the Endpoint Policy +Manager node. This is super easy. You probably want to do this step by hand. You could use PDQ +Deploy to do it, but just to make things easier for this demonstration, I just want to go to the +downloaded Endpoint Policy Manager, which you get my contacting Endpoint Policy Manager first of +all. Then you go to the "Admin Console MSI for all On-Prem +[https://dev.endpointpolicymanager.com/products/](https://dev.endpointpolicymanager.com/products/)," and you just install +the admin. + +I'm pretty sure this machine is x86, right?. + +Shane: No, it's x64. + +Jeremy: Oh, it's x64. Okay, great. It doesn't matter. Whichever on you have, it will work. This step +takes a moment or two. Once this is done, you've increased your ability to create new directives +inside your Group Policy editor. We'll go ahead and wait for this to finish. That's it. It just +takes a moment, and we're ready to go. + +We'll go ahead and "Close" that. Now let's look at the after shot. We'll go ahead and take a look. +We now have a new node here in the Group Policy editor enabling you to do more stuff. We're going to +cover what that stuff is in this series of videos. We're not super concerned about the stuff right +now. We're just getting set up. That's thing number one. I'll go ahead and close this. + +Step number two is one of the superpowers that Endpoint Policy Manager has is the ability to manage +Flash, Firefox, Java, Internet Explorer. You name it, we have a way to manage it. We have these +definitions or Pak files that there's a handful of ways to do it, but the best way is to get them on +one domain controller which is to say your Central Store for Endpoint Policy Manager. + +What we're going to do here is we're going to take the Endpoint Policy Manager stuff, and I've +already got all the Paks listed here. You can see we have over 400. + +Shane: Wow. + +Jeremy: We have "430" Paks as of this recording. We're going to… + +Shane: There's your "SYSVOL" in "venice." We're going to use "venice." + +Jeremy:That's the one, "venice." I'll move this one to the left, this one to the right. I'll just +pick a couple of guys just to show you how quick and easy it is. Let's say you want to do "Java +Version 8 u 77." I'm just pulling this one out of my ear here. We'll go ahead and go to "SYSVOL," +domain name, "Policies." + +You might already have an existing what's called "PolicyDefinitions" folder. Now that's Microsoft. +Endpoint Policy Manager is going to be – I know, wait for it, this is super complicated – "Endpoint +Policy Manager." + +Shane:If you're lost by creating a folder, you probably need a couple of other videos. + +Jeremy: Yeah, this is not the tool for you. We'll go ahead and create the "Endpoint Policy Manager" +folder and drag-and-drop in one of our Pak definition files. Now look at that. You're going to be +able to manage the heck out of "Java Version 8 u 77.". + +If you want to take WinZip, let me go ahead and find it. "WinZip 14 to 17" is a good one. We'll go +ahead and copy that guy right there. That's it. If you want to pick and choose the ones you want, +it's super easy to do. + +Let's go ahead and go back to the after shot again. We'll go to "aaa" and take a look at that one +more time. If we take a look, we can go to user or computer, "Endpoint Policy Manager." Take a look +at "Application Settings Manager," which is the thing we're going to spend some time on in our first +videos. Right click, "New Application," there we are. Those are the Paks we just dragged in, ready +to go. + +If we want to manage the heck out of "WinZip" which we'll probably do in our next video, you just +double click it. We'll cover this in the next video, but we've now officially set up a handful of +Paks. If you want to do Flash, Firefox, Java, etc., you just drag the right Pak file in and you're +ready to go. + +That's it. There's one more step, and that's where he's going to come in. You need to deploy our +moving part, that client side extension, to enhance your Group Policy experience on your endpoints. +You're going to cover how to get that deployed.. + +Shane: Yeah, we'll get that out there. We're going to use "PDQ Deploy." It's a free download. We're +going to show you using the Enterprise level version. + +Jeremy: " You can close that right out. We're done with that. + +Shane: Okay. But if you're using the free version, you're just going to need to do two packages if +you have both 64-bit and 32-bit targets. I'm just going to create a "New Package" here. We'll call +this "Endpoint Policy Manager CSE," the client side extensions, perfect. + +Then our "Step 1" is an install step. This is where you choose your MSI or your EXE files or your +batch files, etc. We are going to go out to, I'll put this on a file share somewhere. There we go. +We'll do the 64-bit for right now. It's an MSI, so there are no other properties that you need to +add. We're just going to hit "Save" on that. + +There's our "Endpoint Policy Manager CSE," and we'll go ahead and deploy. Obviously, you could +choose targets from your Active Directory OU or etc., but since we know the names of these computers +we'll just do it for the sake of this. + +Jeremy: But you could pick your entire domain. You could cherry pick OUs. + +Shane: Yes, you can choose targets from "Active Directory," "PDQ Inventory," "Spiceworks," etc. +We'll hit "Deploy Now." I didn't name that step, but it's okay. You can see that it's kicking off +the client side extension install right away. Jeremy has got those. The MSI is ready to go. It's +sweet. + +Jeremy: The best part is no reboot required. Once you get it deployed out there, Endpoint Policy +Manager is automatically working, ready to rock from moment zero. You don't have to wait for a +reboot or schedule a reboot. We're just ready to rock since it's installed. That's it. Endpoint +Policy Manager is fully deployed. We have it all ready to go, and we're ready to actually do some +work with Endpoint Policy Manager and PDQ. + +Shane: So see us on the next video. We'll talk to you later. + +Jeremy: Bye. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodsccminitialins/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodsccminitialins/_category_.json new file mode 100644 index 0000000000..08baf7d5c3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodsccminitialins/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Method SCCM Initial Install Or Other Systems", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/install/sccm.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodsccminitialins/sccm.md similarity index 85% rename from docs/endpointpolicymanager/install/sccm.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodsccminitialins/sccm.md index 88a66f3365..a55461e0f9 100644 --- a/docs/endpointpolicymanager/install/sccm.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodsccminitialins/sccm.md @@ -1,3 +1,9 @@ +--- +title: "How do I deploy the Endpoint Policy Manager CSE via SCCM (or other systems management system) ?" +description: "How do I deploy the Endpoint Policy Manager CSE via SCCM (or other systems management system) ?" +sidebar_position: 10 +--- + # How do I deploy the Endpoint Policy Manager CSE via SCCM (or other systems management system) ? Using SCCM to deploy the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE is a simple diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/_category_.json new file mode 100644 index 0000000000..8f8ce09de3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Misc Installation Questions", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/bitversion.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/bitversion.md new file mode 100644 index 0000000000..85b1e982dc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/bitversion.md @@ -0,0 +1,13 @@ +--- +title: "What if I accidentally install the 32 bit version of Endpoint Policy Manager on a 64 bit machine or vice versa?" +description: "What if I accidentally install the 32 bit version of Endpoint Policy Manager on a 64 bit machine or vice versa?" +sidebar_position: 10 +--- + +# What if I accidentally install the 32 bit version of Endpoint Policy Manager on a 64 bit machine or vice versa? + +The Netwrix Endpoint Policy Manager (formerly PolicyPak) MSIs will not allow you to do so.If you are +utilizing Group Policy to push out the Endpoint Policy Manager Client Side Extension installation, +you can even configure a GPO to automatically deliver the correct version to each computer by using +the WMI filters option that is built into Group Policy.But even if you don't — nothing "bad" will +happen. The installation simply won't "incorrectly" occur. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/outlook.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/outlook.md new file mode 100644 index 0000000000..b1c5b26ba3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/outlook.md @@ -0,0 +1,12 @@ +--- +title: "How can I fix Outlook To-Do bar flashing when GP or Endpoint Policy Manager does a background refresh?" +description: "How can I fix Outlook To-Do bar flashing when GP or Endpoint Policy Manager does a background refresh?" +sidebar_position: 30 +--- + +# How can I fix Outlook To-Do bar flashing when GP or Endpoint Policy Manager does a background refresh? + +For anyone experiencing the Outlook To-Do bar flashing when GP or PP does a background refresh, MS +has released KB3191883 May 2018 which solves that issue. + +[https://support.microsoft.com/en-us/help/3191883/may-2-2017-update-for-outlook-2016-kb3191883](https://support.microsoft.com/en-us/help/3191883/may-2-2017-update-for-outlook-2016-kb3191883) diff --git a/docs/endpointpolicymanager/install/clientsideextension/why.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/why.md similarity index 84% rename from docs/endpointpolicymanager/install/clientsideextension/why.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/why.md index bce0f98566..bb3702ae34 100644 --- a/docs/endpointpolicymanager/install/clientsideextension/why.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/why.md @@ -1,3 +1,9 @@ +--- +title: "Why does Endpoint Policy Manager require a CSE / client installation piece? I want to do it all using what Microsoft ships in the box but don't want to install anything else." +description: "Why does Endpoint Policy Manager require a CSE / client installation piece? I want to do it all using what Microsoft ships in the box but don't want to install anything else." +sidebar_position: 20 +--- + # Why does Endpoint Policy Manager require a CSE / client installation piece? I want to do it all using what Microsoft ships in the box but don't want to install anything else. You want to do more with Group Policy, but you don't want to add anything to every client system? diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/windows7.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/windows7.md new file mode 100644 index 0000000000..a7ae9146cc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/miscinstallationques/windows7.md @@ -0,0 +1,21 @@ +--- +title: "What must I install on Windows 7 to make Endpoint Policy Manager work as expected?" +description: "What must I install on Windows 7 to make Endpoint Policy Manager work as expected?" +sidebar_position: 40 +--- + +# What must I install on Windows 7 to make Endpoint Policy Manager work as expected? + +Windows 7 and Netwrix Endpoint Policy Manager (formerly PolicyPak) may not have all functions work. +This is because all Endpoint Policy Manager binaries are digitally signed, but with a newer hash +algorithm that un-patched Windows 7 doesn't understand. + +So to get Endpoint Policy Manager Application Settings Manager Re-apply on Launch to work, Group +Policy Preferences Scheduled Tasks, and Endpoint Policy Manager + [https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html](https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html) to +work as expected, Windows 7 requires and updated patch. + +For Endpoint Policy Manager to work as expected on Windows 7, Windows 7 +requires [https://www.microsoft.com/en-us/download/details.aspx?id=46148](https://www.microsoft.com/en-us/download/details.aspx?id=46148) for +64-bit and requires +32-bit [https://www.microsoft.com/en-pk/download/details.aspx?id=46078](https://www.microsoft.com/en-pk/download/details.aspx?id=46078) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/_category_.json new file mode 100644 index 0000000000..752d7bd550 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Performance Related Questions", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/cpuslowdown.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/cpuslowdown.md similarity index 90% rename from docs/endpointpolicymanager/troubleshooting/cpuslowdown.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/cpuslowdown.md index b66d1402bc..98086c22f4 100644 --- a/docs/endpointpolicymanager/troubleshooting/cpuslowdown.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/cpuslowdown.md @@ -1,3 +1,9 @@ +--- +title: "How would I verify if Endpoint Policy Manager Client Side Extension is / is not causing high or CPU disk slowdowns?" +description: "How would I verify if Endpoint Policy Manager Client Side Extension is / is not causing high or CPU disk slowdowns?" +sidebar_position: 20 +--- + # How would I verify if Endpoint Policy Manager Client Side Extension is / is not causing high or CPU disk slowdowns? So there are lots of reasons why you might see 99% disk, and it doesn't have to be Netwrix Endpoint @@ -81,7 +87,7 @@ Data Operations/sec is high at the same time. If you still think Endpoint Policy Manager is causing high disk usage / slowdowns we need: **Step 1 –** -[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) +[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) **Step 2 –** Screenshot of the perfmon as configured above running for a full minute. diff --git a/docs/endpointpolicymanager/troubleshooting/watcherservicememoryusage.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/watcherservicememoryusage.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/watcherservicememoryusage.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/watcherservicememoryusage.md index 838f99fe5a..6724439ebe 100644 --- a/docs/endpointpolicymanager/troubleshooting/watcherservicememoryusage.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/performancerelatedqu/watcherservicememoryusage.md @@ -1,3 +1,9 @@ +--- +title: "I see many instances of the Endpoint Policy Manager Watcher (ppWatcher) service running on my clients, is that normal? And how can I check memory usage?" +description: "I see many instances of the Endpoint Policy Manager Watcher (ppWatcher) service running on my clients, is that normal? And how can I check memory usage?" +sidebar_position: 10 +--- + # I see many instances of the Endpoint Policy Manager Watcher (ppWatcher) service running on my clients, is that normal? And how can I check memory usage? Depending on the client machine architecture (32 or 64 bit) and the number of users logged in to diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/_category_.json new file mode 100644 index 0000000000..1156ba77c6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Uninstallation Or Rollback Of PolicyPak", + "position": 110, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/rollback.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/rollback.md new file mode 100644 index 0000000000..4d7c919bb1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/rollback.md @@ -0,0 +1,90 @@ +--- +title: "How to Rollback CSE version from newer to older using PowerShell" +description: "How to Rollback CSE version from newer to older using PowerShell" +sidebar_position: 20 +--- + +# How to Rollback CSE version from newer to older using PowerShell + +## How To Implement: + +Use PowerShell or PowerShell ISE running as Administrator to run the PowerShell script below on the +target machine where you would like the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE +(Client-Side Extension) to be rolled back. + +## What This Script Does: + +This script will check to see if the CSE version currently installed on a computer matches the +version defined under +the $OldVersion variable, OR if there is no CSE currently installed, if either of these conditions is evaluated to TRUE then the CSE version as defined by the $URL +variable will be downloaded to `"C:\Temp\PP_CSE"` and installed on the computer. If any CSE version +other than the version specified under the $OldVersion variable is installed on the computer then +the script will exit without doing anything. + +``` +#### Start of Script +#### Purpose: This script rolls the PolicyPak Client-Side Extension back from ($OldVersion) 20.8.2543 to ($NewVersion) 20.7.2513. +#### Inspired by and uses portions of script submitted by Jacob Hill +Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force +$software = "PolicyPak Client-Side Extension" +$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq $software }) -ne $null +$OldVersion = "20.8.2543" +$fileName = "PolicyPak Client-Side Extension x64-2513.msi" # $Filename should match the name of the file you uploaded. +$URL = "https://s3.amazonaws.com/0PolicyPakSupport/OldBuilds/$fileName" # $URL = Direct download link to MSI installer +$dir = "C:\Temp\PP_CSE\" +$logfile = $dir+"cse_rollback.log" +$OutPath = $dir+$fileName +# TIMESTAMP FUNCTION: Usage: Write-Output "$(Get-TimeStamp) Text goes here" | Out-file C:\log.txt -append +function Get-TimeStamp { +  return "[{0:MM/dd/yyyy} {0:HH:mm:ss}]" -f (Get-Date) +} +Function Install-Correct-Version { +  Write-Output "$(Get-TimeStamp) Install-Correct-Version Process started, downloading new CSE installation file." | Out-file $logfile -append +  (New-Object Net.WebClient).DownloadFile($URL, "$OutPath") +  Write-Output "$(Get-TimeStamp) Starting MSI installation." | Out-file $logfile -append +  Start-Process C:\Windows\System32\msiexec.exe -Wait -ArgumentList "/i `"$outPath`" /qn /L*V `"$dir\CSE_install.log`"" -NoNewWindow +  $NewVersion = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq $software }).DisplayVersion +  Write-Output "$(Get-TimeStamp) Installation complete! Version $newVersion installed." | Out-file $logfile -append +  Return +} +# Create the storage directory if it does not exist. +If ((Test-Path -Path $dir) -eq $false) +{ +  New-Item -Path $dir -ItemType directory +  Write-Output "$(Get-TimeStamp) Created the $dir directory." | Out-file $logfile -append +} +If(-Not $installed) +{ +  Write-Output "$(Get-TimeStamp) '$software' is NOT installed." | Out-file $logfile -append +  Install-Correct-Version +  Return +} +else +{ +  Write-Output "$(Get-TimeStamp) '$software' IS installed. Checking version." | Out-file $logfile -append +  $version = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq $software }).DisplayVersion +  if ($version -eq $OldVersion) +  { +    Write-Output "$(Get-TimeStamp) Old version $version is installed. Uninstalling problematic version." | Out-file $logfile -append +    # REPLACE - replace the MSI uninstall code. The MSI code can be obtained by running the following command in PowerShell: +    # (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq "PolicyPak Client-Side Extension" }).UninstallString +    # For example the uninstall String for CSE version 2543 is: "MsiExec.exe /X{B3A3F160-51B6-41FD-9D89-054DA19C09B7}" +    Start-Process C:\Windows\System32\msiexec.exe -Wait -ArgumentList "/x {B3A3F160-51B6-41FD-9D89-054DA19C09B7} /q" -NoNewWindow +    Write-Output "$(Get-TimeStamp) Uninstall complete. Now installing correct version." | Out-file $logfile -append +    Install-Correct-Version +    Return +  } +  else +  { +  Write-Output "$(Get-TimeStamp) CSE Version $version is installed. No further action necessary" | Out-file $logfile -append +  Return +  } +} +Write-Output "$(Get-TimeStamp) *** Rollback PolicyPak CSE Process Finished ***" | Out-file $logfile -append +#### End of Script +``` + +Troubleshooting: + +Logs for the Rollback process and MSI install process can both be found in `"C:\Temp\PP_CSE"` once +the script has executed. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall.md new file mode 100644 index 0000000000..33ac0bb33b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall.md @@ -0,0 +1,51 @@ +--- +title: "How do I uninstall Endpoint Policy Manager?" +description: "How do I uninstall Endpoint Policy Manager?" +sidebar_position: 10 +--- + +# How do I uninstall Endpoint Policy Manager? + +We suggest you read this all the way through before you attempt to uninstall Netwrix Endpoint Policy +Manager (formerly PolicyPak). + +You uninstall Endpoint Policy Manager the same way you installed it, but in reverse. In short, the +steps are: + +**Step 1 –** Delete GPOs which have Endpoint Policy Manager licensing information. + +**Step 2 –** Delete GPOs which have Endpoint Policy Manager directives (or delete the Endpoint +Policy Manager entries within the GPOs.) + +**Step 3 –** Remove the CSE from all client computers. Use Add/Remove Programs to do this manually, +or use your software installation software to perform the removal. + +**Step 4 –** Remove the Endpoint Policy Manager GPMC add-on from your management stations. + +**Step 5 –** Remove the Paks in the Central Store, or, if you used Share Based storage, remove the +share and delete the Pak files. + +Endpoint Policy Manager doesn't leave any trace on your domain, because the directives are contained +within the GPOs. + +That being said, if you merely delete the GPOs and/or remove the CSEs, you might leave data on the +machine. This might be desired or undesired. You should plan accordingly before performing the +removal steps above. + +In order to get revert to work, depending on the component or item type, you may need to pre-set up +your revert process in advance. + +For Endpoint Policy Manager Application Manager and all Group Policy Preferences settings you need +to expressly declare in advance what the revert behavior should be. By default, neither Endpoint +Policy Manager Application Manager nor the Group Policy Preferences will automatically revert when +you uninstall the Client Side Extension. You would be leaving the last written data behind. For more +information, please see +[How do I ensure that settings will revert when the policy no longer applies (by Group Policy, File, or Endpoint Policy Manager Cloud)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/settingsrevert.md) + +Then, beyond that, most Endpoint Policy Manager specific settings will stop working and let you +continue onward. For more information on this process, please see +[What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md) + +Finally, there is a specific cosmetic issue with regards to Endpoint Policy Manager Browser Router +removal and Default Browser. For more information on this issue and how to deal with it, please see +[When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS "default browser". Why is that and is there a workaround?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/defaultbrowser.md). diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall_1.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall_1.md new file mode 100644 index 0000000000..f1b8c5d1bf --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/uninstallationorroll/uninstall_1.md @@ -0,0 +1,20 @@ +--- +title: "How can I uninstall the Least Privilege Manager client for MacOS?" +description: "How can I uninstall the Least Privilege Manager client for MacOS?" +sidebar_position: 30 +--- + +# How can I uninstall the Least Privilege Manager client for MacOS? + +If you need to uninstall the Least Privilege Manager client for Mac open a Terminal session and type +in the following command. + +``` +sudo policypak uninstall +``` + +Please note that this command must be run by an administrator of the computer + + The outcome should be as follows: + +![931_1_image-20221216000132-1](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/931_1_image-20221216000132-1.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/_category_.json new file mode 100644 index 0000000000..b998a5cb83 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Updating Endpoint Policy Manager With Active Directory GPOs", + "position": 90, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/install/update/config.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/config.md similarity index 97% rename from docs/endpointpolicymanager/install/update/config.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/config.md index 18f67863b2..398d75a794 100644 --- a/docs/endpointpolicymanager/install/update/config.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/config.md @@ -1,3 +1,9 @@ +--- +title: "CSE Autoupdate Update.Config file Usage and Parameters (before CSE 2725)" +description: "CSE Autoupdate Update.Config file Usage and Parameters (before CSE 2725)" +sidebar_position: 20 +--- + # CSE Autoupdate Update.Config file Usage and Parameters (before CSE 2725) If you wish to configure or fine-tune the CSE auto-download process, you may create a file called diff --git a/docs/endpointpolicymanager/troubleshooting/powershell/datadirectives.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/datadirectives.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/powershell/datadirectives.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/datadirectives.md index 6b0644b31a..13893aca74 100644 --- a/docs/endpointpolicymanager/troubleshooting/powershell/datadirectives.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/datadirectives.md @@ -1,3 +1,9 @@ +--- +title: "How can I use the Endpoint Policy ManagerPowerShell module to know which GPOs have any Endpoint Policy Manager data or directives?" +description: "How can I use the Endpoint Policy ManagerPowerShell module to know which GPOs have any Endpoint Policy Manager data or directives?" +sidebar_position: 30 +--- + # How can I use the Endpoint Policy ManagerPowerShell module to know which GPOs have any Endpoint Policy Manager data or directives? Start by installing the Netwrix Endpoint Policy Manager (formerly PolicyPak) PowerShell module, diff --git a/docs/endpointpolicymanager/install/ringsupgrade.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/ringsupgrade.md similarity index 97% rename from docs/endpointpolicymanager/install/ringsupgrade.md rename to docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/ringsupgrade.md index f7f2499c73..2ab5705168 100644 --- a/docs/endpointpolicymanager/install/ringsupgrade.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/ringsupgrade.md @@ -1,3 +1,9 @@ +--- +title: "How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?" +description: "How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?" +sidebar_position: 10 +--- + # How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ? Microsoft recommends that you use to rings concept when performing rollouts of their updates and @@ -5,7 +11,7 @@ patches. As such, Netwrix Endpoint Policy Manager (formerly PolicyPak) also stro do the same. Please familiarize yourself with this article before continuing: -[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) +[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) If you wish to configure or fine-tune the CSE auto-download process, you may create a file called `update.config`, which must be placed within the Endpoint Policy Manager Central Storage CSE folder, diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/methodgpoandactivedi/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/methodgpoandactivedi/_category_.json new file mode 100644 index 0000000000..f9ba37ecc5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/methodgpoandactivedi/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Method GPO And Active Directory Keeping Up To Date", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..9a9a6599c7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/videolearningcenter/videolearningcenter.md @@ -0,0 +1,13 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for all things installation and upkeep. + +## Method GPO (and Active Directory): Keeping up to date + +- [Auto-updating the CSE](/docs/endpointpolicymanager/video/install/autoupdate.md) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/_category_.json new file mode 100644 index 0000000000..9c7ea0187f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "All Things Licensing", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/_category_.json new file mode 100644 index 0000000000..ecf72a03cd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Installing Licenses All Methods", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/filemultiple.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/filemultiple.md new file mode 100644 index 0000000000..889277bdb1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/filemultiple.md @@ -0,0 +1,11 @@ +--- +title: "I received multiple license files back from the Sales team (one for each Endpoint Policy Manager component.) Should I install all of them?" +description: "I received multiple license files back from the Sales team (one for each Endpoint Policy Manager component.) Should I install all of them?" +sidebar_position: 20 +--- + +# I received multiple license files back from the Sales team (one for each Endpoint Policy Manager component.) Should I install all of them? + +Yes. Netwrix Endpoint Policy Manager (formerly PolicyPak) is licensed as a suite, and as such you +have paid for multiple components. Use LT to install each received license file, which will fully +enable the client's Client Side Extension on your endpoints. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/universal.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/universal.md new file mode 100644 index 0000000000..c99b51ef3b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/universal.md @@ -0,0 +1,28 @@ +--- +title: "What is the best way to roll out New Universal licenses if I already have Original licenses?" +description: "What is the best way to roll out New Universal licenses if I already have Original licenses?" +sidebar_position: 10 +--- + +# What is the best way to roll out New Universal licenses if I already have Original licenses? + +The ideal way to transition between new Universal licenses and Original licenses is the following: + +**Step 1 –** Create two GPOs. + +1. One GPO to contain the original licenses and +2. One GPO to contain the new / Universal licenses. + +**Step 2 –** Deploy these GPOs everywhere, such that the machines embrace both policies. + +Then, as you transition from old CSE (before year 2021) to new CSE (year 2021 and later) your +machines with the PolicyPak CSE will: + +1. Get old license GPO. +2. Get new license GPO. +3. Get both GPOs applied to the same machine. +4. If machine has old CSE: The CSE is licensed. +5. If machine has new CSE: The CSE is licensed. + +**CAUTION:** Only remove the old Licensing GPO when you are sure you have rolled out a CSE 2687 and +later (anything from year 2021 and later). diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..4fbda5ae9f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/knowledgebase.md @@ -0,0 +1,93 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for information regarding Endpoint Policy Manager +licensing. + +## Licenses FAQ for Active Directory (GPO and SCCM) + +- [Will I need a license server to manage my Endpoint Policy Manager licenses?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/server.md) +- [What if we license one OU, say, Sales Computers OU, then during the year we also want to license a peer OU, like Marketing Computers OU?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ou.md) +- [We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ousub.md) +- [We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ousub.md) +- [I'm an OU admin and not a domain administrator. Can I use Endpoint Policy Manager in my OU and not the whole domain?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainou.md) +- [I can only EDIT GPOs and not create them. Can I still use Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/gpoedit.md) +- [I want to license the whole domain (or main OU), but I don't want to pay for every computer in that domain (or main OU)](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domain.md) +- [I have multiple domains. How is that licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainmultiple.md) +- [Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/scope.md) +- [Does the Licensing Tool (LT.exe) count disabled Active Directory computer accounts ?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/disabledcomputer.md) +- [Does LT count users?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/users.md) +- [The License Tool (LT) isn't permitting me to install License Files (or I am using AGPM, GPA, or GPOAdmin.) What should I try?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/wizard.md) +- [Licence Tool recommends I enforce the links on the licensing GPOs. Should I do this, and why is this recommended?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/enforced.md) + +## Licensing FAQ and Troubleshooting: Endpoint Policy Manager Cloud + +- [How do I license machines to work on-premise if I'm an Endpoint Policy Manager Cloud Customer?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/onpremise.md) +- [How do I stop getting emails which say : "You have less than X% of your Endpoint Policy Manager licenses available for your company"](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/notifications.md) +- [How do I understand my cloud licenses?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/licensestatus.md) +- [How exactly does monthly billing work with Endpoint Policy Manager SaaS Edition?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/billing.md) +- [ What happens if PPCloud computers are offline for more than 7 days?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/reclaimed.md) + +## Requesting Licenses FAQ and Troubleshooting (all Methods) + +- [What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) +- [Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool.md) +- [What Logs do I need to send for troubleshooting LT (License Tool) or other MMC / .Net related functions?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/logs.md) +- [How do I manually count the number of computers in Intune, and manually acquire the Intune "Company Name?"](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/intune.md) +- [What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/edit.md) + +## Requesting Licenses FAQ and Troubleshooting (Virtualization, Citrix, WVD, etc.) + +- [How are Terminal Services and/or Citrix connections licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/terminalservices.md) +- [How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/multisession.md) +- [Why must I run LT from a Windows Server if I want to properly count Citrix / Terminal Services / RDS connections?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool_1.md) +- [What must I show to prove my current RDS and/or Citrix, or other Multi-Session windows concurrent license count for Endpoint Policy Manager Cloud (or if on-prem LT cannot auto-discover them)?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/count.md) +- [Are there any special Endpoint Policy Manager licensing issues for virtual desktops?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/desktops.md) + +## Licensing: Requesting Licenses: MDM + +- [When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? ](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/setup.md) +- [If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/entraid.md) +- [What if I have multiple domain names within the MDM I want to license?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/domainmultiple.md) +- [How do I license Endpoint Policy Manager if I use Azure / Azure Active Directory / Azure Active Directory Domain Services / AD Domain Controllers in Azure?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/hybrid.md) +- [How are BYOD "Workplace Joined" (aka Intune Registered) counted toward licensing?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/jointype.md) +- [I'm having trouble running the Licensing Tool (LT) and counting computers with Intune. What troubleshooting information can I send Endpoint Policy Manager support?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/tool.md) +- [What is the difference if I license my MDM machines' CSE using COMPANY NAME vs. UPN name?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/name.md) +- [Why does the Endpoint Policy Manager Licensing Tool (LT.EXE) require admin rights to query for Intune / Azure data?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/adminrights.md) + +## Licensing: Installing Licenses: All Methods + +- [What is the best way to roll out New Universal licenses if I already have Original licenses?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/universal.md) +- [I received multiple license files back from the Sales team (one for each Endpoint Policy Manager component.) Should I install all of them?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/installinglicensesal/filemultiple.md) + +## Licensing Troubleshooting: All Methods + +- [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md) +- [I have a pop-up saying "License expires soon" or "Licenses expire in X days" when editing a GPO. What do I do?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/expires.md) +- [How do I turn on MMC Snap in Logs (for troubleshooting MMC Editing or Licensing Import)?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/mmcsnapinlogs.md) +- [I unlicensed my machine by removing a universal license, my machine still appears licensed. Why is this?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/universal.md) +- [Action Required for Endpoint Policy Manager Customers using Legacy Licenses](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/legacy.md) +- [How do I make the Grace Period licensing pop-up go away?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/graceperiod.md) +- [Action Recommended Endpoint Policy Manager Customers to transition from "Enterprise" Licenses to "Enterprise Full" licenses.](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/enterprisefull.md) +- [Gathering License Tool logs (LT.exe)](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/toollogs.md) + +## Licensing Troubleshooting and Un-Licensing: Active Directory (GPO and SCCM) + +- [What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md) +- [My organization doesn't permit me to run the LT (Endpoint Policy Manager Licensing Tool) or provide the XML information it produces. What are my other options?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/options.md) +- [What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentscloud.md) +- [I just installed new license files / new GPOs. Should I keep or delete the old license files / GPOs?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/fileold.md) +- [How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentsexclude.md) +- [How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/reset.md) +- [Why is Endpoint Policy Manager Preferences (original version) "forced disabled" by default?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/forceddisabled.md) + +## Misc Licensing Questions + +- [When and why would I license Endpoint Policy Manager on servers?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/whenwhy.md) +- [What items and components are licensed, and what components are free?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_1.md) +- [Why must I transition from Legacy to Universal licenses (and what are the differences?)](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/transition.md) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/_category_.json new file mode 100644 index 0000000000..d005e7a207 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Licenses FAQ For Active Directory GPO And SCCM", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/disabledcomputer.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/disabledcomputer.md new file mode 100644 index 0000000000..9a824845aa --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/disabledcomputer.md @@ -0,0 +1,11 @@ +--- +title: "Does the Licensing Tool (LT.exe) count disabled Active Directory computer accounts ?" +description: "Does the Licensing Tool (LT.exe) count disabled Active Directory computer accounts ?" +sidebar_position: 90 +--- + +# Does the Licensing Tool (LT.exe) count disabled Active Directory computer accounts ? + +No, the Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing tool automatically excludes +any disabled computer accounts, as well as computers that have the word computer included within +their name (which is our trial mode.). diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domain.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domain.md new file mode 100644 index 0000000000..7f605b6f56 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domain.md @@ -0,0 +1,23 @@ +--- +title: "I want to license the whole domain (or main OU), but I don't want to pay for every computer in that domain (or main OU)" +description: "I want to license the whole domain (or main OU), but I don't want to pay for every computer in that domain (or main OU)" +sidebar_position: 60 +--- + +# I want to license the whole domain (or main OU), but I don't want to pay for every computer in that domain (or main OU) + +If you select the whole domain (or main level OU) to license, the licensing tool will count any +enabled Windows based systemit finds on that domain. To reduce your count and what you have to pay +for, you can do two things: + +- Option 1 — You can select the whole domain, and manually subtract / declare how many servers you + have. We're reasonable people, enabling you to subtract up to about 10-15% of your overall count. +- Option 2 — You can cherry pick specific OUs which contain just client computers. + +What happens then if you add OUs mid-year? + +- If you pick option 1, you wouldn't need to re-run the tool mid-year if you update OUs. Since the + whole domain is licensed, all child OUs are automatically licensed. +- If you pick option 2, you would need to re-run the tool mid-year if you update OUs. But it doesn't + cost you anything, unless you increase a lot of machines mid-year (20% of your current count). We + would call that a mid-year true up. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainmultiple.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainmultiple.md new file mode 100644 index 0000000000..f4ef8b89b7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainmultiple.md @@ -0,0 +1,19 @@ +--- +title: "I have multiple domains. How is that licensed?" +description: "I have multiple domains. How is that licensed?" +sidebar_position: 70 +--- + +# I have multiple domains. How is that licensed? + +Here is the general process: + +- You run the Licensing Tool once per domain and perform your count. +- Then, you add those numbers together. +- You then send us your License Request Keys (one for each domain). +- You pay for the computers you want to license per domain. + +We then create licensing keys, one for each domain. + +See +[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainou.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainou.md new file mode 100644 index 0000000000..ecf2638e68 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/domainou.md @@ -0,0 +1,21 @@ +--- +title: "I'm an OU admin and not a domain administrator. Can I use Endpoint Policy Manager in my OU and not the whole domain?" +description: "I'm an OU admin and not a domain administrator. Can I use Endpoint Policy Manager in my OU and not the whole domain?" +sidebar_position: 40 +--- + +# I'm an OU admin and not a domain administrator. Can I use Endpoint Policy Manager in my OU and not the whole domain? + +Yes. You don't need to be a domain administrator to use Netwrix Endpoint Policy Manager (formerly +PolicyPak). The only requirement is the ability to create and link GPOs. + +If you have that ability, then you're ready to get started with Endpoint Policy Manager. + +Endpoint Policy Manager can be licensed per OU and sub-OU. So, if you manage a portion of your +company's Active Directory, you can easily license Endpoint Policy Manager. + +You don not need approval of domain or enterprise admins; you can get started right away. + +**NOTE:** See +[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) +how PP Application Manager Paks can be stored in a share. diff --git a/docs/endpointpolicymanager/license/activedirectory/enforced.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/enforced.md similarity index 76% rename from docs/endpointpolicymanager/license/activedirectory/enforced.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/enforced.md index b6895bf6bc..2a14766b01 100644 --- a/docs/endpointpolicymanager/license/activedirectory/enforced.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/enforced.md @@ -1,3 +1,9 @@ +--- +title: "Licence Tool recommends I enforce the links on the licensing GPOs. Should I do this, and why is this recommended?" +description: "Licence Tool recommends I enforce the links on the licensing GPOs. Should I do this, and why is this recommended?" +sidebar_position: 120 +--- + # Licence Tool recommends I enforce the links on the licensing GPOs. Should I do this, and why is this recommended? Netwrix Endpoint Policy Manager (formerly PolicyPak) On-Prem licenses are contained within GPOs. diff --git a/docs/endpointpolicymanager/license/activedirectory/gpoedit.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/gpoedit.md similarity index 76% rename from docs/endpointpolicymanager/license/activedirectory/gpoedit.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/gpoedit.md index 346db55c23..a99a74adee 100644 --- a/docs/endpointpolicymanager/license/activedirectory/gpoedit.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/gpoedit.md @@ -1,3 +1,9 @@ +--- +title: "I can only EDIT GPOs and not create them. Can I still use Endpoint Policy Manager?" +description: "I can only EDIT GPOs and not create them. Can I still use Endpoint Policy Manager?" +sidebar_position: 50 +--- + # I can only EDIT GPOs and not create them. Can I still use Endpoint Policy Manager? Yes. And here is why. @@ -5,7 +11,7 @@ Yes. And here is why. First, you will need to import Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing files. After a GPO is created (not by you), and you edit it, see -[The License Tool (LT) isn't permitting me to install License Files (or I am using AGPM, GPA, or GPOAdmin.) What should I try?](/docs/endpointpolicymanager/license/activedirectory/wizard.md) +[The License Tool (LT) isn't permitting me to install License Files (or I am using AGPM, GPA, or GPOAdmin.) What should I try?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/wizard.md) for additional information. You will import the license files while editing the GPO. Next, all normal operations in Endpoint Policy Manager are available to you, like Endpoint Policy diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ou.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ou.md new file mode 100644 index 0000000000..595bd19be5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ou.md @@ -0,0 +1,10 @@ +--- +title: "What if we license one OU, say, Sales Computers OU, then during the year we also want to license a peer OU, like Marketing Computers OU?" +description: "What if we license one OU, say, Sales Computers OU, then during the year we also want to license a peer OU, like Marketing Computers OU?" +sidebar_position: 20 +--- + +# What if we license one OU, say, Sales Computers OU, then during the year we also want to license a peer OU, like Marketing Computers OU? + +If Sales Comptuers OU is licensed, and you want to also license Marketing Computers OU, that's fine. +Re-Run your licensing tool, and perform a mid-year True Up. You only need to pay for overage. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ousub.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ousub.md new file mode 100644 index 0000000000..b145008ce0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/ousub.md @@ -0,0 +1,14 @@ +--- +title: "We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing?" +description: "We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing?" +sidebar_position: 30 +--- + +# We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing? + +Whether you purchase Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing for a domain or +a single OU, the issued license is for allcomputer accounts that reside there, and any child OUs — +automatically. This means you can create and/or delete as many OUs within your licensed scope as you +wish. This makes our licensing structure highly flexible and worry-free. At the time of your +Endpoint Policy Manager license renewal date you will have the opportunity to true up, but, again, +this would only be for additional computer accounts within your AD structure. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/scope.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/scope.md new file mode 100644 index 0000000000..5cc057001f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/scope.md @@ -0,0 +1,144 @@ +--- +title: "Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager?" +description: "Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager?" +sidebar_position: 80 +--- + +# Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager? + +Let us jump to the end of the story and take a look at what the License Tool (LT) generates when you +are making a license request. + +There are always two items: Scope and SOM_name (Scope of Management). There is always just one scope +but here could be several SOM_Names. + +Scope is where you might ever possibly use Netwrix Endpoint Policy Manager (formerly PolicyPak). +Typically, this is (and should be) the whole domain. This doesn't mean you will be using Endpoint +Policy Manager anywhere/everywhere in the whole domain. You select the Scope in this window: + +![317_1_licfaq1](/img/product_docs/endpointpolicymanager/license/activedirectory/317_1_licfaq1.webp) + +SOM_Name is the specific places you will be licensing Endpoint Policy Manager. This is what you are +selecting here: + +![317_2_licfaq2](/img/product_docs/endpointpolicymanager/license/activedirectory/317_2_licfaq2.webp) + +So, here are some examples from some License Request Key files. + +## Example 1: You are the domain admin and you wish to license the whole domain for Endpoint Policy Manager. + +``` +DC=fabrikam,DC=comDC=fabrikam,DC=com +``` + +- You can see that the Scope is the whole domain (fabrikam.com). This is where we could use Endpoint + Policy Manager. +- You can see that the SOM is also the whole domain (fabrikam.com). This is where you will be + licensing Endpoint Policy Manager. + +This means you are the domain admin and you want to license the whole domain. This is the easiest +case. + +## Example 2: You are the domain admin and you wish to license specific OUs for Endpoint Policy Manager. + +``` +DC=fabrikam,DC=comOU=Sales,DC=fabrikam,DC=com +``` + +- You can see that the Scope is the whole domain (fabrikam.com). This is where we could use Endpoint + Policy Manager. +- You can see that the SOM is one specific OU (which implies all sub-OUs.) This is where you will be + licensing Endpoint Policy Manager. + +## Example 3: You are an OU admin and you wish to license specific OUs for Endpoint Policy Manager. + +``` +OU=Sales,DC=fabrikam,DC=comOU=East Sales,OU=Sales,DC=fabrikam,DC=com | OU=West Sales,OU=Sales,DC=fabrikam,DC=com +``` + +- You can see that the Scope is the Sales OU. This is where we could use Endpoint Policy Manager. +- You can see that the SOM is two specific OUs (and their children.) Specifically East Sales OU and + West Sales OU. This is where you will be licensing Endpoint Policy Manager. + +So, why do we have Scope and Scope of Management? Because sometimes companies have, for example, one +domain, with multiple OU administrators, where neither has any overlap of duties and they both want +to use Endpoint Policy Manager (and pay for it separately). + +So: + +- Joe is the OU Admin for OU=Machines,OU=WEST,DC=fabrikam,DC=com ,and +- Fred is the OU Admin for OU=Machines,OU=EAST,DC=fabrikam,DC=com + +In this case neither is the domain admin. They can each have their own Scope (where they can +possiblyuse it) and Scope of Management, where they'll actually use it and not overlap. + +When LT goes to install the license you receive from Endpoint Policy Manager, it will create a new +GPO and link it the ScopeE. + +Occasionally, we are asked, "What can I do if I already selected the whole domain (‘I am a domain +admin') in the first screen and I don't want to link the GPO to the whole domain?" First, here are +some facts: + +- Nothing happens in Endpoint Policy Manager until the CSE is installed on client systems. Nothing + automatically deploys the client side piece. The CSE is an MSI you deploy using whatever you want + (SCCM, hand-install, LanDesk, Group Policy Software Installation, etc. +- The GPO that LT creates only has Endpoint Policy Manager Licensing Data(see image below). +- Having the license GPO linked won't affect servers or other clients. They'll get the data + contained within the licensing GPO (which is nothing but licensing data). But then nothing special + happens after that, especially since they're out of Scope of Management. + +![317_3_licfaq3](/img/product_docs/endpointpolicymanager/license/activedirectory/317_3_licfaq3.webp) + +That being said, there are two ways to proceed if your license file's Scope is the whole domain, but +you don't want to link it over to the whole domain : + +### Plan A: Go ahead and let the LT create the GPO and link it to the domain. + +- This is recommended in case you later wish to expand you scope to include future OUs (which you + have not selected today but might select in the future). + +- For instance, today you want to license OU=Desktops,OU=WEST,DC=fabrikam,DC=com but then during the + next year (or future years) you want to license OU=Laptops,OU=East,DC=fabrikam,DC=com. We just + issue you a new license, and it's within the same overall umbrella scope. +- Here is the thing to remember: only computers in OU=Machines,OU=WEST,DC=fabrikam,DC=com are ever + going to get licensed (today), because that's what you've selected in step 2 (Scope of + Management). + +- So again, even though the GPO is linked to the domain level, only the computers in the Scope of + Management will activate as Paid, because that's what you paid for. + +- If you think you might ever want to license computers to use Endpoint Policy Manager in another OU + besides OU=Machines, OU=WEST, DC=fabrikam, DC=com, then we recommend you stick with Plan A. + +### Plan B: Generate another request for the License Request Key (LRK) using the LT tool and send it to your sales person. + +- This time, when you are asked the 'Who are you' question, do not select the whole domain. + +- Simply pretend you're the OU admin of OU=Machines,OU=WEST,DC=fabrikam,DC=com. This sets the Scope. + +- Select it againin the second step. This sets the Scope of Management. + +- Now, your LRK will make the Scope OU=Machines,OU=WEST,DC=fabrikam,DC=com and the Scope of + Management the same thing (OU=Machines,OU=WEST,DC=fabrikam,DC=com) + +- We'll cut you another license key. + +- Next time you go to install the new key, LT will ask you if it can create the GPO and link it over + to OU=Machines, OU=WEST, DC=fabrikam, DC=com, because that's the new Scope. (It also will happen + to be the Scope of Management.) + +- Again, this is only recommended if you really never ever plan (ever) to use Endpoint Policy + Manager outside of OU=Machines, OU=WEST, DC=fabrikam, DC=com. + +### Plan C: Delete the GPO's link. Then relink the GPO to the OU you want + +- You can, if you like, simply delete the GPO's link to the domain. +- Then, re-link the GPO to the places you want to manage/test using Endpoint Policy Manager. +- This will work because the Scope is (technically) the domain level, and you're simply linking it + (correctly) to places within the Scope. + +Last thought: Remember that all client computers must have the Endpoint Policy Manager CSE +installed. Without the CSE installed, Endpoint Policy Manager directives are ignored. So, just +because there's a GPO linked to the domain doesn't mean that computers will be able to do anything. +They have to be in scope of management and also have the CSE installed to pick up Endpoint Policy +Manager directives. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/server.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/server.md new file mode 100644 index 0000000000..48ebf7d337 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/server.md @@ -0,0 +1,11 @@ +--- +title: "Will I need a license server to manage my Endpoint Policy Manager licenses?" +description: "Will I need a license server to manage my Endpoint Policy Manager licenses?" +sidebar_position: 10 +--- + +# Will I need a license server to manage my Endpoint Policy Manager licenses? + +There are absolutely no servers involved in the licensing process for Netwrix Endpoint Policy +Manager (formerly PolicyPak), so you will not need a license server. Licenses are contained within a +Group Policy Object and are typically linked to the domain, but can be linked to a specific OU. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/users.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/users.md new file mode 100644 index 0000000000..4658b18bea --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/users.md @@ -0,0 +1,13 @@ +--- +title: "Does LT count users?" +description: "Does LT count users?" +sidebar_position: 100 +--- + +# Does LT count users? + +This is what makes Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing so easy.As long as +a computer is licensed for Endpoint Policy Manager, all/any users logged on that computer will +receive all computer and user GPOs involving Endpoint Policy Manager. This means that the users and +computers can reside in separate OUs within your Active Directory structure. Only the computer needs +to be licensed. diff --git a/docs/endpointpolicymanager/license/activedirectory/wizard.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/wizard.md similarity index 90% rename from docs/endpointpolicymanager/license/activedirectory/wizard.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/wizard.md index d6d4479d87..151166b5ce 100644 --- a/docs/endpointpolicymanager/license/activedirectory/wizard.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/wizard.md @@ -1,3 +1,9 @@ +--- +title: "The License Tool (LT) isn't permitting me to install License Files (or I am using AGPM, GPA, or GPOAdmin.) What should I try?" +description: "The License Tool (LT) isn't permitting me to install License Files (or I am using AGPM, GPA, or GPOAdmin.) What should I try?" +sidebar_position: 110 +--- + # The License Tool (LT) isn't permitting me to install License Files (or I am using AGPM, GPA, or GPOAdmin.) What should I try? When you buy Netwrix Endpoint Policy Manager (formerly PolicyPak) On-Prem suite you get licenses for diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/_category_.json new file mode 100644 index 0000000000..27899a67c9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Licensing FAQ And Troubleshooting Endpoint Policy Manager Cloud", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/billing.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/billing.md new file mode 100644 index 0000000000..c0cffdde70 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/billing.md @@ -0,0 +1,58 @@ +--- +title: "How exactly does monthly billing work with Endpoint Policy Manager SaaS Edition?" +description: "How exactly does monthly billing work with Endpoint Policy Manager SaaS Edition?" +sidebar_position: 40 +--- + +# How exactly does monthly billing work with Endpoint Policy Manager SaaS Edition? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) SaaS Monthly billing enables you to only be +charged for exactly what you use, per month.  Therefore, you may install the Endpoint Policy Manager +Cloud client on as many computers as you wish and you are charged accordingly.  All customers are +billed on the last day of the month. + +During the month, each day we automatically count the number of computers consumed (that is, where +you've installed the Endpoint Policy Manager Cloud client). Then at the end of the month, we charge +on the highest number of computers used within the month instead, automatically.  This is billed to +your credit card. + +**NOTE:** You are required to have two credit cards on file to ensure uninterrupted service. + +For new costumers — Note that the first month for new customers is a little unusual because you will +be billed twice in that first month. After that you will be billed once a month on the last day of +the month. + +For existing legacy customers who transitioned to SaaS Monthly billing— Please skip month 1 in the +example and head straight to Month 2, as you will be billed for your usage at the end of the month. + +This is a three month period example starting, with Month 1 as April mid month as the new service +start date: + +April: + +- You start with Endpoint Policy Manager SaaS Edition on April 15th. +- On April 15 you are billed immediately for the minimum use of Endpoint Policy Manager SaaS, which + is 50 computers. However, since this is mid-month, you are billed a prorated amount for the + initial 50 computers from April 15 to April 30. +- On April 20th, you install the Endpoint Policy Manager Cloud Client MSI on 10 more computers, + making your consumption 60. +- On April 29th, you manually retire 1 computer, making your consumption 59. +- On April 30th (the last day of April) the highest number of computers used in the month is 60. +- Your Monthly Highest number for April is 60. +- We will automatically bill you for April for the 10 extra licenses you used beyond your + pro-rated 50. + +May: + +- In May you make no changes, maintaining 59 licenses in use. +- Your Monthly Highest number for May is 59. +- We will automatically bill you May 31st for the 59 licenses you used in May. + +June: + +- On June 10th you install the Endpoint Policy Manager Cloud Client MSI on 141 computers, bringing + your consumption to 200 computers. +- On June 11th you retire 50 computers, lowering your consumption to 150. +- On June 30th you install the Endpoint Policy Manager Cloud Client on 100 computers, bringing your + consumption to 250. +- We will automatically bill you June 30th for the 250 licenses you used in June. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/licensestatus.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/licensestatus.md new file mode 100644 index 0000000000..b5fc50a955 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/licensestatus.md @@ -0,0 +1,48 @@ +--- +title: "How do I understand my cloud licenses?" +description: "How do I understand my cloud licenses?" +sidebar_position: 30 +--- + +# How do I understand my cloud licenses? + +How many Cloud licenses am I using, and how can I tell which machines are on the waiting list? + +When you log into your Cloud account, you land on the License Status tab. This tab tells you several +things: how many license you bought, how many you are using, and how many machines are on the +waiting list. + +![547_1_license_status](/img/product_docs/endpointpolicymanager/license/cloud/547_1_license_status.webp) + +The number in the Total Purchased column tells you how many licenses you purchased from us here at +Netwrix Endpoint Policy Manager (formerly PolicyPak). That is the maximum number of computers you +can have synched with the cloud at any given time. + +The number in the Consumed column tells you how many licenses have been consumed, that is, how many +of your machines are correctly connected and synched with your cloud instance. + +The number in the Waiting column tells you how many computers are on the waiting list, that is, how +many machines tried to check in when all of the available licenses were consumed, and therefore +couldn't sync with the cloud and receive directives. + +Another reason a machine might be Waiting is because the computer has been offline for more than the +required refresh period (usually 7 days). Computers which have been offline more than 7 days go into +Waiting status. If there are available licenses when they come back online, they will claim an +available license. + +If a licensed computer goes offline, or does not communicate with the Endpoint Policy Manager Cloud +service for 7 days or more, then it will relinquish its license and that license will return to the +pool, where a computer on the waiting list could consume it. + +To find out which of your machines have consumed a license, and which ones are on the waiting list, +go to the Reports tab, located next to the License Status tab. + +![547_2_reports_tab](/img/product_docs/endpointpolicymanager/license/cloud/547_2_reports_tab.webp) + +The chart displays in graphic form the information from the License Status tab. + +However, above that, you'll find a list of machines that either have consumed a license, or are on +the waiting list. You will see the computer name, OS, last known IP address, last check in date, and +the status of the machine. Under Status you'll see either Active, indicating that the computer has +correctly consumed a license, or Waiting List (Check in overdue)\], which indicates that the +computer attempted to consume a license, but there were none available. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/notifications.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/notifications.md new file mode 100644 index 0000000000..e3e6475aac --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/notifications.md @@ -0,0 +1,17 @@ +--- +title: "How do I stop getting emails which say : \"You have less than X% of your Endpoint Policy Manager licenses available for your company\"" +description: "How do I stop getting emails which say : \"You have less than X% of your Endpoint Policy Manager licenses available for your company\"" +sidebar_position: 20 +--- + +# How do I stop getting emails which say : "You have less than X% of your Endpoint Policy Manager licenses available for your company" + +The Notifications admin may make this change. Go to Company Details > Edit Notifications +Configuration. + +![613_1_hfkb-1089-img-01_950x242](/img/product_docs/endpointpolicymanager/license/cloud/613_1_hfkb-1089-img-01_950x242.webp) + +Uncheck **Send a weekly report of inactive computers to all company admins**. Alternatively, you can +also change the Threshold. + +![613_2_hfkb-1089-img-02_950x609](/img/product_docs/endpointpolicymanager/license/cloud/613_2_hfkb-1089-img-02_950x609.webp) diff --git a/docs/endpointpolicymanager/license/cloud/onpremise.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/onpremise.md similarity index 87% rename from docs/endpointpolicymanager/license/cloud/onpremise.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/onpremise.md index f1310204ce..eac99e7152 100644 --- a/docs/endpointpolicymanager/license/cloud/onpremise.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/onpremise.md @@ -1,3 +1,9 @@ +--- +title: "How do I license machines to work on-premise if I'm an Endpoint Policy Manager Cloud Customer?" +description: "How do I license machines to work on-premise if I'm an Endpoint Policy Manager Cloud Customer?" +sidebar_position: 10 +--- + # How do I license machines to work on-premise if I'm an Endpoint Policy Manager Cloud Customer? ## Legacy Endpoint Policy Manager Cloud Monthly or Early Custemers: diff --git a/docs/endpointpolicymanager/license/cloud/reclaimed.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/reclaimed.md similarity index 82% rename from docs/endpointpolicymanager/license/cloud/reclaimed.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/reclaimed.md index 8375af184d..3e360a629d 100644 --- a/docs/endpointpolicymanager/license/cloud/reclaimed.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingfaqandtroub/reclaimed.md @@ -1,3 +1,9 @@ +--- +title: "What happens if PPCloud computers are offline for more than 7 days?" +description: "What happens if PPCloud computers are offline for more than 7 days?" +sidebar_position: 50 +--- + # What happens if PPCloud computers are offline for more than 7 days? Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud licenses are automatically reclaimed back diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/_category_.json new file mode 100644 index 0000000000..6bd13b6d40 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Licensing Troubleshooting All Methods", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md new file mode 100644 index 0000000000..90e7a2b610 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md @@ -0,0 +1,73 @@ +--- +title: "How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?" +description: "How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?" +sidebar_position: 10 +--- + +# How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed? + +You can use the `ppupdate` command line tool to both refresh cached policies and determine the +licensing method. When the command is run, you can determine: + +1. Methods of licensure (Group Policy, MDM, and/or XML) +2. Legacy License, Universal License, or Enterprise Full (aka Enterprise+) Universal License +3. Start and Expiry Date +4. Which GPO or from which XML file is performing the license +5. Which Components are licensed +6. Which Components are licensed for which Capabilities (for instance Netwrix Endpoint Policy + Manager (formerly PolicyPak) Least Privilege Manager Standard vs. Complete). + Tip: Enterprise Full licenses always show Complete for all components. +7. When a specific component is expressly disabled via an ADMX policy. +8. When a specific component is expressly disabled via the license file. +9. When a specific computer is licensed via multiple methods. + +Some examples below of how a computer could be licensed and the types of output you can expect. + +### How can I validate on a few endpoints that I am VALID and won't expire? + +![681_1_image-1](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_1_image-1.webp) + +A second example, but this one using Enterprise Full (aka Enterprise+) licenses (only valid for CSE +versions 23.6 and later): + +![681_3_image_950x735](/img/product_docs/endpointpolicymanager/troubleshooting/license/935_6_image-20230713042924-6_950x735.webp) + +- Use the `PPUPDATE` command which will always show if you are VALID and licensing type. +- Example of a machine getting Universal licenses successfully: + + **NOTE:** Enterprise Full licenses are not honored by pre 23.6 CSEs. You MAY run multiple + licenses "side by side" to transition from your original license to Enterprise Full licenses. + +Additional Examples for various circumstances are below. + +## Example 1: Computer in the name, acts fully licensed for all components. Very useful for testing licensing issues. + +![681_4_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_4_img-01.webp) + +## Example 2: Completely unlicensed. + +![681_6_img-02](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_6_img-02.webp) + +## Example 3: Some items are licensed and not others. Typical when a customer is a Professional Customer and has purchased licenses for SPECIFIC components. + +![681_8_img-03](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_8_img-03.webp) + +## Example 4: Licensed by placing the XML file directly upon the machine, and not by GPO. + +![681_10_img-04](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_10_img-04.webp) + +## Example 5: When a component is licensed, but expressly disabled by ADMX. + +![681_12_img-05](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_12_img-05.webp) + +## Example 6: When a computer is licensed via multiple methods + +![681_14_image8_1490x882](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_14_image8_1490x882.webp) + +## Example 7: When a computer is licensed for SOME components via Endpoint Policy Manager Cloud + +**NOTE:** The Expiry date expresses when the computer is required to check-in by to maintain the +license; not the actual expiration date of all computers. (That information is only found in +Endpoint Policy Manager Cloud Portal.) + +![681_16_e7_954x1262](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_16_e7_954x1262.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_1.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_1.md new file mode 100644 index 0000000000..2514c98e90 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_1.md @@ -0,0 +1,74 @@ +--- +title: "What items and components are licensed, and what components are free?" +description: "What items and components are licensed, and what components are free?" +sidebar_position: 20 +--- + +# What items and components are licensed, and what components are free? + +You need a license for each of the following parts: + +For Netwrix Endpoint Policy Manager (formerly PolicyPak): All Components need a license to be +downloaded on endpoints in order to process Endpoint Policy Manager components / instructions from +components such as: + +- Endpoint Policy Manager Application Manager +- Endpoint Policy Manager Admin Templates Manager +- Endpoint Policy Manager Preferences Manager and +- Endpoint Policy Manager Security Settings Manager data. +- Endpoint Policy Manager File Associations Manager +- Endpoint Policy Manager Browser Router +- Endpoint Policy Manager + [Least Privilege Manager ](https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html) +- Endpoint Policy Manager Java Rules Manager +- Endpoint Policy Manager Start Screen & Taskbar Manager +- Endpoint Policy Manager Scripts Manager + +Those license files look like this: + +![172_1_image001](/img/product_docs/endpointpolicymanager/license/172_1_image001.webp) + +For PP Group Policy Compliance Reporter: + +- Reports for free: All Endpoint Policy Manager Components like: + + - PP Application Settings Manager, + - Endpoint Policy Manager Admin Templates Manager, and + - Endpoint Policy Manager Browser Router). + +- Reports which are required for be PAID: + - Microsoft Group Policy Admin Templates + - Microsoft Group Policy Preferences + - Microsoft Group Policy Security + +To enable PPGPCR Endpoints for Microsoft items, this is the right license: + +![172_2_image002](/img/product_docs/endpointpolicymanager/license/172_2_image002.webp) + +Also note what is not required to be licensed: + +**Step 1 –** Admin Stations + +- You do not need a license for anywhere the GPMC is running / editing / creating GPOS. +- You do not need a license for anywhere the Endpoint Policy Manager Group Policy Compliance + Reporter Admin Station (Client) is running. + +**Step 2 –** Again: You don't need a license for endpoints to use GP Compliance Reporter to report +on Endpoint Policy Manager -delivered specific component items. This is automatically licensed. + +Remember, you do need a PP Compliance Reporter Endpoint license if you want to report on Microsoft +Group Policy item types like Group Policy Security Settings. + +**Step 3 –** PP Compliance Reporter server is no longer licensed. Only PP Compliance Reporter +endpoints are licensed. + +**Step 4 –** None of the PP Support tools like the Endpoint Policy Manager Application Manager +Design Studio, Powershell add-ins, or GPOTouch utility need to be licensed. + +To generate license request keys for Endpoint Policy Manager On-Prem suite endpoints see the +[Knowledge Base](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/License/Overview/KnowledgeBase.htm) +fort additional information. + +Once you acquire licenses from our sales team, you can implement them in two ways. +[See PolicyPak Solution Methods: Group Policy, MDM, UEM Tools, and PolicyPak Cloud compared. for additional information on ](https://kb.endpointpolicymanager.com/kb/article/489-policypak-licensing-onpremise-licensing-methods-compared) +how to import the licenses. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md new file mode 100644 index 0000000000..b6126a820e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md @@ -0,0 +1,238 @@ +--- +title: "What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?" +description: "What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?" +sidebar_position: 10 +--- + +# What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies? + +This KB explains what happens when Endpoint Policy Manager gets unlicensed or the GPO no longer +applies. + +An endpoint can become unlicensed due to a variety of reasons. Examples include: + +- On-Prem, MDM or Cloud License expires +- Computer moves to unlicensed / never licensed location +- Using Endpoint Policy Manager Cloud, you specifically unlicense a component +- Using Endpoint Policy Manager Cloud, you specifically revoke the CSE +- You hand-uninstall or use SCCM or similar to un-intsall the Endpoint Policy Manager CSE +- You remove the computer from a licensed domain + +**NOTE:** You may encounter a pop-up like this if you are using pre-CSE 24.4. Note the pop-up is +opt-in only from 24.4. You won't see any pop up if you're using 24.4 or later. + +![29_1_2202cm3yx](/img/product_docs/endpointpolicymanager/license/unlicense/29_1_2202cm3yx.webp) + +See +[How do I make the Grace Period licensing pop-up go away?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/graceperiod.md) +for additional information on Pop-Up behavior. + +**NOTE:** The actual behavior may be somewhat different than what is described here. An endpoint can +have its directives removed because of a variety of reasons. Examples include: + +- Deleting / unlinking a GPO. +- Removing an XML file placed with SCCM or by hand. +- Removing an XML directive from Endpoint Policy Manager Cloud. +- ILT evaluates to FALSE. +- WMI evaluates to FALSE. + +Different components react somewhat differently when their licenses are removed, the policy which +affects them is removed, or when the Client Side Extension is forcefully removed. In any of those +cases, the Endpoint Policy Manager Client Side Extension component(s) will react to that. In +general: + +- What happens when the component is unlicensed is that the endpoint simply doesn't pick up new + directives for that component +- What happens when the policy is removed is that the setting will revert or be maintained (depends + on the component) + +You might want to get a better grasp on the unlicensed / revert behavior for each component. Each +component is listed here (current as of January 2018). + +## Application Settings Manager + +**NOTE:** Will not honor new Endpoint Policy Manager Application Manager requests. + +Unlicensed or Policy Reverts + +![29_2_faq-01-04-pp-01](/img/product_docs/endpointpolicymanager/license/unlicense/29_2_faq-01-04-pp-01.webp) + +A setting may be set to **Do Nothing at Revert**, which is the default policy, or + +![29_3_faq-01-04-pp-02](/img/product_docs/endpointpolicymanager/license/unlicense/29_3_faq-01-04-pp-02.webp) + +If the setting is set to **Revert**, the policy setting is reverted. The value displayed will be +performed at revert time. + +![29_4_faq-01-04-pp-03](/img/product_docs/endpointpolicymanager/license/unlicense/29_4_faq-01-04-pp-03.webp) + +For Win32 apps where AppLock (UI restrictions) are used, like in this example, the UI becomes +unrestricted. + +![29_5_faq-01-04-pp-04](/img/product_docs/endpointpolicymanager/license/unlicense/29_5_faq-01-04-pp-04.webp) + +When NTFS / ACL Lockdown is used, the end-user will be free to change these settings inside the +(previously restricted) registry. + +![29_6_faq-01-04-pp-05](/img/product_docs/endpointpolicymanager/license/unlicense/29_6_faq-01-04-pp-05.webp) + +**NOTE:** Some Paks may be set to System Wide Lockdown, like Java and Firefox, as seen above. In +those cases, all users on the system are free to make changes after the GPO no longer applies. + +## Least Privilege Manager + +When unlicensed: + +- PPLPM will stop honoring new policies when unlicensed + +Additionally, and/or when the GPO / XML no longer applies: + +- Applications / MSIs / Scripts, etc. with elevated tokens will not elevate +- SecureRun(TM) will stop preventing users from self-installing items + +## Browser Router + +When Endpoint Policy Manager Browser Router is uninstalled or becomes unlicensed: + +- The original default browser (as the user had it set before Endpoint Policy Manager Browser Router + was installed) will be placed back as default + +Additionally, and/or when the GPO / XML no longer applies, any Endpoint Policy Manager Browser +Router "routes" are no longer honored. See +[Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/twologons.md) + +## Endpoint Policy Manager Admin Templates Manager + +When Endpoint Policy Manager Admin Templates Manager becomes unlicensed Endpoint Policy Manager +Admin Templates Manager will no longer apply new PPATM policies: + +- Within GPOs +- XML Based files or +- Via Endpoint Policy Manager Cloud + +Additionally, and/or when the GPO / XML no longer applies, policy setting items work and revert +exactly like Microsoft's Admin Templates Policy settings. So when Endpoint Policy Manager Admin +Templates Manager policy settings no longer apply, they revert back to their Not Configured value. + +## Endpoint Policy Preferences Manager + +When licensed: Endpoint Policy Manager Preferences manager becomes the intermediary which calls +Microsoft's Group Policy Preferences CSEs. By default, we do not give our Endpoint Policy Manager +Preferences Manager licenses unless specifically requested by the customer (and this must be done +each year). + +When Endpoint Policy Manager Preferences manager becomes unlicensed: + +- In-box Group Policy Preferences is called directly; no more Endpoint Policy Manager involvement +- Endpoint Policy Manager will not process file-based XML directives +- Endpoint Policy Manager will not process Endpoint Policy Manager Cloud XML directives + +When the GPO no longer applies, or Policy XML no longer applies: + +- Endpoint Policy Manager will leave the Microsoft GPPrefs item intact / alone on revert when the + item's **Common**> **Options** tab is set like this: + + ![29_7_faq-01-04-pp-06](/img/product_docs/endpointpolicymanager/license/unlicense/29_7_faq-01-04-pp-06.webp) + + ![29_8_faq-01-04-pp-07-1](/img/product_docs/endpointpolicymanager/license/unlicense/29_8_faq-01-04-pp-07-1.webp) + +- Or Endpoint Policy Manager will delete the Microsoft GPPRefs item when the item's **Option** tab + is set like this: + + ![29_9_faq-01-04-pp-08](/img/product_docs/endpointpolicymanager/license/unlicense/29_9_faq-01-04-pp-08.webp) + +## Java Rules Manager + +When Endpoint Policy Manager Java Rules Manager becomes unlicensed, PPJRM will not honor new PPJRM +policies. Additionally, and/or when the GPO / XML no longer applies Endpoint Policy Manager will +stop existing mappings of websites to Java. + +## File Associations Manager + +When Endpoint Policy Manager File Associations Manager becomes unlicensed, Endpoint Policy Manager +File Associations Manager will no longer honor new directives. Additionally, and/or when the GPO / +XML no longer applies: + +- The system will maintain the last settings placed by Endpoint Policy Manager File Associations + Manager +- The system will permit users to make their own changes going forward +- Other users on the system may make changes such that they will affect other users + +## Start Screen & Taskbar Manager + +When Endpoint Policy Manager Start Screen & Taskbar Manager becomes unlicensed: + +- Endpoint Policy Manager Start Screen & Taskbar Manager will not honor new directives + +Additionally, and/or when the GPO / XML no longer applies: + +- The system will permit users to make their own Start Menu and taskbar changes +- New users with new profiles on the system will get system default Start Menu groups + +## Security Settings Manager + +When Endpoint Policy Manager Security Settings Manager becomes unlicensed: + +- PPSEC will no longer process directives from Endpoint Policy Manager Cloud and +- PPSEC will no longer process XML based directives + +Additionally, and/or when the GPO / XML no longer applies: + +- PPSEC items work exactly like Microsoft's Security Settings Policy settings when the GPO is + removed, or the policy is no longer applied or PPSEC becomes unlicensed +- Like built-in Microsoft Security policy settings, when these settings no longer apply, they are + maintained; and not reverted back + +Local admins can then make changes to these settings if desired. + +## Feature Manager for Windows + +When Feature Manager for Windows becomes unlicensed: + +- The last set of Features and Optional Features on the machine will be maintained and will not + revert +- PPFMW will no longer process directives from Endpoint Policy Manager Group Policy +- PPFMW will no longer process directives from Endpoint Policy Manager Cloud and +- PPFMW will no longer process XML based directives + +## Endpoint Policy VPN Manager + +When Endpoint Policy Manager VPN Manager becomes unlicensed it will remove any managed VPN +connection on the client endpoint. It will not honor new Endpoint Policy Manager VPN Manager +policies. + +## Scripts & Triggers Manager + +When Scripts & Triggers Manager becomes unlicensed: + +- `PPSCRIPTS `will not honor new `PPSCRIPTS `policies +- `PPSCRIPTS `will process the `REVERT `Script +- `PPSCRIPTS `will not process triggers + +## Endpoint Policy Manager RDP Files Manager + +When Endpoint Policy Manager RDP Files Manager becomes unlicensed it will maintain any delivered +.RDP files on the client endpoint. It will not honor new Endpoint Policy Manager RDP Files Manager +policies. + +## Endpoint Policy Manager Software Package Manager + +When Endpoint Policy Manager Software Package Manager (AppX Delivery) becomes unlicensed, it will +maintain any delivered UWP (Windows Store) apps on the endpoint. It will not honor new Endpoint +Policy Manager Software Package Manager (AppX Deliver) policies. + +## Endpoint Policy Manager Remote Work Delivery Manager + +When Endpoint Policy Manager Remote Work Delivery Manager becomes unlicensed, it will: + +- Not honor new Endpoint Policy Manager RWDM policies +- RWDM will process the actions on the REVERT actions pane (including running the script and + optionally deleting the copied files or folders as specified) + +## Endpoint Policy Device Manager + +When Endpoint Policy Manager Device Manager becomes unlicensed, it will: + +- Not honor new Endpoint Policy Manager Device Manager policies +- Any removable drive protections are stopped and existing rules will be unenforced, basically + reverting it back to normal Windows' in-box behavior diff --git a/docs/endpointpolicymanager/license/unlicense/componentscloud.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentscloud.md similarity index 87% rename from docs/endpointpolicymanager/license/unlicense/componentscloud.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentscloud.md index 6f9201ad9a..ad122627ef 100644 --- a/docs/endpointpolicymanager/license/unlicense/componentscloud.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentscloud.md @@ -1,3 +1,9 @@ +--- +title: "What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?" +description: "What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?" +sidebar_position: 30 +--- + # What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud? There are three ways to unlicense an individual component. diff --git a/docs/endpointpolicymanager/license/unlicense/componentsexclude.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentsexclude.md similarity index 91% rename from docs/endpointpolicymanager/license/unlicense/componentsexclude.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentsexclude.md index c6eec1ab64..d5fe976946 100644 --- a/docs/endpointpolicymanager/license/unlicense/componentsexclude.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentsexclude.md @@ -1,9 +1,15 @@ +--- +title: "How do I specifically exclude or prevent a component from performing processing by modifying the license file?" +description: "How do I specifically exclude or prevent a component from performing processing by modifying the license file?" +sidebar_position: 50 +--- + # How do I specifically exclude or prevent a component from performing processing by modifying the license file? Before you decide you wish to use this method, consider first using the ADMX method to disable specific components. The ADMX method is recommended over hand-editing the license file, and has the same effect. Therefore please consider this method first. See -[What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/license/unlicense/componentscloud.md) +[What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentscloud.md) However, if you wish to hard-unlicense a component via the license file, you may do that inside your Universal License file. @@ -65,7 +71,7 @@ accept the `` block. Additionally, only MMC snap-ins 23.8 and later wi Full licenses with the `` block. First, identify which component(s) you wish to unlicense. -[What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?](/docs/endpointpolicymanager/install/clientsideextension/guids.md) +[What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/guids.md) For instance, if you wanted to unlicense Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router and also Endpoint Policy Manager Preferences 2.0 you would create an XML block like diff --git a/docs/endpointpolicymanager/troubleshooting/license/enterprisefull.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/enterprisefull.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/license/enterprisefull.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/enterprisefull.md index 9ad473e3f1..9ccdd9482c 100644 --- a/docs/endpointpolicymanager/troubleshooting/license/enterprisefull.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/enterprisefull.md @@ -1,3 +1,9 @@ +--- +title: "Action Recommended Endpoint Policy Manager Customers to transition from \"Enterprise\" Licenses to \"Enterprise Full\" licenses." +description: "Action Recommended Endpoint Policy Manager Customers to transition from \"Enterprise\" Licenses to \"Enterprise Full\" licenses." +sidebar_position: 80 +--- + # Action Recommended Endpoint Policy Manager Customers to transition from "Enterprise" Licenses to "Enterprise Full" licenses. ## What is happening: @@ -108,7 +114,7 @@ is the same as what we are calling "Enterprise Full" here. ## How can I tell if the computer is licensed by Enterprise or Enterprise full license keys? - We have an extensive KB article which will help you. Please refer - here:[How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/troubleshooting/license/components.md) + here:[How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md) - The key takeaway though is on an endpoint, run `PPupdate `then look for Enterprise Full expressly listed as seen below, including an Expiry date in the future and seeing that all components are expressed as Complete. @@ -121,19 +127,19 @@ run. ## If Enterprise Full means "License all components" how do I expressly disable a component (like Endpoint Policy Manager Browser Router, or Endpoint Policy Manager Application Settings Manager) if they are always licensed? - Recommended method is to use a Endpoint Policy Manager ADMX setting to specifically unlicense a - component:[What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/license/unlicense/componentscloud.md) + component:[What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentscloud.md) - Note that Endpoint Policy Manager Preferences 1.0 will still always be "force disabled" by default until specifically licensed as per this - article:[Why is Endpoint Policy Manager Preferences (original version) "forced disabled" by default?](/docs/endpointpolicymanager/license/unlicense/forceddisabled.md) + article:[Why is Endpoint Policy Manager Preferences (original version) "forced disabled" by default?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/forceddisabled.md) - You can still "hard unlicense" a component inside the XML licensing file. The techniques here still work: - - [How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/license/unlicense/componentsexclude.md) + - [How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentsexclude.md) **NOTE:** Only the updated MMC will nicely show this and have it formatted correctly; which is why we recommend updating to the latest MMC snap-in. - Get the GUIDs for a license you wish to expressly unlicensed here: - [What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?](/docs/endpointpolicymanager/install/clientsideextension/guids.md) + [What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/guids.md) ## How can I request Enterprise Full keys (which will also have an Expiry date until the end of my term?) @@ -152,7 +158,7 @@ we recommend updating to the latest MMC snap-in. - Please honor the philosophy of RINGS and don't "blast out" an upgrade CSE to all of your computers at once, so you can control a rollout or a rollback. Use - this guidance: [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) + this guidance: [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) ## What will happen if I do nothing? diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/expires.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/expires.md new file mode 100644 index 0000000000..d46f8d25a4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/expires.md @@ -0,0 +1,72 @@ +--- +title: "I have a pop-up saying \"License expires soon\" or \"Licenses expire in X days\" when editing a GPO. What do I do?" +description: "I have a pop-up saying \"License expires soon\" or \"Licenses expire in X days\" when editing a GPO. What do I do?" +sidebar_position: 30 +--- + +# I have a pop-up saying "License expires soon" or "Licenses expire in X days" when editing a GPO. What do I do? + +Once a new license key has been imported to existing On-Prem environment, you may notice a pop-up +message in your GPMC console mentioning your old license key is getting expired soon. + +One or more similar messages may appear in MMC/GPMC when editing a GPO. + +![937_1_image-20230425211701-1_950x194](/img/product_docs/endpointpolicymanager/troubleshooting/license/937_1_image-20230425211701-1_950x194.webp) + +![937_2_image-20230425211701-2](/img/product_docs/endpointpolicymanager/troubleshooting/license/937_2_image-20230425211701-2.webp) + +As example, this can occur if you have two license GPOs in your domain. + +For instance, two license GPOs are linked with the following expiration dates: + +GPO 1: Expires March 1, 2023 + +GPO 2: Expires March 1, 2024 + +**NOTE:** The rest of this KB is generally around your GPMC editing machine and the pop-ups within +the GPMC. If you're getting client-side pop-ups, please refer to this article: + +[How do I make the Grace Period licensing pop-up go away?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/graceperiod.md) + +Resolution for the Admin's GPMC editing station: + +- Unlink the old and expiring license after verifying that the new license will cover the same + components and OUs/ domain as the soonto-be-expiring license. Delete the old GPO links as well + from under any OUs/domain where it was linked. More details here: + [I just installed new license files / new GPOs. Should I keep or delete the old license files / GPOs?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/fileold.md) + +**NOTE:** You can use the LT tool to search through and find OLD licenses so you can be sure you +only have one license remaining. [Using LT for license cleanup](/docs/endpointpolicymanager/video/license/cleanup.md)/ + +- On an example ENDPOINT computer (one that has the Netwrix Endpoint Policy Manager (formerly + PolicyPak) CSE; which can also include the Admin's GPMC machine) verify the endpoint got the new + license successfully. Use this KB article with PPUPDATE directions to see exactly if a machine is + properly licensed: + [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md) + +Now, on your machine, the one with the GPMC… + +- Run `GPupdate /force` to flush out old licenses that were being delivered to your GPMC management + station +- Close the GPMC, then reopen the GPMC. +- Try editing a GPO in GPMC, does the error message reappear +- If popups are gone, you are all done. + +If you still get pop-up messages and the messages reference the registry, you should check under the +following registry keys on your GPMC management station for any old information relating to the old +license. + +License info held in Registry in the following locations (HKLM) + +``` +SOFTWARE\Policies\PolicyPak\License Policies\    SOFTWARE\PolicyPak\License Policies\    SOFTWARE\Policies\PolicyPak\Licenses\    SOFTWARE\PolicyPak\Licenses\ +``` + +If any old info is found, then export those registry keys just in case they need to be readded back +for some reason. + +Then once the registry keys are backed up safely to reg files somewhere you can safely delete any +registry keys with old Endpoint Policy Manager license info. + +Afterward, reopen GPMC and try editing a GPO again, does the message appear? If not, you are done. +If yes, then open a support ticket for further assistance. diff --git a/docs/endpointpolicymanager/license/unlicense/fileold.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/fileold.md similarity index 79% rename from docs/endpointpolicymanager/license/unlicense/fileold.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/fileold.md index b8f9e281ef..f441fe54b4 100644 --- a/docs/endpointpolicymanager/license/unlicense/fileold.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/fileold.md @@ -1,3 +1,9 @@ +--- +title: "I just installed new license files / new GPOs. Should I keep or delete the old license files / GPOs?" +description: "I just installed new license files / new GPOs. Should I keep or delete the old license files / GPOs?" +sidebar_position: 40 +--- + # I just installed new license files / new GPOs. Should I keep or delete the old license files / GPOs? You do not need to keep every license GPO around that is created by LT. diff --git a/docs/endpointpolicymanager/license/unlicense/forceddisabled.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/forceddisabled.md similarity index 94% rename from docs/endpointpolicymanager/license/unlicense/forceddisabled.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/forceddisabled.md index 2abd9eccb4..73f0d1a8cd 100644 --- a/docs/endpointpolicymanager/license/unlicense/forceddisabled.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/forceddisabled.md @@ -1,3 +1,9 @@ +--- +title: "Why is Endpoint Policy Manager Preferences (original version) \"forced disabled\" by default?" +description: "Why is Endpoint Policy Manager Preferences (original version) \"forced disabled\" by default?" +sidebar_position: 70 +--- + # Why is Endpoint Policy Manager Preferences (original version) "forced disabled" by default? Starting with build 2862, Netwrix Endpoint Policy Manager (formerly PolicyPak) Preferences are @@ -22,7 +28,7 @@ But when the machine is domain joined and GPPreferences policies are being deliv Policy, the Endpoint Policy Manager Preferences component can cause an issue because of timing outside of our control between the Group Policy / GPPreferences engine and Endpoint Policy Manager. This has been a known issue for years. You can -see[Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around?](/docs/endpointpolicymanager/troubleshooting/preferences/domainjoined.md) +see[Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/domainjoined.md) In order to minimize conflicts, we have, in the past, suggested that customers un-license Endpoint Policy Manager Preferences when the machine is domain joined. @@ -50,7 +56,7 @@ Customers must change this value if they wish to enable this component (which th explained later.) See -[How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/license/unlicense/componentsexclude.md) +[How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentsexclude.md) In logs, CSE shows a message: diff --git a/docs/endpointpolicymanager/troubleshooting/license/graceperiod.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/graceperiod.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/license/graceperiod.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/graceperiod.md index 8bd9a23d4e..0b59d94109 100644 --- a/docs/endpointpolicymanager/troubleshooting/license/graceperiod.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/graceperiod.md @@ -1,3 +1,9 @@ +--- +title: "How do I make the Grace Period licensing pop-up go away?" +description: "How do I make the Grace Period licensing pop-up go away?" +sidebar_position: 70 +--- + # How do I make the Grace Period licensing pop-up go away? This article explains the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE Grace Period and @@ -45,7 +51,7 @@ implement the license file. - Here is how to implement a new license: [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - Here is how to troubleshoot a new - license: [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/troubleshooting/license/components.md) + license: [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md) ## How to change Pop-Up Behavior (previous CSE versions before 24.4) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/legacy.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/legacy.md new file mode 100644 index 0000000000..a3c9df000a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/legacy.md @@ -0,0 +1,168 @@ +--- +title: "Action Required for Endpoint Policy Manager Customers using Legacy Licenses" +description: "Action Required for Endpoint Policy Manager Customers using Legacy Licenses" +sidebar_position: 60 +--- + +# Action Required for Endpoint Policy Manager Customers using Legacy Licenses + +## What is happening: + +- The Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE (endpoint piece) is hardcoded to stop + honoring Legacy licenses on Feb 28, 2023… even if you have a Valid Legacy license hitting the + machine. + +## Why is this happening: + +- We started delivering Universal licenses in Jan 2021 thus giving customers two years to upgrade to + make the switch. This is your three-month (and likely final) warning of the impending requirement. + +## Who is NOT affected by this: + +- If you are using CLOUD licensing, you are not affected. +- If you already have Universal licenses in place and no Legacy licenses in place, you are not + affected. + +## Who IS affected by this: + +- If you are using GPO or MDM / XML licensing with Legacy licenses only and... +- You are using CSE version 2687 (21.1.2687.802) or later. + +… Then you are affected. + +## Is this a security concern? + +- No. This is not a security concern. + +## How do I know if I'm using LEGACY licenses, UNIVERSAL licenses, or both? + +- Please watch this video to help you determine your position and situation plus some advice on what + to do. +- Video: [Legacy License Retirement Guidance (for Feb 28, 2023)](/docs/endpointpolicymanager/video/license/legacy.md) + +## Where can I get UNIVERSAL licenses? + +- When we cut keys for new customers who started after 2021, chances are you got only Universal keys + in the first place. +- When we cut keys for existing customers (who started before 2021) we always provided Universal + keys and sometimes provided Legacy keys. +- Therefore: You should be able to pick up your existing keys at portal.endpointpolicymanager.com. Example of + how to find existing keys: + + ![840_1_1](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_1_1.webp) + +- Only email [support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) if you cannot locate your + Universal license because it should already be in the Portal at portal.endpointpolicymanager.com. + +## In the portal, after I download my license keys, how can I tell which are UNIVERSAL and which are LEGACY keys? + +- Example download of valid dates with both Universal and Legacy keys, but only Universal keys will + be honored past Feb 28, 2023: + + ![840_2_2_950x572](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_2_2_950x572.webp) + +## What must I do to keep PolicyPak working if I am affected?: + +- There are a few strategies you can pursue to keep Endpoint Policy Manager working as expected. +- BEST: + - Import the Universal license and make sure it hits your endpoints. If you do not have a + universal license, you may request one by opening a case at + [Netwrix support](https://www.netwrix.com/sign_in.html?rf=tickets.html#netwrix-support). + Please do not wait until the last minute to get your license as we could have many requests to + field. + - Upgrade the CSE to something recent; hopefully the latest version. +- GOOD, but not as good as BEST: + - Keep using your Legacy licenses which will  naturally expire Feb 28, 2023. + - Update the CSE to the latest version (3421 or later) on your endpoints. + - Use a Endpoint Policy Manager ADMX setting which will give you +90 days to implement the + Universal license. See screen shot below: + +![1231_licenseadmxsetting](/img/product_docs/endpointpolicymanager/troubleshooting/license/1231_licenseadmxsetting.webp) + +**NOTE:** This ADMX setting only affects CSE 3421 and later is only a stopgap measure if you +literally have no way to transition from Legacy XML to Universal XML, but you do have some way to +update your CSE. + +- Please honor the philosophy of Rings and don't "blast out" an upgrade CSE to all of your computers + at once so you can control a rollout or a rollback. Use + this guidance: [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) + +## How can I install UNIVERSAL licenses once I have downloaded them? + +- First, upgrade your Admin Console MMC snap in with the latest download from the portal. Only the + latest Admin Consoles can import Universal licenses. +- Video: + [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) + + **NOTE:**   You cannot import both Legacy and Universal licenses into the same GPO. You need + separate GPOs for both license types. If you try to put both licenses into the same GPO you will + get the error: "Sorry but you can't install GP and Enterprise licenses into the same GPO, please + install them to different GPOs or select licenses with the same type." + +## What will happen if I do nothing?: + +- If you are using LEGACY licenses and/or very old CSEs which ONLY process LEGACY licenses (so CSEs + before 21.1.2687.802), then Endpoint Policy Manager will keep working because CSEs before + 21.1.2687.802 don't understand Universal licenses anyway. +- If you're using LEGACY licenses and NEWER CSEs (21.1.2687.802 or later), you can expect Endpoint + Policy Manager to stop processing and stop working as if your license file expired on Feb + 28, 2023. + + **NOTE:** Exact behavior when licenses expire can be seen here: + [What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md) + +## What if I'm applying both Universal and Legacy licenses to an endpoint? + +- If a computer receives both Legacy and Universal licenses, then you should be all set, provided + you are using a CSE (build 2687 and later) on the endpoint. + + **NOTE:** More modern CSEs on the endpoints are preferred. + +## How can I validate on a few endpoints that I am Valid and won't expire? + +- Use the `PPUPDATE` command which will always show if you are Valid and licensing type. +- Example of a machine getting Universal licenses successfully: + + ![840_3_3_950x610](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_3_3_950x610.webp) + +- FAQ on error conditions: + [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md). +- **NOTE:** The Latest CSE in the portal (build 3375) will also express Invalid licenses if any are + applying to the machine. Example: + + ![840_4_4_950x675](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_4_4_950x675.webp) + +## Anything else I should know / Bugs & Known Issues? + +Item 1: `PPupdate` may show "Computers with ‘Computer' in the name" while actually being licensed +(CSE 3375 only.) + +This bug exists only in 3375 and doesn't exist in later version of the CSE, such as 3421 and later. + +In build 3375, you might see something like this when you test `PPUPDATE`. + +![840_5_image-20230126194031-1](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_5_image-20230126194031-1.webp) + +_Remember,_ this is a display bug in 3375 which has been removed in the latest CSE version. This +message can safely be ignored. + +As long as you can see you ARE getting licensed by the Universal key method (see section above +entitled “How can I validate on a few endpoints that I am VALID and won’t expire?”) then you are +free to ignore this bug. + +Item 2: `PolicyPak` Update might show a statement which is a little misleading in CSE 3375 or +earlier. The message is updated for clarity in CSE 3421 and later. + +The message in CSE 3375 and earlier says: “The license is valid. WARNING: GP licenses will no longer +be accepted after Feb 28th, 2023.” + +Example: + +![840_6_image-20230126194031-2_950x764](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_6_image-20230126194031-2_950x764.webp) + +What it is trying to say is that Legacy XML licenses are not honored beyond Feb 28, 2022. + +You can still use Universal licenses via GPO and/or MDM/XML method. The updated messaging from +latest CSEs is as follows: + +![840_7_image_950x724](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_7_image_950x724.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/license/mmcsnapinlogs.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/mmcsnapinlogs.md similarity index 76% rename from docs/endpointpolicymanager/troubleshooting/license/mmcsnapinlogs.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/mmcsnapinlogs.md index 93de955554..ae22d28d68 100644 --- a/docs/endpointpolicymanager/troubleshooting/license/mmcsnapinlogs.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/mmcsnapinlogs.md @@ -1,3 +1,9 @@ +--- +title: "How do I turn on MMC Snap in Logs (for troubleshooting MMC Editing or Licensing Import)?" +description: "How do I turn on MMC Snap in Logs (for troubleshooting MMC Editing or Licensing Import)?" +sidebar_position: 40 +--- + # How do I turn on MMC Snap in Logs (for troubleshooting MMC Editing or Licensing Import)? If you are having an editing or licensing problem, you may be asked to supply MMC Snap In logs. diff --git a/docs/endpointpolicymanager/license/unlicense/options.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/options.md similarity index 86% rename from docs/endpointpolicymanager/license/unlicense/options.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/options.md index 9b1b7937ce..85fecd1bd0 100644 --- a/docs/endpointpolicymanager/license/unlicense/options.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/options.md @@ -1,9 +1,15 @@ +--- +title: "My organization doesn't permit me to run the LT (Endpoint Policy Manager Licensing Tool) or provide the XML information it produces. What are my other options?" +description: "My organization doesn't permit me to run the LT (Endpoint Policy Manager Licensing Tool) or provide the XML information it produces. What are my other options?" +sidebar_position: 20 +--- + # My organization doesn't permit me to run the LT (Endpoint Policy Manager Licensing Tool) or provide the XML information it produces. What are my other options? Before reading the full answer to this question, please go over this FAQ question and see if that answers your question: -[Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)](/docs/endpointpolicymanager/license/tool.md) +[Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool.md) In short, we don't collect any critical information at all. The LT only collects the number of computers and where the licenses are used. Because of this, we recommend you use the LT utility as @@ -67,7 +73,7 @@ So, to recap: **Step 1 –** If you use our Endpoint Policy Manager On-Prem Licensing tool (LT), we collect only information about where you want to use it and how much you want to use it. We do not collect usernames, computer names, passwords or anything else. Again, see -[Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)](/docs/endpointpolicymanager/license/tool.md)for additional +[Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool.md)for additional information **Step 2 –** If you are unable to use our LT, that's fine. The alternative is to use these diff --git a/docs/endpointpolicymanager/license/unlicense/reset.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/reset.md similarity index 85% rename from docs/endpointpolicymanager/license/unlicense/reset.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/reset.md index e9055b8361..6ffe03f9f1 100644 --- a/docs/endpointpolicymanager/license/unlicense/reset.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/reset.md @@ -1,3 +1,9 @@ +--- +title: "How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?" +description: "How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?" +sidebar_position: 60 +--- + # How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller? You can use `PPUPDATE` to show the current domain joined status. diff --git a/docs/endpointpolicymanager/troubleshooting/license/toollogs.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/toollogs.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/license/toollogs.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/toollogs.md index 924931984f..08e7568ed7 100644 --- a/docs/endpointpolicymanager/troubleshooting/license/toollogs.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/toollogs.md @@ -1,3 +1,9 @@ +--- +title: "Gathering License Tool logs (LT.exe)" +description: "Gathering License Tool logs (LT.exe)" +sidebar_position: 90 +--- + # Gathering License Tool logs (LT.exe) Sometimes LT.exe can produce errors due to AD/access rights restrictions. This can affect the diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/universal.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/universal.md new file mode 100644 index 0000000000..28e2c52880 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/universal.md @@ -0,0 +1,15 @@ +--- +title: "I unlicensed my machine by removing a universal license, my machine still appears licensed. Why is this?" +description: "I unlicensed my machine by removing a universal license, my machine still appears licensed. Why is this?" +sidebar_position: 50 +--- + +# I unlicensed my machine by removing a universal license, my machine still appears licensed. Why is this? + +Modern versions of the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE will cache licenses +for 24 hours, even if rebooted. This is to compensate for errors by admins, or if something was to +manipulate the storage location of licenses before new licenses were put in place. + +As such you will still see licenses in place when running `PPUPDATE` command. + +![826_1_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/license/826_1_img-01.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/_category_.json new file mode 100644 index 0000000000..7a81872c55 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Misc Licensing Questions", + "position": 90, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/transition.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/transition.md new file mode 100644 index 0000000000..0bbec4faae --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/transition.md @@ -0,0 +1,71 @@ +--- +title: "Why must I transition from Legacy to Universal licenses (and what are the differences?)" +description: "Why must I transition from Legacy to Universal licenses (and what are the differences?)" +sidebar_position: 30 +--- + +# Why must I transition from Legacy to Universal licenses (and what are the differences?) + +Starting in January 2021, Netwrix Endpoint Policy Manager (formerly PolicyPak) transitioned the +licensing model from Legacy to Universal licenses. +In 2022, the Endpoint Policy Manager CSE (any version) stopped honoring legacy licenses +Additionally, to take advantage of some features, like Capabilities (explained below) you must have +the latest CSEs and a Universal license. + +## Understanding Legacy Licenses + +Legacy licenses take the form of multiple keys, one for each component. + +Whenever we have a new component, we would issue your company a new legacy license for that +component. + +![861_1_hfkb-1130-img-01](/img/product_docs/endpointpolicymanager/license/861_1_hfkb-1130-img-01.webp) + +An individual legacy license XML looks like this and contains the product (component) and the scope +of where it is licensed to: + +![861_2_hfkb-1130-img-02_950x238](/img/product_docs/endpointpolicymanager/license/861_2_hfkb-1130-img-02_950x238.webp) + +You then use the Group Policy editor to consume the license and the result would look something like +this. + +![861_3_hfkb-1130-img-03_950x447](/img/product_docs/endpointpolicymanager/license/861_3_hfkb-1130-img-03_950x447.webp) + +Additionally, if you wanted to use Endpoint Policy Manager with an MDM service, we needed to cut a +second set of keys just for that scenario. That second set of licenses is an .MSI which also contain +the XMLs which enable Endpoint Policy Manager to work with an MDM service. + +Tip: You can use 7zip to open an MSI and see the licenses, like this.: + +![861_4_hfkb-1130-img-04_950x320](/img/product_docs/endpointpolicymanager/license/861_4_hfkb-1130-img-04_950x320.webp) + +## Understanding Universal Licenses + +Universal licenses solve a lot of problems around key generation: + +- Instead of having one set for Active Directory (GPO / SCCM or other on-prem and another for MDM, + we can generate one key which can be used in both places. +- Administrators may select which types of policies are honored (Group Policy-based, XML-files + based, or coming from MDM). +- All components purchased can be in one XML file +- Some components which have capabilities may be specified with those capabilities. This is not + available in Legacy license type. +- For MDM customers, we can specify EITHER Intune Company name or UPN name. + [What is the difference if I license my MDM machines' CSE using COMPANY NAME vs. UPN name?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/name.md) + This is not available for Legacy license type. +- Administrators may disable a specifically licensed component, without having to request Endpoint + Policy Manager support to re-cut the license. + [How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentsexclude.md) +- The license may be wrapped up by the admin as a .MSI and re-deployed without contacting Endpoint + Policy Manager support to make a .MSI. + [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) + +![861_5_hfkb-1130-img-05_950x431](/img/product_docs/endpointpolicymanager/license/861_5_hfkb-1130-img-05_950x431.webp) + +In the Group Policy editor you can consume the Universal license and it will look like this. + +![861_6_hfkb-1130-img-06_950x670](/img/product_docs/endpointpolicymanager/license/861_6_hfkb-1130-img-06_950x670.webp) + +And finally using` PPUPDATE` command on the endpoint, you can see how you are licensed : + +![861_7_hfkb-1130-img-07_950x984](/img/product_docs/endpointpolicymanager/license/861_7_hfkb-1130-img-07_950x984.webp) diff --git a/docs/endpointpolicymanager/license/whenwhy.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/whenwhy.md similarity index 90% rename from docs/endpointpolicymanager/license/whenwhy.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/whenwhy.md index a7b3f9f51e..079f888452 100644 --- a/docs/endpointpolicymanager/license/whenwhy.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/misclicensingquestio/whenwhy.md @@ -1,3 +1,9 @@ +--- +title: "When and why would I license Endpoint Policy Manager on servers?" +description: "When and why would I license Endpoint Policy Manager on servers?" +sidebar_position: 10 +--- + # When and why would I license Endpoint Policy Manager on servers? First, if the server is a normal, everyday server then, like a desktop, laptop, or virtual desktop, @@ -8,7 +14,7 @@ two FAQs for details: - General Citrix & Multi-Session Windows Licensing: [Citrix & WVD Multi-session Windows Licensing Scenarios](https://www.endpointpolicymanager.com/purchasing/citrix-licensing-scenarios.html) - For Citrix + Cloud: - [How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/license/virtualization/multisession.md) + [How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/multisession.md) That being said, you might want to license your normal, everyday servers for a variety of reasons. Here are some examples: @@ -35,7 +41,7 @@ Here are some examples: [Block PowerShell in General, Open up for specific items](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/powershellblock.md) 6. You can use Endpoint Policy Manager Least Privilege Manager to reduce the admin rights on specific processes or applications, like IE and - others:[Can I use Endpoint Privilege Manager to LOWER / remove admin rights from Administrators from an application or process, like Internet Explorer?](/docs/endpointpolicymanager/leastprivilege/reduceadminrights.md) + others:[Can I use Endpoint Privilege Manager to LOWER / remove admin rights from Administrators from an application or process, like Internet Explorer?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/reduceadminrights.md) 7. You can use Endpoint Policy Manager Scripts Manager to perform specific logon scripts for specific servers using Triggers: [Endpoint Policy Manager Scripts and Triggers: Get to understand login script trigger with GP and MDM systems !](/docs/endpointpolicymanager/video/scriptstriggers/scripttriggers.md) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/_category_.json new file mode 100644 index 0000000000..92f9c5701b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Requesting Licenses FAQ And Troubleshooting All Methods", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/license/virtualization/count.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/count.md similarity index 90% rename from docs/endpointpolicymanager/license/virtualization/count.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/count.md index 60aceefd52..38c69fd14d 100644 --- a/docs/endpointpolicymanager/license/virtualization/count.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/count.md @@ -1,3 +1,9 @@ +--- +title: "What must I show to prove my current RDS and/or Citrix, or other Multi-Session windows concurrent license count for Endpoint Policy Manager Cloud (or if on-prem LT cannot auto-discover them)?" +description: "What must I show to prove my current RDS and/or Citrix, or other Multi-Session windows concurrent license count for Endpoint Policy Manager Cloud (or if on-prem LT cannot auto-discover them)?" +sidebar_position: 40 +--- + # What must I show to prove my current RDS and/or Citrix, or other Multi-Session windows concurrent license count for Endpoint Policy Manager Cloud (or if on-prem LT cannot auto-discover them)? It is optional to license RDS and/or Citrix XenApp, and/or Citrix XenDesktop connections for use diff --git a/docs/endpointpolicymanager/license/virtualization/desktops.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/desktops.md similarity index 82% rename from docs/endpointpolicymanager/license/virtualization/desktops.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/desktops.md index 9bc1edc92c..1473c91494 100644 --- a/docs/endpointpolicymanager/license/virtualization/desktops.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/desktops.md @@ -1,3 +1,9 @@ +--- +title: "Are there any special Endpoint Policy Manager licensing issues for virtual desktops?" +description: "Are there any special Endpoint Policy Manager licensing issues for virtual desktops?" +sidebar_position: 50 +--- + # Are there any special Endpoint Policy Manager licensing issues for virtual desktops? This depends on what kind of virtual desktops they are: diff --git a/docs/endpointpolicymanager/license/editpolicies.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/editpolicies.md similarity index 86% rename from docs/endpointpolicymanager/license/editpolicies.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/editpolicies.md index 1c57cf2df7..c5cce24e49 100644 --- a/docs/endpointpolicymanager/license/editpolicies.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/editpolicies.md @@ -1,3 +1,9 @@ +--- +title: "What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)" +description: "What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)" +sidebar_position: 50 +--- + # What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?) A new feature of Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud where you can create and diff --git a/docs/endpointpolicymanager/license/mdm/intune.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/intune.md similarity index 81% rename from docs/endpointpolicymanager/license/mdm/intune.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/intune.md index 9d495fba49..42d16c3f78 100644 --- a/docs/endpointpolicymanager/license/mdm/intune.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/intune.md @@ -1,3 +1,9 @@ +--- +title: "How do I manually count the number of computers in Intune, and manually acquire the Intune \"Company Name?\"" +description: "How do I manually count the number of computers in Intune, and manually acquire the Intune \"Company Name?\"" +sidebar_position: 40 +--- + # How do I manually count the number of computers in Intune, and manually acquire the Intune "Company Name?" If you are having trouble running the Licensing Tool (LT) to acquire either the number of computers @@ -11,7 +17,7 @@ the same result. Please follow the steps in the following article to acquire the number of Computers in Intune. Please send us screenshots like the ones in the article to let us know the number of machines. -[If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?](/docs/endpointpolicymanager/license/mdm/entraid.md) +[If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/entraid.md) ## Part 2: Getting the Intune Company Name diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/logs.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/logs.md new file mode 100644 index 0000000000..e99c4a314c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/logs.md @@ -0,0 +1,28 @@ +--- +title: "What Logs do I need to send for troubleshooting LT (License Tool) or other MMC / .Net related functions?" +description: "What Logs do I need to send for troubleshooting LT (License Tool) or other MMC / .Net related functions?" +sidebar_position: 30 +--- + +# What Logs do I need to send for troubleshooting LT (License Tool) or other MMC / .Net related functions? + +If you are having problems with the MMC editor (or other .NET Tools like the Netwrix Endpoint Policy +Manager (formerly PolicyPak) License Tool) you will need to go to `%appdata%\local\PolicyPak` + +And find the logs required. + +For instance, for the License Tool, you would supply: + +- General and +- Endpoint Policy Manager License Tool. + +If you had an issue, with say, Endpoint Policy Manager Least Privilege Manager editor, then you +would supply: + +- General and +- Endpoint Policy Manager Least Privilege Manager + +Once you have collected the required logs, please ZIP up the following folder and upload to your +support case in SHAREFILE. + +![182_1_1_950x786](/img/product_docs/endpointpolicymanager/troubleshooting/license/182_1_1_950x786.webp) diff --git a/docs/endpointpolicymanager/license/virtualization/multisession.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/multisession.md similarity index 91% rename from docs/endpointpolicymanager/license/virtualization/multisession.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/multisession.md index 21dc330464..087783d522 100644 --- a/docs/endpointpolicymanager/license/virtualization/multisession.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/multisession.md @@ -1,3 +1,9 @@ +--- +title: "How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?" +description: "How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?" +sidebar_position: 20 +--- + # How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ? When you download your tenant's Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client diff --git a/docs/endpointpolicymanager/license/virtualization/terminalservices.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/terminalservices.md similarity index 87% rename from docs/endpointpolicymanager/license/virtualization/terminalservices.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/terminalservices.md index 45a84ad127..2840c0473d 100644 --- a/docs/endpointpolicymanager/license/virtualization/terminalservices.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/terminalservices.md @@ -1,3 +1,9 @@ +--- +title: "How are Terminal Services and/or Citrix connections licensed?" +description: "How are Terminal Services and/or Citrix connections licensed?" +sidebar_position: 10 +--- + # How are Terminal Services and/or Citrix connections licensed? To be in compliance with Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing, you must diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool.md new file mode 100644 index 0000000000..c048a4e75d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool.md @@ -0,0 +1,47 @@ +--- +title: "Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)" +description: "Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)" +sidebar_position: 20 +--- + +# Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?) + +When you run the Netwrix Endpoint Policy Manager (formerly PolicyPak) Licensing tool, we only +acquire the following information: + +- Name of domain. +- OUs you want to use it in. +- Number of users in there. Which we don't actually use, this is from our old licensing technique. +- Number of computers in there. This is what we actually use. +- Number of Terminal Services sessions. This is also used. + +Here's an example file you would send to us: + +![197_1_licensing_faq_pic](/img/product_docs/endpointpolicymanager/license/197_1_licensing_faq_pic.webp) + +Without this file, we cannot know what your computer and Terminal Services count is, and hence, how +much to quote you or where to license you. + +To be clear, we are not getting the following from your domain: + +- Your whole OU structure. We only get the names of the OUs you want to license. +- Any user names or passwords. +- Any computer names. +- Any IP information. + +Or anything else. + +If during your testing / trialing, you don't want to send us a License Request Key, that's fine,but… + +- We cannot make you a real quote without it. +- We cannot generate a real license key for you if you become a purchaser. + +That being said, if you rename a target / endpoint computer to have the word Computer in the name, +the Endpoint Policy Manager client side extension acts as if its fully licensed. + +You are welcome to rename a handful of machines for your tests to test out Endpoint Policy Manager +but eventually you will need to run the Licensing Utility so we can know your count and create your +real keys. + +Email your Endpoint Policy Manager Sales team member for more information if you have licensing +questions. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool_1.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool_1.md new file mode 100644 index 0000000000..ad83d769b4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/tool_1.md @@ -0,0 +1,31 @@ +--- +title: "Why must I run LT from a Windows Server if I want to properly count Citrix / Terminal Services / RDS connections?" +description: "Why must I run LT from a Windows Server if I want to properly count Citrix / Terminal Services / RDS connections?" +sidebar_position: 30 +--- + +# Why must I run LT from a Windows Server if I want to properly count Citrix / Terminal Services / RDS connections? + +When you license Citrix / Terminal Services / RDS, you purchase keypak licenses in blocks of 50 from +Microsoft and Citrix, and apply them to your servers. + +Netwrix Endpoint Policy Manager (formerly PolicyPak) LT attempts to read these keypak files and +report on your maximum inbound connections. In short, LT can only look for these Keypack licenses +when running on a Windows server and not a Windows client machine. That is what this message is +about. + +![352_2_image001]() + +**NOTE:** Sometimes LT can acquired the correct number of RDS connections, and sometimes it cannot. + +![352_2_image002](/img/product_docs/endpointpolicymanager/license/virtualization/352_2_image002.webp) + +To be compliant with our EULA, if the count returned by LT shows zero, or otherwise fails to acquire +the number of Citrix / Terminal Services / RDS licenses, you must manually declare them to your +sales representative. + +There are also multiple ways the Endpoint Policy Manager On-Prem suite can be licensed for Citrix. +For understanding all the scenarios, please see the following additional technotes: + +- [How are Terminal Services and/or Citrix connections licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/terminalservices.md) +- [Citrix & WVD Multi-session Windows Licensing Scenarios](https://www.endpointpolicymanager.com/purchasing/vdi-licensing-scenarios/) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md new file mode 100644 index 0000000000..d6cee0b7ca --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md @@ -0,0 +1,137 @@ +--- +title: "What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?" +description: "What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?" +sidebar_position: 10 +--- + +# What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool? + +We know you want to get started with a Netwrix Endpoint Policy Manager (formerly PolicyPak) trial +fast. + +Good news, we only need a few pieces of information to get started. Typically we can get started +with only: + +- Your domain name (for GPO/AD Method) +- Your Intune company name (for Intune method) +- Or, nothing at all, which works for all methods:Just rename a computer. + +**CAUTION:** The details in this article get you started without having to count the number of +computers, which means we cannot get you a formal quote. Only when you count the computers are we +able to provide you a formal quote. This process is slower and optional, but does mean we can get +you a formal quote. +See [How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) +for additional information. Then send your License Request Key XML to your sales person to get a +formal quote generated. + +So, here's the rundown of how you can get a trial license quickly.. You need to pick just one: + +- Option 1 — On-Prem or MDM: No license at all, by renaming a computer to have Computer in the + name(recommended). +- Option 2 — Licenses coming automatically from Endpoint Policy Manager Cloud. +- Option 3 — On-Prem / GPO Method: You give us your domain name, we give you back a Trial License + File. +- Option 4 — Intune-specific method: You give us your INTUNE company name,, and we give you back a + Trial License File. +- Option 5 — Non-Intune/Other-MDM Method: You give us your UPN name, and we give you back a Trial + License File. + +## Option 1: On-Prem or MDM: No license at all, by renaming a computer to have Computer in the name(recommended) + +With Endpoint Policy Manager, you don't even need a license file from us to get started. + +**NOTE:** This is the recommended  way to get going quickly with Endpoint Policy Manager. + +Simply rename a computer to have Computer in the name, and that's it. You're done. Here are the two +methods of how to do that in Windows. + +Here's a video showing what happens when you rename a computer and how Endpoint Policy Manager +reacts:[Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/cloud/testlab/renameendpoint.md) + +![812_1_image001](/img/product_docs/endpointpolicymanager/license/812_1_image001.webp) + +After you rename your computer to have Computer in the name, then: + +- Follow these directions to get started with on-Prem Active Directory/ Group Policy: Getting + Started with Group Policy > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) and/or +- Follow these directions to get started with Endpoint Policy Manager and Intune or another MDM + (making sure to follow the "Walk Before You Run" video): Getting Started with MDM > + [Video Learning Center](/docs/endpointpolicymanager/video/index.md) + +## Option 2: Licenses coming automatically from PolicyPak Cloud + +If you're trying our Endpoint Policy Manager Enterprise, Endpoint Policy Manager Professional or +Endpoint Policy Manager SaaS, they all come with an included Endpoint Policy Manager Cloud license.  +Your trial should automatically generate credentials +to [cloud.endpointpolicymanager.com](http://cloud.endpointpolicymanager.com/) (aka the Endpoint Policy Manager Cloud +Service.) + +When you install the Endpoint Policy Manager Cloud client, a license is automatically taken from +Endpoint Policy Manager Cloud (and also the Endpoint Policy Manager Client Side Extension is +installed.) You install a new machine into Endpoint Policy Manager cloud by installing the Endpoint +Policy Manager Cloud Client, as shown below. + +![812_2_image002](/img/product_docs/endpointpolicymanager/license/812_2_image002.webp) + +To get started immediately with Endpoint Policy Manager Cloud, check out the Getting Started with +Cloud > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). + +## Option 3: On-Prem / GPO Method: You give us your domain name, we give you back a Trial License File. + +If you want to use Active Directory / GPO method to deliver Endpoint Policy Manager settings, we +need your domain name. And if you have multiple domains, that's fine. We can make you one key which +contains all your domain names. + +The best way to get the domain name would be to run this simple Powershell command: + +``` +$env:userdnsdomain +``` + +It will then produce the output of the domain name, which is the minimum requirement to make you a +license key. + +![812_3_get-fqdn-with-powershell](/img/product_docs/endpointpolicymanager/license/812_3_get-fqdn-with-powershell.webp) + +Once we generate the key, it will be in the Endpoint Policy Manager +Portal.[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md)Then +follow these directions to get started with on-Prem Active Directory/ Group Policy: Group +Policy > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) + +## Option 4: Intune-specific method: You give us your INTUNE company name, and we give you back a Trial License File. + +If you're using Intune specifically, we can turn on Endpoint Policy Manager for your Intune +instance. We need the Intune Company name. Run this PowerShell script, which will return +`INTUNECOMPANYNAME.TXT`, and send it to your sales person. + +``` +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +Install-PackageProvider -Name NuGet -Scope CurrentUser -Force +Install-Module -Name Microsoft.Graph.Intune -Repository PSGallery -Scope CurrentUser -Force +Connect-MSGraph -AdminConsent +Get-Organization | Select @{N = 'CompanyName'; E = { $_.displayName } } | out-file INTUNECOMPANYNAME.TXT +``` + +Once we generate the key, it will be in the Endpoint Policy Manager Portal. Download the key and +install it using theinstructions found +here: [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) + +Then follow these directions to get started with Endpoint Policy Manager and Intune (making sure to +follow the "Walk Before You Run" video): Getting Started with MDM > +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) + +## Option 5: Non-Intune/Other-MDM Method: You give us your UPN name, and we give you back a Trial License File. + +When you enroll machines into your MDM, you do so with a UPN name. Start out by noting which UPN +name you use, such as [\*@fabrikam.com,](mailto:*@fabrikam.com) or whatever yours is. We recommend +you take a screenshot of this page from an enrolled Windows 10 machine, and then continue. + +![812_4_sdfg](/img/product_docs/endpointpolicymanager/license/812_4_sdfg.webp) + +Once we generate the key, it will be in the Endpoint Policy Manager Portal. Download the key and +install it using these +instructions: [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) + +Then follow these directions to get started with Endpoint Policy Manager and your MDM service, +making sure to follow the "Walk Before You Run" video: Getting Started with MDM > +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/_category_.json new file mode 100644 index 0000000000..6583ae5ccc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Requesting Licenses MDM", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/license/mdm/adminrights.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/adminrights.md similarity index 89% rename from docs/endpointpolicymanager/license/mdm/adminrights.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/adminrights.md index b19d1c08ee..456e74854c 100644 --- a/docs/endpointpolicymanager/license/mdm/adminrights.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/adminrights.md @@ -1,3 +1,9 @@ +--- +title: "Why does the Endpoint Policy Manager Licensing Tool (LT.EXE) require admin rights to query for Intune / Azure data?" +description: "Why does the Endpoint Policy Manager Licensing Tool (LT.EXE) require admin rights to query for Intune / Azure data?" +sidebar_position: 80 +--- + # Why does the Endpoint Policy Manager Licensing Tool (LT.EXE) require admin rights to query for Intune / Azure data? The short version is that Microsoft doesn't allow us to retrieve the count of devices from Intune / diff --git a/docs/endpointpolicymanager/license/mdm/autopilot.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/autopilot.md similarity index 76% rename from docs/endpointpolicymanager/license/mdm/autopilot.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/autopilot.md index c9db0a52f0..c897ef4eb9 100644 --- a/docs/endpointpolicymanager/license/mdm/autopilot.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/autopilot.md @@ -1,3 +1,9 @@ +--- +title: "How do I license Autopilot pre-provisioning foouser and autopilot user for my Intune MDM service?" +description: "How do I license Autopilot pre-provisioning foouser and autopilot user for my Intune MDM service?" +sidebar_position: 90 +--- + # How do I license Autopilot pre-provisioning foouser and autopilot user for my Intune MDM service? If you use pre-provisioning with Intune Autopilot, Microsoft may use one or more fake pre-provision diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/domainmultiple.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/domainmultiple.md new file mode 100644 index 0000000000..b3e4691068 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/domainmultiple.md @@ -0,0 +1,23 @@ +--- +title: "What if I have multiple domain names within the MDM I want to license?" +description: "What if I have multiple domain names within the MDM I want to license?" +sidebar_position: 30 +--- + +# What if I have multiple domain names within the MDM I want to license? + +Typically, we license a single email domain suffix, like \*@abc.com for any Netwrix Endpoint Policy +Manager (formerly PolicyPak) MDM customer. + +That being said, if you are using Intune, and have the need for many domain tenant names, it is +possible for you to provide the Name of account details (also called Company information) and we can +use that information to cut you an overall license for any domain name within your Intune account. + +The screenshot below shows you what to provide to Endpoint Policy Manager Sales or Support when +asked. + +**NOTE:** This optional licensing method is only available with Microsoft Intune, and is not +available on VMware Workspace One (Airwatch). It may or may not be available with other MDM +services. + +![356_1_image_950x402](/img/product_docs/endpointpolicymanager/license/mdm/356_1_image_950x402.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/entraid.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/entraid.md new file mode 100644 index 0000000000..d6aabb8353 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/entraid.md @@ -0,0 +1,174 @@ +--- +title: "If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?" +description: "If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?" +sidebar_position: 20 +--- + +# If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need? + +First of all, we here at Netwrix Endpoint Policy Manager (formerly PolicyPak) do not want to charge +you twice. If a machine is joined to On-Prem AD and also joined to Azure AD (called Hybrid Azure AD +joined), then you should only have to pay for the machine one time. Here is a Microsoft's diagram +below (borrowed from +[https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid](https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid) +). + +![200_1_image-20200723102952-1](/img/product_docs/endpointpolicymanager/license/mdm/200_1_image-20200723102952-1.webp) + +In this case, if you had exactly one machine like this ,you would need to: + +- Pay for one license (remember, you only need to pay once.) But… +- Engage both PolicyPak licensing mechanisms for this computer: Endpoint Policy Manager Group Policy + and Endpoint Policy Manager MDM. + +We recommend you do not deliver the same Endpoint Policy Manager settings from both Group Policy or +MDM. But you might want to enable the ability to get those licenses from both sources, then +transition away from Group Policy to MDM over time. + +Knowing you will have some machines: + +- Joined to on-prem AD & GPO (but not in Azure) +- Joined to Azure AD (but not on-prem AD) and +- Hybrid Azure AD Joined (dual enrolled to both) + +How do you dial in exactly how many computers to license? We will go over this same math again at +the end, but here is the gist. Let us pretend you had the following numbers (which we will explain +more below): + +- Part 1 (On-Prem AD & GPO machines): 1000 +- Part 2 (Azure AD joined only): 250 +- Part 3 (Hybrid AD joined): 150 + +To correctly pay for each computer one time you would pay for: + +- Azure AD joined only: 250 +- Hybrid AD joined: 150 +- AD & GPO machines : 1000 +- SUBTRACT the number of Hybrid AD joined: MINUS 150 + +Final number for purchase, where each machine is licensed once: + +- 250 + +- 150 + +- 1000 MINUS +- 150 + +Grand total: 1,250 computers + +There is no easy button for this, but it is a straightforward procedure. + +## Step 1: Counting your on-prem AD & GPO machines + +Typically, you do this with the Endpoint Policy Manager on-prem licensing tool (preferred), or if +you need to, you can use PowerShell. +See[My organization doesn't permit me to run the LT (Endpoint Policy Manager Licensing Tool) or provide the XML information it produces. What are my other options?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/options.md) + +![200_3_image-20200723102952-2](/img/product_docs/endpointpolicymanager/license/mdm/200_3_image-20200723102952-2.webp) + +### Preparing for Steps 2 and 3: Before we count the Azure only, machines and before we count the Hybrid Azure AD joined machines + +In Azure you can go to Devices > All Devices, then look at the Join Type. You should see four +possible fields: + +- Azure AD registered —This is not required for aEndpoint Policy Manager license, as this is not + Azure or MDM enrolled. +- Azure AD joined — This means the machine is joined directly to Azure AD and is not Hybrid (that + is, it is not also joined to on-prem AD). +- Hybrid Azure AD Joined — This means the machine is joined both to Azure AD and to on-prem AD. +- Blank: Unknown. + +![200_5_image-20200723102952-3](/img/product_docs/endpointpolicymanager/license/mdm/200_5_image-20200723102952-3.webp) + +The problem is that you cannot count each type with this interface unless you have just a few +machines. Instead you need to use Powershell and have it do the counting for you. + +## Next: Using PowerShell to connect to Azure AD + +Start out by installing the Azure AD module. See the Microsoft article on +[How to install Azure PowerShell](https://learn.microsoft.com/en-us/powershell/azure/install-azure-powershell?view=azps-13.1.0&viewFallbackFrom=azps-4.4.0) +for additional information. + +Here is a copy of the command: + +``` +if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module +                -Name AzureRM -ListAvailable)) {   Write-Warning -Message +                ('Az module not installed. Having both the AzureRM and ' + +                'Az modules installed at the same time is not supported.')} +        else {   Install-Module -Name Az -AllowClobber -Scope CurrentUser} +``` + +Here is the result. + +![200_7_image-20200723102952-4](/img/product_docs/endpointpolicymanager/license/mdm/200_7_image-20200723102952-4.webp) + +Start out with the Connect-AZAccount cmdlet (not shown). You will get prompted for credentials the +first time. + +![200_9_image-20200724004807-5](/img/product_docs/endpointpolicymanager/license/mdm/200_9_image-20200724004807-5.webp) + +The command should finish and return you with a result like this: + +![200_11_image-20200724004807-6](/img/product_docs/endpointpolicymanager/license/mdm/200_11_image-20200724004807-6.webp) + +Then use the connect-azuread command and provide credentials again, for a second time. + +![200_13_image-20200723102952-5](/img/product_docs/endpointpolicymanager/license/mdm/200_13_image-20200723102952-5.webp) + +Results of connection are then seen here: + +![200_15_image-20200723102952-6](/img/product_docs/endpointpolicymanager/license/mdm/200_15_image-20200723102952-6.webp) + +You can then list all Windows 10 devices with the following command: + +``` +Get-AzureADDevice -all $true | select displayname, DeviceOSType, DeviceTrustType +``` + +![200_17_image-20200723102952-7](/img/product_docs/endpointpolicymanager/license/mdm/200_17_image-20200723102952-7.webp) + +## Step 2: Count your Joined to Azure AD only (but not on-prem domain joined machines) + +To count Azure AD joined machines, run the first command: + +``` +Get-AzureADDevice -All $true | Where-Object {$_.DeviceTrustType -eq "AzureAd"} | measure  +``` + +## Step 3: Count Hybrid Azure AD joined machines (those joined to on-prem AD and also Azure AD) + +To count your Hybrid Azure AD joined machines, run this command. + +``` +Get-AzureADDevice -All $true | Where-Object {$_.DeviceTrustType -eq "ServerAd"} | measure +``` + +# Results of your counting: + +Results examples are seen here: + +![200_19_image-20200723102952-8](/img/product_docs/endpointpolicymanager/license/mdm/200_19_image-20200723102952-8.webp) + +## A final example with Math + +Let's pretend you got the following numbers: + +- Part 1 (On-Prem AD & GPO machines): 1000 +- Part 2 (Azure AD joined only): 250 +- Part 3 (Hybrid AD joined): 150 + +To correctly pay for each computer one time you would pay for: + +- Azure AD joined only: 250 +- Hybrid AD joined: 150 +- AD & GPO machines : 1000 +- SUBTRACT the number of Hybrid AD joined: MINUS 150 + +Final number for purchase, where each machine is licensed once: + +- 250 + +- 150 + +- 1000 MINUS +- 150 + +Grand total: 1,250 computers diff --git a/docs/endpointpolicymanager/license/mdm/hybrid.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/hybrid.md similarity index 92% rename from docs/endpointpolicymanager/license/mdm/hybrid.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/hybrid.md index 28936b5370..f3bab43f76 100644 --- a/docs/endpointpolicymanager/license/mdm/hybrid.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/hybrid.md @@ -1,3 +1,9 @@ +--- +title: "How do I license Endpoint Policy Manager if I use Azure / Azure Active Directory / Azure Active Directory Domain Services / AD Domain Controllers in Azure?" +description: "How do I license Endpoint Policy Manager if I use Azure / Azure Active Directory / Azure Active Directory Domain Services / AD Domain Controllers in Azure?" +sidebar_position: 40 +--- + # How do I license Endpoint Policy Manager if I use Azure / Azure Active Directory / Azure Active Directory Domain Services / AD Domain Controllers in Azure? You might want to license Netwrix Endpoint Policy Manager (formerly PolicyPak) when you are using @@ -18,7 +24,7 @@ little later. In this case, you can license Endpoint Policy Manager with Endpoint Policy Manager Group Policy Edition or Endpoint Policy Manager Cloud Edition. -- See All Things Licensing > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) +- See All Things Licensing > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - See Cloud edition: [Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) - See[Endpoint Policy ManagerCloud and Endpoint Policy Manager OnPremise – Together using PPCloud Licenses](/docs/endpointpolicymanager/video/cloud/integration/onpremise.md) @@ -49,7 +55,7 @@ you get all the Endpoint Policy Manager features as well. For this method, you are not licensing Azure Active Directory, but rather your MDM service. - See - [When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? ](/docs/endpointpolicymanager/license/mdm/setup.md)for + [When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? ](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/setup.md)for additional information on how to express the UPN and number of licenses needed for licensing your MDM service - [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) @@ -81,7 +87,7 @@ You would typically use Group Policy edition and license a whole domain, OU or O Alternatively, you can use Endpoint Policy Manager Cloud edition and license each machine. -- See All Things Licensing > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) +- See All Things Licensing > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) - See [Endpoint Policy ManagerCloud and Endpoint Policy Manager OnPremise – Together using PPCloud Licenses](/docs/endpointpolicymanager/video/cloud/integration/onpremise.md) diff --git a/docs/endpointpolicymanager/license/mdm/jointype.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/jointype.md similarity index 88% rename from docs/endpointpolicymanager/license/mdm/jointype.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/jointype.md index d098609810..04aff59b42 100644 --- a/docs/endpointpolicymanager/license/mdm/jointype.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/jointype.md @@ -1,3 +1,9 @@ +--- +title: "How are BYOD \"Workplace Joined\" (aka Intune Registered) counted toward licensing?" +description: "How are BYOD \"Workplace Joined\" (aka Intune Registered) counted toward licensing?" +sidebar_position: 50 +--- + # How are BYOD "Workplace Joined" (aka Intune Registered) counted toward licensing? The Licensing Tool (LT) we supply will count your computers within Intune. There are three types of diff --git a/docs/endpointpolicymanager/license/mdm/name.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/name.md similarity index 91% rename from docs/endpointpolicymanager/license/mdm/name.md rename to docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/name.md index bd939488b9..b273ef8747 100644 --- a/docs/endpointpolicymanager/license/mdm/name.md +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/name.md @@ -1,3 +1,9 @@ +--- +title: "What is the difference if I license my MDM machines' CSE using COMPANY NAME vs. UPN name?" +description: "What is the difference if I license my MDM machines' CSE using COMPANY NAME vs. UPN name?" +sidebar_position: 70 +--- + # What is the difference if I license my MDM machines' CSE using COMPANY NAME vs. UPN name? When you run the Licensing Tool (LT) to interrogate Intune to the number of computers you have, you diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/setup.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/setup.md new file mode 100644 index 0000000000..76801c7937 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/setup.md @@ -0,0 +1,102 @@ +--- +title: "When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager?" +description: "When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager?" +sidebar_position: 10 +--- + +# When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) can work with and be licensed with nearly any +MDM service. Use this table below to determine how to get licensed: + +- Intune (Automatic) — Use the Endpoint Policy Manager Portal and download the BITS. Then run the + Licensing Tool (LT) to acquire the information and save it to your License Request Key. See + [How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) +- Intune (Alternate) — Only if asked, follow the directions on this page. +- VMware Workspace One — Follow the directions on this page. +- Citrix CEM — Follow the directions on this page. +- MobileIron — Follow the directions on this page. +- Other MDMs may or may not be supported, but we'll try. Follow the directions on this page. + +To accurately create license keys for you,Endpoint Policy Manager needs three pieces of information: + +- Your Universal Principal Name (UPN) +- How many licenses are required and +- Proof of ownership of that MDM / domain. + +## Your UPN name (all MDM services) + +When you enroll machines into your MDM, you do so with a UPN name. Start out by noting which UPN +name you use, @fabrikam.com in our example. We recommend you take a screenshot of this page from an +enrolled Windows 10 machine, then continue. + +![44_1_sdfg](/img/product_docs/endpointpolicymanager/license/812_4_sdfg.webp) + +## License count + +To accurately license your MDM installation, Endpoint Policy Manager needs the following +information: + +- How many machines are actively enrolled in your MDM service +- Screenshots demonstrating the screen shots are of an MDM account your own or control + +If you have a mix of on-prem AD machines, Azure joined machines and Hybrid Azure AD machines please +see + [If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/entraid.md) +for additional information on how to express your count. + +## The Billing Process + +**Step 1 –** Send screenshots of your current usage (see steps below for your specific MDM solution) + +**Step 2 –** Express your expected growth for the upcoming year + +**Step 3 –** You are billed for the total expected usage + +### Windows Intune (alternate method — do not use unless the LT tool isn't working or you are otherwise directed to perform these manual steps.) + +If in the Azure portal, ensure you are in the Intune section. + +![44_2_image-20200815220310-23](/img/product_docs/endpointpolicymanager/license/mdm/44_2_image-20200815220310-23.jpeg) + +The device Screenshot will demonstrate the total Windows Devices and Tenant ownership: + +![44_4_image-20200815220310-24](/img/product_docs/endpointpolicymanager/license/mdm/44_4_image-20200815220310-24.jpeg) + +### Workplace One (Airwatch) + +In your Airwatch portal: + +- Click on the **Devices** icon +- In Platforms, locate the Windows Desktops section and take a screenshot of the entire window + +![44_6_image-20200815220310-25](/img/product_docs/endpointpolicymanager/license/mdm/44_6_image-20200815220310-25.jpeg) + +### MobileIron + +Log into your MobileIron Portal. Your dashboard should show you the number of devices you have +enrolled if Device by OS Type is on your dashboard. If the Pie Chart is shown, click the icon in the +lower-left corner of the Device by OS Type window to change to the Bar Chart. + +![44_8_image-20200815220310-26](/img/product_docs/endpointpolicymanager/license/mdm/44_8_image-20200815220310-26.jpeg) + +Take a screen shot of the device count and account ownership as per the screenshots below (it may +take 2 captures) + +![44_10_image-20200815220310-27_950x711](/img/product_docs/endpointpolicymanager/license/mdm/44_10_image-20200815220310-27_950x711.jpeg) + +### Citrix Endpoint Management (CEM – formally XenMobile) + +Option 1: + +On the Analyze page of the CEM Portal, click on the Dashboard. Take a screenshot showing Managed +devices by Platform and the ownership in the top right-hand corner + +![44_12_image-20200815220310-28](/img/product_docs/endpointpolicymanager/license/mdm/44_12_image-20200815220310-28.webp) + +Option 2: + +From the Analyze page, go to Reporting > Devices & Apps and take a screenshot showing the Device +count and Ownership: + +![44_14_image-20200815220310-29](/img/product_docs/endpointpolicymanager/license/mdm/44_14_image-20200815220310-29.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/tool.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/tool.md new file mode 100644 index 0000000000..72e0de2092 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/tool.md @@ -0,0 +1,119 @@ +--- +title: "I'm having trouble running the Licensing Tool (LT) and counting computers with Intune. What troubleshooting information can I send Endpoint Policy Manager support?" +description: "I'm having trouble running the Licensing Tool (LT) and counting computers with Intune. What troubleshooting information can I send Endpoint Policy Manager support?" +sidebar_position: 60 +--- + +# I'm having trouble running the Licensing Tool (LT) and counting computers with Intune. What troubleshooting information can I send Endpoint Policy Manager support? + +Please run the following commands in an elevated powershell and supply the resulting screenshots or +Output.txt file. + +``` +function Get-MgGraphAllPages { +    [CmdletBinding( +        ConfirmImpact = 'Medium', +        DefaultParameterSetName = 'SearchResult' +    )] +    param ( +        [Parameter(Mandatory = $true, ParameterSetName = 'NextLink', ValueFromPipelineByPropertyName = $true)] +        [ValidateNotNullOrEmpty()] +        [Alias('@odata.nextLink')] +        [string]$NextLink +        , +        [Parameter(Mandatory = $true, ParameterSetName = 'SearchResult', ValueFromPipeline = $true)] +        [ValidateNotNull()] +        [PSObject]$SearchResult +        , +        [Parameter(Mandatory = $false)] +        [switch]$ToPSCustomObject +    )  +    begin {}  +    process { +        if ($PSCmdlet.ParameterSetName -eq 'SearchResult') { +            # Set the current page to the search result provided +            $page = $SearchResult  +            # Extract the NextLink +            $currentNextLink = $page.'@odata.nextLink'  +            # We know this is a wrapper object if it has an "@odata.context" property +            #if (Get-Member -InputObject $page -Name '@odata.context' -Membertype Properties) { +            # MgGraph update - MgGraph returns hashtables, and almost always includes .context +            # instead, let's check for nextlinks specifically as a hashtable key +            if ($page.ContainsKey('@odata.count')) { +                Write-Verbose "First page value count: $($Page.'@odata.count')"     +            }  +            if ($page.ContainsKey('@odata.nextLink') -or $page.ContainsKey('value')) { +                $values = $page.value +            } else { # this will probably never fire anymore, but maybe. +                $values = $page +            }  +            # Output the values +            # Default returned objects are hashtables, so this makes for easy pscustomobject conversion on demand +            if ($values) { +                if ($ToPSCustomObject) { +                    $values | ForEach-Object {[pscustomobject]$_}   +                } else { +                    $values | Write-Output +                } +            } +        }  +        while (-Not ([string]::IsNullOrWhiteSpace($currentNextLink) +        { +            # Make the call to get the next page +            try { +                $page = Invoke-MgGraphRequest -Uri $currentNextLink -Method GET +            } catch { +                throw $_ +            }  +            # Extract the NextLink +            $currentNextLink = $page.'@odata.nextLink'  +            # Output the items in the page +            $values = $page.value  +            if ($page.ContainsKey('@odata.count')) { +                Write-Verbose "Current page value count: $($Page.'@odata.count')"     +            }  +            # Default returned objects are hashtables, so this makes for easy pscustomobject conversion on demand +            if ($ToPSCustomObject) { +                $values | ForEach-Object {[pscustomobject]$_}   +            } else { +                $values | Write-Output +            } +        } +    }  +    end {} +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +Install-PackageProvider -Name NuGet -Scope CurrentUser -Force +Install-Module -Name Microsoft.Graph.Authentication -Repository PSGallery -Scope CurrentUser -Force +Install-Module -Name Microsoft.Graph.Identity.DirectoryManagement -Repository PSGallery -Scope CurrentUser -Force +Install-Module -Name Microsoft.Graph.DeviceManagement -Repository PSGallery -Scope CurrentUser -Force +Connect-MgGraph -Scopes "DeviceManagementManagedDevices.Read.All", "Organization.Read.All" -NoWelcome +Get-MgOrganization | Select @{N = 'CompanyName'; E = { $_.displayName } } +[array]$devices = Get-MgDeviceManagementManagedDevice | Get-MgGraphAllPages | Where-Object -Property "operatingSystem" -EQ -Value "Windows" | ForEach { [pscustomobject] @{ DeviceName= $_.deviceName; UPN = $_.userPrincipalName; UPNDomain = $_.userPrincipalName.Split("@")[1]}} +[array]$upns = $devices | Where-Object -Property 'UPNDomain' -NE -Value $null | Select-Object -Property 'UPNDomain' -Unique +# Output to both screen and file +$outputFile = "OUTPUT.TXT" +# Function to output to both +function Out-Both { +    param ( +        [Parameter(Mandatory=$true)] +        [string]$message +    ) +    $message | Tee-Object -FilePath $outputFile -Append +} +# Clear the output file if it exists +if (Test-Path $outputFile) { +    Remove-Item $outputFile +} +# Write the results +$upns | Format-Table | Out-Both +$devices | Format-Table -Property 'DeviceName' | Out-Both +Out-Both "" +Out-Both "Total" +Out-Both "-----" +Out-Both @($devices).Count +Disconnect-MgGraph | Out-Null +``` + +See the [MDM Intune company name troubleshooting](/docs/endpointpolicymanager/video/license/mdm.md) video for additional +information. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/licensinginstallallm/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/licensinginstallallm/_category_.json new file mode 100644 index 0000000000..189dc1f7f9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/licensinginstallallm/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Licensing Install All Methods Universal Licenses For Customers After 2021", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/licensingrequestallm/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/licensingrequestallm/_category_.json new file mode 100644 index 0000000000..b089d3fb97 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/licensingrequestallm/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Licensing Request All Methods", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/troubleshootingandun/_category_.json b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/troubleshootingandun/_category_.json new file mode 100644 index 0000000000..5b8640faa5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/troubleshootingandun/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting And Un Licensing", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/troubleshootingandun/lttool.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/troubleshootingandun/lttool.md new file mode 100644 index 0000000000..c449d18c3c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/troubleshootingandun/lttool.md @@ -0,0 +1,10 @@ +--- +title: "Endpoint Policy Manager LT Tool Problems" +description: "Endpoint Policy Manager LT Tool Problems" +sidebar_position: 10 +--- + +# Endpoint Policy Manager LT Tool Problems + +Having problems with the Netwrix Endpoint Policy Manager (formerly PolicyPak) LT tool but need to +get "counting" with your number of Intune connected machines? Use this workaround. diff --git a/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..692ce6ac6a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/allthingslicensing/videolearningcenter/videolearningcenter.md @@ -0,0 +1,28 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for more information on Endpoint Policy Manager licensing. + +## Licensing Request: All Methods + +- [How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) + +## Licensing Install: All Methods (Universal Licenses for customers after 2021) + +- [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) + +## Licensing Install: All Methods (Universal Licenses for customers before 2021) + +- [Endpoint Policy Manager: Universal and Original Licensing Installation and Upgrades for Existing Customers](/docs/endpointpolicymanager/video/license/upgrades.md) + +## Troubleshooting and Un-Licensing + +- [Legacy License Retirement Guidance (for Feb 28, 2023)](/docs/endpointpolicymanager/video/license/legacy.md) +- [How to Un-License any Endpoint Policy ManagerComponent via ADMX or Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/license/unlicense.md) +- [Using LT for license cleanup](/docs/endpointpolicymanager/video/license/cleanup.md) +- [MDM Intune company name troubleshooting](/docs/endpointpolicymanager/video/license/mdm.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/_category_.json new file mode 100644 index 0000000000..36bea70002 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Application Manager", + "position": 200, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/centralstoreandshari/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/centralstoreandshari/_category_.json new file mode 100644 index 0000000000..2adbbec6ef --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/centralstoreandshari/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Central Store And Sharing", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/centralstoreandshari/dllstorage.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/centralstoreandshari/dllstorage.md new file mode 100644 index 0000000000..5b11126602 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/centralstoreandshari/dllstorage.md @@ -0,0 +1,12 @@ +--- +title: "Can I store the DLL extensions in a central location AND locally on the machine I create my Paks on and if so which one is utilized?" +description: "Can I store the DLL extensions in a central location AND locally on the machine I create my Paks on and if so which one is utilized?" +sidebar_position: 10 +--- + +# Can I store the DLL extensions in a central location AND locally on the machine I create my Paks on and if so which one is utilized? + +Although storing the Netwrix Endpoint Policy Manager (formerly PolicyPak) DLL extensions in a +central location allows multiple administrators the ability to utilize them, you can also store the +DLL extensions locally as well.In that instance, the GPO editor will list both the central and local +location and allow you the opportunity to select which one you wish to use. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/_category_.json new file mode 100644 index 0000000000..511aaa08b9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Design Studio", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/creation.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/creation.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/creation.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/creation.md index d5815199cd..06bea5b25e 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/creation.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/creation.md @@ -1,3 +1,9 @@ +--- +title: "What must I do to prepare for Endpoint Policy Manager Tech Support to assist me with AppSet creation?" +description: "What must I do to prepare for Endpoint Policy Manager Tech Support to assist me with AppSet creation?" +sidebar_position: 20 +--- + # What must I do to prepare for Endpoint Policy Manager Tech Support to assist me with AppSet creation? If you have a situation which required Netwrix Endpoint Policy Manager (formerly PolicyPak) Tech diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/designstudioadditional.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/designstudioadditional.md new file mode 100644 index 0000000000..17747ca73d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/designstudioadditional.md @@ -0,0 +1,11 @@ +--- +title: "Besides the installation of Design Studio, are there any additional components I need on my computer in order to create my own AppSets?" +description: "Besides the installation of Design Studio, are there any additional components I need on my computer in order to create my own AppSets?" +sidebar_position: 10 +--- + +# Besides the installation of Design Studio, are there any additional components I need on my computer in order to create my own AppSets? + +You will need to install the free Visual C++ 2008 SP1, 2010 or 2012, 2015 or 2017 Express Edition as +well as any applications you wish to manage with Netwrix Endpoint Policy Manager (formerly +PolicyPak) Design Studio. This is a free download from Microsoft. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/_category_.json new file mode 100644 index 0000000000..f535bca97b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "General Configuration And Operation", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/centralstore.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/centralstore.md new file mode 100644 index 0000000000..8cbceb9c8c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/centralstore.md @@ -0,0 +1,15 @@ +--- +title: "How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?)" +description: "How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?)" +sidebar_position: 120 +--- + +# How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?) + +Netwrix Endpoint Policy Manager (formerly PolicyPak) should be integrated with the central store in +most cases.To do this, simply create a folder in the SYSVOL directory on any one of your replicating +domain controllers within your network called "PolicPak". Then copy the Endpoint Policy Manager dll +files that currently reside in your local storage and paste them into that folder. + +Here is the how-to video: +[Working with Others and using the Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstorework.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/checkmarks.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/checkmarks.md new file mode 100644 index 0000000000..fb0031127e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/checkmarks.md @@ -0,0 +1,14 @@ +--- +title: "I am configuring the values for some settings for an application. Many of these settings involve checkmarks which are unchecked by default. How can I tell if an unchecked checkbox is being delivered or not?" +description: "I am configuring the values for some settings for an application. Many of these settings involve checkmarks which are unchecked by default. How can I tell if an unchecked checkbox is being delivered or not?" +sidebar_position: 110 +--- + +# I am configuring the values for some settings for an application. Many of these settings involve checkmarks which are unchecked by default. How can I tell if an unchecked checkbox is being delivered or not? + +Whenever you modify a value for an application setting within Netwrix Endpoint Policy Manager +(formerly PolicyPak), the setting is underlined. An underlined setting means that Endpoint Policy +Manager will deliver the configured value of that setting. For instance, if you check a checkbox +that by default is unchecked, the setting will then become underlined, stating that Endpoint Policy +Manager will now enforce that checked value. Simply uncheck the checkbox and the setting remains +underlined, showing that the unchecked value will not be delivered. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudio.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudio.md new file mode 100644 index 0000000000..48a85b2072 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudio.md @@ -0,0 +1,11 @@ +--- +title: "Is there a particular naming scheme I need to use when compiling my Paks within Design Studio?" +description: "Is there a particular naming scheme I need to use when compiling my Paks within Design Studio?" +sidebar_position: 220 +--- + +# Is there a particular naming scheme I need to use when compiling my Paks within Design Studio? + +When naming a newly compiled Netwrix Endpoint Policy Manager (formerly PolicyPak), the name must +begin with the letters pp. Endpoint Policy Manager will automatically put this in for you. If you +rename it later (stripping pp- from the name) the pak will not be shown in the MMC. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudiowindows7.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudiowindows7.md new file mode 100644 index 0000000000..28d112a06c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudiowindows7.md @@ -0,0 +1,14 @@ +--- +title: "I installed Design Studio on a Windows 7 Laptop but there are still some XP and Vista stations in our network. Will the Paks I create work for all three operating system?" +description: "I installed Design Studio on a Windows 7 Laptop but there are still some XP and Vista stations in our network. Will the Paks I create work for all three operating system?" +sidebar_position: 240 +--- + +# I installed Design Studio on a Windows 7 Laptop but there are still some XP and Vista stations in our network. Will the Paks I create work for all three operating system? + +It is best policy to create the Netwrix Endpoint Policy Manager (formerly PolicyPak) s from the same +operating systems as the client computers. In this case, you may want to install Design Studio on an +XP and Vista machine as well and create the designated Endpoint Policy Manager s. Or, you can first +create the paks on one machine type and then re-capture the AppLock codes on the second machine +type. See the section "How to Merge Endpoint Policy Manager s using the pXML Merge Wizard" in the +Endpoint Policy Manager Design Studio guide. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/downgrade.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/downgrade.md new file mode 100644 index 0000000000..91055f03de --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/downgrade.md @@ -0,0 +1,13 @@ +--- +title: "We upgraded our DLL files recently after creating a new Pak with Design Studio. After the implementation we would like to revert back to the original Pak. I have a local copy of the former DLL. Can I downgrade to the curre" +description: "We upgraded our DLL files recently after creating a new Pak with Design Studio. After the implementation we would like to revert back to the original Pak. I have a local copy of the former DLL. Can I downgrade to the curre" +sidebar_position: 70 +--- + +# We upgraded our DLL files recently after creating a new Pak with Design Studio. After the implementation we would like to revert back to the original Pak. I have a local copy of the former DLL. Can I downgrade to the curre + +Yes, not only can Netwrix Endpoint Policy Manager (formerly PolicyPak) DLLs be upgraded from one +version to another, they can be downgraded from one version to another as well. The warning, +however, is that any deleted items within the Pak will also be "dropped" from within the Group +Policy data. So, please upgrade and download your paks with caution. See the section "Version +Control of Endpoint Policy Manager Extension DLLs" in the PolicyPakQuickStart guide. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/expires.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/expires.md new file mode 100644 index 0000000000..f88709e72b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/expires.md @@ -0,0 +1,13 @@ +--- +title: "What happens to a application setting when the GPO falls out of scope?" +description: "What happens to a application setting when the GPO falls out of scope?" +sidebar_position: 30 +--- + +# What happens to a application setting when the GPO falls out of scope? + +By default, values for the application settings will remain as configured within the GPO. + +By selecting "Revert this policy setting to the default value when it is no longer applied" the +default values contained with the original Netwrix Endpoint Policy Manager (formerly PolicyPak) s +are then applied. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/feature.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/feature.md new file mode 100644 index 0000000000..de55760665 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/feature.md @@ -0,0 +1,13 @@ +--- +title: "I deselected the Applock feature, Disable whole tab in target application, but the elements are still grayed out. How can I fix this?" +description: "I deselected the Applock feature, Disable whole tab in target application, but the elements are still grayed out. How can I fix this?" +sidebar_position: 90 +--- + +# I deselected the Applock feature, Disable whole tab in target application, but the elements are still grayed out. How can I fix this? + +Simply unchecking "Disable whole tab in target application" will not restore the designated user +interface. + +You must select "Force display of whole tab in application" to restore the elements within the UI on +the client. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/files.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/files.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/files.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/files.md index 7dc20e0719..e2e53ccc5d 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/files.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/files.md @@ -1,3 +1,9 @@ +--- +title: "Should I backup my Pak files?" +description: "Should I backup my Pak files?" +sidebar_position: 200 +--- + # Should I backup my Pak files? Yes, we recommend you back up the pXML as well as the Netwrix Endpoint Policy Manager (formerly diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/fontsetting.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/fontsetting.md new file mode 100644 index 0000000000..a87a010ef3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/fontsetting.md @@ -0,0 +1,11 @@ +--- +title: "I'm trying to find a particular font setting in one of your Word Paks but I can't find it. Is the setting not supported?" +description: "I'm trying to find a particular font setting in one of your Word Paks but I can't find it. Is the setting not supported?" +sidebar_position: 210 +--- + +# I'm trying to find a particular font setting in one of your Word Paks but I can't find it. Is the setting not supported? + +Although the vast majority of application settings can be delivered in our preconfigured Netwrix +Endpoint Policy Manager (formerly PolicyPak)s, there are some exceptions. You can try configuring +the setting yourself using the Endpoint Policy Manager design studio. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpo.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpo.md new file mode 100644 index 0000000000..8d834123fb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpo.md @@ -0,0 +1,14 @@ +--- +title: "What if I am having trouble getting the Licensing GPO installed?" +description: "What if I am having trouble getting the Licensing GPO installed?" +sidebar_position: 10 +--- + +# What if I am having trouble getting the Licensing GPO installed? + +First, try running the LT as Domain Administrator. 99.9% of the problems with the licensing GPO is +that the person creating the licensing GPO doesn't have rights to do so. So, try that first. + +If that fails, this +[https://kb.endpointpolicymanager.com/kb/article/828-policypak-troubleshooting-license-gpo-creation/](https://kb.endpointpolicymanager.com/kb/article/828-policypak-troubleshooting-license-gpo-creation/) +demonstrates how you can definitely get it to work. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/gpooutofscope.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpooutofscope.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/gpooutofscope.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpooutofscope.md index cc70a4f41d..72d50af974 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/gpooutofscope.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpooutofscope.md @@ -1,3 +1,9 @@ +--- +title: "What happens to Application Settings Manager settings when the Endpoint Policy Manager license expires / if my company chooses not to renew?" +description: "What happens to Application Settings Manager settings when the Endpoint Policy Manager license expires / if my company chooses not to renew?" +sidebar_position: 20 +--- + # What happens to Application Settings Manager settings when the Endpoint Policy Manager license expires / if my company chooses not to renew? When a Netwrix Endpoint Policy Manager (formerly PolicyPak) license expires, all computers which are diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos.md new file mode 100644 index 0000000000..2e91d27cff --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos.md @@ -0,0 +1,13 @@ +--- +title: "Is there an easy way to back up the GPO's I configured with Application Manager?" +description: "Is there an easy way to back up the GPO's I configured with Application Manager?" +sidebar_position: 40 +--- + +# Is there an easy way to back up the GPO's I configured with Application Manager? + +Backing up a Netwrix Endpoint Policy Manager (formerly PolicyPak) based GPO can be backed up the +same way as all other Group Policy Objects. Simply highlight the desired GPO itself in Group Policy +Management, right click and select Back Up. You can also highlight the Group Policy Objects +container node of all of your GPOs, right click and select Back Up All which will back up all of +your GPOs in one swipe. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos_1.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos_1.md new file mode 100644 index 0000000000..7594b3b177 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos_1.md @@ -0,0 +1,13 @@ +--- +title: "Can I Export my GPO settings so that they can be used in the future to create similar GPOs?" +description: "Can I Export my GPO settings so that they can be used in the future to create similar GPOs?" +sidebar_position: 50 +--- + +# Can I Export my GPO settings so that they can be used in the future to create similar GPOs? + +Exporting and Importing Netwrix Endpoint Policy Manager (formerly PolicyPak) GPOs is simple and +fast. Simply go to the PolicyPak Management screen in the GPO edit console. Open up the Endpoint +Policy Manager and look for the Endpoint Policy Manager button in the bottom left-hand corner. Click +the button and choose Export and select the export destination.You do the same process except select +Import when you want to import the GPO. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/language.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/language.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/language.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/language.md index 91bc3df77c..1bc2bda8f0 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/language.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/language.md @@ -1,3 +1,9 @@ +--- +title: "Does Application Manager work when the machine is NOT US-English (say, Italian or Russian?)" +description: "Does Application Manager work when the machine is NOT US-English (say, Italian or Russian?)" +sidebar_position: 160 +--- + # Does Application Manager work when the machine is NOT US-English (say, Italian or Russian?) There are multiple parts to this answer. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/latestupdates.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/latestupdates.md new file mode 100644 index 0000000000..15d6658520 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/latestupdates.md @@ -0,0 +1,10 @@ +--- +title: "How can I keep abreast of the latest Endpoint Policy Manager updates as they are released?" +description: "How can I keep abreast of the latest Endpoint Policy Manager updates as they are released?" +sidebar_position: 130 +--- + +# How can I keep abreast of the latest Endpoint Policy Manager updates as they are released? + +All Netwrix Endpoint Policy Manager (formerly PolicyPak) customers are sent timely email update +alerts to keep them informed. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/limitations.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/limitations.md new file mode 100644 index 0000000000..cecd498a12 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/limitations.md @@ -0,0 +1,24 @@ +--- +title: "How many Endpoint Policy Manager policies can I create within one Group Policy Object?" +description: "How many Endpoint Policy Manager policies can I create within one Group Policy Object?" +sidebar_position: 60 +--- + +# How many Endpoint Policy Manager policies can I create within one Group Policy Object? + +This isn't a PolicyPak limitation; you could theoretically have unlimited Netwrix Endpoint Policy +Manager (formerly PolicyPak) policies (entries) within one Group Policy Object. + +That being said, the only major concern would be the overall size of the "registry.pol" file WITIHIN +the Group Policy Object itself (found at following location: + +``` +C:\Windows\Sysvol\sysvolPoliciesuser or computer +``` + +On Windows XP and Windows 7, the maximum size permitted by Microsoft is 5MB, and usually, it takes +almost 10-15 Paks entries to reach 5MB. + +On Windows 8 and later, the max size is 100MB per Group Policy Object, meaning you can have a lot +more entries if you wanted within one Group Policy Object without issue (provided your target +machines are Windows 8 and later). diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/lyncclient.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/lyncclient.md new file mode 100644 index 0000000000..06ea9421f5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/lyncclient.md @@ -0,0 +1,12 @@ +--- +title: "I am selecting values for certain settings for the Lync client. On the Alerts tab, I am selecting and deselecting various radio buttons but none of these selections are being underlined. Why is this?" +description: "I am selecting values for certain settings for the Lync client. On the Alerts tab, I am selecting and deselecting various radio buttons but none of these selections are being underlined. Why is this?" +sidebar_position: 100 +--- + +# I am selecting values for certain settings for the Lync client. On the Alerts tab, I am selecting and deselecting various radio buttons but none of these selections are being underlined. Why is this? + +When a selection is underlined in the GPO, it means that the selected value of that setting is being +delivered to the users affected by the GPO. If the setting is not underlined, then it means that the +setting cannot be delivered using the Netwrix Endpoint Policy Manager (formerly PolicyPak). You can +however, hide or disable these settings if you wish. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/modifydll.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/modifydll.md new file mode 100644 index 0000000000..d62bdcd525 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/modifydll.md @@ -0,0 +1,17 @@ +--- +title: "I need to modify the Pak (DLL file) of one of the applications I control with Application Manager. Will I lose my group policy settings after I modify the DLL file" +description: "I need to modify the Pak (DLL file) of one of the applications I control with Application Manager. Will I lose my group policy settings after I modify the DLL file" +sidebar_position: 230 +--- + +# I need to modify the Pak (DLL file) of one of the applications I control with Application Manager. Will I lose my group policy settings after I modify the DLL file + +The data for the settings is contained within the Group Policy Object itself, not in the DLL. + +All existing checkmarks, dropdowns, etc. settings, etc are all maintained. + +The only exception to this is if the changes to the Pak / DLL file involve the elimination of an +element such as a checkbox that your PolicyPak based GPO has configured. + +In that case, because the checkbox no longer exists, the settings regarding the checkbox will no +longer exist, but all other data remains. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onegpo.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onegpo.md new file mode 100644 index 0000000000..4ee8966065 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onegpo.md @@ -0,0 +1,22 @@ +--- +title: "Should I put lots of Paks (or other PP directives into one GPO?)" +description: "Should I put lots of Paks (or other PP directives into one GPO?)" +sidebar_position: 250 +--- + +# Should I put lots of Paks (or other PP directives into one GPO?) + +[How many Endpoint Policy Manager policies can I create within one Group Policy Object?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/limitations.md) + +Then, as a suggestion, the best practice for Netwrix Endpoint Policy Manager (formerly PolicyPak) is +to have one GPO for each "thing" you want to do. + +For instance, if you wanted to manage Chrome, you could create ONE GPO and then use Item Level +Targeting to specify the conditions of WHO would get the settings WHEN. + +Here is an example: + +![345_1_2015-09-01_1047](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/345_1_2015-09-01_1047.webp) + +Then you would do the same for another GPO, say, for Firefox, and another GPO for Internet Explorer +settings, and so on. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onetime.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onetime.md new file mode 100644 index 0000000000..e6db28a59a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onetime.md @@ -0,0 +1,14 @@ +--- +title: "Can I deploy the Application Manager settings I've configured as a one-time only deployment like Group Policy Preferences does?" +description: "Can I deploy the Application Manager settings I've configured as a one-time only deployment like Group Policy Preferences does?" +sidebar_position: 180 +--- + +# Can I deploy the Application Manager settings I've configured as a one-time only deployment like Group Policy Preferences does? + +Yes, There are three ways in which to deploy each Netwrix Endpoint Policy Manager (formerly +PolicyPak) application settings you configure: + +- Always reapply this setting (this is the default) +- Apply once and do not reapply in the background. Only reapply with GP update /force +- Apply once and do not re-apply. Ignore GPupdate /force (similar to Group Policy Preferences) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/permissions.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/permissions.md new file mode 100644 index 0000000000..8bc389df52 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/permissions.md @@ -0,0 +1,10 @@ +--- +title: "Are there any required permission settings for a Endpoint Policy ManagerAdministrator to store Endpoint Policy Manager Suite DLL Extensions to the central store?" +description: "Are there any required permission settings for a Endpoint Policy ManagerAdministrator to store Endpoint Policy Manager Suite DLL Extensions to the central store?" +sidebar_position: 190 +--- + +# Are there any required permission settings for a Endpoint Policy ManagerAdministrator to store Endpoint Policy Manager Suite DLL Extensions to the central store? + +The central store is located within the SYSVOL folder of any domain controller. A user must be a +Domain Administrator in order to copy PolicyPakPaks to the SYSVOL folder. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/printers.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/printers.md new file mode 100644 index 0000000000..914558f478 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/printers.md @@ -0,0 +1,12 @@ +--- +title: "Can Application Manager help me in pushing, assigning or configuring printers?" +description: "Can Application Manager help me in pushing, assigning or configuring printers?" +sidebar_position: 170 +--- + +# Can Application Manager help me in pushing, assigning or configuring printers? + +Because Microsoft's Group Policy Preferences already does a good job of pushing and assigning +printers to your network, Netwrix Endpoint Policy Manager (formerly PolicyPak) does not duplicate +this functionality. Endpoint Policy Manager will manage specific settings inside your printer +drivers such as a "Tools | Options" page or component that stores settings. diff --git a/docs/endpointpolicymanager/applicationsettings/rolesresponsibilities.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/rolesresponsibilities.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/rolesresponsibilities.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/rolesresponsibilities.md index be4b5525bb..5e01ee90ff 100644 --- a/docs/endpointpolicymanager/applicationsettings/rolesresponsibilities.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/rolesresponsibilities.md @@ -1,3 +1,9 @@ +--- +title: "Application Manager Roles and Responsibilities" +description: "Application Manager Roles and Responsibilities" +sidebar_position: 80 +--- + # Application Manager Roles and Responsibilities In some environments, the creation of Paks and the creation of GPOs which deploy Netwrix Endpoint diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/side.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/side.md new file mode 100644 index 0000000000..1278914d3e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/side.md @@ -0,0 +1,20 @@ +--- +title: "Should I create Endpoint Policy Application Manager policies on the USER or COMPUTER side?" +description: "Should I create Endpoint Policy Application Manager policies on the USER or COMPUTER side?" +sidebar_position: 140 +--- + +# Should I create Endpoint Policy Application Manager policies on the USER or COMPUTER side? + +It's really your choice where you want to apply the policy either on Computer or User side. + +- When you apply policy on the User side, this user will get the setting wherever he or she goes. +- When you apply policy on Computer side, all the users logging into that computer will get the + policy. + +So it's really up to you. + +Note that SOME Paks have "extra superpowers" which are only available on the COMPUTER side. Those +three special Paks are: Firefox, Java and Thunderbird. + +We explain this in the Netwrix Endpoint Policy Manager (formerly PolicyPak) On-Prem Manual. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/updatedcommands.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/updatedcommands.md new file mode 100644 index 0000000000..23ce9780b6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/updatedcommands.md @@ -0,0 +1,14 @@ +--- +title: "What is the difference between running the gp update (Microsoft) and ppupdate (Endpoint Policy Manager) commands?" +description: "What is the difference between running the gp update (Microsoft) and ppupdate (Endpoint Policy Manager) commands?" +sidebar_position: 150 +--- + +# What is the difference between running the gp update (Microsoft) and ppupdate (Endpoint Policy Manager) commands? + +The gpupdate command updates all of the GPO's that are applied to the computer that is issuing the +command. The `ppupdate` command only updates Netwrix Endpoint Policy Manager (formerly PolicyPak) +settings that are contained within a GPO. + +In addition, a computer must be online in order to execute the `gpupdate` command while `ppupdate` +will execute if the client computer is online or offline. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/upgrade.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/upgrade.md new file mode 100644 index 0000000000..a64cd29a46 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/upgrade.md @@ -0,0 +1,18 @@ +--- +title: "How do I upgrade Application Manager when I upgrade my DCs / servers?" +description: "How do I upgrade Application Manager when I upgrade my DCs / servers?" +sidebar_position: 270 +--- + +# How do I upgrade Application Manager when I upgrade my DCs / servers? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) isn't "running" on any server. + +Endpoint Policy Manager has three parts: + +- MMC snap in for the GPMC. +- Data which resides within GPOs. +- CSE on target systems. + +So, there's nothing to "move" or do if you decommission a DC or upgrade a server. If you were using +the Endpoint Policy Manager Central Store, that simply replicates when the next DC comes online. diff --git a/docs/endpointpolicymanager/applicationsettings/windowsremoteassistance.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/windowsremoteassistance.md similarity index 91% rename from docs/endpointpolicymanager/applicationsettings/windowsremoteassistance.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/windowsremoteassistance.md index 1c9d05bcf8..c1e840557b 100644 --- a/docs/endpointpolicymanager/applicationsettings/windowsremoteassistance.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/windowsremoteassistance.md @@ -1,3 +1,9 @@ +--- +title: "How-to gain access of a remote computer using built-in Windows Remote Assistance application?" +description: "How-to gain access of a remote computer using built-in Windows Remote Assistance application?" +sidebar_position: 260 +--- + # How-to gain access of a remote computer using built-in Windows Remote Assistance application? Enable remote computers to accept the incoming remote connection with Netwrix Endpoint Policy @@ -76,5 +82,5 @@ articles. Reference Article -- [How to use Scripts Manager to workaround the "PPAppLockdr64.dll is either not designed to run on Windows or it contains an error" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903](/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftremoteassistance.md) +- [How to use Scripts Manager to workaround the "PPAppLockdr64.dll is either not designed to run on Windows or it contains an error" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftremoteassistance.md) - [Deploy any script via the Cloud to domain joined and non-domain joined machines](/docs/endpointpolicymanager/video/scriptstriggers/gettingstarted/cloud.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..7984bc46db --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/knowledgebase.md @@ -0,0 +1,138 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Application Manager. + +## General Configuration & Operation + +- [What if I am having trouble getting the Licensing GPO installed?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpo.md) +- [What happens to Application Settings Manager settings when the Endpoint Policy Manager license expires / if my company chooses not to renew?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpooutofscope.md) +- [Is there an easy way to back up the GPO's I configured with Application Manager?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos.md) +- [Can I Export my GPO settings so that they can be used in the future to create similar GPOs?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpos_1.md) +- [How many Endpoint Policy Manager policies can I create within one Group Policy Object?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/limitations.md) +- [We upgraded our DLL files recently after creating a new Pak with Design Studio. After the implementation we would like to revert back to the original Pak. I have a local copy of the former DLL. Can I downgrade to the curre](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/downgrade.md) +- [Application Manager Roles and Responsibilities](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/rolesresponsibilities.md) +- [I deselected the Applock feature, Disable whole tab in target application, but the elements are still grayed out. How can I fix this?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/feature.md) +- [I am selecting values for certain settings for the Lync client. On the Alerts tab, I am selecting and deselecting various radio buttons but none of these selections are being underlined. Why is this?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/lyncclient.md) +- [I am configuring the values for some settings for an application. Many of these settings involve checkmarks which are unchecked by default. How can I tell if an unchecked checkbox is being delivered or not?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/checkmarks.md) +- [How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?)](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/centralstore.md) +- [How can I keep abreast of the latest Endpoint Policy Manager updates as they are released?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/latestupdates.md) +- [Should I create Endpoint Policy Application Manager policies on the USER or COMPUTER side?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/side.md) +- [What is the difference between running the gp update (Microsoft) and ppupdate (Endpoint Policy Manager) commands?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/updatedcommands.md) +- [Does Application Manager work when the machine is NOT US-English (say, Italian or Russian?)](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/language.md) +- [Can Application Manager help me in pushing, assigning or configuring printers?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/printers.md) +- [Can I deploy the Application Manager settings I've configured as a one-time only deployment like Group Policy Preferences does?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onetime.md) +- [Are there any required permission settings for a Endpoint Policy ManagerAdministrator to store Endpoint Policy Manager Suite DLL Extensions to the central store?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/permissions.md) +- [Should I backup my Pak files?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/files.md) +- [I'm trying to find a particular font setting in one of your Word Paks but I can't find it. Is the setting not supported?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/fontsetting.md) +- [Is there a particular naming scheme I need to use when compiling my Paks within Design Studio?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudio.md) +- [I need to modify the Pak (DLL file) of one of the applications I control with Application Manager. Will I lose my group policy settings after I modify the DLL file](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/modifydll.md) +- [I installed Design Studio on a Windows 7 Laptop but there are still some XP and Vista stations in our network. Will the Paks I create work for all three operating system?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/designstudiowindows7.md) +- [Should I put lots of Paks (or other PP directives into one GPO?)](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/onegpo.md) +- [How-to gain access of a remote computer using built-in Windows Remote Assistance application?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/windowsremoteassistance.md) +- [How do I upgrade Application Manager when I upgrade my DCs / servers?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/upgrade.md) + +## Central Store and Sharing + +- [Can I store the DLL extensions in a central location AND locally on the machine I create my Paks on and if so which one is utilized?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/centralstoreandshari/dllstorage.md) + +## PreConfigured AppSets + +- [Admin Console (Item Level Targeting): Why would I want to bypass Internal (pre-defined) Item Level Targeting?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bypassinternal.md) +- [Chrome: How to Configure Chrome HomePage using Application Manager](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/home.md) +- [Chrome: How do I manage certificates with Google Chrome?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates.md) +- [Chrome Policies don't appear to work when using Endpoint Policy Manager Cloud.](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/policies.md) +- [Chrome: How do I manage the Proxy settings for Google Chrome?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/proxysettings.md) +- [Chrome: How do I block Local File access to Google Chrome with Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/localfileaccess.md) +- [Chrome: Why do I have extra tabs appear when I open Chrome on an endpoint?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/extratabs.md) +- [Chrome: Why Homepage button URL is not working for Google Chrome?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/homebuttonurl.md) +- [Firefox: How do I make Application Settings Manager work with Firefox 115 and later (and how do I transition existing settings?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/transition.md) +- [Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_1.md) +- [Firefox: How can I deliver Certificates to "Certificate Authority" store and select "websites", "mail users" and "software makers"?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/authority.md) +- [Firefox: How can I prevent both automatic AND manual updates for Firefox?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/preventupdates.md) +- [Firefox: How can I use Endpoint Policy Manager to revert Firefox's Options back to the "Old Style" ?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/revertoptions.md) +- [Firefox: How do I use the NTLM passthru (URIS) settings in the Firefox / about:config AppSets?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/ntlmpassthru.md) +- [Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/version.md) +- [Firefox: Can I enable / disable add-ons for Firefox?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons.md) +- [Firefox: Can I deliver, manage and/or revoke certificates directly to Firefox?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_2.md) +- [Can I use Security.enterprise_roots.enabled as an alternate method for FF + Certificates?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securityenterpriseroots.md) +- [Firefox (and Java and Thunderbird): Why can't I seem to find (or perform) UI lockdown for Firefox, Java or Thunderbird ?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/javathunderbird.md) +- [Firefox: Is Endpoint Policy Manager compatible with the Frontmotion packaged MSI version of Firefox?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/frontmotion.md) +- [Firefox: Is Endpoint Policy Manager compatible with Firefox when installed to non-standard (and portable) locations?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/nonstandardlocation.md) +- [Firefox: Is Endpoint Policy Manager compatible with Firefox ESR?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/esr.md) +- [Firefox: How do I set "Allow Now", "Allow and Remember" or "Block Plugin" as plug-ins are requested?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/allowremember.md) +- [Firefox: How do I stop the "Firefox automatically sends some data to Mozilla so that we can improve your experience" message?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/stopsenddatamessage.md) +- [Firefox: How can I fix Dark Theme / Firefox 56 when using Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/darktheme.md) +- [Firefox: Why doesn't the Firefox Applications Handler function work as expected?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/applicationshandlerfunction.md) +- [Firefox: Why don't I see Bookmarks and Pop-Ups settings set when user has NEVER run Firefox before?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bookmarkpopups.md) +- [HowTo: What do I do if I find a problem with a preconfigured AppSet?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue.md) +- [HowTo: One of my AppSet entry's settings is not getting delivered on target machines. What should be the first thing to look into?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/entrysettings.md) +- [HowTo: Which "side" of GPO should I deploy AppSets to: User or Computer side?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/side.md) +- [Internet Explorer: I'm trying to use IE 11's Enterprise Mode, but it doesn't appear to be working?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/11enterprisemode.md) +- [Internet Explorer: Can I enable / disable add-ons for Internet Explorer?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons_1.md) +- [Internet Explorer: Can I deliver, manage and/or revoke certificates directly to Internet Explorer?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_3.md) +- [Internet Explorer: How do I deploy custom settings to zones?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/customsettings.md) +- [Internet Explorer: When should I use Compatibility mode vs. Enterprise Mode for IE 11?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/mode.md) +- [Internet Explorer: Why don't HTTP sites get added to the Trusted Site list?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/httpsites.md) +- [Internet Explorer: Why does IE fail to launch after I apply ACL lockdown or all of the IE AppSet STIG settings?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfailstig.md) +- [Internet Explorer: Why Internet Explorer is not launching after I apply "Perform ACL Lockdown"?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfail.md) +- [Java: Using the Pre-configured AppSet for Java, how do I prevent "Java has discovered application components that could indicate a security concern." Pop up?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securitypopup.md) +- [Java: How to disable prompt "Your Java version is out of date."?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionoutofdate.md) +- [Java: How to disable prompt "You Java version is insecure"?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versioninsecure.md) +- [Java: How to disable Java prompt "Do you want to run this application?"](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/runapplication.md) +- [Java: How to disable User Account Control prompt for Java Auto Updater?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/useraccountcontrol.md) +- [Java: How to disable Task tray notification balloon events?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/tasktray.md) +- [Java: I don't see that any changes are working at all. What can I try first?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue_1.md) +- [Java: Java Site List Exceptions just stopped working. What can I do to fix this?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/sitelistexceptions.md) +- [Other: What is "Internal (pre-Defined)" Item Level Targeting?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/internalpredefined.md) +- [Other: Is "Internal Item-Level Targeting" on by default?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bydefault.md) +- [Other: I added a AppSet and some items are grayed out / not available. In other AppSets, everything seems available. What's happening?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/itemsunavailable.md) +- [AppSets: Why are there some areas of the pre-configured AppSet greyed out or not accessable?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/unavailable.md) +- [AppSets: Why do some AppSets have pre-defined Item Level Targeting for an EXACT version number, and others say "Version 7 to 99" (or similar)?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versions.md) +- [AppSets: What is the official support policy for the pre-configured AppSets?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/supportpolicy.md) +- [AppSets: How will I know that an existing AppSet will work with the version of the application I have today (and tomorrow)?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionsupport.md) +- [AppSets: How often do the AppSets for specific apps get updated?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/updates.md) + +## Virtualized Applications + +- [Do I need to do anything special to get Application Manager to deploy settings to Microsoft App-V Sequences?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/appvsequences.md) +- [A ThinApp throws an "Exception Error". What can I do to fix it?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/exception.md) +- [Which application virtualization platforms are supported?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/applicationvirtualization.md) +- [How can I manage a version of Java inside a ThinApp package ?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/thinapp.md) +- [Are there any additional steps required to integrate Endpoint Policy Manager Software with XenAPP applications?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp.md) +- [Can Endpoint Policy Manager deliver settings for applications that are provided by XenAPP?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp_1.md) + +## Design Studio + +- [Besides the installation of Design Studio, are there any additional components I need on my computer in order to create my own AppSets?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/designstudioadditional.md) +- [What must I do to prepare for Endpoint Policy Manager Tech Support to assist me with AppSet creation?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/designstudio/creation.md) + +## Troubleshooting + +- [Are there any caveats about removing the Endpoint Policy Manager CSE after it is deployed?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/removeclientsideextension.md) +- [I just upgraded my management station to 785. My LOCAL AppSets are now missing. What happened?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/localmissing.md) +- [Troubleshooting Group Policy Replication Problems](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/replication.md) +- [It appears that Endpoint Policy Manager is processing AppSet entries from another Group Policy Object. How is this possible?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/other.md) +- [Troubleshooting Application Manager – Basic Steps BEFORE calling or emailing Tech Support](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/basicsteps.md) +- [What are the two ways to export AppSet settings and why would I use one over the other?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/appset.md) +- [Which log file should I consult in order to troubleshoot when one or more settings are not getting applied to the Computer?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/settings.md) +- [How do I know if Application Manager is not behaving properly versus the target application not behaving properly?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/applicationissue.md) +- [How is Item Level Targeting handled in reports?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reports.md) +- [I'm using redirected folders and get un-expected results.](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/redirectedfolder.md) +- [AppLock (UI lockdown) doesn't seem to work on some applications. Why?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/someapplications.md) +- [Endpoint Policy Manager should be reapplying my settings on application launch time. Why doesn't "reapply on launch" work ?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunch.md) +- [Why does Symantec Endpoint Protection (or SEP for Small business) report that Endpoint Policy Manager is "tampering" ?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/symantecendpointprotection.md) +- [Why does Windows Remote Assistance (MSRA) report "PPAppLockdr64.dll is not designed to run on Windows or it contains an error" 0xc000428 ?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/code0xc000428.md) +- [How to use Scripts Manager to workaround the "PPAppLockdr64.dll is either not designed to run on Windows or it contains an error" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftremoteassistance.md) +- [How do I turn AppLock off or on based upon the CSE version I'm using?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/disable.md) +- [How do I turn off "Reapply on Launch" for all applications if asked by tech support?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunchdisable.md) +- [When I use Forcepoint, Firefox takes 15 minutes to open. How can I fix this?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/forcepoint.md) +- [I do not have access or ability to create the Central Store. What should the best practice to store AppSets be?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/storage.md) +- [What happens to Application Settings Manager settings when the Endpoint Policy Manager license expires / if my company chooses not to renew?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/gpooutofscope.md) +- [Why does Microsoft 365 Defender report suspicious encoded content in Endpoint Policy Manager Application Settings Manager values?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftdefender.md) +- [Why do I see "Extra Registry Settings" in Endpoint Policy Manager Application Settings Manager items in the GPMC?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/gpmc.md) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/11enterprisemode.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/11enterprisemode.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/11enterprisemode.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/11enterprisemode.md index 8e275a7fa0..8dd486d67d 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/11enterprisemode.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/11enterprisemode.md @@ -1,3 +1,9 @@ +--- +title: "Internet Explorer: I'm trying to use IE 11's Enterprise Mode, but it doesn't appear to be working?" +description: "Internet Explorer: I'm trying to use IE 11's Enterprise Mode, but it doesn't appear to be working?" +sidebar_position: 310 +--- + # Internet Explorer: I'm trying to use IE 11's Enterprise Mode, but it doesn't appear to be working? Here are the troubleshooting steps: diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/_category_.json new file mode 100644 index 0000000000..c58ef9c031 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "PreConfigured AppSets", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons.md new file mode 100644 index 0000000000..56d3246e38 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons.md @@ -0,0 +1,11 @@ +--- +title: "Firefox: Can I enable / disable add-ons for Firefox?" +description: "Firefox: Can I enable / disable add-ons for Firefox?" +sidebar_position: 160 +--- + +# Firefox: Can I enable / disable add-ons for Firefox? + +Yes. Here is a videos to demonstrate that. + +[Manage Firefox Add-ons using Group Policy](/docs/endpointpolicymanager/video/applicationsettings/firefox/addons.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons_1.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons_1.md new file mode 100644 index 0000000000..919062771f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/addons_1.md @@ -0,0 +1,11 @@ +--- +title: "Internet Explorer: Can I enable / disable add-ons for Internet Explorer?" +description: "Internet Explorer: Can I enable / disable add-ons for Internet Explorer?" +sidebar_position: 320 +--- + +# Internet Explorer: Can I enable / disable add-ons for Internet Explorer? + +Yes. Here is a videos to demonstrate that. + +[Manage IE Programs Tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/programstab.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/allowremember.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/allowremember.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/allowremember.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/allowremember.md index 728d443003..3d08afdf2d 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/allowremember.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/allowremember.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: How do I set \"Allow Now\", \"Allow and Remember\" or \"Block Plugin\" as plug-ins are requested?" +description: "Firefox: How do I set \"Allow Now\", \"Allow and Remember\" or \"Block Plugin\" as plug-ins are requested?" +sidebar_position: 230 +--- + # Firefox: How do I set "Allow Now", "Allow and Remember" or "Block Plugin" as plug-ins are requested? If you have this dialog in Firefox, you can use Netwrix Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/applicationshandlerfunction.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/applicationshandlerfunction.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/applicationshandlerfunction.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/applicationshandlerfunction.md index f9a0bb6c2e..88b8ff8243 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/applicationshandlerfunction.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/applicationshandlerfunction.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: Why doesn't the Firefox Applications Handler function work as expected?" +description: "Firefox: Why doesn't the Firefox Applications Handler function work as expected?" +sidebar_position: 260 +--- + # Firefox: Why doesn't the Firefox Applications Handler function work as expected? Managing Firefox with Netwrix Endpoint Policy Manager (formerly PolicyPak) enables you to dictate diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/authority.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/authority.md similarity index 86% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/authority.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/authority.md index 7487fb4674..a4b4ce8e36 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/authority.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/authority.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: How can I deliver Certificates to \"Certificate Authority\" store and select \"websites\", \"mail users\" and \"software makers\"?" +description: "Firefox: How can I deliver Certificates to \"Certificate Authority\" store and select \"websites\", \"mail users\" and \"software makers\"?" +sidebar_position: 110 +--- + # Firefox: How can I deliver Certificates to "Certificate Authority" store and select "websites", "mail users" and "software makers"? When using Netwrix Endpoint Policy Manager (formerly PolicyPak), you can deliver Certificates to diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/bookmarkpopups.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bookmarkpopups.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/bookmarkpopups.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bookmarkpopups.md index 822b30c325..5c29c70ffd 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/bookmarkpopups.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bookmarkpopups.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: Why don't I see Bookmarks and Pop-Ups settings set when user has NEVER run Firefox before?" +description: "Firefox: Why don't I see Bookmarks and Pop-Ups settings set when user has NEVER run Firefox before?" +sidebar_position: 270 +--- + # Firefox: Why don't I see Bookmarks and Pop-Ups settings set when user has NEVER run Firefox before? You might see that the first time a user has ever logged on to a machine, the Firefox settings are diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bydefault.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bydefault.md new file mode 100644 index 0000000000..c4b80d2109 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bydefault.md @@ -0,0 +1,14 @@ +--- +title: "Other: Is \"Internal Item-Level Targeting\" on by default?" +description: "Other: Is \"Internal Item-Level Targeting\" on by default?" +sidebar_position: 480 +--- + +# Other: Is "Internal Item-Level Targeting" on by default? + +Internal Item-Level Targeting is "On" by default since 557. + +From 603 onwards we have made this fact more obvious by showing the "Item-Level Targeting" in the +MMC. + +![368_1_pp-predefined-targeting](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/368_1_pp-predefined-targeting.webp) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bypassinternal.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bypassinternal.md similarity index 87% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bypassinternal.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bypassinternal.md index 16c8d88d7f..d5859b23c1 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/bypassinternal.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/bypassinternal.md @@ -1,3 +1,9 @@ +--- +title: "Admin Console (Item Level Targeting): Why would I want to bypass Internal (pre-defined) Item Level Targeting?" +description: "Admin Console (Item Level Targeting): Why would I want to bypass Internal (pre-defined) Item Level Targeting?" +sidebar_position: 10 +--- + # Admin Console (Item Level Targeting): Why would I want to bypass Internal (pre-defined) Item Level Targeting? Starting in build 603, you have the ability to bypass diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates.md new file mode 100644 index 0000000000..ad4d3b9f5d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates.md @@ -0,0 +1,15 @@ +--- +title: "Chrome: How do I manage certificates with Google Chrome?" +description: "Chrome: How do I manage certificates with Google Chrome?" +sidebar_position: 30 +--- + +# Chrome: How do I manage certificates with Google Chrome? + +Chrome uses the underlying certificates that Internet Explorer does. As such we didn't opt to put +the functionality in Chrome AppSet. Said another way, use the IE + Certs features, you're ALSO +setting Chrome at the same time. + +Here's the how-to video in using the IE + Certs features (again, which should also set Chrome too): + +[Manage IE Certificates](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/certificates.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_1.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_1.md new file mode 100644 index 0000000000..c87dd635de --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_1.md @@ -0,0 +1,97 @@ +--- +title: "Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox?" +description: "Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox?" +sidebar_position: 100 +--- + +# Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox? + +There are various areas you should troubleshoot FIRST with FF and Certificates. + +Shortest possible answer to 99% of problems with FF + Certificates: + +1. Are you using FF ESR? You must use FF ESR… + [Read THIS](https://www.endpointpolicymanager.com/pp-blog/endpointpolicymanager-will-soon-only-support-firefox-esr). +2. Do you have the LATEST CSE on the endpoint? STOP: Make sure. +3. Also; couldn't hurt to upgrade your MMC console to latest version. +4. Are you using the LATEST Firefox pak? STOP: Make sure. +5. Re-open and re-save the cert as a DER binary; even if you think it is that way already. (See Step + 3 in the longer article below.) +6. Change the file extention from .cer to .der +7. Ensure your syntax is correct \DCShareFabrikam-CA.cer, 2, ROOT, add And NOT: + \DCShareFabrikam-CA.cer, ROOT, 2, add +8. If you tried CA or ROOT… try the other one. + +Longer troubleshooting (which you absolutely must go thru before we can do anything more… and you +must do these step by step.) + +**Step 1 –** Check the compatibility chart first + +[Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/version.md) + +**Step 2 –** Watch the Netwrix Endpoint Policy Manager (formerly PolicyPak) and Firefox cert video +for a how-to + +**Step 3 –** The most common reason certificates fail to import is because they are the WRONG +FORMAT. + +Endpoint Policy Manager only imports certificates which are ALREADY in what's called the BINARY DER +format. + +Full details on how to do this are in the document Endpoint Policy Manager Application Settings +Manager – Using the Firefox Pak.PDF Located in the customer portal. + +If you are UNSURE if your cert is BINARY DER or not, here's what you can do to ENSURE that it is +BINARY DER. + +If the CERT is a-ok inside Firefox ALREADY, you can then EXPORT it like this to ensure it is a +BINARY DER file. + +![214_1_image002](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/214_1_image002.webp) + +When you save, save it as a .DER extension. + +**Step 4 –** Look at the Endpoint Policy Manager ppSwitched.log file + +Look in appdatalocalusernamepolicypakpolicypak application manager inside ppSwitched.log. + +Does it appear that Endpoint Policy Manager is trying at all? + +``` +Processing FF: Certificates +{Adding certificate C:\ABC.cer to root store. Replace interval: always +Adding certificate C:\DEF.cer to ca store. Replace interval: always} +``` + +If yes, that's good. + +**Step 5 –** Is the Endpoint Policy Manager Firefox Plug in working? + +You can also use Firefox's log by being on any page and clicking Ctrl+Shift+J. + +In the log below certificates being added to the proper stores. You can also see ERROR CONDITIONS as +well which are helpful for troubleshooting. + +![214_2_image007](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/214_2_image007.webp) + +**Step 6 –** Other reasons your cert just isn't working + +- The certificate is not designed to work in the store of your choice. For instance, you've selected + an email certificate and tried to use it in the ROOT or CA store. Self signed certs are best in + the ROOT store, and not the CA store. +- You have misspelled the name of the file. For instance, the file is really named + \serversharefile123.cer but you specified \serversharefile123 or \serversharefile123.x509 or + \serversharefile1.DER ? +- When specifying a certificate and the number of days that Endpoint Policy Manager should check for + updates, you transpose the values. The correct way to specify a cert and check every, say, 2 days + is\DCShareFabrikam-CA.cer, 2, CA, add + And NOT: + \DCShareFabrikam-CA.cer, CA, 2, add + In the logs, you would see this transposition error demonstrated as: + +![214_3_image008](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/214_3_image008.webp) + +**Step 7 –** Send us your cert, and we'll send you ours. + +We can try to see if YOUR CERT works in OUR environment. +We can also send you OUR TEST CERT and see if it works in YOURs. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_2.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_2.md new file mode 100644 index 0000000000..f8a2af5c27 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_2.md @@ -0,0 +1,9 @@ +--- +title: "Firefox: Can I deliver, manage and/or revoke certificates directly to Firefox?" +description: "Firefox: Can I deliver, manage and/or revoke certificates directly to Firefox?" +sidebar_position: 170 +--- + +# Firefox: Can I deliver, manage and/or revoke certificates directly to Firefox? + +Yes. Here is a videos to demonstrate that. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_3.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_3.md new file mode 100644 index 0000000000..6b363952b0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/certificates_3.md @@ -0,0 +1,11 @@ +--- +title: "Internet Explorer: Can I deliver, manage and/or revoke certificates directly to Internet Explorer?" +description: "Internet Explorer: Can I deliver, manage and/or revoke certificates directly to Internet Explorer?" +sidebar_position: 330 +--- + +# Internet Explorer: Can I deliver, manage and/or revoke certificates directly to Internet Explorer? + +Yes, Here is a videos to demonstrate that. + +[Manage IE Certificates](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/certificates.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/customsettings.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/customsettings.md new file mode 100644 index 0000000000..48418685c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/customsettings.md @@ -0,0 +1,16 @@ +--- +title: "Internet Explorer: How do I deploy custom settings to zones?" +description: "Internet Explorer: How do I deploy custom settings to zones?" +sidebar_position: 340 +--- + +# Internet Explorer: How do I deploy custom settings to zones? + +On the page that looks like this, simply change the settings inside the CUSTOM SETTINGS frame. + +However, DO NOT set the dropdown to custom. That is, but leave the "Security Level for Trusted +Sites" dropdown (for instance) set to nothing. + +This formula will deliver the specific custom settings you choose. + +![313_1_2015-03-16_1607](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/313_1_2015-03-16_1607.webp) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/darktheme.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/darktheme.md similarity index 85% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/darktheme.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/darktheme.md index 81e8236e3d..462286602a 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/darktheme.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/darktheme.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: How can I fix Dark Theme / Firefox 56 when using Endpoint Policy Manager?" +description: "Firefox: How can I fix Dark Theme / Firefox 56 when using Endpoint Policy Manager?" +sidebar_position: 250 +--- + # Firefox: How can I fix Dark Theme / Firefox 56 when using Endpoint Policy Manager? ## Cause: diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/entrysettings.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/entrysettings.md new file mode 100644 index 0000000000..741074622d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/entrysettings.md @@ -0,0 +1,20 @@ +--- +title: "HowTo: One of my AppSet entry's settings is not getting delivered on target machines. What should be the first thing to look into?" +description: "HowTo: One of my AppSet entry's settings is not getting delivered on target machines. What should be the first thing to look into?" +sidebar_position: 290 +--- + +# HowTo: One of my AppSet entry's settings is not getting delivered on target machines. What should be the first thing to look into? + +The most common reason for items not applying is that the Internal Item Level Targeting within a +AppSet doesn't match/evaluate to TRUE on your target machine. + +For instance, the Internal (Pre-defined) Item Level Targeting (ILT) which specifying an application +version in the AppSet for an application that you don't have. + +Usually, the Internal ILT is tied down for "Version X and Later", but it could be very version +specific. + +See this video to bypass the ILT: + +[Bypassing Internal Item Level Targeting Filters](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargetingbypass.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/esr.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/esr.md new file mode 100644 index 0000000000..d271bd6af0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/esr.md @@ -0,0 +1,12 @@ +--- +title: "Firefox: Is Endpoint Policy Manager compatible with Firefox ESR?" +description: "Firefox: Is Endpoint Policy Manager compatible with Firefox ESR?" +sidebar_position: 220 +--- + +# Firefox: Is Endpoint Policy Manager compatible with Firefox ESR? + +Yes, Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager and Endpoint Policy +Manager Browser Router are only compatible with Firefox ESR.  Firefox RR is not compatible. +[See this blog article](https://www.endpointpolicymanager.com/pp-blog/endpointpolicymanager-will-soon-only-support-firefox-esr) +for more details. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/extratabs.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/extratabs.md new file mode 100644 index 0000000000..5125156c2b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/extratabs.md @@ -0,0 +1,13 @@ +--- +title: "Chrome: Why do I have extra tabs appear when I open Chrome on an endpoint?" +description: "Chrome: Why do I have extra tabs appear when I open Chrome on an endpoint?" +sidebar_position: 70 +--- + +# Chrome: Why do I have extra tabs appear when I open Chrome on an endpoint? + +Be sure to find the Set Pages area and uncheck "Always reapply this setting" in the remaining tabs. +Netwrix Endpoint Policy Manager (formerly PolicyPak) is delivering "blank" when the "Always reapply +this setting" is present upon items. So right-click and uncheck each unwanted page as seen here. + +![282_1_faq-images7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/282_1_faq-images7.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/frontmotion.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/frontmotion.md new file mode 100644 index 0000000000..38f658d55b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/frontmotion.md @@ -0,0 +1,10 @@ +--- +title: "Firefox: Is Endpoint Policy Manager compatible with the Frontmotion packaged MSI version of Firefox?" +description: "Firefox: Is Endpoint Policy Manager compatible with the Frontmotion packaged MSI version of Firefox?" +sidebar_position: 200 +--- + +# Firefox: Is Endpoint Policy Manager compatible with the Frontmotion packaged MSI version of Firefox? + +Yes, Netwrix Endpoint Policy Manager (formerly PolicyPak) is compatible with the Frontmotion +packaged MSI version of Firefox. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/home.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/home.md similarity index 78% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/home.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/home.md index 0a8d12f250..10bb7cf2bb 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/home.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/home.md @@ -1,3 +1,9 @@ +--- +title: "Chrome: How to Configure Chrome HomePage using Application Manager" +description: "Chrome: How to Configure Chrome HomePage using Application Manager" +sidebar_position: 20 +--- + # Chrome: How to Configure Chrome HomePage using Application Manager The "Home Page" in Chrome can mean one of two things: diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/homebuttonurl.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/homebuttonurl.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/homebuttonurl.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/homebuttonurl.md index 378078e15b..837a97fa0c 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/homebuttonurl.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/homebuttonurl.md @@ -1,3 +1,9 @@ +--- +title: "Chrome: Why Homepage button URL is not working for Google Chrome?" +description: "Chrome: Why Homepage button URL is not working for Google Chrome?" +sidebar_position: 80 +--- + # Chrome: Why Homepage button URL is not working for Google Chrome? Show Home Button is set and URL is configured to be shown when pressing the home button. But it did diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/httpsites.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/httpsites.md new file mode 100644 index 0000000000..8d78762379 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/httpsites.md @@ -0,0 +1,18 @@ +--- +title: "Internet Explorer: Why don't HTTP sites get added to the Trusted Site list?" +description: "Internet Explorer: Why don't HTTP sites get added to the Trusted Site list?" +sidebar_position: 360 +--- + +# Internet Explorer: Why don't HTTP sites get added to the Trusted Site list? + +IE itself wont allow HTTP sites unless you loosen the security in IE. + +Use Netwrix Endpoint Policy Manager (formerly PolicyPak) to do it for you. + +On the Security tab, ensure "Trusted: Require server verification https:" and "Intranet: Require +server verification https" are both UNDERLINED and UN-Checked. + +This will deliver "un-check" to these settings, allowing for HTTP zones. + +![240_1_image002](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/240_1_image002.webp) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/internalpredefined.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/internalpredefined.md similarity index 90% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/internalpredefined.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/internalpredefined.md index 6e8cef051b..5df93a893a 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/itemleveltargeting/internalpredefined.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/internalpredefined.md @@ -1,3 +1,9 @@ +--- +title: "Other: What is \"Internal (pre-Defined)\" Item Level Targeting?" +description: "Other: What is \"Internal (pre-Defined)\" Item Level Targeting?" +sidebar_position: 470 +--- + # Other: What is "Internal (pre-Defined)" Item Level Targeting? Many (not all) of our Paks have Internal diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue.md new file mode 100644 index 0000000000..d74c25386d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue.md @@ -0,0 +1,44 @@ +--- +title: "HowTo: What do I do if I find a problem with a preconfigured AppSet?" +description: "HowTo: What do I do if I find a problem with a preconfigured AppSet?" +sidebar_position: 280 +--- + +# HowTo: What do I do if I find a problem with a preconfigured AppSet? + +While you are welcome to contact Netwrix Endpoint Policy Manager (formerly PolicyPak) support +concerning any issues with our preconfigured AppSets, we can recommend some steps to perform before +doing that. + +We encourage customers to take an active role if a Preconfigured AppSet appears to have some issue +in the definition. This is why we provide the Endpoint Policy Manager DesignStudio to customers – to +make and update settings for their own AppSets, or update our preconfigured AppSets. + +That being said, if you identify a pre-configured AppSet issue, here is our step-by-step +recommendation: + +- Ensure you are using the latest Endpoint Policy Manager CSE and latest AppSet. If you are unsure + of what the latest build is of Endpoint Policy Manager, post to the support forums, email support, + or ask your sales person. + +If that doesn't work: + +- Post a message to our support forums (customers and all trial users have access.) +- Narrow down the issue and help us understand what the AppSet is or is not doing. +- Provide screenshots and logs +- See if the community has a known fix for it and/or others can replicate the same problem. +- Use the Endpoint Policy Manager DesignStudio manuals and tool to help yourself and fix your own + AppSet definition issue. (And, please report your fix so we can update the AppSet for the future.) + +If you don't want try to fix a AppSet definition yourself, we (Endpoint Policy Manager Software tech +support) will try to analyze and remediate and AppSet issue if possible, knowing that it might take +some time (or might not be possible at all.) + +The more you can isolate the problem using the troubleshooting procedures outlined in the Endpoint +Policy Manager manuals, the better we can serve you. + +The preconfigured AppSets are examples we (Endpoint Policy Manager Software) provide the community +for free. + +Our company is based around a community model where we all help each other.  You will find that the +Endpoint Policy Manager user community is a true asset. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue_1.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue_1.md new file mode 100644 index 0000000000..fc46d362e9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue_1.md @@ -0,0 +1,23 @@ +--- +title: "Java: I don't see that any changes are working at all. What can I try first?" +description: "Java: I don't see that any changes are working at all. What can I try first?" +sidebar_position: 450 +--- + +# Java: I don't see that any changes are working at all. What can I try first? + +Solution: + +Every pre-configured Pak comes with its own internal filters and in most cases those are targeting +to a specific version of Application. For instance, if you're using a specific Pak for Java, it +might be trying to apply only to the detected version on that machine. + +So if we have a different version on the target machine that doesn't mean there is no way we can see +the changes. We can still get Netwrix Endpoint Policy Manager (formerly PolicyPak) to deliver the +setting by disabling the internal item-level targeting. + +![323_1_image011dftyrty](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/java/323_1_image011dftyrty.webp) + +To see a demonstration video about Internal Filters and bypassing them, please see this + +[Bypassing Internal Item Level Targeting Filters](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargetingbypass.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/itemsunavailable.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/itemsunavailable.md new file mode 100644 index 0000000000..def9710b69 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/itemsunavailable.md @@ -0,0 +1,11 @@ +--- +title: "Other: I added a AppSet and some items are grayed out / not available. In other AppSets, everything seems available. What's happening?" +description: "Other: I added a AppSet and some items are grayed out / not available. In other AppSets, everything seems available. What's happening?" +sidebar_position: 490 +--- + +# Other: I added a AppSet and some items are grayed out / not available. In other AppSets, everything seems available. What's happening? + +Features that are grayed out in any AppSet means that the setting isn't available to be delivered +via Netwrix Endpoint Policy Manager (formerly PolicyPak). For some applications, everything works, +for others, not everything is manageable. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/javathunderbird.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/javathunderbird.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/javathunderbird.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/javathunderbird.md index 820d1ab805..fa8ee0b379 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/javathunderbird.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/javathunderbird.md @@ -1,3 +1,9 @@ +--- +title: "Firefox (and Java and Thunderbird): Why can't I seem to find (or perform) UI lockdown for Firefox, Java or Thunderbird ?" +description: "Firefox (and Java and Thunderbird): Why can't I seem to find (or perform) UI lockdown for Firefox, Java or Thunderbird ?" +sidebar_position: 190 +--- + # Firefox (and Java and Thunderbird): Why can't I seem to find (or perform) UI lockdown for Firefox, Java or Thunderbird ? FireFox, Thunderbird and Java pre-configured Paks all support user-interface lockout. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfail.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfail.md new file mode 100644 index 0000000000..09f4788772 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfail.md @@ -0,0 +1,21 @@ +--- +title: "Internet Explorer: Why Internet Explorer is not launching after I apply \"Perform ACL Lockdown\"?" +description: "Internet Explorer: Why Internet Explorer is not launching after I apply \"Perform ACL Lockdown\"?" +sidebar_position: 380 +--- + +# Internet Explorer: Why Internet Explorer is not launching after I apply "Perform ACL Lockdown"? + +If you select ACL Lockdown from the IE option you may experience that the iexplorer.exe process +closes itself, thus failing IE with successful launch. + +That's because, currently we have limitation with that feature support in IE. So uncheck the option +"Perform ACL Lockdown" by right-clicking on the PolicyPak elements: + +Example 1: + +![299_1_image004](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/299_1_image004.webp) + +Example 2: + +![299_2_image005](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/299_2_image005.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfailstig.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfailstig.md new file mode 100644 index 0000000000..f8a4464dff --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/launchfailstig.md @@ -0,0 +1,19 @@ +--- +title: "Internet Explorer: Why does IE fail to launch after I apply ACL lockdown or all of the IE AppSet STIG settings?" +description: "Internet Explorer: Why does IE fail to launch after I apply ACL lockdown or all of the IE AppSet STIG settings?" +sidebar_position: 370 +--- + +# Internet Explorer: Why does IE fail to launch after I apply ACL lockdown or all of the IE AppSet STIG settings? + +There are some settings, which when you use ACL lockdown, will prevent IE from launching. + +Removing ACL lockdown on either of these settings permits IE to launch: + +![284_1_ghjgdffhykui88dr](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/284_1_ghjgdffhykui88dr.webp) + +Under the hood, the keys that are edited are in + +``` +HKEY_Current_UserSoftwareMicrosoftInternet ExplorerMain +``` diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/localfileaccess.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/localfileaccess.md new file mode 100644 index 0000000000..92b1ebd564 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/localfileaccess.md @@ -0,0 +1,22 @@ +--- +title: "Chrome: How do I block Local File access to Google Chrome with Endpoint Policy Manager?" +description: "Chrome: How do I block Local File access to Google Chrome with Endpoint Policy Manager?" +sidebar_position: 60 +--- + +# Chrome: How do I block Local File access to Google Chrome with Endpoint Policy Manager? + +Use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Pak for Chrome. Then in the Extras, +specify a URL to block as + +three slashes after file like this. + +``` +file:///c:/ +``` + +![38_1_image001](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/38_1_image001.webp) + +Result: + +![38_2_image002](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/chrome/38_2_image002.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/mode.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/mode.md new file mode 100644 index 0000000000..e4f4024046 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/mode.md @@ -0,0 +1,14 @@ +--- +title: "Internet Explorer: When should I use Compatibility mode vs. Enterprise Mode for IE 11?" +description: "Internet Explorer: When should I use Compatibility mode vs. Enterprise Mode for IE 11?" +sidebar_position: 350 +--- + +# Internet Explorer: When should I use Compatibility mode vs. Enterprise Mode for IE 11? + +Both modes are actually additive and not exclusive. For details, please see these Microsoft +articles. +Netwrix Endpoint Policy Manager (formerly PolicyPak)'s job is to populate those lists for you +dynamically instead of having to make your own lists. + +[https://techcommunity.microsoft.com/t5/windows-blog-archive/ie11-enterprise-mode-and-compatibility-view-are-additive-not/ba-p/228730](https://techcommunity.microsoft.com/t5/windows-blog-archive/ie11-enterprise-mode-and-compatibility-view-are-additive-not/ba-p/228730) diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/nonstandardlocation.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/nonstandardlocation.md similarity index 80% rename from docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/nonstandardlocation.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/nonstandardlocation.md index 7a371632ab..f1a95153b6 100644 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/nonstandardlocation.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/nonstandardlocation.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: Is Endpoint Policy Manager compatible with Firefox when installed to non-standard (and portable) locations?" +description: "Firefox: Is Endpoint Policy Manager compatible with Firefox when installed to non-standard (and portable) locations?" +sidebar_position: 210 +--- + # Firefox: Is Endpoint Policy Manager compatible with Firefox when installed to non-standard (and portable) locations? Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager will apply settings and diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/ntlmpassthru.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/ntlmpassthru.md similarity index 88% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/ntlmpassthru.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/ntlmpassthru.md index fc68a3077e..cae35a2624 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/ntlmpassthru.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/ntlmpassthru.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: How do I use the NTLM passthru (URIS) settings in the Firefox / about:config AppSets?" +description: "Firefox: How do I use the NTLM passthru (URIS) settings in the Firefox / about:config AppSets?" +sidebar_position: 140 +--- + # Firefox: How do I use the NTLM passthru (URIS) settings in the Firefox / about:config AppSets? The Firefox core AppSet (Mozilla Firefox 23.0 and later) has three very commonly used settings from diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/policies.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/policies.md new file mode 100644 index 0000000000..c1dce2adbb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/policies.md @@ -0,0 +1,16 @@ +--- +title: "Chrome Policies don't appear to work when using Endpoint Policy Manager Cloud." +description: "Chrome Policies don't appear to work when using Endpoint Policy Manager Cloud." +sidebar_position: 40 +--- + +# Chrome Policies don't appear to work when using Endpoint Policy Manager Cloud. + +Chrome's POLICIES are supported only when machines are domain joined. + +If your machine is NON-domain joined when used with PPCloud .. which is a typical case, +Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager settings cannot be +delivered to Chrome. + +We are working on a workaround in the future, but at this time, there is no workaround unless the +machine is domain joined. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/preventupdates.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/preventupdates.md similarity index 77% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/preventupdates.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/preventupdates.md index 6ae8287fe0..a1bae098af 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/preventupdates.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/preventupdates.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: How can I prevent both automatic AND manual updates for Firefox?" +description: "Firefox: How can I prevent both automatic AND manual updates for Firefox?" +sidebar_position: 120 +--- + # Firefox: How can I prevent both automatic AND manual updates for Firefox? If you use the Firefox Pak for Netwrix Endpoint Policy Manager (formerly PolicyPak), and perform the diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/proxysettings.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/proxysettings.md new file mode 100644 index 0000000000..8de6c2597b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/proxysettings.md @@ -0,0 +1,16 @@ +--- +title: "Chrome: How do I manage the Proxy settings for Google Chrome?" +description: "Chrome: How do I manage the Proxy settings for Google Chrome?" +sidebar_position: 50 +--- + +# Chrome: How do I manage the Proxy settings for Google Chrome? + +Google Chrome uses the same settings as the system. + +Which is set using the Netwrix Endpoint Policy Manager (formerly PolicyPak) Pak for Internet +Explorer. + +See this video for more details, which will also set the Chrome Pak: + +[Manage IE Connections tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/connectionstab.md) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/revertoptions.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/revertoptions.md similarity index 91% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/revertoptions.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/revertoptions.md index 18c3c7ab8c..6d31f69a24 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/revertoptions.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/revertoptions.md @@ -1,3 +1,9 @@ +--- +title: "Firefox: How can I use Endpoint Policy Manager to revert Firefox's Options back to the \"Old Style\" ?" +description: "Firefox: How can I use Endpoint Policy Manager to revert Firefox's Options back to the \"Old Style\" ?" +sidebar_position: 130 +--- + # Firefox: How can I use Endpoint Policy Manager to revert Firefox's Options back to the "Old Style" ? Here's a video on how to do that diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/runapplication.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/runapplication.md similarity index 84% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/java/runapplication.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/runapplication.md index f0e7e78a3b..7ab842a7c4 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/runapplication.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/runapplication.md @@ -1,3 +1,9 @@ +--- +title: "Java: How to disable Java prompt \"Do you want to run this application?\"" +description: "Java: How to disable Java prompt \"Do you want to run this application?\"" +sidebar_position: 420 +--- + # Java: How to disable Java prompt "Do you want to run this application?" Visiting a site with Java enabled content you may see this prompt, confirming if you want to run the diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/securityenterpriseroots.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securityenterpriseroots.md similarity index 86% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/securityenterpriseroots.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securityenterpriseroots.md index 240962640d..ee7066f5aa 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/securityenterpriseroots.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securityenterpriseroots.md @@ -1,3 +1,9 @@ +--- +title: "Can I use Security.enterprise_roots.enabled as an alternate method for FF + Certificates?" +description: "Can I use Security.enterprise_roots.enabled as an alternate method for FF + Certificates?" +sidebar_position: 180 +--- + # Can I use Security.enterprise_roots.enabled as an alternate method for FF + Certificates? Yes. You can use Netwrix Endpoint Policy Manager (formerly PolicyPak) to deliver diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securitypopup.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securitypopup.md new file mode 100644 index 0000000000..d4b5e02033 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/securitypopup.md @@ -0,0 +1,27 @@ +--- +title: "Java: Using the Pre-configured AppSet for Java, how do I prevent \"Java has discovered application components that could indicate a security concern.\" Pop up?" +description: "Java: Using the Pre-configured AppSet for Java, how do I prevent \"Java has discovered application components that could indicate a security concern.\" Pop up?" +sidebar_position: 390 +--- + +# Java: Using the Pre-configured AppSet for Java, how do I prevent "Java has discovered application components that could indicate a security concern." Pop up? + +If you get the following pop-up: + +![158_1_uhae4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/java/158_1_uhae4.webp) + +the pre-configured Java AppSet can adjust for that. However, know that we are not magically +"increasing" your security here, simply delivering the value that forces Java to stop the pop up. + +The setting located in our pre-configured AppSets for Java is: + +Java 7 Pak technique: + +![158_2_2014-04-13_1737](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/java/158_2_2014-04-13_1737.webp) + +Java 8 AppSet technique: + +![158_3_13-8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/java/158_3_13-8.webp) + +More information from Oracle on the underlying issue can be found at this web page:  +[http://java.com/en/download/help/error_mixedcode.xml](http://java.com/en/download/help/error_mixedcode.xml) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/side.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/side.md new file mode 100644 index 0000000000..eb5de45b6c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/side.md @@ -0,0 +1,27 @@ +--- +title: "HowTo: Which \"side\" of GPO should I deploy AppSets to: User or Computer side?" +description: "HowTo: Which \"side\" of GPO should I deploy AppSets to: User or Computer side?" +sidebar_position: 300 +--- + +# HowTo: Which "side" of GPO should I deploy AppSets to: User or Computer side? + +There is no right or wrong answer here. + +In our Quickstart and manual, we suggest you perform the work on the USER side. + +This means that whenever users log on to any machines (so, as users roam), they get the settings. + +That being said, you're welcome to deliver settings on the COMPUTER side. + +This means that ALL USERS on the computer will get the settings… regardless of who the user is. + +So, our general recommendation (if you're looking for one) is: + +- Perform settings on the USER side (usually). +- Except for three applications which work BEST when managed on the Computer side: Firefox, Java and + Thunderbird. + +For more information on this, see the following FAQ item. + +[Firefox (and Java and Thunderbird): Why can't I seem to find (or perform) UI lockdown for Firefox, Java or Thunderbird ?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/javathunderbird.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/sitelistexceptions.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/sitelistexceptions.md new file mode 100644 index 0000000000..a11e6a9d1e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/sitelistexceptions.md @@ -0,0 +1,22 @@ +--- +title: "Java: Java Site List Exceptions just stopped working. What can I do to fix this?" +description: "Java: Java Site List Exceptions just stopped working. What can I do to fix this?" +sidebar_position: 460 +--- + +# Java: Java Site List Exceptions just stopped working. What can I do to fix this? + +Sometimes Java will create an errant file which prevents Java Site Exceptions list from working as +expected. + +The file is zero bytes and found in + +``` +appdatalocallowsunjavadeploymentsecurity +``` + +For manual testing on one machine, delete that file, then run GPupdate to refresh. + +See if Java Site exceptions starts to work. + +![46_1_tip-if-java-site-lists-stop-working](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/java/46_1_tip-if-java-site-lists-stop-working.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/stopsenddatamessage.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/stopsenddatamessage.md new file mode 100644 index 0000000000..80460da36b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/stopsenddatamessage.md @@ -0,0 +1,16 @@ +--- +title: "Firefox: How do I stop the \"Firefox automatically sends some data to Mozilla so that we can improve your experience\" message?" +description: "Firefox: How do I stop the \"Firefox automatically sends some data to Mozilla so that we can improve your experience\" message?" +sidebar_position: 240 +--- + +# Firefox: How do I stop the "Firefox automatically sends some data to Mozilla so that we can improve your experience" message? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager can remove the message +"Firefox automatically sends some data to Mozilla so that we can improve your experience" as seen +below. + +![177_1_image001](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/177_1_image001.webp) + +To do this, use the Endpoint Policy Manager Application Manager pak About:Config A-I Pak. +Use the setting datareporting.policy.dataSubmissionPolicyBypassNotification and set to TRUE. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/supportpolicy.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/supportpolicy.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/supportpolicy.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/supportpolicy.md index 275dae85a8..15916602d5 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/supportpolicy.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/supportpolicy.md @@ -1,3 +1,9 @@ +--- +title: "AppSets: What is the official support policy for the pre-configured AppSets?" +description: "AppSets: What is the official support policy for the pre-configured AppSets?" +sidebar_position: 520 +--- + # AppSets: What is the official support policy for the pre-configured AppSets? Many people use Netwrix Endpoint Policy Manager (formerly PolicyPak) with the pre-configured @@ -20,5 +26,5 @@ Again, the AppSets themselves are not officially supported. Those are "examples" we provide "best effort" support on those if a problem is found. (See the FAQ question -"[HowTo: What do I do if I find a problem with a preconfigured AppSet?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/issue.md)" for more +"[HowTo: What do I do if I find a problem with a preconfigured AppSet?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/issue.md)" for more information.) diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/tasktray.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/tasktray.md similarity index 81% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/java/tasktray.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/tasktray.md index ec7e44734c..f29ab0eb49 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/tasktray.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/tasktray.md @@ -1,3 +1,9 @@ +--- +title: "Java: How to disable Task tray notification balloon events?" +description: "Java: How to disable Task tray notification balloon events?" +sidebar_position: 440 +--- + # Java: How to disable Task tray notification balloon events? In most cases when you are using an older version of Java you may see the Java icon in the system diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/transition.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/transition.md new file mode 100644 index 0000000000..bca3efb5bf --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/transition.md @@ -0,0 +1,322 @@ +--- +title: "Firefox: How do I make Application Settings Manager work with Firefox 115 and later (and how do I transition existing settings?" +description: "Firefox: How do I make Application Settings Manager work with Firefox 115 and later (and how do I transition existing settings?" +sidebar_position: 90 +--- + +# Firefox: How do I make Application Settings Manager work with Firefox 115 and later (and how do I transition existing settings? + +This document is only needed for customers using Netwrix Endpoint Policy Manager (formerly +PolicyPak) Application Settings Manager and Firefox ESR. There is no required special workaround for +Endpoint Policy Manager Browser Router except using the latest Endpoint Policy Manager CSE and +Firefox ESR 115 and later. + +Update for 24.11 CSE + +Firefox 128 has made a breaking change requiring an update to the CSE and the Firefox 115 and later +Pak to continue functioning. + +The only supported configuration going forward for Firefox 128 support is CSE 24.11 (or later) and +the Firefox 115 and later pak, which is compiled (and signed) from Netwrix with date stamp 11/7/2024 +and later. + +![transition](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/transition.webp) + +Previous Details (Pre 24.11 CSE) + +Firefox 115 and later has made a breaking change internally which makes our longstanding plug-in +implementation fail to operate. This change is expected to be permanent, and as such required a few +items to workaround and fix it: + +- Changes within Endpoint Policy Manager Application Settings Manager on how we register the Firefox + plug in (requiring an updated CSE) +- The way the AppSet performs its interaction with the CSE +- The AppSet itself which needed to be recompiled with some Endpoint Policy Manager DesignStudio + updates. + +**NOTE:** If you are using the Endpoint Policy Manager DesignStudio yourself to make any changes to +the Firefox 23 AppSet, you will need to re-compile with the latest Endpoint Policy Manager +DesignStudio and then perform the steps listed below. + +This document is to help guide you through the required transition. + +We will refer to the original Firefox AppSet as FF23 AppSet and the updated one as Firefox AppSet as +FF115. + +You can acquire the updated FireFox AppSet 115 in the Endpoint Policy Manager Portal within the +AppSets downloads. + +**NOTE:** It is recommended, though not strictly required that you also update your management +station to the latest Endpoint Policy Manager MMC snap-in. In doing so the screenshots shown here +will match the steps you will be performing. + +## Functional Matrix of Firefox, CSE and AppSet + +| Firefox ESR version | CSE Version | AppSet Version Compiled with | Expected Behavior | +| ------------------- | --------------- | ----------------------------------- | ----------------- | +| 102.9 and below | 23.8 and below | 23.8 and below (aka FF23 AppSet) | Works | +| 102.9 and below | 23.10 and later | 23.10 and later (aka FF 115 AppSet) | Works | +| 102.9 and below | 23.8 and below | 23.10 and later (aka FF 115 AppSet) | Not Work | +| 115 and later | 23.10 and later | 23.8 and below (aka FF23 AppSet) | Not Work | +| 115 and later | 23.8 and below | 23.10 and later (aka FF 115 AppSet) | Not Work | +| 115 and later | 23.10 and later | 23.10 and later (aka FF23 AppSet) | Works | + +The upshot is: + +- If you use the new CSE you must use the New AppSet (FF115) +- If you use an older CSE you must use the Older AppSet (FF23) +- Then when you use the new CSE and the New AppSet (FF115), Endpoint Policy Manager will operate as + expected for FF ESR version 102.9 and also FF 115 and later + +Additionally, you will want to ensure that your existing FF23 AppSet policies do not get pushed down +to the machines with the new 23.10 and later CSE. During this guide you will use Item Level +Targeting to ensure that the older FF23 AppSet cannot work with, and shouldn't be applied to newer +CSEs; therefore we need to ensure that the newer FF115 AppSet only applies to the newer CSEs. + +**NOTE:** This document mostly focuses on Group Policy Object delivery of the Firefox Endpoint +Policy Manager AppSet. Note you may have other ways to deliver the FireFox Endpoint Policy Manager +AppSet like Endpoint Policy Manager Cloud, local GPOs, and/or XML data files (via MSI files.) Be +sure to perform this same operation using any and all methods. + +## Finding all GPOs with Endpoint Policy Manager Application Settings Manager Data + +You'll want to first discover all GPOs with Endpoint Policy Manager Application Settings Manager +Data, and those with specific Firefox 23 AppSets. That being said, automation can only help you +discover which GPOs contain Endpoint Policy Manager Application Settings Manager data. After that, +you must open each Group Policy Object one by one and manually look for FF23 AppSet data. + +Overview of using the Endpoint Policy Manager PowerShell cmdlets to discover Endpoint Policy Manager +data within GPOs see the +[Endpoint Policy Manager User PowerShell to find all Endpoint Policy Manager GPOs](/docs/endpointpolicymanager/video/troubleshooting/powershell.md) +topic for additional information. + +![939_1_image-20231101213809-1_950x372](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_1_image-20231101213809-1_950x372.webp) + +The specific command you'll want to run is Get-PPGPOs -cse "application settings manager". + +Each Group Policy Object at this point will need to be opened to look for Firefox 23 AppSets. Here +is an example of the FF23 AppSet on the Computer side, though it may also reside on the User side. + +![939_2_image-20231101213809-2_950x458](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_2_image-20231101213809-2_950x458.webp) + +Before making any modifications, you'll want to perform a few backup steps which are detailed in the +next section. + +## Backing Up and Testing a Restore + +There are a myriad of ways to recover from a problem during this procedure; and we recommend you +perform all of these steps. + +We strongly recommend before starting the upgrade that you are confident you can backup and also +restore your Endpoint Policy Manager Application Settings Manager and specifically the Firefox +settings before continuing. + +### Back up 1: Viewing the Group Policy Object Report and saving the HTML report. + +![939_3_image-20231101213809-3_950x493](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_3_image-20231101213809-3_950x493.webp) + +This won't be your only backup, but it will express exactly what is in your Group Policy Object with +regards to your settings. + +### Back Up 2: Backing up the Group Policy Object (or all GPOs.) + +For backing up the GPO or all GPOs see the +[Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) +topic for additional information. + +### Back up 3: Export the settings for each FF23 AppSet you already have. + +Open each FF23 AppSet and locate the Options button. Then click Export XML Settings Data and save +the file out. + +![939_4_image-20231101213809-4_950x761](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_4_image-20231101213809-4_950x761.webp) + +See the +[What are the two ways to export AppSet settings and why would I use one over the other?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/appset.md) + +**NOTE:** You will use the resulting XML file in an upcoming step and not only for backup purposes. + +### Back up 4: Backing up your Firefox 23 AppSet DLL + +Additionally, you should keep handy the OLD Endpoint Policy Manager Firefox 23 App Set DLL file that +you are currently using; and not merely the one still available in the Endpoint Policy Manager +portal. + +The file you are looking for is PP-Firefox23.DLL which is likely in one of three locations: + +- `\Programfiles\PolicyPak\Extensions` or +- SYSVOL (replicated to other domain controllers)\ + `C:\Windows\SYSVOL\sysvol\fabrikam.com\Policies\PolicyPak ` +- A share. (Tip: To locate the share you could be using see the + [Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md)[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md)) + +So, in summary, before leaving this section and continuing onward, again we advise that you: + +- Have an HTML report of your existing FF23 settings +- Have a backup of the GPO or GPOs which may potentially need to be restored +- Have your exported FF23 AppSet settings XML as per the instructions +- Have your PP-Firefox23.DLL handy that you are already using + +Remember also you might have more than one Group Policy Object with FF23 settings, so be sure to +repeat this procedure for each discovered Group Policy Object with FF23 settings. + +## Adding Item Level Targeting to your Existing FF 23 AppSet policy entry (and optionally testing the ILT evaluation) + +You want to make sure that that your existing Firefox 23 AppSet policy doesn't affect machines with +the newest CSE. As of this writing the version is 23.10.3683 (October of 2023) but could be +different in your download. + +To play it safe, set the ILT evaluation to check for Endpoint Policy Manager CSE version 23.9.0.0 +(September of 2023) and earlier for FF23 and 23.10.0.0 (October of 2023) and later for FF125. + +However, anything EARLIER than this version will support only FF23 AppSet and anything LATER or +EQUAL to this version will support only FF115 AppSet. + +Find your existing FF23 AppSet in your Group Policy Object(s) and select "Edit item-level targeting +filters…" + +![939_5_image-20231101213809-5_950x524](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_5_image-20231101213809-5_950x524.webp) + +You can test for the presence or absence of Endpoint Policy Manager CSE version 23.09.0.0 with a +Registry match query for: + +- Match type: Match value data +- Value data match type: Version match +- Hive: HKEY_Local_Machine +- Key Path: `SOFTWARE\PolicyPak\ClientSide Extensions\{F8357AE4-F4E0-49EC-AE9D-61078938E7CD}` +- Value Name: Version +- Value Type: REG_SZ +- Version Range: GREATER THAN 0.0.0.0 and LESS THAN 23.9.0.0 + +![939_6_image-20231101213809-6_950x743](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_6_image-20231101213809-6_950x743.webp) + +When done save the values. You will know you have ILT set when you see the Targeting column change +to ON. + +![939_7_image-20231101213809-7_950x273](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_7_image-20231101213809-7_950x273.webp) + +This is different than "Predefined Targeting". To understand the difference between ILT and +Predefined Targeting see the +[Predefined ILTs (Internal Filters)](/docs/endpointpolicymanager/video/applicationsettings/designstudio/itemleveltargeting.md) +topic for additional information. + +### Optional: Testing the ILT Filters on FF23 using the Endpoint Policy Manager Item Level Targeting Validation Tool + +Tip: You can also export the FF 23 settings to XMLdata File format and use part of the output to +verify the Item Level Targeting will evaluate to TRUE or FALSE. To do this, right-click the entry +and select Export settings to XMLData file and save the file. Then use the Endpoint Policy Manager +Item Level Targeting Validation tool to test how ILT will operate. See the +[Troubleshooting ILT with the ILT Validator Tool](/docs/endpointpolicymanager/video/troubleshooting/itemleveltargeting.md) +topic for additional information. + +**NOTE:** You will have to trim the ILT part of the output to eliminate the `` at the +beginning and `` at the end. + +![939_8_image-20231101213809-8_950x453](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_8_image-20231101213809-8_950x453.webp) + +Expected result on a machine with 23.10 and later CSE: + +![939_9_image-20231101213809-9_950x523](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_9_image-20231101213809-9_950x523.webp) + +## Adding the FF 115 AppSet to an existing or new Group Policy Object + +After you download the FF 115 AppSet from the Endpoint Policy Manager portal, it will appear like +this. You only need the .DLL file and not the XML file. + +![939_10_image-20231101213809-10](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_10_image-20231101213809-10.webp) + +Use these instructions to add the AppSet Locally or via Central Store: + +[Working with Others and using the Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstorework.md) + +Use these instructions to add the AppSet to a Share: + +[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) + +![939_11_image-20231101213809-11_950x492](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_11_image-20231101213809-11_950x492.webp) + +For example in the Endpoint Policy Manager Central Store you simply add the pp-Mozilla Firefox +115.DLL. + +**NOTE:** You may leave your existing pp-Mozilla Firefox 23 aboutconfig A to I and J to Z.DLL files +in place without modification. + +![939_12_image-20231101213809-12_950x406](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_12_image-20231101213809-12_950x406.webp) + +Next time you open the Group Policy editor you should see Endpoint Policy Manager For Mozilla +Firefox 115. + +## Using the FF 115 AppSet + +Now you can create a new entry for the FF 115 AppSet, import the previously exported FF23 settings +into the FF115 AppSet and also set Item Level Targeting on the FF 115 AppSet so it only applies to +computers with the latest Endpoint Policy Manager CSE. + +After creating the entry, double-click into it to open it up and select Import XML Settings Data. + +![939_13_image-20231101213809-13_950x633](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_13_image-20231101213809-13_950x633.webp) + +Then select the previously exported settings from the FF 23 AppSet. You should get a SUCCESS +message. + +Next, set the Item-level targeting in the AppSet. + +![939_14_image-20231101213809-14](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_14_image-20231101213809-14.webp) + +FF AppSet 115 should be applied only to machines with Endpoint Policy Manager CSE version 23.10.3687 +or Greater and can be determined with a Registry match query for: + +- Match type: Match value data +- Value data match type: Version match +- Hive: HKEY_Local_Machine +- Key Path: `SOFTWARE\PolicyPak\ClientSide Extensions\{F8357AE4-F4E0-49EC-AE9D-61078938E7CD}` +- Value Name: Version +- Value Type: REG_SZ +- Version Range: GREATER THAN OR EQUAL TO 23.10.0.0 and LESS THAN 99.0.0.0 + +![939_15_image-20231101213809-15_950x815](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_15_image-20231101213809-15_950x815.webp) + +Click OK and then close the AppSet entry to save it. + +### Optional: Testing the ILT Filters on FF23 using the Endpoint Policy Manager Item Level Targeting Validation Tool + +You can also export the FF 115 settings to XMLdata File format and use part of the output to verify +the Item Level Targeting will evaluate to TRUE or FALSE. To do this, right-click the entry and +select Export settings to XMLData file and save the file. Then use the Endpoint Policy Manager Item +Level Targeting Validation tool to test how ILT will operate. See the +[Troubleshooting ILT with the ILT Validator Tool](/docs/endpointpolicymanager/video/troubleshooting/itemleveltargeting.md) +topic for additional information. + +Note that you will have to trim the ILT part of the output to eliminate the `` at the +beginning and `` at the end. + +You can test the ILT evaluation by using the Export settings to XMLData file for the Mozilla Firefox +115 entry. + +![939_16_image-20231101213809-16_950x543](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_16_image-20231101213809-16_950x543.webp) + +Then you can use the ILT Evaluator tool to ensure your ILT evaluation is properly crafted and the +AppSet will only target machines with the latest Endpoint Policy Manager CSE. + +![939_17_image-20231101213809-17_950x549](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_17_image-20231101213809-17_950x549.webp) + +# HTML Settings Report Manual Comparison + +In one of the backup steps we recommended you export the FF23 GPMC HTML report. At this point you +may also want to double-check the FF115 GPMC report for any discrepancies or omissions in the +export/import process. + +If you don't see an expected value this could be because (1) the FF115 Pak was updated to remove +some values which appear to be unsupported in modern Firefox versions or (2) Some part of the Export +from FF23 and import to FF115 didn't work as expected. + +In such a case as case 2, please manually open the FF115 Pak and manually update your settings to +correct for any non-imported settings. + +![939_18_image-20231101213809-18_950x807](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/939_18_image-20231101213809-18_950x807.webp) + +## Final Thoughts + +In this document you learned how to target the FF23 AppSet to your older CSEs and the FF115 AppSet +to your newer CSEs. You also learned how to export the FF23 settings and migrate them over to the +FF115 AppSet. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/unavailable.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/unavailable.md similarity index 82% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/unavailable.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/unavailable.md index 2923826232..98edc94538 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/unavailable.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/unavailable.md @@ -1,3 +1,9 @@ +--- +title: "AppSets: Why are there some areas of the pre-configured AppSet greyed out or not accessable?" +description: "AppSets: Why are there some areas of the pre-configured AppSet greyed out or not accessable?" +sidebar_position: 500 +--- + # AppSets: Why are there some areas of the pre-configured AppSet greyed out or not accessable? Netwrix Endpoint Policy Manager (formerly PolicyPak)'s pre-configured AppSets can manage a lot of diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/updates.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/updates.md similarity index 75% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/updates.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/updates.md index f2ff7b6695..84fbca4401 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/updates.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/updates.md @@ -1,3 +1,9 @@ +--- +title: "AppSets: How often do the AppSets for specific apps get updated?" +description: "AppSets: How often do the AppSets for specific apps get updated?" +sidebar_position: 540 +--- + # AppSets: How often do the AppSets for specific apps get updated? Remember, AppSets themselves are not officially supported, but we do our best to update them as @@ -6,7 +12,7 @@ needed. We typically update Java and Firefox and Internet Explorer right away as Most of the time, AppSets doesn't need any updates at all, even if the application's version number changes -[AppSets: How will I know that an existing AppSet will work with the version of the application I have today (and tomorrow)?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versionsupport.md) +[AppSets: How will I know that an existing AppSet will work with the version of the application I have today (and tomorrow)?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionsupport.md) Other times, an AppSet does need to be updated or fully re-made depending on the app (rare). diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/useraccountcontrol.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/useraccountcontrol.md similarity index 77% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/java/useraccountcontrol.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/useraccountcontrol.md index 968339c202..bd9cb8d139 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/useraccountcontrol.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/useraccountcontrol.md @@ -1,3 +1,9 @@ +--- +title: "Java: How to disable User Account Control prompt for Java Auto Updater?" +description: "Java: How to disable User Account Control prompt for Java Auto Updater?" +sidebar_position: 430 +--- + # Java: How to disable User Account Control prompt for Java Auto Updater? Users might see prompts whenever Java tries to update automatically. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/version.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/version.md new file mode 100644 index 0000000000..2f97e7928b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/version.md @@ -0,0 +1,17 @@ +--- +title: "Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox?" +description: "Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox?" +sidebar_position: 150 +--- + +# Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox? + +Here is a table to help you understand what is supported. + +Note that Firefox versions not listed on this table are not yet tested and may or may not work + +![image001](/img/product_docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/image001.webp) + +The reason you need to upgrade the CSE to support the various levels of Firefox is because the +Firefox methods for accepting certificates changed, and therefore we changed with them to support +the changes. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/versioninsecure.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versioninsecure.md similarity index 81% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/java/versioninsecure.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versioninsecure.md index 27c54b8469..f2a6c4b39e 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/versioninsecure.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versioninsecure.md @@ -1,3 +1,9 @@ +--- +title: "Java: How to disable prompt \"You Java version is insecure\"?" +description: "Java: How to disable prompt \"You Java version is insecure\"?" +sidebar_position: 410 +--- + # Java: How to disable prompt "You Java version is insecure"? Visiting a website with Java enabled application you may see the warning as showing in screenshot. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/versionoutofdate.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionoutofdate.md similarity index 81% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/java/versionoutofdate.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionoutofdate.md index b91385c268..62f32793b3 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/java/versionoutofdate.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionoutofdate.md @@ -1,3 +1,9 @@ +--- +title: "Java: How to disable prompt \"Your Java version is out of date.\"?" +description: "Java: How to disable prompt \"Your Java version is out of date.\"?" +sidebar_position: 400 +--- + # Java: How to disable prompt "Your Java version is out of date."? If you are running an older version of Java JRE and you visited the java enabled application, it diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versions.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versions.md new file mode 100644 index 0000000000..40fff7f868 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versions.md @@ -0,0 +1,48 @@ +--- +title: "AppSets: Why do some AppSets have pre-defined Item Level Targeting for an EXACT version number, and others say \"Version 7 to 99\" (or similar)?" +description: "AppSets: Why do some AppSets have pre-defined Item Level Targeting for an EXACT version number, and others say \"Version 7 to 99\" (or similar)?" +sidebar_position: 510 +--- + +# AppSets: Why do some AppSets have pre-defined Item Level Targeting for an EXACT version number, and others say "Version 7 to 99" (or similar)? + +We create a test AppSet for a specific product version. But we want the latest version we release to +work for whatever comes next from the manufacturer. + +Let's use Techsmith Snagit as an example. As of this writing, there are two AppSets for Snagit: 10 +and 11. + +The AppSet for Snag it 10 has its Internal ILT set so it only delivers settings WHEN specifically +version 10 of SnagIt is on the machine. The Internal ILT is set as follows: + +When %ProgramFiles%TechSmithSnagit 10SnagitEditor.exe FILE VERSION is between 10.0.0.0 and 11.0.0.0. +OR the file %ProgramFiles(x86)%TechSmithSnagit 10SnagitEditor.exe FILE VERSION is between 10.0.0.0 +and 11.0.0.0. + +But the Snag it 11 AppSet has its Internal ILT set so it delivers when version 11 and up to 99 is on +the machine. Its internal ILT is set as follows: + +When `%ProgramFiles%TechSmithSnagit 11SnagitEditor.exe` FILE VERSION is between 11.0.0.0 and +99.0.0.0 OR the file` %ProgramFiles(x86)%TechSmithSnagit 11SnagitEditor.exe` FILE VERSION is between +11.0.0.0 and 99.0.0.0. + +Let's assume Techsmith Snagit 12 comes out, and users install it, or it otherwise appears on +machines. It's VERY LIKELY that the AppSet we already created for SnagIt 11 will mostly work for the +next version, version 12. + +Then, when version 12 comes out, we test our Version 11 AppSet with Version 12 of the application +and we do one of two things: + +1. If there are NO updates at all to the AppSet, we do nothing but make a note in the readme file. + We note that the AppSet continues to work as expected. +2. If a AppSet DOES require updates: +      a) We then CHANGE version 11's Internal Filter to work SPECIFICALLY for Version 11. +      b) We produce the AppSet for version 12. And make its Internal Filter work for Version 12 + to 99. + +Now when SnagIt 13, 14, etc comes out, the version 12 AppSet will most likely keep working with it. + +This same idea extends, say to Firefox which gets updated quite often in the VERSION number, but +usually, no new checkboxes or features appear in the Firefox Options. + +In this way, newer versions of Firefox will "just work" when using our latest Firefox AppSet. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versionsupport.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionsupport.md similarity index 84% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versionsupport.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionsupport.md index 726cd7a5c7..34119dd584 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versionsupport.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/versionsupport.md @@ -1,3 +1,9 @@ +--- +title: "AppSets: How will I know that an existing AppSet will work with the version of the application I have today (and tomorrow)?" +description: "AppSets: How will I know that an existing AppSet will work with the version of the application I have today (and tomorrow)?" +sidebar_position: 530 +--- + # AppSets: How will I know that an existing AppSet will work with the version of the application I have today (and tomorrow)? It is a fact of the software business that new application versions are constantly being released.  diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..5146a955c3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applicationissue.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/applicationissue.md similarity index 90% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/applicationissue.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/applicationissue.md index 8bac6f78d6..ef05aba4d1 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applicationissue.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/applicationissue.md @@ -1,3 +1,9 @@ +--- +title: "How do I know if Application Manager is not behaving properly versus the target application not behaving properly?" +description: "How do I know if Application Manager is not behaving properly versus the target application not behaving properly?" +sidebar_position: 80 +--- + # How do I know if Application Manager is not behaving properly versus the target application not behaving properly? 1. Are ANY settings getting delivered by Netwrix Endpoint Policy Manager (formerly PolicyPak) to the diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/appset.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/appset.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/export/appset.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/appset.md index 553ea5eea8..8d0c77d8ff 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/appset.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/appset.md @@ -1,3 +1,9 @@ +--- +title: "What are the two ways to export AppSet settings and why would I use one over the other?" +description: "What are the two ways to export AppSet settings and why would I use one over the other?" +sidebar_position: 60 +--- + # What are the two ways to export AppSet settings and why would I use one over the other? There are two ways to export AppSet settings. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/basicsteps.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/basicsteps.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/basicsteps.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/basicsteps.md index b5ececbad0..278584e689 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/basicsteps.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/basicsteps.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting Application Manager – Basic Steps BEFORE calling or emailing Tech Support" +description: "Troubleshooting Application Manager – Basic Steps BEFORE calling or emailing Tech Support" +sidebar_position: 50 +--- + # Troubleshooting Application Manager – Basic Steps BEFORE calling or emailing Tech Support Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager is a relatively simple diff --git a/docs/endpointpolicymanager/troubleshooting/error/applicationsettings/code0xc000428.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/code0xc000428.md similarity index 84% rename from docs/endpointpolicymanager/troubleshooting/error/applicationsettings/code0xc000428.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/code0xc000428.md index 71db54dff9..0c6bd38ab1 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/applicationsettings/code0xc000428.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/code0xc000428.md @@ -1,3 +1,9 @@ +--- +title: "Why does Windows Remote Assistance (MSRA) report \"PPAppLockdr64.dll is not designed to run on Windows or it contains an error\" 0xc000428 ?" +description: "Why does Windows Remote Assistance (MSRA) report \"PPAppLockdr64.dll is not designed to run on Windows or it contains an error\" 0xc000428 ?" +sidebar_position: 140 +--- + # Why does Windows Remote Assistance (MSRA) report "PPAppLockdr64.dll is not designed to run on Windows or it contains an error" 0xc000428 ? An issue can occur when running Microsoft Remote Assistance (MSRA) or the Cortex XDR Tray Process @@ -31,7 +37,7 @@ Endpoint Policy ManagerAppLock is the feature in PP App Manager which GRAYS or H Here is the Endpoint Policy Manager side workaround if you are encountering this error: -[How do I turn AppLock off or on based upon the CSE version I'm using?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/disable.md) +[How do I turn AppLock off or on based upon the CSE version I'm using?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/disable.md) **NOTE:** IIn general it is NOT recommended to stop Endpoint Policy Manager AppLock. @@ -63,4 +69,4 @@ error. Optional: FoFor Workaround 2 you can use Endpoint Policy ManagerScripts Manager to apply these settings to multiple computers/users via PowerShell, for steps please see the KB below: -[How to use Scripts Manager to workaround the "PPAppLockdr64.dll is either not designed to run on Windows or it contains an error" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903](/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftremoteassistance.md) +[How to use Scripts Manager to workaround the "PPAppLockdr64.dll is either not designed to run on Windows or it contains an error" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftremoteassistance.md) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/disable.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/disable.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/disable.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/disable.md index 1cfefe640e..c594b36fba 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/disable.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/disable.md @@ -1,3 +1,9 @@ +--- +title: "How do I turn AppLock off or on based upon the CSE version I'm using?" +description: "How do I turn AppLock off or on based upon the CSE version I'm using?" +sidebar_position: 160 +--- + # How do I turn AppLock off or on based upon the CSE version I'm using? AppLock is an aspect of Endpoint Policy Manager Application Settings Manager. @@ -14,7 +20,7 @@ UI hiding operation. You can learn more about AppLock at: -- [AppLock™ Modes](/docs/endpointpolicymanager/applicationsettings/modes/applock.md) +- [AppLock™ Modes](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/applock.md) - [The Superpowers](/docs/endpointpolicymanager/video/applicationsettings/superpowers.md) It is generally advised to turn off AppLock if you are not using this feature as it can interfere diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/forcepoint.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/forcepoint.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/forcepoint.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/forcepoint.md index f1694dd78e..01ea3fe988 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/forcepoint.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/forcepoint.md @@ -1,3 +1,9 @@ +--- +title: "When I use Forcepoint, Firefox takes 15 minutes to open. How can I fix this?" +description: "When I use Forcepoint, Firefox takes 15 minutes to open. How can I fix this?" +sidebar_position: 180 +--- + # When I use Forcepoint, Firefox takes 15 minutes to open. How can I fix this? Forcepoint has a deadlock with regard to Netwrix Endpoint Policy Manager (formerly PolicyPak). We @@ -32,4 +38,4 @@ Block all applications from performing settings re-application using ADMX This method causes a universal block to Reapply of application settings. You can try this method if the first method doesn't operate as expected. -[How do I turn off "Reapply on Launch" for all applications if asked by tech support?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunchdisable.md) +[How do I turn off "Reapply on Launch" for all applications if asked by tech support?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunchdisable.md) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/gpmc.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/gpmc.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/gpmc.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/gpmc.md index 4e1a3b517d..b71dcbf110 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/gpmc.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/gpmc.md @@ -1,3 +1,9 @@ +--- +title: "Why do I see \"Extra Registry Settings\" in Endpoint Policy Manager Application Settings Manager items in the GPMC?" +description: "Why do I see \"Extra Registry Settings\" in Endpoint Policy Manager Application Settings Manager items in the GPMC?" +sidebar_position: 210 +--- + # Why do I see "Extra Registry Settings" in Endpoint Policy Manager Application Settings Manager items in the GPMC? Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager writes a lot of diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/localmissing.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/localmissing.md similarity index 79% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/localmissing.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/localmissing.md index 46de4d2be4..126debc6f5 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/localmissing.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/localmissing.md @@ -1,3 +1,9 @@ +--- +title: "I just upgraded my management station to 785. My LOCAL AppSets are now missing. What happened?" +description: "I just upgraded my management station to 785. My LOCAL AppSets are now missing. What happened?" +sidebar_position: 20 +--- + # I just upgraded my management station to 785. My LOCAL AppSets are now missing. What happened? While Upgrading from a build prior to 785 all AppSets stored in Local Storage for Netwrix Endpoint @@ -33,7 +39,7 @@ back after the upgrade CENTRAL STORE or SHARED STORE method. **Step 3 –** -[How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?)](/docs/endpointpolicymanager/applicationsettings/centralstore.md). +[How can I use the Endpoint Policy ManagerCentral store (if I was already using the Endpoint Policy Manager Local store?)](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/generalconfiguration/centralstore.md). This issue is fixed for any upgrade FROM 785 onwards, but it's not possible to fix "retroactively" as you upgrade to 785. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftdefender.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftdefender.md new file mode 100644 index 0000000000..cf836d8e83 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftdefender.md @@ -0,0 +1,32 @@ +--- +title: "Why does Microsoft 365 Defender report suspicious encoded content in Endpoint Policy Manager Application Settings Manager values?" +description: "Why does Microsoft 365 Defender report suspicious encoded content in Endpoint Policy Manager Application Settings Manager values?" +sidebar_position: 200 +--- + +# Why does Microsoft 365 Defender report suspicious encoded content in Endpoint Policy Manager Application Settings Manager values? + +The following Netwrix Endpoint Policy Manager (formerly PolicyPak) registry value' data may be +flagged as suspicious encoded content. + +Location: + +``` +HKEY_CURRENT_USER\S-1-5-21-...\Software\Policies\PolicyPak\{26E3A6CB-3C62-47B7-960D-7662766E4C6A}\Name-of-the-AppSet\ +``` + +Value: + +``` +(XmlReport) +``` + +We have reports that it is reported under Microsoft Defender's category MITRE ATT&CK Techniques, and +suspicious activity classified as T1001:Data Obfuscation. + +The data in this reg value is in base64 encoding format and it's responsible to store information +for XML reporting purposes. Its classification as a high severity issue can be ignored. + +More information about T1001:Data Obfuscation is at this link: + +[https://attack.mitre.org/techniques/T1001/](https://attack.mitre.org/techniques/T1001/) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftremoteassistance.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftremoteassistance.md similarity index 86% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftremoteassistance.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftremoteassistance.md index a99e69d97a..4311b1ac6b 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftremoteassistance.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/microsoftremoteassistance.md @@ -1,3 +1,9 @@ +--- +title: "How to use Scripts Manager to workaround the \"PPAppLockdr64.dll is either not designed to run on Windows or it contains an error\" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903" +description: "How to use Scripts Manager to workaround the \"PPAppLockdr64.dll is either not designed to run on Windows or it contains an error\" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903" +sidebar_position: 150 +--- + # How to use Scripts Manager to workaround the "PPAppLockdr64.dll is either not designed to run on Windows or it contains an error" message when running Microsoft Remote Assistance (MSRA.exe) and the Endpoint Policy Manager CSE is installed on Windows 10 1903 ![280_1_image-20191015113622-1](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/280_1_image-20191015113622-1.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/mmc.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/mmc.md new file mode 100644 index 0000000000..aacd925dcd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/mmc.md @@ -0,0 +1,49 @@ +--- +title: "The node for Endpoint Policy Manager Application Settings Manager component is not loading in the MMC snap-in, and shows a \"The address is not valid\" message." +description: "The node for Endpoint Policy Manager Application Settings Manager component is not loading in the MMC snap-in, and shows a \"The address is not valid\" message." +sidebar_position: 220 +--- + +# The node for Endpoint Policy Manager Application Settings Manager component is not loading in the MMC snap-in, and shows a "The address is not valid" message. + +Problem: + +The Endpoint Policy Manager Application Settings Manager (ASM) node is not visible or working +properly in Group Policy Management Console (GPMC) and/or Group Policy Editor (GPEDIT). + +![1322_1_7fee40aeea669ba543a9c29a3570029a](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/1322_1_7fee40aeea669ba543a9c29a3570029a.webp) + +Cause: + +The issue appears to be an incomplete installation of the Endpoint Policy Manager Admin console +(MMC), possibly due to interference from an antivirus solution such as Carbon Black antivirus during +the installation process. Although there were no explicit indications of such during installation. + +Resolution: + +Perform and confirm the steps as outlined in the following KB: +[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md) + +If the issue persists, proceed with the following troubleshooting steps. + +Reinstallation of the Endpoint Policy Manager Admin Console (MMC) as Non-Domain Local Admin: + +**Step 1 –** Log out of the Machine and log in as the machine built-in Administrator account. + +**Step 2 –** Uninstall the previous instance of the Endpoint Policy Manager Admin Console (MMC). + +**Step 3 –** Reinstall the Endpoint Policy Manager Admin Console (MMC) using the same version as +previously installed, or a newer version if one is available. + +**Step 4 –** After reinstall, open GPMC or GPEDIT, and verify that the Application Settings Manager +(ASM) node is now visible and functioning normally. + +**Step 5 –** Now logout from the built-in administrator account and back in using a Domain Admin +user account to test and confirm that the ASM node is visible and functioning normally in GPMC. + +**Step 6 –** As a final verification step, log out of the Machine and log back in as the original +user and confirm that the ASM node remained operational in both GPEDIT and GPMC. + +The ASM node should look similar to screen shot below. + +![1322_2_d34f038d53ae47ca403950284e354cdd](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/1322_2_d34f038d53ae47ca403950284e354cdd.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/other.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/other.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/other.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/other.md index 8e3b49334e..f109486498 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/other.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/other.md @@ -1,3 +1,9 @@ +--- +title: "It appears that Endpoint Policy Manager is processing AppSet entries from another Group Policy Object. How is this possible?" +description: "It appears that Endpoint Policy Manager is processing AppSet entries from another Group Policy Object. How is this possible?" +sidebar_position: 40 +--- + # It appears that Endpoint Policy Manager is processing AppSet entries from another Group Policy Object. How is this possible? This scenario can happen if a Group Policy Object with AppSet entries is COPIED and PASTED using the diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunch.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunch.md new file mode 100644 index 0000000000..64227df79a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunch.md @@ -0,0 +1,17 @@ +--- +title: "Endpoint Policy Manager should be reapplying my settings on application launch time. Why doesn't \"reapply on launch\" work ?" +description: "Endpoint Policy Manager should be reapplying my settings on application launch time. Why doesn't \"reapply on launch\" work ?" +sidebar_position: 120 +--- + +# Endpoint Policy Manager should be reapplying my settings on application launch time. Why doesn't "reapply on launch" work ? + +Reapply on launch requires KB3033929 +([https://www.microsoft.com/en-us/download/details.aspx?id=46148)](https://www.microsoft.com/en-us/download/details.aspx?id=46148)or +Reapply on Launch (up to build 901.) 64-bit patch. 32-bit patch is found here: +[https://www.microsoft.com/en-pk/download/details.aspx?id=46078](https://www.microsoft.com/en-pk/download/details.aspx?id=46078) + +After Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE build 901, this patch is no longer +required. + +![518_1_image0011](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/518_1_image0011.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunchdisable.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunchdisable.md similarity index 75% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunchdisable.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunchdisable.md index ba72444a31..ecafcaa6be 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunchdisable.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reapplylaunchdisable.md @@ -1,3 +1,9 @@ +--- +title: "How do I turn off \"Reapply on Launch\" for all applications if asked by tech support?" +description: "How do I turn off \"Reapply on Launch\" for all applications if asked by tech support?" +sidebar_position: 170 +--- + # How do I turn off "Reapply on Launch" for all applications if asked by tech support? First, install the Netwrix Endpoint Policy Manager (formerly PolicyPak) ADMX files as seen here: diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/redirectedfolder.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/redirectedfolder.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/redirectedfolder.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/redirectedfolder.md index 4201f8a534..a94693fec1 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/redirectedfolder.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/redirectedfolder.md @@ -1,3 +1,9 @@ +--- +title: "I'm using redirected folders and get un-expected results." +description: "I'm using redirected folders and get un-expected results." +sidebar_position: 100 +--- + # I'm using redirected folders and get un-expected results. Netwrix Endpoint Policy Manager (formerly PolicyPak) always tries to do it's "work" as SYSTEM first. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/removeclientsideextension.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/removeclientsideextension.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/removeclientsideextension.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/removeclientsideextension.md index 98ff966e6b..a471c38c1c 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/removeclientsideextension.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/removeclientsideextension.md @@ -1,3 +1,9 @@ +--- +title: "Are there any caveats about removing the Endpoint Policy Manager CSE after it is deployed?" +description: "Are there any caveats about removing the Endpoint Policy Manager CSE after it is deployed?" +sidebar_position: 10 +--- + # Are there any caveats about removing the Endpoint Policy Manager CSE after it is deployed? Here are the caveats about removing the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/replication.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/replication.md similarity index 97% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/replication.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/replication.md index 7a32753a05..572d8eb72e 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/replication.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/replication.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting Group Policy Replication Problems" +description: "Troubleshooting Group Policy Replication Problems" +sidebar_position: 30 +--- + # Troubleshooting Group Policy Replication Problems First, we suggest that if your DCs are 2008 R2 or 2012, that you first apply this patch and Registry diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reports.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reports.md new file mode 100644 index 0000000000..394e34a6a0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/reports.md @@ -0,0 +1,16 @@ +--- +title: "How is Item Level Targeting handled in reports?" +description: "How is Item Level Targeting handled in reports?" +sidebar_position: 90 +--- + +# How is Item Level Targeting handled in reports? + +Endpoint Policy Manager works, evaluates and reports like the Group Policy Preferences do. + +Even if you have an ILT which evaluates to FALSE, there's no way to know that in the reporting +engine. + +So ILT always evaluates in the reporting as if it's ALWAYS true. + +This is also how Group Policy Preferences works as well, and hence, we follow the same model. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/settings.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/settings.md new file mode 100644 index 0000000000..c02947f108 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/settings.md @@ -0,0 +1,28 @@ +--- +title: "Which log file should I consult in order to troubleshoot when one or more settings are not getting applied to the Computer?" +description: "Which log file should I consult in order to troubleshoot when one or more settings are not getting applied to the Computer?" +sidebar_position: 70 +--- + +# Which log file should I consult in order to troubleshoot when one or more settings are not getting applied to the Computer? + +"Switched Mode" logs are generated when users log-on (that's one log) and when Group Policy +re-applied in the background on Computer (or `GPupdate` is run). + +Before CSE version 603 you would use the `ppComputer.log` in `programdata` to troubleshoot switched +policies. + +After CSE version 603, you should look for `ppSwitched` log files. + +If you need to troubleshoot switched mode, all switched mode log files will appear in the user's own +`%localappdata%PolicyPak` directory and start with "`ppSwitched`". There are four times a +`ppSwitched` log file might be generated or written to: + +- `ppSwitched_OnLogon.log`: For when the user has just logged on. +- `ppSwittched.log`: For when Group Policy processes in the background or for when  `GPupdate` is + run. +- `ppSwitched_ onXmlData.log`: For when directives are delivered via MSI, file or Netwrix Endpoint + Policy Manager (formerly PolicyPak) Cloud service. +- `ppSwitched_onSchedule.log`: For when directives are re-delivered using the Endpoint Policy + Manager timer mechanism (which is off by default. See the section Automatic Re-Application of + settings with the Reinforcement Timer for details on how to use the timer.) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/someapplications.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/someapplications.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/someapplications.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/someapplications.md index 21d41feb47..d13dbb150f 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/someapplications.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/someapplications.md @@ -1,3 +1,9 @@ +--- +title: "AppLock (UI lockdown) doesn't seem to work on some applications. Why?" +description: "AppLock (UI lockdown) doesn't seem to work on some applications. Why?" +sidebar_position: 110 +--- + # AppLock (UI lockdown) doesn't seem to work on some applications. Why? Netwrix Endpoint Policy Manager (formerly PolicyPak) Applock™ is the ability to gray out or remove diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/storage.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/storage.md new file mode 100644 index 0000000000..ffd8b32f00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/storage.md @@ -0,0 +1,18 @@ +--- +title: "I do not have access or ability to create the Central Store. What should the best practice to store AppSets be?" +description: "I do not have access or ability to create the Central Store. What should the best practice to store AppSets be?" +sidebar_position: 190 +--- + +# I do not have access or ability to create the Central Store. What should the best practice to store AppSets be? + +Here's the rule of thumb: + +- If YOU are Domain Administrator, and you CAN create a Central Store, you should do that. +- If YOU are NOT a Domain Admin (and therefore you CANNOT create the Central Store) then you should + use a Share Based Store instead. + +Here's a video on how to do that (using Netwrix Endpoint Policy Manager (formerly PolicyPak) +Application Manager) + +[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/symantecendpointprotection.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/symantecendpointprotection.md similarity index 98% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/symantecendpointprotection.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/symantecendpointprotection.md index 669bc8898b..90918ab44b 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/symantecendpointprotection.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/troubleshooting/symantecendpointprotection.md @@ -1,3 +1,9 @@ +--- +title: "Why does Symantec Endpoint Protection (or SEP for Small business) report that Endpoint Policy Manager is \"tampering\" ?" +description: "Why does Symantec Endpoint Protection (or SEP for Small business) report that Endpoint Policy Manager is \"tampering\" ?" +sidebar_position: 130 +--- + # Why does Symantec Endpoint Protection (or SEP for Small business) report that Endpoint Policy Manager is "tampering" ? You might see Symentec logs like what's seen below. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/_category_.json new file mode 100644 index 0000000000..a172dc0cfd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Virtualized Applications", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/applicationvirtualization.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/applicationvirtualization.md new file mode 100644 index 0000000000..eb391a4392 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/applicationvirtualization.md @@ -0,0 +1,14 @@ +--- +title: "Which application virtualization platforms are supported?" +description: "Which application virtualization platforms are supported?" +sidebar_position: 30 +--- + +# Which application virtualization platforms are supported? + +Microsoft App-V, VMware Thinapp, Citrix XenApp Streaming, Novell ZENWorks Application +Virtualization, Spoon.Net, and Symantec Workspace Virtualization are all supported with Netwrix +Endpoint Policy Manager (formerly PolicyPak). + +To see videos on these solutions watch go to Application Manager > +[Video Learning Center](/docs/endpointpolicymanager/video/index.md). diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/appvsequences.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/appvsequences.md new file mode 100644 index 0000000000..0972aec960 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/appvsequences.md @@ -0,0 +1,11 @@ +--- +title: "Do I need to do anything special to get Application Manager to deploy settings to Microsoft App-V Sequences?" +description: "Do I need to do anything special to get Application Manager to deploy settings to Microsoft App-V Sequences?" +sidebar_position: 10 +--- + +# Do I need to do anything special to get Application Manager to deploy settings to Microsoft App-V Sequences? + +No. Netwrix Endpoint Policy Manager (formerly PolicyPak) treats App-V sequences like other installed +applications. This means if you have real installed applications and also App-V applications the +transition is very smooth. diff --git a/docs/endpointpolicymanager/troubleshooting/error/applicationsettings/exception.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/exception.md similarity index 84% rename from docs/endpointpolicymanager/troubleshooting/error/applicationsettings/exception.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/exception.md index df1849812f..5e66c24b62 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/applicationsettings/exception.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/exception.md @@ -1,3 +1,9 @@ +--- +title: "A ThinApp throws an \"Exception Error\". What can I do to fix it?" +description: "A ThinApp throws an \"Exception Error\". What can I do to fix it?" +sidebar_position: 20 +--- + # A ThinApp throws an "Exception Error". What can I do to fix it? If you encounter the following error (or something like it) when launching a ThinApp packaged diff --git a/docs/endpointpolicymanager/applicationsettings/thinapp.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/thinapp.md similarity index 90% rename from docs/endpointpolicymanager/applicationsettings/thinapp.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/thinapp.md index 78b043fbde..9dd9fa3371 100644 --- a/docs/endpointpolicymanager/applicationsettings/thinapp.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/thinapp.md @@ -1,3 +1,9 @@ +--- +title: "How can I manage a version of Java inside a ThinApp package ?" +description: "How can I manage a version of Java inside a ThinApp package ?" +sidebar_position: 40 +--- + # How can I manage a version of Java inside a ThinApp package ? You can use Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager to diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp.md new file mode 100644 index 0000000000..754d0e834a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp.md @@ -0,0 +1,14 @@ +--- +title: "Are there any additional steps required to integrate Endpoint Policy Manager Software with XenAPP applications?" +description: "Are there any additional steps required to integrate Endpoint Policy Manager Software with XenAPP applications?" +sidebar_position: 50 +--- + +# Are there any additional steps required to integrate Endpoint Policy Manager Software with XenAPP applications? + +If you want to control user access or sessions, or manage applications that reside on the XenAPP +server, you only need to: + +- Ensure the XenAPP server is licensed like any other computer, and +- Apply the GPO settings to the user, or +- Apply the GPO setting to the server itself. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp_1.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp_1.md new file mode 100644 index 0000000000..fd744ab581 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/virtualizedapplicati/xenapp_1.md @@ -0,0 +1,12 @@ +--- +title: "Can Endpoint Policy Manager deliver settings for applications that are provided by XenAPP?" +description: "Can Endpoint Policy Manager deliver settings for applications that are provided by XenAPP?" +sidebar_position: 60 +--- + +# Can Endpoint Policy Manager deliver settings for applications that are provided by XenAPP? + +Yes, besides delivering application settings to real installed applications, the Netwrix Endpoint +Policy Manager (formerly PolicyPak) Application Settings Manager PAK, will also deliver them to +applications that either reside on a XenAPP server or are being streamed (virtualized) from a XenAPP +server diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/applicationvirtualiz/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/applicationvirtualiz/_category_.json new file mode 100644 index 0000000000..a5647db81e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/applicationvirtualiz/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Application Virtualization", + "position": 100, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/centralstoreandshari/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/centralstoreandshari/_category_.json new file mode 100644 index 0000000000..c15ff67e36 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/centralstoreandshari/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Central Store And Sharing", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/centralstoreandshari/trustedappsets.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/centralstoreandshari/trustedappsets.md new file mode 100644 index 0000000000..1ac249dcbf --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/centralstoreandshari/trustedappsets.md @@ -0,0 +1,19 @@ +--- +title: "Endpoint Policy Manager Application Setting Manager (Understanding Trusted AppSets)" +description: "Endpoint Policy Manager Application Setting Manager (Understanding Trusted AppSets)" +sidebar_position: 10 +--- + +# Endpoint Policy Manager Application Setting Manager (Understanding Trusted AppSets) + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager now ships signed +AppSets from Netwrix. This means that all the DLLs (AppSets) we ship are digitally signed and +unaltered and you know they came from us. Watch this video to understand how to take advantage of +this feature. + +**NOTE:** Before heading down this path please watch the backup / restore videos: + +- [Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) +- [Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/backupoptions.md) + + diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/chromeallvideos/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/chromeallvideos/_category_.json new file mode 100644 index 0000000000..7d65fe8fe4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/chromeallvideos/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Chrome All Videos", + "position": 130, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/citrixandterminalser/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/citrixandterminalser/_category_.json new file mode 100644 index 0000000000..541a4a54b3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/citrixandterminalser/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Citrix And Terminal Servers", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/designstudiohowto/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/designstudiohowto/_category_.json new file mode 100644 index 0000000000..bfa6885e8f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/designstudiohowto/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "DesignStudio How To", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/archive/designstudiojava.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/designstudiohowto/designstudiojava.md similarity index 94% rename from docs/endpointpolicymanager/archive/designstudiojava.md rename to docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/designstudiohowto/designstudiojava.md index a0fdc12c07..d5f48a1262 100644 --- a/docs/endpointpolicymanager/archive/designstudiojava.md +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/designstudiohowto/designstudiojava.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Using Endpoint Policy Manager DesignStudio to modify the Java Paks for XP" +description: "Endpoint Policy Manager Using Endpoint Policy Manager DesignStudio to modify the Java Paks for XP" +sidebar_position: 10 +--- + # Endpoint Policy Manager Using Endpoint Policy Manager DesignStudio to modify the Java Paks for XP In this video, you will see how to take our existing Java Paks, which only work on Windows 7 and diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/featurestechsupporta/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/featurestechsupporta/_category_.json new file mode 100644 index 0000000000..870d5f2273 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/featurestechsupporta/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Features Tech Support And How To", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/featurestechsupporta/proxysettings.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/featurestechsupporta/proxysettings.md new file mode 100644 index 0000000000..6a9b95a7c1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/featurestechsupporta/proxysettings.md @@ -0,0 +1,97 @@ +--- +title: "Manage different proxy settings, even when offline" +description: "Manage different proxy settings, even when offline" +sidebar_position: 10 +--- + +# Manage different proxy settings, even when offline + +Starting in build 545, you can flip / flop specific settings even when offline. For instance, see in +this video how we change Firefox's Proxy settings — even when there is no DC. You're going to love +this tip ! + + + +### PolicyPak: Manage different proxy settings, even when offline video transcript + +Hi, this is Jeremy Moskowitz, former Group Policy MVP and Founder of PolicyPak Software. In this +quick demonstration, I'm going to show you how you can use PolicyPak to when you're on a particular +IP subnet range get a particular proxy server, and when you're not on a particular IP range get a +different proxy server. + +I'm going to do this demonstration with Firefox, but it works perfectly well if you're using +PolicyPak in conjunction with Internet Explorer or other utilities that use a proxy. Let's get +started by taking a look. Here's my "Mozilla Firefox" on my target machine. If I go to "Options" +here, the "Home Page" isn't set and also the proxy server isn't set. + +What we want to say is, when I'm on a particular IP range – and this particular machine happens to +be on IP range "192.168" – so when I'm on one range, get one set of settings; when I'm on another +range, get a different set of settings. The best part is PolicyPak can dictate those settings +continuously, even when the computer is offline. I'm going to show you that as well. + +I'll call this "Firefox Proxy Demo." I'm doing this on the computer side. You could do it on user +side too, but I happen to be doing it on the computer side. Select "New/Application" and I'll pick +"PolicyPak for Mozilla Firefox." Again, this will work perfectly well for anything else that you +want. I just happen to be using Firefox. You can use the PolicyPak Pak for IEE as well. + +We'll go ahead and click here. Let's set the "Home Page" to "www.INRANGE.com." For the network +proxy, we'll also set the proxy as "www.inrangePROXY.com," and we'll make this port "81." When we're +in this IP range, we're going to get the home page being one thing and also the proxy being the +same. + +The way we're going to do this is we're going to use PolicyPak's item-level targeting. We will +"Enable item-level targeting" and then "Edit item-level targeting filters." What we're going to do +is click on "IP Address Range" and set it up accordingly – "192.168.0.0" to "192.168.255.255." When +I'm in this range, I get this set of settings. There we go. + +While we're here, let's go ahead and "Edit Description" in case we need to do some troubleshooting. +We'll call this "ILT = IN RANGE." We're just making a note for ourselves; this is the in-range entry +point. + +We'll do another one for "PolicyPak for Mozilla Firefox." This time we will call this +"www.OUTofRANGE.com." We'll do the same thing for the proxy. We'll call this "www.OUT +ofRangePROXY.com," and the port will be "55" or something weird. + +Again, you could use "No proxy." That probably makes more sense when users are roaming off of your +network. I just happened to be using manual for this demonstration, but you could use "No proxy," if +you're so inclined. + +Once again, we're going to go to "Enable item-level targeting" here under the "Options" button, and +we'll also "Edit item-level targeting filters." Actually, it's quite similar. We'll just set "IP +Address Range." Instead of the IP range being "192.168.0.0" to "192.168.255.255," we actually want +to make it when it "Is Not" that range. The first entry is when it is in range, and the second entry +is when it's not in range. Now that we've done that, we'll go ahead and "Edit Description" here. +We'll call this "ILT = OUT of RANGE." + +Alright, so we've got these two entry points. Here's the best part. Let's get the latest, greatest +Group Policy by either logging on or running "gpupdate." Now PolicyPak is special. It's different +than the in-the-box policy. It's different than the in-the-box preference. We'll maintain these +instruction sets, even when offline. + +Because of that what we get out of that it, let's go ahead and run "Mozilla Firefox" and see what +happens first. We'll go ahead and go to "Options" here, and  we'll go to "General." There we go. We +are "www.INRANGE.com." If we click on the "Network" proxy, there we go. We're using the +"www.inrangePROXY.com," just the way we expect. + +Let's do something funky, and let's actually go off the network. I'm doing this part off camera. +Here we go. I'm changing this "Network connection" to be not on the network anymore. Now I've +traveled to their home or something. + +I know when they're really at their home or some other business or something like that, they would +pick up a different IP range. I'm just setting this manually for the purposes of this demo. In real +life, of course, you wouldn't be doing this or they wouldn't have to do this. It's just for the +purposes of this demo: "255.0.0.0," "10.0.0.1" and "10.0.0.111." There we go. + +Now I've changed the IP range on this computer, and there's no way that it's going to connect to the +mother ship and get the latest, greatest policy settings. The assumption is that they just got a new +IP range and they're just going to run "Mozilla Firefox." When you do that, magic instantly occurs +with PolicyPak. When you go to the "General" tab, "www.OUTofRANGE.com," because we're no longer in +that IP range anymore. If we look at the "Network" proxy, we set it up exactly what we expected. + +This gets you an amazing superpower if you're using either Internet Explorer or Firefox in +conjunction with PolicyPak. There's really no other way to do this unless you're using PolicyPak. +This is a very common ask, so I figured I would show a demonstration of exactly how to do it. If you +have any questions on how to do this, please feel free to post your questions in the PolicyPak +forum. + +Thanks so much. Talk to you soon. diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/firefoxallvideos/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/firefoxallvideos/_category_.json new file mode 100644 index 0000000000..717d564d0c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/firefoxallvideos/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Firefox All Videos", + "position": 140, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..f402df76f1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/internetexplorerallv/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/internetexplorerallv/_category_.json new file mode 100644 index 0000000000..157719860d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/internetexplorerallv/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Internet Explorer All Videos", + "position": 120, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/javaallvideos/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/javaallvideos/_category_.json new file mode 100644 index 0000000000..eb4a11b540 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/javaallvideos/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Java All Videos", + "position": 150, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/methodscloudmdmsccmp/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/methodscloudmdmsccmp/_category_.json new file mode 100644 index 0000000000..7873d531cf --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/methodscloudmdmsccmp/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods Cloud MDM SCCM PDQ", + "position": 80, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/misctipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/misctipsandtricks/_category_.json new file mode 100644 index 0000000000..481698f635 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/misctipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Misc Tips And Tricks", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/otherapplicationsall/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/otherapplicationsall/_category_.json new file mode 100644 index 0000000000..1730e69529 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/otherapplicationsall/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Other Applications All Videos", + "position": 160, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/troubleshooting/_category_.json new file mode 100644 index 0000000000..d1ef5c80ea --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 110, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/vdi/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/vdi/_category_.json new file mode 100644 index 0000000000..d67337c145 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/vdi/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "VDI", + "position": 90, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..067314772c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/videolearningcenter.md @@ -0,0 +1,160 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Application Manager. + +## What does it do (and Why You Need It) + +- [Endpoint Policy Manager Overview Video for Managers](/docs/endpointpolicymanager/video/applicationsettings/managers.md) +- [Endpoint Policy Application Manager Overview](/docs/endpointpolicymanager/video/applicationsettings/pak.md) +- [Endpoint Policy ManagerOn-Premise QuickStart for Endpoint Policy Application Manager](/docs/endpointpolicymanager/video/applicationsettings/onpremise.md) +- [Managing Application Settings on your MDM enrolled machines](/docs/endpointpolicymanager/video/applicationsettings/mdm.md) +- [What is Endpoint Policy Application Manager (Group Policy Edition)](/docs/endpointpolicymanager/video/applicationsettings/grouppolicy.md) +- [What is Endpoint Policy Application Manager (Cloud Edition)](/docs/endpointpolicymanager/video/applicationsettings/cloud.md) + +## Getting Started + +- [Creating the Central Store for Group Policy andEndpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/centralstorecreate.md) +- [Updating Endpoint Policy Manager Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstoreupdate.md) +- [PPGP Quick Rundown: Application Manager](/docs/endpointpolicymanager/video/applicationsettings/quickrundown.md) + +## Central Store and Sharing + +- [How to manually update Paks](/docs/endpointpolicymanager/video/applicationsettings/manualupdate.md) +- [Working with Others and using the Central Store](/docs/endpointpolicymanager/video/applicationsettings/centralstorework.md) +- [Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) +- [Keeping Application Settings Manager and Paks up to date](/docs/endpointpolicymanager/video/applicationsettings/uptodate.md) +- [Understanding and fixing Endpoint Policy Manager DLL Orphans](/docs/endpointpolicymanager/video/applicationsettings/dllorphans.md) +- [Reconnecting DLLs](/docs/endpointpolicymanager/video/applicationsettings/dllreconnect.md) +- [GPOTouch Utility](/docs/endpointpolicymanager/video/applicationsettings/touchutility.md) + +## Features, Tech Support and How-To + +- [Using Item Level Targeting](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargeting.md) +- [Bypassing Internal Item Level Targeting Filters](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargetingbypass.md) +- [ACL Lockdown for Registry Based Applications](/docs/endpointpolicymanager/video/applicationsettings/acllockdown.md) +- [Re-Deploy Settings at application launch](/docs/endpointpolicymanager/video/applicationsettings/applicationlaunch.md) +- [The Superpowers](/docs/endpointpolicymanager/video/applicationsettings/superpowers.md) +- [Using Environment Variables in Paks](/docs/endpointpolicymanager/video/applicationsettings/variables.md) +- [Manage different proxy settings, even when offline](/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/featurestechsupporta/proxysettings.md) +- [Endpoint Policy Manager Application Setting Manager (Understanding Trusted AppSets)](/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/centralstoreandshari/trustedappsets.md) + +## Misc Tips and Tricks + +- [Managing IE Proxy server with Advanced settings](/docs/endpointpolicymanager/video/applicationsettings/ieproxyserver.md) +- [Wipe Privdog (and other evil certificates) off your network using Group Policy and Endpoint Policy Manager.](/docs/endpointpolicymanager/video/applicationsettings/certificatesevil.md) +- [Endpoint Policy Manager and Invincea Integration Demo](/docs/endpointpolicymanager/video/applicationsettings/invincea.md) +- [Manage Firefox Plug-ins Per Website](/docs/endpointpolicymanager/video/applicationsettings/firefoxplugins.md) +- [Chrome Revert Tips (Pre-CSE 1260)](/docs/endpointpolicymanager/video/applicationsettings/chromerevert.md) +- [Fix Chrome Revert with PP CSE 1260 or later](/docs/endpointpolicymanager/video/applicationsettings/chromerevertfix.md) +- [Transitioning to the Universal Oracle Java AppSet (7 thru 9)](/docs/endpointpolicymanager/video/applicationsettings/oraclejava.md) +- [PPAM: Convert from 2 to 4 AppSet for Firefox About:Config AppSet](/docs/endpointpolicymanager/video/applicationsettings/firefoxabout.md) +- [Deliver pre-configured Bookmarks in Chrome](/docs/endpointpolicymanager/video/applicationsettings/chromebookmarks.md) +- [Endpoint Policy Manager App Settings Manager: Finding items in big Paks](/docs/endpointpolicymanager/video/applicationsettings/paksbig.md) + +## DesignStudio How-To + +- [Creating Your First Pak using Endpoint Policy Manager Design Studio](/docs/endpointpolicymanager/video/applicationsettings/designstudio/firstpak.md) +- [Use the DesignStudio to import existing registry keys](/docs/endpointpolicymanager/video/applicationsettings/designstudio/importregistry.md) +- [Using DesignStudio to add elements from an alternate UI](/docs/endpointpolicymanager/video/applicationsettings/designstudio/addelements.md) +- [Predefined ILTs (Internal Filters)](/docs/endpointpolicymanager/video/applicationsettings/designstudio/itemleveltargeting.md) +- [Design Studio – FoxIT Printer Settings Tutorial](/docs/endpointpolicymanager/video/applicationsettings/designstudio/foxitprinter.md) +- [Manage Firefox Plug-ins using Endpoint Policy Managerand the Endpoint Policy Manager DesignStudio](/docs/endpointpolicymanager/video/applicationsettings/designstudio/firefox_plugins.md) + +## Citrix & Terminal Servers + +- [Endpoint Policy Manager and Citrix: Webster Seal of Approval](/docs/endpointpolicymanager/video/applicationsettings/citrix/sealapproval.md) +- [Endpoint Policy Manager and Citrix: Better Together.. A quick introduction!](/docs/endpointpolicymanager/video/applicationsettings/citrix/integration.md) +- [Endpoint Policy Manager on Citrix: You Gotta Try This](/docs/endpointpolicymanager/video/applicationsettings/citrix/demo.md) +- [CUGC Connect Endpoint Policy Manager + Citrix Demo You Gotta Try This!](/docs/endpointpolicymanager/video/applicationsettings/citrix/demo2.md) +- [Endpoint Policy Manager enhances XenApp with Group Policy](/docs/endpointpolicymanager/video/applicationsettings/citrix/xenapp.md) +- [Endpoint Policy Manager & Citrix XenDesktop](/docs/endpointpolicymanager/video/applicationsettings/citrix/xendesktop.md) +- [Endpoint Policy Manager and Microsoft RDS and RemoteApp – Better Together to Manage Applications' settings](/docs/endpointpolicymanager/video/applicationsettings/citrix/rds.md) + +## Methods (Cloud, MDM, SCCM, PDQ) + +- [Perform Desktop Lockdown using Microsoft Intune](/docs/endpointpolicymanager/video/applicationsettings/integration/microsoftintune.md) +- [Perform Desktop Lockdown using Microsoft SCCM and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/sccmsoftwarecenter.md) +- [Endpoint Policy Manager Integrates with Specops Deploy](/docs/endpointpolicymanager/video/applicationsettings/integration/specops.md) +- [Deploy and Manage WinZip with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeploy.md) +- [Deploy and Manage Firefox with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeployfirefox.md) + +## VDI + +- [Endpoint Policy Manager and Microsoft VDI – Better Together to Manage Applications' settings](/docs/endpointpolicymanager/video/applicationsettings/vdi/integration.md) +- [Endpoint Policy Manager and VMWare Horizon View](/docs/endpointpolicymanager/video/applicationsettings/vdi/vmware.md) +- [Endpoint Policy Manager and VMware Horizon View – Dedicated VDI](/docs/endpointpolicymanager/video/applicationsettings/vdi/dedicated.md) +- [Endpoint Policy Manager and VMware Horizon View – Local Mode VDI](/docs/endpointpolicymanager/video/applicationsettings/vdi/localmode.md) +- [Endpoint Policy Manager and VMware Horizon View with ThinApp Assigned Packages](/docs/endpointpolicymanager/video/applicationsettings/vdi/thinapp.md) +- [Endpoint Policy Manager and VMware Horizon Workspace Applications and ThinApp Entitled Packages](/docs/endpointpolicymanager/video/applicationsettings/vdi/thinappworkspace.md) + +## Application Virtualization + +- [Endpoint Policy Manager extends Group Policy to Microsoft App-V](/docs/endpointpolicymanager/video/applicationsettings/virtualization/appv.md) +- [Endpoint Policy Manager & Citrix XenApp](/docs/endpointpolicymanager/video/applicationsettings/virtualization/xenapp.md) +- [Microsoft User Experience Virtualization (UE-V) enhanced by Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/virtualization/uev.md) +- [Manage ThinApp Packages on Physical or VDI machines using Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/virtualization/thinapp.md) +- [Endpoint Policy Manager & Symantec](/docs/endpointpolicymanager/video/applicationsettings/virtualization/symantec.md) +- [Endpoint Policy Manager extends Group Policy to Spoon / Novell ZENworks App Virtualization](/docs/endpointpolicymanager/video/applicationsettings/virtualization/spoonnovell.md) + +## Troubleshooting + +- [Endpoint Policy Manager and "Chrome Incompatible apps"](/docs/endpointpolicymanager/video/troubleshooting/applicationsettings/chrome.md) + +## Internet Explorer (all videos) + +- [Getting Started Managing Internet Explorer](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/gettingstarted.md) +- [Manage IE Certificates](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/certificates.md) +- [Manage IE Connections tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/connectionstab.md) +- [Manage IE Content tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/contenttab.md) +- [Manage IE General tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/generaltab.md) +- [Manage IE Privacy tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/privacytab.md) +- [Manage IE Programs Tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/programstab.md) +- [Manage Internet Explorer Security tab](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/securitytab.md) +- [Manage Internet Explorer Settings With Endpoint Policy Manager Application Settings Manager](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/settings.md) +- [Managing Favorites in IE](/docs/endpointpolicymanager/video/applicationsettings/internetexplorer/favorites.md) + +## Chrome (all videos) + +- [Manage Google Chrome using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/video/applicationsettings/chrome/gettingstarted.md) +- [Google Chrome: Clear Browsing History, Cookies, Password, Images and more](/docs/endpointpolicymanager/video/applicationsettings/chrome/clearbrowsing.md) +- [Manage Google Chrome Bookmarks](/docs/endpointpolicymanager/video/applicationsettings/chrome/bookmarks.md) + +## Firefox (all videos) + +- [Manage Firefox using Group Policy, SCCM, or your own management tool](/docs/endpointpolicymanager/video/applicationsettings/firefox/gettingstarted.md) +- [Changing the Firefox Default Search Engine in one-click](/docs/endpointpolicymanager/video/applicationsettings/firefox/defaultsearch.md) +- [Manage Firefox Pop-Ups and Permissions using Group Policy](/docs/endpointpolicymanager/video/applicationsettings/firefox/popups.md) +- [Force Install Firefox Extensions (from URL or file).](/docs/endpointpolicymanager/video/applicationsettings/firefox/extensions.md) +- [Manage Firefox Bookmarks](/docs/endpointpolicymanager/video/applicationsettings/firefox/bookmarks.md) +- [Remove Firefox's Extra Tabs at First Launch](/docs/endpointpolicymanager/video/applicationsettings/firefox/extratabs.md) +- [Disable the following about:config, about:addons, pages, Developer Menu, and any Preferences in one click](/docs/endpointpolicymanager/video/applicationsettings/firefox/disable.md) +- [Firefox Remove Specific Elements from about:preferences panel](/docs/endpointpolicymanager/video/applicationsettings/firefox/removeelements.md) +- [Manage Firefox Misc Settings and Buttons Using Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/firefox/miscsettings.md) +- [Manage Firefox Certificates](/docs/endpointpolicymanager/video/applicationsettings/firefox/certificates.md) +- [Change Firefox application handler (like PDF) to Adobe Reader](/docs/endpointpolicymanager/video/applicationsettings/firefox/adobe.md) +- [Manage Firefox Add-ons using Group Policy](/docs/endpointpolicymanager/video/applicationsettings/firefox/addons.md) +- [How to Add and Remove Bookmarks folders from the Firefox menu and toolbar](/docs/endpointpolicymanager/video/applicationsettings/firefox/bookmarksmodify.md) + +## Java (all videos) + +- [How to quickly disable Java, everywhere (in an emergency)](/docs/endpointpolicymanager/video/applicationsettings/java/disable.md) +- [Manage and Lock down Java Site List Exceptions](/docs/endpointpolicymanager/video/applicationsettings/java/lockdown.md) +- [Manage Java JRE Control Panel applet with Group Policy](/docs/endpointpolicymanager/video/applicationsettings/java/jre.md) +- [How to Manage the security slider in Java](/docs/endpointpolicymanager/video/applicationsettings/java/securityslider.md) + +## Other applications (all videos) + +- [Netwrix Endpoint Policy Manager can manage Netwrix Password Secure](/docs/endpointpolicymanager/video/applicationsettings/passwordsecure.md) +- [Managing Teams Settings](/docs/endpointpolicymanager/video/applicationsettings/teams.md) +- [Endpoint Policy Manager for Adobe Acrobat](/docs/endpointpolicymanager/video/applicationsettings/acrobat.md) +- [Endpoint Policy Manager for Adobe Flash Player](/docs/endpointpolicymanager/video/applicationsettings/flashplayer.md) +- [Endpoint Policy Manager for IrfanView](/docs/endpointpolicymanager/video/applicationsettings/irfanview.md) +- [Endpoint Policy Manager for Microsoft Office 2013 and 2016](/docs/endpointpolicymanager/video/applicationsettings/office.md) +- [Endpoint Policy Manager for Microsoft Skype for Business (formerly Lync)](/docs/endpointpolicymanager/video/applicationsettings/skype.md) +- [Endpoint Policy Manager for Thunderbird](/docs/endpointpolicymanager/video/applicationsettings/thunderbird.md) diff --git a/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/whatdoesitdoandwhyyo/_category_.json b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/whatdoesitdoandwhyyo/_category_.json new file mode 100644 index 0000000000..64ad683e0f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/whatdoesitdoandwhyyo/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "What Does It Do And Why You Need It", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/archive/_category_.json b/docs/endpointpolicymanager/knowledgebase/archive/_category_.json new file mode 100644 index 0000000000..c508f90948 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/archive/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Archive", + "position": 220, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/archive/acrobatxpro.md b/docs/endpointpolicymanager/knowledgebase/archive/acrobatxpro.md similarity index 97% rename from docs/endpointpolicymanager/archive/acrobatxpro.md rename to docs/endpointpolicymanager/knowledgebase/archive/acrobatxpro.md index 09a5ce403f..697087c707 100644 --- a/docs/endpointpolicymanager/archive/acrobatxpro.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/acrobatxpro.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Manage Acrobat X Pro Using Group Policy" +description: "Endpoint Policy Manager: Manage Acrobat X Pro Using Group Policy" +sidebar_position: 210 +--- + # Endpoint Policy Manager: Manage Acrobat X Pro Using Group Policy Acrobat X Pro was this security function called "Protected Mode" but it is not enabled by default. diff --git a/docs/endpointpolicymanager/archive/admxfiles.md b/docs/endpointpolicymanager/knowledgebase/archive/admxfiles.md similarity index 98% rename from docs/endpointpolicymanager/archive/admxfiles.md rename to docs/endpointpolicymanager/knowledgebase/archive/admxfiles.md index ad6f55085d..72cd3f59a2 100644 --- a/docs/endpointpolicymanager/archive/admxfiles.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/admxfiles.md @@ -1,3 +1,9 @@ +--- +title: "ADM/X Files – why they cannot prevent user shenanigans" +description: "ADM/X Files – why they cannot prevent user shenanigans" +sidebar_position: 10 +--- + # ADM/X Files – why they cannot prevent user shenanigans ADM and ADMX files seem like they would work, but that is not always the case. In this video, former diff --git a/docs/endpointpolicymanager/knowledgebase/archive/applock.md b/docs/endpointpolicymanager/knowledgebase/archive/applock.md new file mode 100644 index 0000000000..652feea3a7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/archive/applock.md @@ -0,0 +1,50 @@ +--- +title: "Endpoint Policy Manager 3.5 Applock Update Behavior Change" +description: "Endpoint Policy Manager 3.5 Applock Update Behavior Change" +sidebar_position: 250 +--- + +# Endpoint Policy Manager 3.5 Applock Update Behavior Change + +Prior to Netwrix Endpoint Policy Manager (formerly PolicyPak) 3.5, it was necessaryto forcefully +display previous AppLock (TM) elements. In this video you can see how to quickly and easily restore +the element within the GPO. + +### PolicyPak 3.5 Applock Update Behavior Change video transcript + +Hi, everyone. This is Jeremy Moskowitz. In this quick video, I'm going to show you a small behavior +change between PolicyPak 3.0 and 3.5. + +Here in this example of WinZip, you can see I've disabled this particular entry, and here I've also +hidden a particular entry. Let's go to the actual definition in the Group Policy Object and see what +I'm talking about here. This is inside the Group Policy Object itself. Here you can see that I've +right clicked and selected "Hide corresponding control in target application"for this guy and I've +right clicked over and selected "Disable corresponding control in target application"for this guy. + +Prior to PolicyPak 3.5, the behavior would be if you were to uncheck "Hide corresponding control in +target application" for this guy and also to uncheck "Disable corresponding control in target +application" for this guy, unfortunately those things would stick around. + +The rationale would be we wanted you to specifically "Force display of this control in target +application" if you wanted to return it, but we've got some feedback that said that's not what +people wanted. So we've removed that behavior and now updated it so that a simple uncheck of the +"Hide corresponding control in target application" or "Disable corresponding control in target +application" will re-reveal, thus removing the lockout mechanism. + +Now that I've unselected the checkmark on either of these guys so this one is no longer hidden and +this one is no longer disabled, let's go ahead and click "OK." I don't have to forcefully ensure +that's going to view. I'm just going to go over to my target machine again, run "gpupdate" and get +the latest setting here. + +Now that that's done, we'll go ahead and run "WinZip," go to "Options/Configuration…," go over to +"Passwords" and there we go. Very quickly and easily you can now specifically simply in the Group +Policy Object un-unlock the thing you want. Just uncheck the checkbox of the lockout mechanism that +you don't want anymore, and it will immediately take effect on the next Group Policy refresh. + +That is a behavior change that you should be aware of. You no longer are required to manually +specify for a particular setting that you would want to, for instance, "Force display of this +control in target application." We have removed that requirement. + +I hope that helps you out. We're here for you if you need us. + +Thanks so much. diff --git a/docs/endpointpolicymanager/archive/autoupdater.md b/docs/endpointpolicymanager/knowledgebase/archive/autoupdater.md similarity index 94% rename from docs/endpointpolicymanager/archive/autoupdater.md rename to docs/endpointpolicymanager/knowledgebase/archive/autoupdater.md index 04e7ebb1c5..6f4f6d6bb2 100644 --- a/docs/endpointpolicymanager/archive/autoupdater.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/autoupdater.md @@ -1,3 +1,9 @@ +--- +title: "The CSE auto-updater feature appears to not be working. What can I do?" +description: "The CSE auto-updater feature appears to not be working. What can I do?" +sidebar_position: 270 +--- + # The CSE auto-updater feature appears to not be working. What can I do? The auto-update feature is described in Appendix A of the Netwrix Endpoint Policy Manager (formerly diff --git a/docs/endpointpolicymanager/knowledgebase/archive/cloud.md b/docs/endpointpolicymanager/knowledgebase/archive/cloud.md new file mode 100644 index 0000000000..05afcf301d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/archive/cloud.md @@ -0,0 +1,231 @@ +--- +title: "Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud" +description: "Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud" +sidebar_position: 60 +--- + +# Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud + +Microsoft MVP Jeremy Moskowitz and Shane from Admin Arsenal show how you can deploy group policy +settings to domain joined or non-domain joined machines through the cloud with Netwrix Endpoint +Policy Manager (formerly PolicyPak) Cloud + +### Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud + +Shane: Hey everybody. I'm Shane from Admin Arsenal. This is Jeremy Moskowitz. He's a Microsoft MVP +for GP Answers and PolicyPak. + +Jeremy: That's right. + +Shane: What are we going to do right now buddy? + +Jeremy: Would you find it interesting if you could deploy real, no kidding around group policy +settings, pretty much all of them to domain joined or non-domain machines – wait for it – through +the cloud? + +Shane: Through the cloud. Okay, so, A. you had me at non-domain join. + +Jeremy: Yep. + +Shane: That's fantastic. + +Jeremy: Yep. + +Shane:And then those that aren't even on my environment here? + +Jeremy: Yep. + +Shane: Okay. So, obviously we have to get something out to them. + +Jeremy: "Correct. + +Shane:Alright. + +Jeremy: So, let's set the stage first. So, before we even do the thing that we gotta get over to +them, let's go over and take a look at PolicyPak cloud. + +Shane: Okay. + +Jeremy: Let's do a quick run through here. + +Shane: Sweet. + +Jeremy: The idea is that we got these ideas called "built-in groups" and "company groups". Built- in +groups – the first one is called "all" and all we've done is we've got a shortcut item on the +desktop as soon as you join PolicyPak Cloud you're instance, of course. I wouldn't expect everybody +else to have the same shortcut. + +Shane: Sure. + +Jeremy: And then what we'll do is we'll create some other directives, get them into PolicyPak Cloud +and watch the endpoint pick up these directives in PolicyPak Cloud, but you're on the right track. + +Shane: Alright. + +Jeremy: We've got to get something over to them and that's the cloud client which will join +PolicyPak Cloud. + +Shane: Okay. + +Jeremy: And that's what you're going to do so I'll let you. + +Shane: So, right now this user or this computer is computer 3.. + +Jeremy: Yep. + +Shane: Alright. + +Jeremy:Is it domain joined or not domain joined? + +Shane: It's not domain joined. + +Jeremy:That's right. + +Shane: But it is currently here on – + +Jeremy:On site. + +Shane: Yeah. + +Jeremy:Yeah. + +Shane: Because I can't deploy my stuff out there so – + +Jeremy: Nope. Nope. + +Shane: You said it's in PP, right? + +Jeremy: Yep. + +Shane: There we go. This is the 32 bit computer so I guess we're going to use the cloud client. + +Jeremy: Yeah. And notice how it's coded for your company name. So, each customer that we have will +have their own MSI that's unique to them so their computers will join their instance of PolicyPak +Cloud. + +Shane: PolicyPak Cloud. Okay, so I just did a right click and said "Install this." + +Jeremy: Yep. + +Shane: And this is the 32 bit version? + +Jeremy: Yep. Yep. + +Shane: Let's do this first. Obviously, create a second step for your 64 bit. + +Jeremy: Right. + +Shane: Alright, now since this is not – I usually deploy using credentials for – I'm just going to +type in computer 3 once I get into non-domain. Now, I can't use my domain credentials. + +Jeremy: Right. + +Shane: So, I have set up the local admin account for this computer. + +Jeremy: Great. + +Shane: That's what I'm going to deploy as. + +Jeremy: Yep. So, you're going through the local admin and getting them some software. + +Shane: Correct. + +Jeremy: And that software is our software. + +Shane: Mm-hmm. + +Jeremy: And if all goes perfectly well, what's going to happen is that the cloud client is going to +install on the endpoint. It's going to automatically, silently make contact to PolicyPak cloud and +we have exactly one directive and that directive right now is to put the PolicyPak icon, just +something to demo, on the desktop. + +Shane: Yeah. + +Jeremy: And so we'll wait for that to occur. + +Shane: And so once it's installed it automatically opens or do I have to open it or log in or +anything like that? + +Jeremy:Nope. As soon as PolicyPak Cloud is installed it'll join your instance and download your +directives.. + +Shane: How is this different from the CSE? + +Jeremy:So, the cloud client is the first thing. It makes contact and joins PolicyPak cloud and auto +downloads the client side extension. So, we keep that up to date for you. + +Shane: Okay, great. + +Jeremy:Oh, look at that. That was it. It already happened. That was it. So, now if you take a look +at, say, control panel here just to prove we're not pulling a fast one on anybody. If we go to +programs, uninstall programs just to see what's here, look what happened. You installed the cloud +client and then it made contact and downloaded and got the shortcut icon. + +Shane: So, this is a way you can enforce settings even for computers I've got travelling salesmen or +something like that that are always out on the road and they get to a Hilton, they open up and you +can still enforce. + +Jeremy:Yep. Yep. Yeah. So, for instance let's just do something very simple. Let's say you want to +guarantee that they can't get into the control panel or some security directive or anything like +that. Let's just do something simple. So, let's go into the group policy editor. We'll create a +group policy object. It doesn't matter if it's live. For instance, a lot of our cloud customers, +they don't even have a real domain anymore. They just have a vm that is a pretend domain controller. +So, it doesn't matter what it's called. It's not being linked anywhere. We'll just create group +policy object. Click at it. So, go ahead and we'll click on the PolicyPak node. + +Shane: Alright.. + +Jeremy:You know that there's a lot of different things that PolicyPak can do. For instance, you saw +that we've got videos on Firefox, Flash and Java. You can just right click any of those directives; +export and boom get them to PolicyPak Cloud. + +Shane: Wow. + +Jeremy:So, what we're going to do is not do that. We're going to do admin template manager. Okay. +And instead we're just going to create a new policy here and this is the same basic interface that +you've already seen under user side policy's admin template manager. You already know how to do +this. So, go to admin templates, control panel, prohibit access to the control panel and enable it. +Now, again, this is real GPO. We don't want a real GPO. What we want to do is right click and export +to XML and we'll put this on the desktop and we'll call this "No control panel for you." Okay. + +Shane: Got it. + +Jeremy:Alright. And then what we'll do now that it's on the desktop, we'll go back to PolicyPak +Cloud and we'll just do it for all. For all of our computers in PolicyPak Cloud we'll upload and +link a new XML here. We'll go ahead and browse for that file we just put on the desktop called "No +control panel for you." We'll put a description. Oh, it already does it for you and we'll just say +"No CPL for you." We'll click add and it's linked over to the all group. Now, if you had a lot of +different groups, a lot of different computers, for instance you had roaming sales, roaming +marketing, whatever, you could move computers into groups and get different policy settings for +different groups for different circumstances. + +Shane: That's fantastic. + +Jeremy:To kinda accelerate things we're not going to do that. And all we're going to do here is +we're going to run ppcloud/sync. Okay. And this is going to connect to PolicyPak Cloud. And you can +see we got the "No CPL for you" policy and if all goes perfectly well we'll just go ahead and close +this. Right click, go to control panel, personalize this control panel and no control panel. By the +way, there's a bug when you do a no control panel. It's an actual Windows bug. Check this out. +That's been there forever. That's literally been there for like ten years. I just love that bug. + +And so there's no control panel icon here and we really are doing no kidding around, pretty much +every group policy setting, every group policy preference setting and every group policy security +setting through the cloud by just creating a GPO, exporting the segment you want, uploading it to +PolicyPak Cloud and waiting. + +Shane: Wow. + +Jeremy:And we'll get all of those settings to all of your roaming computers, domain joined or not. + +Shane: That does not suck. + +Jeremy:Yep. We live to serve. We love this feature. It's great for MSP's and great for on premise +and roaming people. + +Shane: That's fantastic. Hey, +[https://dev.endpointpolicymanager.com/resources/thank-you-whitepapers/](https://dev.endpointpolicymanager.com/resources/thank-you-whitepapers/) +Jeremy. + +Jeremy:Thank you man. Appreciate it. + +Shane: Alright. Rock on everybody. Thanks. diff --git a/docs/endpointpolicymanager/archive/designstudiofirefox.md b/docs/endpointpolicymanager/knowledgebase/archive/designstudiofirefox.md similarity index 96% rename from docs/endpointpolicymanager/archive/designstudiofirefox.md rename to docs/endpointpolicymanager/knowledgebase/archive/designstudiofirefox.md index 1d4f8ccf22..64a83a0c81 100644 --- a/docs/endpointpolicymanager/archive/designstudiofirefox.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/designstudiofirefox.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Use the DesignStudio to manage FireFox's about:config settings" +description: "Endpoint Policy Manager: Use the DesignStudio to manage FireFox's about:config settings" +sidebar_position: 50 +--- + # Endpoint Policy Manager: Use the DesignStudio to manage FireFox's about:config settings Firefox is easy to manage using Netwrix Endpoint Policy Manager (formerly PolicyPak). Here is the diff --git a/docs/endpointpolicymanager/archive/differentusers.md b/docs/endpointpolicymanager/knowledgebase/archive/differentusers.md similarity index 96% rename from docs/endpointpolicymanager/archive/differentusers.md rename to docs/endpointpolicymanager/knowledgebase/archive/differentusers.md index 3ed4897ddc..83cd4ca4c7 100644 --- a/docs/endpointpolicymanager/archive/differentusers.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/differentusers.md @@ -1,3 +1,9 @@ +--- +title: "Manage Different Users In The Same OU (And Reduce Number of GPOs) With Endpoint Policy Manager" +description: "Manage Different Users In The Same OU (And Reduce Number of GPOs) With Endpoint Policy Manager" +sidebar_position: 20 +--- + # Manage Different Users In The Same OU (And Reduce Number of GPOs) With Endpoint Policy Manager Microsoft MVP Jeremy Moskowitz and Shane from Admin Arsenal demonstrate how it is possible to manage diff --git a/docs/endpointpolicymanager/archive/gotomeeting.md b/docs/endpointpolicymanager/knowledgebase/archive/gotomeeting.md similarity index 95% rename from docs/endpointpolicymanager/archive/gotomeeting.md rename to docs/endpointpolicymanager/knowledgebase/archive/gotomeeting.md index 3020b5779e..4af4b5ed75 100644 --- a/docs/endpointpolicymanager/archive/gotomeeting.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/gotomeeting.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Manage GoToMeeting using Group Policy, SCCM or your own management utility" +description: "Endpoint Policy Manager: Manage GoToMeeting using Group Policy, SCCM or your own management utility" +sidebar_position: 100 +--- + # Endpoint Policy Manager: Manage GoToMeeting using Group Policy, SCCM or your own management utility Using Netwrix Endpoint Policy Manager (formerly PolicyPak) the sales team can deliver, enforce, and diff --git a/docs/endpointpolicymanager/archive/ie10.md b/docs/endpointpolicymanager/knowledgebase/archive/ie10.md similarity index 97% rename from docs/endpointpolicymanager/archive/ie10.md rename to docs/endpointpolicymanager/knowledgebase/archive/ie10.md index dac7f9702d..e02b5d565c 100644 --- a/docs/endpointpolicymanager/archive/ie10.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/ie10.md @@ -1,3 +1,9 @@ +--- +title: "Internet Explorer 10 and Internet Explorer Maintenance – the whole story" +description: "Internet Explorer 10 and Internet Explorer Maintenance – the whole story" +sidebar_position: 190 +--- + # Internet Explorer 10 and Internet Explorer Maintenance – the whole story If you install Internet Explorer 10 on Windows 7 (or Windows 8) machine you lose the ability to diff --git a/docs/endpointpolicymanager/archive/ie9.md b/docs/endpointpolicymanager/knowledgebase/archive/ie9.md similarity index 97% rename from docs/endpointpolicymanager/archive/ie9.md rename to docs/endpointpolicymanager/knowledgebase/archive/ie9.md index 6989d79237..a2e5805073 100644 --- a/docs/endpointpolicymanager/archive/ie9.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/ie9.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Manage Internet Explorer (IE9) Using Group Policy" +description: "Endpoint Policy Manager: Manage Internet Explorer (IE9) Using Group Policy" +sidebar_position: 220 +--- + # Endpoint Policy Manager: Manage Internet Explorer (IE9) Using Group Policy Internet Explorer's many settings, and users' tendency to want to tweak then to their taste, can be diff --git a/docs/endpointpolicymanager/archive/infranview.md b/docs/endpointpolicymanager/knowledgebase/archive/infranview.md similarity index 95% rename from docs/endpointpolicymanager/archive/infranview.md rename to docs/endpointpolicymanager/knowledgebase/archive/infranview.md index d26ef077ad..12997bda1b 100644 --- a/docs/endpointpolicymanager/archive/infranview.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/infranview.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Manage InfranView using Group Policy, SCCM or your own management utility" +description: "Endpoint Policy Manager: Manage InfranView using Group Policy, SCCM or your own management utility" +sidebar_position: 80 +--- + # Endpoint Policy Manager: Manage InfranView using Group Policy, SCCM or your own management utility Applications like IrfanView let you manage and view images on your computer. However, when users are diff --git a/docs/endpointpolicymanager/archive/itemleveltartgeting.md b/docs/endpointpolicymanager/knowledgebase/archive/itemleveltartgeting.md similarity index 95% rename from docs/endpointpolicymanager/archive/itemleveltartgeting.md rename to docs/endpointpolicymanager/knowledgebase/archive/itemleveltartgeting.md index 60a2cc3b1c..579eabb3fe 100644 --- a/docs/endpointpolicymanager/archive/itemleveltartgeting.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/itemleveltartgeting.md @@ -1,3 +1,9 @@ +--- +title: "Group Policy Preferences: Item Level Targeting" +description: "Group Policy Preferences: Item Level Targeting" +sidebar_position: 280 +--- + # Group Policy Preferences: Item Level Targeting Learn how to use **Group Policy Preferences** diff --git a/docs/endpointpolicymanager/knowledgebase/archive/java.md b/docs/endpointpolicymanager/knowledgebase/archive/java.md new file mode 100644 index 0000000000..6e62478c81 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/archive/java.md @@ -0,0 +1,162 @@ +--- +title: "Endpoint Policy Manager: Manage Java 7u45 using Group Policy" +description: "Endpoint Policy Manager: Manage Java 7u45 using Group Policy" +sidebar_position: 140 +--- + +# Endpoint Policy Manager: Manage Java 7u45 using Group Policy + +Here is an update for Java 7 u 45. Learn how Netwrix Endpoint Policy Manager (formerly PolicyPak) +can manage major settings in Java very quickly. + +### PolicyPak: Manage Java 7 u 45 using Group Policy Video Transcript + +Hi. This is Jeremy Moskowitz, Microsoft MVP, Enterprise Mobility and Founder of PolicyPak Software. +In this video, I'm going to show you the overhaul that we did for the latest Java Pak here. This is +for Java 7, Update 45 – also known as J7u45. + +The first thing I want to show you here – obviously you can just see here's the about – this is the +target machine. So this is the end user's machine here. You can see there's an "Update" tab, and you +almost certainly want to make Java stop updating so you can make it work so you can deliver your own +updates on your schedule and not have users get popups and such like that. + +We can also do things like actually turn Java on and off entirely if you're so inclined. We can also +set the sliders in here, and we can also manipulate pretty much all the "Advanced" items that are +here. + +I'm going to go over a handful of things that some people want to do in our examples here. Let's go +ahead and get started. Over here on my Management Station here, the first thing I want to note to +you is that for Java, the Java settings can be deployed either per user or per system. If you want +to do it per system, you get a special bonus which is you can do UI lockout. + +For these examples for my "East Sales Desktops," I'm going to "Create a GPO in this domain, and Link +it here…" and call it "Manage Java 7u45 with PolicyPak." The first thing to note is that you'll see +that it's not available because I haven't put in the latest, greatest PolicyPak settings. + +What you do see here is "PolicyPak for Java Control Panel Version 8 (Windows 7)," which is actually +a future version. They have a prerelease version. We have a Pak for that as well. What I'm going to +show you is the Pak we have for the current version: J7u45. + +If we go to our "PreConfigured PolicyPaks Production" – this is part of the download – what you'll +do is you're going to look for is "Oracle Java for Windows 7 Version 7 45." That's what you're after +here. Here are the files there. + +What you then need to do is get them into your PolicyPak system. For those familiar with it, we're +going to use the Central Store. All you do is copy one file, which is the DLL, right there ("Copy +here") and you're ready to go. With that in mind, let's go back to our Group Policy Object, click +"New/Application" and there it is: "PolicyPak for Java Control Panel 7u45 (Windows 7 and later)." + +Now, what I want to show you is that it looks a little bit differently because Java updated their +world a little bit differently. If we go back to the target machine, what I want to show you here is +you can see here's "Advanced" and there's a whole lot of stuff here. + +What we try to do in this Pak is try to make it pretty similar. If you go to "Adv/Adv1," you'll see +most of those first settings there. Go to "Adv/Adv2," you'll see most of those settings there. You +want to go to the "Adv/Secure Execution Environment" here, there are all those settings there and +also "Adv/Adv Sec." They are all here. + +There are also some settings that have been retired, and I put them here in "Retired Settings in +u45" in case you need them. Technically the latest version of Java won't honor these settings, but +they're here anyway. + +Let's take a look and try to do some things out of the gate. First thing, let's get rid of +"Updates." First and foremost where it says "Check for updates and notify me before installing," we +want to specifically "Never check for updates, never check for updates automatically." When we +select it in PolicyPak, it underlines and therefore it will be delivered. That's the first thing +that we want to do. + +The second thing we want to do, let's take a look inside Java. I got the memo here that a lot of +people want to change these settings: "Perform certificate revocation checks on" "Publisher's +certificate only" and also "Check for certificate revocation using" "Certificate Revocation Lists +(CRLs)." You can see the defaults here, and we're going to deliver those using PolicyPak. + +Let's go ahead and do that now. That is going to live under "Adv/Cert Rev Checks." We want to +deliver "Publisher's certificate only" and "Certificate Revocation Lists (CRLs)." Let's just start +right there and see that those settings are deployed. + +We'll go ahead and click "OK" and go over here. Our machine is in the right OU to pick these up. It +doesn't matter what user we're logged in as because PolicyPak will pick up the directive because +we're deploying this on the computer side. Let's just see that these directives took hold before we +continue onward. + +OK, let's go ahead and rerun "Java" here. The first thing, you can see the "Updates" tab is +completely gone. Now you know that Java is not going to be prompting users for auto-updates. If you +don't see the tab, you know you've done that part right. + +If we go to "Advanced here," we can go down to those two things that we delivered: "Perform +certificate revocation checks on." PolicyPak has delivered the right setting for each of those guys. + +Let's pretend to be naughty and work around the settings there. In fact, you can see these settings +are related. If you do something like this, which is naughty and which you don't want the users to +do, the next time "Java" is run PolicyPak is always working and will automatically redeliver those +settings. I didn't have to do anything. PolicyPak is just always working for you. + +I'll show you again just to show you one more time. The user is being naughty doing this naughty +thing they shouldn't do changing it to something like that. The next time "Java" runs or Group +Policy reapplies, it puts it right back. That's the first piece. + +The second thing that I wanted to demonstrate is the ability to deploy UI lockdown for not all but +many of the settings here in the "Advanced" tab here. Let me go ahead and do that. What I'll do is +I'll go back to my configuration, and I'll just pick a couple of things to just get started on here. + +For instance, if I wanted to go to "Adv/Adv 1" just to pick a couple to hang our hats on, let's say +I wanted to enable "Debugging" and I wanted to lockdown these settings down, you check on the +checkbox or the radio button and right click and "Lockdown this setting using the system-wide config +file." I'll do that for two of those three settings. + +Another popular setting is here in "Adv/Adv Sec": "Use certificates in keys and browser keystore." +If you want to guarantee that setting is in fact checked, you can check it, underline it and +"Lockdown this setting using the system-wide config file." I'll do that and also do "Use SSL 3.0." + +That's it for now. I'll go ahead and click those guys, click back over here and run "gpupdate" and +let's see that the effects took hold. We'll go ahead and click on "Java" here and click on advanced. +You can see we've delivered them, and we've locked down those settings here. If we go down, there we +go. We've delivered "Use certificates and keys in browser keystore" and "Use SSL 3.0," and they're +locked out and users can't work around it. + +Again, most – not all – of the settings are available for system-wide lockout as I've described. If +you need more information on which ones are and which ones aren't, just read the Read Me file. +Hopefully, this gives you some idea of how to use it. + +If you want, you can sign off now. This is the "how to use it." If you're interested in what's going +on underneath the hood in this video here, I'm going to continue onward here. In order to do that, +I'm going to run the PolicyPak Design Studio. Some people may be interested in understanding one key +element here, which is the restrictions. How do we know this is always going to work only on, say, +Windows 7 and later for a particular Java. + +What I'm going to do is "Load a project from XMIL file" here. Again, you have access to all these as +well. We'll go to the download. We'll go to "Oracle Java for Windows 7 Version 7 45" and open it up. + +We have this idea inside the project of this thing called internal or "Predefined Item-Level +Targeting" filters. What I'm doing is I'm specifying that this will only fire off when the right +version of Java is there. This version of Java is 45, so it really expands to version "7.0.450.0" +and who knows what the next version will be. I've tied down the project specifically here with +internal item-level targeting filters so that it must match the right version of Java or the +settings don't get applied. + +What's that I hear you crying? You don't like that? You want to try to make these settings work +regardless? You're welcome to clear out the filters, recompile the Pak and it will work that way. +Again, this is somewhat on a technical side. This gets into the Pak about why the Pak will deliver +settings expressly and only to Java 7u45. + +If you take a look at the older Paks, the ones that are before this one just to go a little earlier, +it should really say version 7 40 and earlier. First of all, the Pak looks a lot different. For this +latest version, we've made it look a lot more closely. But underneath the hood, the predefined +conditions just checked that the operating system is Windows 7. + +I'm telling you this so that many of the settings in the old Pak will work perfectly going forward, +but this time we made a decision to specify with internal or "Predefined Item-Level Targeting" +filters for the latest Pak, the 45 Pak, to only apply when the machine actually has that version of +Java and not any sooner. + +I hope that gives you some idea of what's going on underneath the hood and gives you some ammunition +to get started. Sorry for the extra-long video here, but Java is one of those things that people +really, really want to see and understand, and I thought it might be worth going through a little +bit of extra time and effort going through that. + +Thanks so very much. If you have any questions about any of our preconfigured Paks – about how they +work, why, what's going on – the first place to get started is the community forum. Please post your +"how do I" questions, especially about preconfigured Paks, to the community forum and we will answer +them, and the answers we provide there will help everybody. + +Thanks so very much, and we'll talk to you soon. diff --git a/docs/endpointpolicymanager/archive/massdeploy.md b/docs/endpointpolicymanager/knowledgebase/archive/massdeploy.md similarity index 98% rename from docs/endpointpolicymanager/archive/massdeploy.md rename to docs/endpointpolicymanager/knowledgebase/archive/massdeploy.md index 6bf0090423..986a871510 100644 --- a/docs/endpointpolicymanager/archive/massdeploy.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/massdeploy.md @@ -1,3 +1,9 @@ +--- +title: "Mass Deploy the Endpoint Policy Manager CSE using GPSI" +description: "Mass Deploy the Endpoint Policy Manager CSE using GPSI" +sidebar_position: 30 +--- + # Mass Deploy the Endpoint Policy Manager CSE using GPSI You have tested out Netwrix Endpoint Policy Manager (formerly PolicyPak) on one machine, and it is diff --git a/docs/endpointpolicymanager/archive/modenuke.md b/docs/endpointpolicymanager/knowledgebase/archive/modenuke.md similarity index 98% rename from docs/endpointpolicymanager/archive/modenuke.md rename to docs/endpointpolicymanager/knowledgebase/archive/modenuke.md index 769c9390ec..a9402ec7ce 100644 --- a/docs/endpointpolicymanager/archive/modenuke.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/modenuke.md @@ -1,3 +1,9 @@ +--- +title: "Nuke mode, and why users can avoid your GPprefs settings" +description: "Nuke mode, and why users can avoid your GPprefs settings" +sidebar_position: 200 +--- + # Nuke mode, and why users can avoid your GPprefs settings GPPreferences does a great job with drive maps, shortcuts and printers. But when it comes to diff --git a/docs/endpointpolicymanager/archive/office2013.md b/docs/endpointpolicymanager/knowledgebase/archive/office2013.md similarity index 98% rename from docs/endpointpolicymanager/archive/office2013.md rename to docs/endpointpolicymanager/knowledgebase/archive/office2013.md index af1368b136..af97f5be76 100644 --- a/docs/endpointpolicymanager/archive/office2013.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/office2013.md @@ -1,3 +1,9 @@ +--- +title: "Lockdown Microsoft Office Suite 2013" +description: "Lockdown Microsoft Office Suite 2013" +sidebar_position: 160 +--- + # Lockdown Microsoft Office Suite 2013 We enforce the optimum setting values that you, the administrator, want to have. Netwrix Endpoint diff --git a/docs/endpointpolicymanager/archive/operanext.md b/docs/endpointpolicymanager/knowledgebase/archive/operanext.md similarity index 94% rename from docs/endpointpolicymanager/archive/operanext.md rename to docs/endpointpolicymanager/knowledgebase/archive/operanext.md index 03ced18a69..d2a6d24948 100644 --- a/docs/endpointpolicymanager/archive/operanext.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/operanext.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Manage Opera Next using Group Policy, SCCM or your own management utility" +description: "Endpoint Policy Manager: Manage Opera Next using Group Policy, SCCM or your own management utility" +sidebar_position: 90 +--- + # Endpoint Policy Manager: Manage Opera Next using Group Policy, SCCM or your own management utility Netwrix Endpoint Policy Manager (formerly PolicyPak): Manage Opera using Group Policy, SCCM or your diff --git a/docs/endpointpolicymanager/knowledgebase/archive/overview.md b/docs/endpointpolicymanager/knowledgebase/archive/overview.md new file mode 100644 index 0000000000..fd8b96a841 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/archive/overview.md @@ -0,0 +1,39 @@ +--- +title: "Archive" +description: "Archive" +sidebar_position: 220 +--- + +# Archive + +See the following Knowledge Base articles and Video topics that have been archived. This is a list +of archived Knowledge Base articles and video topics. + +- [ADM/X Files – why they cannot prevent user shenanigans](/docs/endpointpolicymanager/knowledgebase/archive/admxfiles.md) +- [Manage Different Users In The Same OU (And Reduce Number of GPOs) With Endpoint Policy Manager ](/docs/endpointpolicymanager/knowledgebase/archive/differentusers.md) +- [Mass Deploy the Endpoint Policy Manager CSE using GPSI](/docs/endpointpolicymanager/knowledgebase/archive/massdeploy.md) +- [Upgrading the CSE using GPSI](/docs/endpointpolicymanager/knowledgebase/archive/upgrading.md) +- [Endpoint Policy Manager: Use the DesignStudio to manage FireFox's about:config settings](/docs/endpointpolicymanager/knowledgebase/archive/designstudiofirefox.md) +- [Deliver Group Policy to Domain Joined and non-Domain Joined machines thru the Cloud](/docs/endpointpolicymanager/knowledgebase/archive/cloud.md) +- [Understanding ADM-ADMX files Tattooing (and what to do about it)](/docs/endpointpolicymanager/knowledgebase/archive/tattooing.md) +- [Endpoint Policy Manager: Manage InfranView using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/knowledgebase/archive/infranview.md) +- [Endpoint Policy Manager: Manage Opera Next using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/knowledgebase/archive/operanext.md) +- [Endpoint Policy Manager: Manage GoToMeeting using Group Policy, SCCM or your own management utility](/docs/endpointpolicymanager/knowledgebase/archive/gotomeeting.md) +- [Endpoint Policy Manager Configure PARCC Testing Configuration Stations using Endpoint Policy Manager to prevent pop-ups](/docs/endpointpolicymanager/knowledgebase/archive/parcctesting.md) +- [Endpoint Policy Manager: Manage VMware Workstation Hardware and Options](/docs/endpointpolicymanager/knowledgebase/archive/vmware.md) +- [Endpoint Policy Manager: Manage and lockdown a specific VMware Workstation's VMX file settings](/docs/endpointpolicymanager/knowledgebase/archive/vmwarefilesettings.md) +- [Endpoint Policy Manager: Manage Java 7u45 using Group Policy](/docs/endpointpolicymanager/knowledgebase/archive/java.md) +- [Endpoint Policy Manager and VMware Horizon Mirage](/docs/endpointpolicymanager/knowledgebase/archive/vmwarehorizonmirage.md) +- [Lockdown Microsoft Office Suite 2013](/docs/endpointpolicymanager/knowledgebase/archive/office2013.md) +- [Endpoint Policy ManagerPreferences with Endpoint Policy Manager Exporter](/docs/endpointpolicymanager/knowledgebase/archive/preferencesexporter.md) +- [Endpoint Policy Manager Using Endpoint Policy Manager DesignStudio to modify the Java Paks for XP](/docs/endpointpolicymanager/knowledgebase/applicationmanager/videolearningcenter/designstudiohowto/designstudiojava.md) +- [Internet Explorer 10 and Internet Explorer Maintenance – the whole story](/docs/endpointpolicymanager/knowledgebase/archive/ie10.md) +- [Nuke mode, and why users can avoid your GPprefs settings](/docs/endpointpolicymanager/knowledgebase/archive/modenuke.md) +- [Endpoint Policy Manager: Manage Acrobat X Pro Using Group Policy](/docs/endpointpolicymanager/knowledgebase/archive/acrobatxpro.md) +- [Endpoint Policy Manager: Manage Internet Explorer (IE9) Using Group Policy](/docs/endpointpolicymanager/knowledgebase/archive/ie9.md) +- [Endpoint Policy Manager supplements VMware View](/docs/endpointpolicymanager/knowledgebase/archive/vmwaresupplements.md) +- [Endpoint Policy Manager: Manage Xenapp applications using Group Policy](/docs/endpointpolicymanager/knowledgebase/archive/xenapp.md) +- [Endpoint Policy Manager 3.5 Applock Update Behavior Change](/docs/endpointpolicymanager/knowledgebase/archive/applock.md) +- [Endpoint Policy Manager and Symantec Workspace Streaming and Virtualization](/docs/endpointpolicymanager/knowledgebase/archive/symantecworkspace.md) +- [The CSE auto-updater feature appears to not be working. What can I do?](/docs/endpointpolicymanager/knowledgebase/archive/autoupdater.md) +- [Group Policy Preferences: Item Level Targeting](/docs/endpointpolicymanager/knowledgebase/archive/itemleveltartgeting.md) diff --git a/docs/endpointpolicymanager/archive/parcctesting.md b/docs/endpointpolicymanager/knowledgebase/archive/parcctesting.md similarity index 93% rename from docs/endpointpolicymanager/archive/parcctesting.md rename to docs/endpointpolicymanager/knowledgebase/archive/parcctesting.md index e4519c4d82..4b4f1df4b7 100644 --- a/docs/endpointpolicymanager/archive/parcctesting.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/parcctesting.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Configure PARCC Testing Configuration Stations using Endpoint Policy Manager to prevent pop-ups" +description: "Endpoint Policy Manager Configure PARCC Testing Configuration Stations using Endpoint Policy Manager to prevent pop-ups" +sidebar_position: 110 +--- + # Endpoint Policy Manager Configure PARCC Testing Configuration Stations using Endpoint Policy Manager to prevent pop-ups PARCC testing is very important. Make it go very smoothly for your students and teacherby diff --git a/docs/endpointpolicymanager/archive/preferencesexporter.md b/docs/endpointpolicymanager/knowledgebase/archive/preferencesexporter.md similarity index 96% rename from docs/endpointpolicymanager/archive/preferencesexporter.md rename to docs/endpointpolicymanager/knowledgebase/archive/preferencesexporter.md index db192a33ad..1ec008276d 100644 --- a/docs/endpointpolicymanager/archive/preferencesexporter.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/preferencesexporter.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy ManagerPreferences with Endpoint Policy Manager Exporter" +description: "Endpoint Policy ManagerPreferences with Endpoint Policy Manager Exporter" +sidebar_position: 170 +--- + # Endpoint Policy ManagerPreferences with Endpoint Policy Manager Exporter Use Microsoft Group Policy Preferences without using Group Policy. You can use SCCM, Windows Intune, diff --git a/docs/endpointpolicymanager/archive/symantecworkspace.md b/docs/endpointpolicymanager/knowledgebase/archive/symantecworkspace.md similarity index 97% rename from docs/endpointpolicymanager/archive/symantecworkspace.md rename to docs/endpointpolicymanager/knowledgebase/archive/symantecworkspace.md index 597bffd351..19bc2172a9 100644 --- a/docs/endpointpolicymanager/archive/symantecworkspace.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/symantecworkspace.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager and Symantec Workspace Streaming and Virtualization" +description: "Endpoint Policy Manager and Symantec Workspace Streaming and Virtualization" +sidebar_position: 260 +--- + # Endpoint Policy Manager and Symantec Workspace Streaming and Virtualization Picking up SWS and SWV to make application deployment easier was a smart choice. Now you manage, diff --git a/docs/endpointpolicymanager/archive/tattooing.md b/docs/endpointpolicymanager/knowledgebase/archive/tattooing.md similarity index 97% rename from docs/endpointpolicymanager/archive/tattooing.md rename to docs/endpointpolicymanager/knowledgebase/archive/tattooing.md index 874cb27d28..b1413c68a9 100644 --- a/docs/endpointpolicymanager/archive/tattooing.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/tattooing.md @@ -1,3 +1,9 @@ +--- +title: "Understanding ADM-ADMX files Tattooing (and what to do about it)" +description: "Understanding ADM-ADMX files Tattooing (and what to do about it)" +sidebar_position: 70 +--- + # Understanding ADM-ADMX files Tattooing (and what to do about it) Tattooing the registry means that settings are left behind when they no longer apply to the user. diff --git a/docs/endpointpolicymanager/archive/upgrading.md b/docs/endpointpolicymanager/knowledgebase/archive/upgrading.md similarity index 98% rename from docs/endpointpolicymanager/archive/upgrading.md rename to docs/endpointpolicymanager/knowledgebase/archive/upgrading.md index 2408c04d3e..354c6e2fe6 100644 --- a/docs/endpointpolicymanager/archive/upgrading.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/upgrading.md @@ -1,3 +1,9 @@ +--- +title: "Upgrading the CSE using GPSI" +description: "Upgrading the CSE using GPSI" +sidebar_position: 40 +--- + # Upgrading the CSE using GPSI Here is how to take any version of Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE and diff --git a/docs/endpointpolicymanager/archive/vmware.md b/docs/endpointpolicymanager/knowledgebase/archive/vmware.md similarity index 94% rename from docs/endpointpolicymanager/archive/vmware.md rename to docs/endpointpolicymanager/knowledgebase/archive/vmware.md index 0a1272a5c5..6fb49ba6ff 100644 --- a/docs/endpointpolicymanager/archive/vmware.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/vmware.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Manage VMware Workstation Hardware and Options" +description: "Endpoint Policy Manager: Manage VMware Workstation Hardware and Options" +sidebar_position: 120 +--- + # Endpoint Policy Manager: Manage VMware Workstation Hardware and Options You can specify any particular VM’s hardware and options settings plus lock down the user interface. diff --git a/docs/endpointpolicymanager/archive/vmwarefilesettings.md b/docs/endpointpolicymanager/knowledgebase/archive/vmwarefilesettings.md similarity index 95% rename from docs/endpointpolicymanager/archive/vmwarefilesettings.md rename to docs/endpointpolicymanager/knowledgebase/archive/vmwarefilesettings.md index ea2be128cc..d7e8c72c31 100644 --- a/docs/endpointpolicymanager/archive/vmwarefilesettings.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/vmwarefilesettings.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager: Manage and lockdown a specific VMware Workstation's VMX file settings" +description: "Endpoint Policy Manager: Manage and lockdown a specific VMware Workstation's VMX file settings" +sidebar_position: 130 +--- + # Endpoint Policy Manager: Manage and lockdown a specific VMware Workstation's VMX file settings In this video learn how to use the PP DesignStudio to specify a specific VMware VMX file and then diff --git a/docs/endpointpolicymanager/archive/vmwarehorizonmirage.md b/docs/endpointpolicymanager/knowledgebase/archive/vmwarehorizonmirage.md similarity index 97% rename from docs/endpointpolicymanager/archive/vmwarehorizonmirage.md rename to docs/endpointpolicymanager/knowledgebase/archive/vmwarehorizonmirage.md index 623eb7243c..7db5ef4eeb 100644 --- a/docs/endpointpolicymanager/archive/vmwarehorizonmirage.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/vmwarehorizonmirage.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager and VMware Horizon Mirage" +description: "Endpoint Policy Manager and VMware Horizon Mirage" +sidebar_position: 150 +--- + # Endpoint Policy Manager and VMware Horizon Mirage You are using VMware Horizon Mirage to manage your physical and virtual desktops. But how are you diff --git a/docs/endpointpolicymanager/archive/vmwaresupplements.md b/docs/endpointpolicymanager/knowledgebase/archive/vmwaresupplements.md similarity index 98% rename from docs/endpointpolicymanager/archive/vmwaresupplements.md rename to docs/endpointpolicymanager/knowledgebase/archive/vmwaresupplements.md index fbadf80939..5731589cf0 100644 --- a/docs/endpointpolicymanager/archive/vmwaresupplements.md +++ b/docs/endpointpolicymanager/knowledgebase/archive/vmwaresupplements.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager supplements VMware View" +description: "Endpoint Policy Manager supplements VMware View" +sidebar_position: 230 +--- + # Endpoint Policy Manager supplements VMware View VMware View is an excellent app. But that still does not solve some of the problems you have right diff --git a/docs/endpointpolicymanager/knowledgebase/archive/xenapp.md b/docs/endpointpolicymanager/knowledgebase/archive/xenapp.md new file mode 100644 index 0000000000..813d5d6505 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/archive/xenapp.md @@ -0,0 +1,127 @@ +--- +title: "Endpoint Policy Manager: Manage Xenapp applications using Group Policy" +description: "Endpoint Policy Manager: Manage Xenapp applications using Group Policy" +sidebar_position: 240 +--- + +# Endpoint Policy Manager: Manage Xenapp applications using Group Policy + +Citrix Xenapp receiver is missing the ability to receive Group Policy settings. It is also missing +the ability to truly lock down your applications so users cannot work around your settings. In this +demonstration, see how Netwrix Endpoint Policy Manager (formerly PolicyPak) enables Xenapp +environments to truly receive Group Policy settings for any Xenapp application, plus lock those +applications down so users cannot work around your important IT and security settings + +### PolicyPak enhances XenApp with Group Policy video transcript + +Hi, everybody. This is Jeremy Moskowitz, Microsoft MVP, Enterprise Mobility and Founder of PolicyPak +Software. In this video, I'm going to show you how to use PolicyPak to manage XenApp deployed +applications using Group Policy. + +Let's go ahead and get started. Let me go ahead and logon as some guy, "westsalesuser2." Let's take +a look at what stuff he's got. Here's his XenApp world. + +Let's say he decides to run "WinZip" for the first time. Sure, we'll go ahead and do all that stuff. +Go ahead and run WinZip for the very first time as the user. The Citrix receiver will do its thing, +as you can see here.Once it's done, what you're going to see immediately is that the settings you +want them to get he's not going to get at all. + +For instance, if there's a security setting in this application – and I just happen to be using +WinZip as an example – like setting the "Minimum password length" or ensuring that certain security +settings need to be set, there's really no way to deploy guaranteed settings into your Xen +Appapplications unless you're using PolicyPak. + +You might try to use the Group Policy preferences and that might work for some of the cases, but if +your applications don't use registry punches that's going to be a problem. Also, the Group Policy +preferences can't perform UI lockout. We're going to see both of those things in this little +demonstration. + +Here, what I want to try to do is I want to dictate some of these important password settings and +also eliminate some of the confusion that a user might have when using this particular application. + +Let's also take a look at Firefox as the user, as well. We go ahead and we run "Mozilla Firefox" +here. The Citrix receiver does its thing, downloads a little bit of Firefox here and it's presenting +it to us. Here we go. + +Maybe we want to make sure that the "Home Page" is always up-to-date – there's the home page – and +certain "Security" settings aren't worked around. Like if a user does something nasty like that and +they uncheck these settings, that wouldn't be good. + +What we're going to do now is we'll go ahead and close out right here on the Citrix receiver. We'll +go to Group Policy here. For all of our "West Sales Users" we're going to "Dictate Winzip and +Firefox settings to XenApp users." We'll do two things at once just to accelerate things a little +bit. + +On the user side under "PolicyPak/Applications," it's as simple as right click, +"New/Application."Actually, we have over 35 preconfigured paks, but for this demonstration I'm going +to show you WinZip first and then Firefox second. + +Here's "PolicyPak for WinZip14 and 15." Let's go ahead and go right to "Passwords." We'll click all +these checkboxes just to prove a point. We'll right click over this guy and "Hide corresponding +control in target application,"and we'll "Disable corresponding control in target application"for +this second setting. + +Not only are we checking the checkboxes, but we're going to literally change the UI in the +application. So no matter what Citrix receiver you're using – if you happen to be using an old XP +machine like I have up here or Win7 machine or an iPad or an iPhone –you're going to get the UI that +you want them to have. + +We'll go over to "Cameras," right click over this and "Disable whole tab in target +application."We'll make it hard for them to work around our settings. + +Also while we're here, we'll go to "PolicyPak/Applications/New/Application"and we'll go to +"PolicyPak for Mozilla Firefox."Like I said, what we want to do here is we want to for the "Home +Page" we'll do this "www.endpointpolicymanager.com." + +Then while we're here, we'll also go to "Security." Well, remember, that user unchecked those +checkboxes. Let's make sure that those checkboxes, those important security things, are in fact +always set. + +Now let's go back over to the user. We'll click on our "XPComputer32" machine here. It doesn't +really matter. Any Citrix receiver will work. Go to "westsalesuser2." We'll give credentials, +"Fabrikam.com" here. + +We'll go ahead and run "WinZip," and let's see what we see now as a user. We'll go ahead and go to +"Options/Configuration…" and go over to "Passwords," and there we go. We've dictated those important +settings exactly like what we wanted. + +Can you see that right there under "Cameras"? "Cameras" is totally grayed out. We've locked out that +portion of the UI so the user can't work around it. If a user does try to work around our settings, +well, the next time Group Policy applies it'll automatically dictate those settings back to them. +But if you wanted to, you could simply gray out those settings for them. + +Let's see how Firefox did. Let's go ahead and close our WinZip. We'll run "Mozilla Firefox" now. The +Citrix receiver is doing its thing. There we go. Now we can see we've got the PolicyPak home page +delivered to our Firefox. + +If we go to "Options" here and we take a look, sure enough those "Security" settings are +re-dictated. If we uncheck these checkboxes or change the home page to something we shouldn't do – +we'll go to "www.evil.com." I have no idea if that's a real website or not. + +If we try to rerun "Mozilla Firefox" at this point, let's go ahead and see what happens. Right back +to PolicyPak. Go to "Options" right there, and we've put the settings right back. Even if a user +does try to work around our settings, at their very next session for Firefox it will come back and +ensure those security settings. + +That is the deal. With PolicyPak, you are now able to deliver the settings to any of your +applications no matter what receiver they're running on. If we were to go to another computer here – +"westsalesuser2," same guy or a different guy in the same OU, "Fabrikam.com" – as soon as he runs +"Mozilla Firefox,"for instance, as soon as he runs that application he's going to get the exact same +settings again dictated through Group Policy every single time.. + +There it is, PolicyPak. If he goes to the "Security" settings, they're guaranteed. If he tries to +uncheck those settings here, no problem. The very next time he tries to run the application, those +settings will return again and again. + +Users are not able to work around your preconfigured, set settings. That is the whole point of +PolicyPak. You can deliver settings to installed applications. You can deliver settings to ThinApp +applications. You can deliver settings to App-V applications, and you can deliver settings to XenApp +applications. + +PolicyPak basically enables you, using the Group Policy infrastructure you already have, to dictate +settings and lock things down for any application regardless of how that application is delivered. + +I hope you had fun watching this demonstration of PolicyPak and XenApp. If you have any questions, +we're happy to help. + +Thanks so much, and we'll talk to you soon. diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/_category_.json new file mode 100644 index 0000000000..bb82f2f9ee --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Browser Router", + "position": 90, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/_category_.json new file mode 100644 index 0000000000..3a0e054a7d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Installation And Uninstallation", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/browserrouter/install/chromemanual.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/chromemanual.md similarity index 93% rename from docs/endpointpolicymanager/browserrouter/install/chromemanual.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/chromemanual.md index 6bf2a50ac5..478349b081 100644 --- a/docs/endpointpolicymanager/browserrouter/install/chromemanual.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/chromemanual.md @@ -1,3 +1,9 @@ +--- +title: "How-to manually install and enable Endpoint Policy Manager Browser Router (PPBR) extension for Google Chrome?" +description: "How-to manually install and enable Endpoint Policy Manager Browser Router (PPBR) extension for Google Chrome?" +sidebar_position: 60 +--- + # How-to manually install and enable Endpoint Policy Manager Browser Router (PPBR) extension for Google Chrome? If you want to install the Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser extension @@ -16,7 +22,7 @@ for Google chrome manually from a local/network path, follow the below steps. Follow these steps to convert the Chrome Web Store link of any Extension to an `.CRX` File. **Step 1 –** Check the information here: -[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) +[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) Note down the Extension ID. You'll need this step every time we release updates for Software. **Step 2 –** Append the PPBR Chrome Extension ID with the following URL: diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/defaultbrowser.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/defaultbrowser.md new file mode 100644 index 0000000000..3c88c2339f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/defaultbrowser.md @@ -0,0 +1,104 @@ +--- +title: "When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS \"default browser\". Why is that and is there a workaround?" +description: "When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS \"default browser\". Why is that and is there a workaround?" +sidebar_position: 40 +--- + +# When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS "default browser". Why is that and is there a workaround? + +On Windows 8.1 or later, once Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router is +licensed, it becomes the "default browser" in the operating system, like what is seen here. + +![141_1_img-01](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/218_3_ppbr-faq-3-pic-3.webp) + +However, if you are using the Legacy Browser Router mode and unlicense Endpoint Policy Manager +Browser Router or remove the computer from the scope of any Endpoint Policy Manager Browser Router +rules, you will find thatEndpoint Policy Manager Browser Router Agent is apparently maintained as +the OS's default browser. + +This is a "Display Only" and "Cosmetic" issue and not reflective upon reality, this is by design. +Usually, IE will now actually be the default browser as far as the user EXPERIENCES it. + +That being said, once you have unlicensedEndpoint Policy Manager Browser Router it is not active any +longer. +Therefore, (when Endpoint Policy Manager Browser Router is not present.) … an end-user could open up +Firefox, Chrome, IE or Edge … like what is seen here… + +![141_2_img-02](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/218_1_ppbr-faq-3-pic-1.webp) + +And manually set the default browser, or use the operating system itself to specify the desired +default browser .. like what is seen here… + +![141_3_img-03](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/218_2_ppbr-faq-3-pic-2.webp) + +Afterward, they should see the OS default web browser change accordingly and be maintained correctly +at the next login. + +**NOTE:** When not using Legacy Browser Router mode and you remove the computer from the scope of +any Endpoint Policy Manager Browser Router rules or unlicenseEndpoint Policy Manager Browser Router +after having a Endpoint Policy Manager Browser Router policy in place the default behavior is to +revert the default browser to the value present beforeEndpoint Policy Manager Browser Router was +enabled/licensed. + +What if: + +- You really, really don't like Endpoint Policy Manager Browser Router displaying as the default + browser, even though the problem is only "cosmetic." +- You want to FORCE SET a default browser and ensure it for the user (but this time, not using + Endpoint Policy Manager Browser Router). +- You want to set a specific browser as the default, THEN let the user change it after you set the + default, say, to IE. + +For either or all of these options… + +**Step 1 –** Step 1. ONLY if using the following PolicyPak Client-Side Extensions ADMX setting set +to Enabled, (aka Legacy Browser Router mode), OR if Client-Side Extensions version 2535 or older was +ever installed on the machine. + +![141_4_image-20210104150503-1](/img/product_docs/endpointpolicymanager/browserrouter/install/483_7_image-20210105155954-1.webp) + +You have to delete this file first…as a one time action using GPPPrefs if + +![141_5_img-04](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_5_img-04.webp) + +**Step 2 –** Step 2. Then if you want to FORCE A PARTICULAR BROWSER VIA POLICY … (pick ONE) + +- Use Endpoint Policy Manager File Associations Manager to set HTTP and HTTPS to Internet Explorer. + This is supported as long as you are NOT using Endpoint Policy Manager Browser Router any + longer. [Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultbrowser.md) +- Use the in-box Group Policy method for File / Protocol Associations (not recommended, since you + have Endpoint Policy Manager File Associations Manager, and this method is not dynamic NOR can you + use it ALONGSIDEEndpoint Policy Manager File Associations Manager, so it is NOT + recommended): [https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy) + +_Remember,_ The two methods above PERMANENTLY AFFIX it to IE, and don't make it changeable. +(Technically, the user CAN change it, but then it's ‘snapped back' every time the user logs off and +on.) + +-ANOTHER OPTION- … INSTEAD of forcing a particular browser, you can SET ONE BROWSER as the DEFAULT, +then let the user CHANGE + +"How can I set it to IE, then make it changeable by the end-user?" + +To do this.. we found a utility, which you can likely DEPLOY ONCE via Endpoint Policy Manager +SCRIPTS on the USER side .. (we didn't test that, and only tested it manually on the user side)… + +[http://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/](http://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/) + +(Endpoint Policy Manager makes no warranties about this tool.) + +When it runs.. it works instantly.. and sets the default browser. In this example, we set it to IE. + +And then it was later changeable by the user. + +![141_6_img-05](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_6_img-05.webp) + +**NOTE:** If you uninstall the Endpoint Policy Manager Client Side Extensions on a machine where +Endpoint Policy Manager Browser Router was set as the default browser then Microsoft Edge will +become the default browser immediately after the Endpoint Policy Manager Client Side Extensions are +uninstalled. You will see the notification below on your screen and if you check the default apps +you will see that Edge has become the default browser. + +![141_7_image](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_7_image.webp) + +![141_8_image](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_8_image.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/iepromptdll.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/iepromptdll.md similarity index 79% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/install/iepromptdll.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/iepromptdll.md index 8e405a2e52..7d28fa52e8 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/iepromptdll.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/iepromptdll.md @@ -1,3 +1,9 @@ +--- +title: "I launched IE and saw \"PPBRAGENTIExIE_01.dll\" or \"PPBRExplorerExtension.dll\" prompted for the user. What should I do?" +description: "I launched IE and saw \"PPBRAGENTIExIE_01.dll\" or \"PPBRExplorerExtension.dll\" prompted for the user. What should I do?" +sidebar_position: 30 +--- + # I launched IE and saw "PPBRAGENTIExIE_01.dll" or "PPBRExplorerExtension.dll" prompted for the user. What should I do? This scenario is common when: diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/preventiequestions.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/preventiequestions.md new file mode 100644 index 0000000000..8186dd1bd0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/preventiequestions.md @@ -0,0 +1,14 @@ +--- +title: "I'm using SCCM to deploy the PP CSE. I want to ensure that Internet Explorer is closed during the installation of PPBR to prevent IE questions of users if they are logged in. What should I do?" +description: "I'm using SCCM to deploy the PP CSE. I want to ensure that Internet Explorer is closed during the installation of PPBR to prevent IE questions of users if they are logged in. What should I do?" +sidebar_position: 20 +--- + +# I'm using SCCM to deploy the PP CSE. I want to ensure that Internet Explorer is closed during the installation of PPBR to prevent IE questions of users if they are logged in. What should I do? + +You can use the snippet of code within SCCM to test to see if IE is closed and then if it is, only +then install the PP CSE. + +``` +Do {$ieCheck = Get-Process iexplore -ErrorAction SilentlyContinueIf ($ieCheck -eq $null) {msiexec /i ‘PolicyPak Client-Side Extension x64.msi' /q#Write-Host ‘Installing'Start-Sleep -s 600Exit}else {#Write-Host ‘IE Open'Start-Sleep -s 600}} while ($ieCheck -ne $null) +``` diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/twologons.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/twologons.md new file mode 100644 index 0000000000..20f80eee67 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/twologons.md @@ -0,0 +1,20 @@ +--- +title: "Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10?" +description: "Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10?" +sidebar_position: 50 +--- + +# Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router rules (and Default Browser +specification) might take two logons to take effect and/or one background GPupdate. + +This is by design. + +The first time the user logs on, Endpoint Policy Manager Browser Router needs to get set up and +introduce itself to the OS as the "Default Browser." + +Then on the next Group Policy refresh (second logon or one logon plus a manual or background +GPupdate), Endpoint Policy Manager Browser Router should be "saved" and ready for use. + +All Endpoint Policy Manager Browser Router policies should work at that point. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/windowsopenprompt.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/windowsopenprompt.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/install/windowsopenprompt.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/windowsopenprompt.md index 90f8c4cc25..57940068a1 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/windowsopenprompt.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/windowsopenprompt.md @@ -1,3 +1,9 @@ +--- +title: "Why does Windows 8 and 10 ask me \"How do you want to open this?\" and how do I make it go away?" +description: "Why does Windows 8 and 10 ask me \"How do you want to open this?\" and how do I make it go away?" +sidebar_position: 10 +--- + # Why does Windows 8 and 10 ask me "How do you want to open this?" and how do I make it go away? Immediately after installing the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE on an diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..14839b2caf --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/knowledgebase.md @@ -0,0 +1,62 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +The following is a list of Knowledge Base articles for Browser Router. + +## Installation and Uninstallation + +- [Why does Windows 8 and 10 ask me "How do you want to open this?" and how do I make it go away?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/windowsopenprompt.md) +- [I'm using SCCM to deploy the PP CSE. I want to ensure that Internet Explorer is closed during the installation of PPBR to prevent IE questions of users if they are logged in. What should I do?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/preventiequestions.md) +- [I launched IE and saw "PPBRAGENTIExIE_01.dll" or "PPBRExplorerExtension.dll" prompted for the user. What should I do?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/iepromptdll.md) +- [When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS "default browser". Why is that and is there a workaround?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/defaultbrowser.md) +- [Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/twologons.md) +- [How-to manually install and enable Endpoint Policy Manager Browser Router (PPBR) extension for Google Chrome?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/installationandunins/chromemanual.md) + +## Troubleshooting + +- [Troubleshooting routing between browsers.](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/betweenbrowsers.md) +- [I'm having a "Browser Router Emergency" or some kind of critical website incompatibility. What can I do?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/criticalwebsiteincompatibility.md) +- [When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/versions.md) +- [PPBRAgentExeIE_01.DLL error message occurs about Internet Explorer enhanced security. What should I do?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dllcompatible.md) +- [Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/forceinstall.md) +- [Why don't routes work from Firefox to other browsers (in Firefox 49+) ?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/firefox.md) +- [Why don't routes work from IE to other browsers?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbrowsers.md) +- [Chrome and Citrix problems](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/citrixproblems.md) +- [Why doesn't Edge to Other browser support work as expected?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbroswers.md) +- [Browser router doesn't seem to work when I use a pattern, and the URL has multiple redirects.](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/pattern.md) +- [What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) +- [What does it mean when Endpoint Policy Manager Browser Router gives a pop-up saying to contact support to my end-users?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/contactsupport.md) +- [I see the Endpoint Policy Manager Browser Router Chrome Extension is being installed, but it's not active. What can I do?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/extensioninactive.md) +- [How do I revert to "Legacy Browser Router Method & Features" if directed?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/revertlegacy.md) +- [What is the PPBR "Keep original tab open when routing / Experimental Feature" checkbox, and why must I turn it OFF for ALL routes if I'm having trouble with ONE website?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/keeporiginaltab.md) +- [Why is my Wildcard rule not applying to top level WWW site?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/wildcardrule.md) +- [I'm attempting to use an older CSE but routing from Edge / Chrome to other browsers is not working. Why is this?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/routing.md) +- [How do I fix "">Endpoint Policy Manager Browser Router Chromium Extension" was automatically disabled." message in Chrome or Edge?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/automaticallydisabled.md) +- [An older CSE isn't routing from Chrome or Edge to other browsers, because the older CSE isn't downloading the latest Chrome extension. What can I do?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromerouting.md) +- [How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849)](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextension.md) +- [How can I stop websites automatically routing to Edge when I expect them to be shown in IE (and/or I get an endless loop). Why is this?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/stop.md) +- [Hyperlinks in Adobe documents do not work when Browser Router is set as the Default Browser](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/adobelinks.md) +- [Why does Endpoint Policy Manager PPExtensionService.exe make a call out to DNS?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dnscall.md) +- [How to fix the Chrome / Edge Chromium launch issues?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/launch.md) +- [How does Browser Router function when Internet Explorer is removed from the machine?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/removed.md) +- [How to set "Choose which browser opens web links in Office365" so that Browser Router properly routes web links in Outlook](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/office365.md) +- [How to quickly troubleshoot Endpoint Policy Manager Browser Router](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/quick.md) + +## Tips and Tricks + +- [Which variables can I use in the Browser Router Advanced Blocking Message?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/advancedblockingmessage.md) +- [How can I use Endpoint Policy Manager Browser router to force people to always use the SAME browser?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/forcebrowser.md) +- [Is it possible to prevent all Internet websites, but allow just a few? (Blacklist websites, whitelist some?)](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/securityzone.md) +- [What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/defined.md) +- [How do I suppress the pop-up of the Browser Router Chrome Extension at First run?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/suppresspopup.md) +- [How to remove the Endpoint Policy Manager Browser Router Agent from the list of available Web Browser handlers under Default Apps in Windows 10](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/removeagent.md) +- [Where does Browser Router store user selected browser (and how can I fake it if I need to) in versions 2536 and later?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/useselectablebrowser.md) +- [How to Configure Browser Router to use IE Document Modes in Edge IE TAB](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/browsermode.md) +- [How do I change the default icon for user-created shortcuts for my default browser?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/shortcuticons.md) +- [Does Endpoint Policy Manager Manage Chrome or Edge "Flags"?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/commandlinearguments.md) +- [What is PPBREdgePackage and When is it used?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/edgelegacybrowser.md) diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/_category_.json new file mode 100644 index 0000000000..ec873edc2f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/browserrouter/advancedblockingmessage.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/advancedblockingmessage.md similarity index 86% rename from docs/endpointpolicymanager/browserrouter/advancedblockingmessage.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/advancedblockingmessage.md index 973c6d1a66..c0c0490617 100644 --- a/docs/endpointpolicymanager/browserrouter/advancedblockingmessage.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/advancedblockingmessage.md @@ -1,3 +1,9 @@ +--- +title: "Which variables can I use in the Browser Router Advanced Blocking Message?" +description: "Which variables can I use in the Browser Router Advanced Blocking Message?" +sidebar_position: 10 +--- + # Which variables can I use in the Browser Router Advanced Blocking Message? A customer blocking message is optional. If you don't make any changes, the default looks like this: diff --git a/docs/endpointpolicymanager/browserrouter/editpolicytemplate/browsermode.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/browsermode.md similarity index 91% rename from docs/endpointpolicymanager/browserrouter/editpolicytemplate/browsermode.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/browsermode.md index 1576eaa17a..48f617ee0f 100644 --- a/docs/endpointpolicymanager/browserrouter/editpolicytemplate/browsermode.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/browsermode.md @@ -1,3 +1,9 @@ +--- +title: "How to Configure Browser Router to use IE Document Modes in Edge IE TAB" +description: "How to Configure Browser Router to use IE Document Modes in Edge IE TAB" +sidebar_position: 80 +--- + # How to Configure Browser Router to use IE Document Modes in Edge IE TAB **NOTE:** The IE Tab function is only supported in Edge Chromium Edition. You must have Edge diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/commandlinearguments.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/commandlinearguments.md new file mode 100644 index 0000000000..275e72a531 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/commandlinearguments.md @@ -0,0 +1,35 @@ +--- +title: "Does Endpoint Policy Manager Manage Chrome or Edge \"Flags\"?" +description: "Does Endpoint Policy Manager Manage Chrome or Edge \"Flags\"?" +sidebar_position: 100 +--- + +# Does Endpoint Policy Manager Manage Chrome or Edge "Flags"? + +Chrome supports command-line switches, also called flags. They allow you to run Chrome with special +options that allow you to enable or disable a particular feature by modifying the default +functionality. + +In this topic we show how to use flags or a command-line switch for Google Chrome with Netwrix +Endpoint Policy Manager (formerly PolicyPak) Browser Router. + +For a complete list of Chromium command-line switches, see +[https://peter.sh/experiments/chromium-command-line-switches/](https://peter.sh/experiments/chromium-command-line-switches/). + +## Launching a URL in Incognito mode: + +For example, if you want to launch a specific URL under an incognito mode, you need to configure the +PPBR rule as shown below. + +**NOTE:** Please note that the syntax `%url%` is case sensitive. + +![881_1_image-20221228073914-1](/img/product_docs/endpointpolicymanager/browserrouter/editpolicytemplate/881_1_image-20221228073914-1.webp) + +**NOTE:** Please note that Chromium often removes a flag's support or replaces it with ADMX +settings. + +For example, a command-line to disable Google Translate `--disable-translate` is not supported +anymore and it is replaced with +[https://chromeenterprise.google/policies/#TranslateEnabled](https://chromeenterprise.google/policies/#httpschromeenterprisegooglepoliciestranslateenabled). + +**CAUTION:** Command line arguments don't work when the source and target browsers are the same. diff --git a/docs/endpointpolicymanager/browserrouter/defaultbrowser/defined.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/defined.md similarity index 92% rename from docs/endpointpolicymanager/browserrouter/defaultbrowser/defined.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/defined.md index 3515d837f6..fbd88019ae 100644 --- a/docs/endpointpolicymanager/browserrouter/defaultbrowser/defined.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/defined.md @@ -1,3 +1,9 @@ +--- +title: "What is meant by \"Default Browser\" within Endpoint Policy Manager Browser router?" +description: "What is meant by \"Default Browser\" within Endpoint Policy Manager Browser router?" +sidebar_position: 40 +--- + # What is meant by "Default Browser" within Endpoint Policy Manager Browser router? Pretend for a second you didn't have Netwrix Endpoint Policy Manager (formerly PolicyPak) and diff --git a/docs/endpointpolicymanager/browserrouter/edgelegacybrowser.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/edgelegacybrowser.md similarity index 89% rename from docs/endpointpolicymanager/browserrouter/edgelegacybrowser.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/edgelegacybrowser.md index a7d02ef265..080e5f786b 100644 --- a/docs/endpointpolicymanager/browserrouter/edgelegacybrowser.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/edgelegacybrowser.md @@ -1,3 +1,9 @@ +--- +title: "What is PPBREdgePackage and When is it used?" +description: "What is PPBREdgePackage and When is it used?" +sidebar_position: 110 +--- + # What is PPBREdgePackage and When is it used? PPBREdgePackage is automatically installed when Edge Legacy is present and a Browser Router policy diff --git a/docs/endpointpolicymanager/browserrouter/forcebrowser.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/forcebrowser.md similarity index 82% rename from docs/endpointpolicymanager/browserrouter/forcebrowser.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/forcebrowser.md index e76f884e09..a479db9258 100644 --- a/docs/endpointpolicymanager/browserrouter/forcebrowser.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/forcebrowser.md @@ -1,3 +1,9 @@ +--- +title: "How can I use Endpoint Policy Manager Browser router to force people to always use the SAME browser?" +description: "How can I use Endpoint Policy Manager Browser router to force people to always use the SAME browser?" +sidebar_position: 20 +--- + # How can I use Endpoint Policy Manager Browser router to force people to always use the SAME browser? First, choose a common page to start each browser on, for example google.com, or a corporate home diff --git a/docs/endpointpolicymanager/browserrouter/install/removeagent.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/removeagent.md similarity index 93% rename from docs/endpointpolicymanager/browserrouter/install/removeagent.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/removeagent.md index 18760bb98e..7bea1d68af 100644 --- a/docs/endpointpolicymanager/browserrouter/install/removeagent.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/removeagent.md @@ -1,3 +1,9 @@ +--- +title: "How to remove the Endpoint Policy Manager Browser Router Agent from the list of available Web Browser handlers under Default Apps in Windows 10" +description: "How to remove the Endpoint Policy Manager Browser Router Agent from the list of available Web Browser handlers under Default Apps in Windows 10" +sidebar_position: 60 +--- + # How to remove the Endpoint Policy Manager Browser Router Agent from the list of available Web Browser handlers under Default Apps in Windows 10 If you decide not to use Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router in your diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/securityzone.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/securityzone.md new file mode 100644 index 0000000000..fc7c36176e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/securityzone.md @@ -0,0 +1,19 @@ +--- +title: "Is it possible to prevent all Internet websites, but allow just a few? (Blacklist websites, whitelist some?)" +description: "Is it possible to prevent all Internet websites, but allow just a few? (Blacklist websites, whitelist some?)" +sidebar_position: 30 +--- + +# Is it possible to prevent all Internet websites, but allow just a few? (Blacklist websites, whitelist some?) + +This is possible, using the Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router. + +**Step 1 –** Set up a rule (route as seen in this example. Specify that the Internet Security Zone +is set to BLOCK. + +![170_1_image001](/img/product_docs/endpointpolicymanager/browserrouter/editpolicytemplate/170_1_image001.webp) + +**Step 2 –** Then, make other rules which route to the websites you want. Finally, ensure your +blocking policy is last in the list, so all whitelisted items will process before the blockitem. + +![170_2_image002](/img/product_docs/endpointpolicymanager/browserrouter/editpolicytemplate/170_2_image002.webp) diff --git a/docs/endpointpolicymanager/browserrouter/shortcuticons.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/shortcuticons.md similarity index 92% rename from docs/endpointpolicymanager/browserrouter/shortcuticons.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/shortcuticons.md index 77244c0218..25a14c120c 100644 --- a/docs/endpointpolicymanager/browserrouter/shortcuticons.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/shortcuticons.md @@ -1,3 +1,9 @@ +--- +title: "How do I change the default icon for user-created shortcuts for my default browser?" +description: "How do I change the default icon for user-created shortcuts for my default browser?" +sidebar_position: 90 +--- + # How do I change the default icon for user-created shortcuts for my default browser? For a good general overview of the topic, please watch this video: diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/suppresspopup.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/suppresspopup.md new file mode 100644 index 0000000000..dd075e3be4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/suppresspopup.md @@ -0,0 +1,13 @@ +--- +title: "How do I suppress the pop-up of the Browser Router Chrome Extension at First run?" +description: "How do I suppress the pop-up of the Browser Router Chrome Extension at First run?" +sidebar_position: 50 +--- + +# How do I suppress the pop-up of the Browser Router Chrome Extension at First run? + +When you use the Chrome Pak or Chrome ADMX settings you can use this setting. + +- Navigate to Policy Path: Computer `Configuration\Administrative Templates\Google\Google Chrome\` +- Policy Name: Continue running background apps when Google Chrome is closed +- Policy State: Disabled diff --git a/docs/endpointpolicymanager/browserrouter/useselectablebrowser.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/useselectablebrowser.md similarity index 93% rename from docs/endpointpolicymanager/browserrouter/useselectablebrowser.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/useselectablebrowser.md index 69d1bc8c39..ef14f3776b 100644 --- a/docs/endpointpolicymanager/browserrouter/useselectablebrowser.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/useselectablebrowser.md @@ -1,3 +1,9 @@ +--- +title: "Where does Browser Router store user selected browser (and how can I fake it if I need to) in versions 2536 and later?" +description: "Where does Browser Router store user selected browser (and how can I fake it if I need to) in versions 2536 and later?" +sidebar_position: 70 +--- + # Where does Browser Router store user selected browser (and how can I fake it if I need to) in versions 2536 and later? **CAUTION:** This article pertains to build 2536 and later. For earlier builds, the instructions are @@ -10,7 +16,7 @@ about this feature first here: [Endpoint Policy Manager Browser Router User-Selected Default](/docs/endpointpolicymanager/video/browserrouter/userselecteddefault.md) -[What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/browserrouter/defaultbrowser/defined.md) +[What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/defined.md) You might need to have Endpoint Policy Manager Browser Router indicate that a user specifically chose a particular browser, even if they did not. diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..d0c808bf1b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/adobelinks.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/adobelinks.md similarity index 84% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/adobelinks.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/adobelinks.md index 17d5e4b1fc..ca4d3ee54e 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/adobelinks.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/adobelinks.md @@ -1,3 +1,9 @@ +--- +title: "Hyperlinks in Adobe documents do not work when Browser Router is set as the Default Browser" +description: "Hyperlinks in Adobe documents do not work when Browser Router is set as the Default Browser" +sidebar_position: 230 +--- + # Hyperlinks in Adobe documents do not work when Browser Router is set as the Default Browser ## PROBLEM: @@ -33,4 +39,4 @@ issue with Adobe and Browser Router. For a list of additional Endpoint Policy Manager items that may need to be excluded please see the KB below: -[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md) +[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md) diff --git a/docs/endpointpolicymanager/troubleshooting/error/browserrouter/automaticallydisabled.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/automaticallydisabled.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/error/browserrouter/automaticallydisabled.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/automaticallydisabled.md index 4eefbfdcff..193abc4a21 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/browserrouter/automaticallydisabled.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/automaticallydisabled.md @@ -1,3 +1,9 @@ +--- +title: "How do I fix \"\">Endpoint Policy Manager Browser Router Chromium Extension\" was automatically disabled.\" message in Chrome or Edge?" +description: "How do I fix \"\">Endpoint Policy Manager Browser Router Chromium Extension\" was automatically disabled.\" message in Chrome or Edge?" +sidebar_position: 180 +--- + # How do I fix "">Endpoint Policy Manager Browser Router Chromium Extension" was automatically disabled." message in Chrome or Edge? If you get the message ""Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router @@ -11,7 +17,7 @@ are explicitly added to the policy named "Allow specific extensions to be instal You can use this chart to see the Endpoint Policy Manager Browser Router Extension you should allow to install: -[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) +[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) In this screenshot, the Endpoint Policy Manager Extension is the third one listed. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/betweenbrowsers.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/betweenbrowsers.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/betweenbrowsers.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/betweenbrowsers.md index af29ce64fe..6778555536 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/betweenbrowsers.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/betweenbrowsers.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting routing between browsers." +description: "Troubleshooting routing between browsers." +sidebar_position: 10 +--- + # Troubleshooting routing between browsers. This guide will help you troubleshoot problems routing from browser to browser. For instance, if you @@ -9,7 +15,7 @@ doesn't, then this is the guide for you. **Step 1 –** This troubleshooting guide assumes you have already performed the steps in this initial troubleshooting guide: Browser Router > -[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md). This will demonstrate that you are: +[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md). This will demonstrate that you are: - Getting the GPOs involved in Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router and @@ -107,4 +113,4 @@ webstore): [https://chrome.google.com/webstore/category/extensions?hl=en-US](ht **Step 6 –** Did our Chrome extension appear? **Step 7 –** Related.. If you see ONLY Chrome, and not any FORCED extensions, -[Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?](/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/forceinstall.md) +[Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/forceinstall.md) diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextension.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextension.md new file mode 100644 index 0000000000..834e909d08 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextension.md @@ -0,0 +1,72 @@ +--- +title: "How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849)" +description: "How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849)" +sidebar_position: 210 +--- + +# How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849) + +**Step 1 –** Copy the contents below. + +``` +{    "name": "com.endpointpolicymanager.ppbragent",    "description": "Chrome Native Messaging implementation",    "path": "PPBRAgent.exe",    "type": "stdio",     +"allowed_origins": [        "chrome-extension://kndjicdjdanehpnonfmdekhinhdcdnbo/",        "chrome-extension://mdmkjmbojjnnhlohmjhaapalpbbhkdcg/",         +"chrome-extension://fmbfiodledfjldlhiemaadmgppoeklbn/"    ]} +``` + +**Step 2 –** Save in a file named + +`com.endpointpolicymanager.chromehost.json` + +**Step 3 –** The goal is to copy that file to + +``` +C:\Program Files\PolicyPak\Browser Router\Client +``` + +On machines with the CSE (CSE 18.7.1779.937 - 19.12.2283.849)That you CANNOT upgrade to latest CSE +for now. + +![774_1_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_1_img-01.webp) + +You can use a variety of methods to get the file copied. Options include: + +- Group Policy Preferences Files +- Endpoint Policy Manager Remote Work Delivery Manager +- Endpoint Policy Manager Scripts +- SCCM +- Any other way you want to copy a file down to the machine + +To show one example, using Group Policy Preferences Files… + +Here's the `Com.endpointpolicymanager.chromehost.json` file stored in the file in the share called +`\\dc2016\share` + +![774_3_img-02_950x542](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_3_img-02_950x542.webp) + +Using Group Policy Preferences Files, on the Computer side… + +![774_5_img-03_950x650](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_5_img-03_950x650.webp) + +#### Specify: + +Source: + +``` +\\dc2016\SHARE\com.endpointpolicymanager.chromehost.json +``` + +Destination (must include the path and file name): + +``` +C:\Program Files\PolicyPak\Browser Router\Client\com.endpointpolicymanager.chromehost.json +``` + +Run `GPupdate `on the client, and here's the result. + +Note that upgrading to modern CSE versions will have a SIMIILARLY named file in this folder. + +These two files can sit side by side without issue if you need to use an OLDER CSE for now, then +UPGRADE to latest CSE later. + +![774_7_img-05_950x675](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_7_img-05_950x675.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md index 70c6e47459..98979d0104 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md @@ -1,9 +1,15 @@ +--- +title: "What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?" +description: "What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?" +sidebar_position: 110 +--- + # What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension? Below is the ID list from Chrome. If you need to, you can force-install an Extension ID via ADMX or Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager Pak using this article: -[Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?](/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/forceinstall.md) +[Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/forceinstall.md) Note that Endpoint Policy Manager does not guarantee that the version you are using is definitely in the chrome store. We are only allowed to publish 20 items, as such, the oldest items will be removed diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromerouting.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromerouting.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromerouting.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromerouting.md index 8d9010938c..46887724be 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromerouting.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromerouting.md @@ -1,3 +1,9 @@ +--- +title: "An older CSE isn't routing from Chrome or Edge to other browsers, because the older CSE isn't downloading the latest Chrome extension. What can I do?" +description: "An older CSE isn't routing from Chrome or Edge to other browsers, because the older CSE isn't downloading the latest Chrome extension. What can I do?" +sidebar_position: 190 +--- + # An older CSE isn't routing from Chrome or Edge to other browsers, because the older CSE isn't downloading the latest Chrome extension. What can I do? This is a quick Q & A about this concern. @@ -44,7 +50,7 @@ olderEndpoint Policy Manager Browser Router Chrome Extensions? A: We have the list of extensions which ARE VALID (now, it is exactly ONE extension) and which WERE valid (100% of the older ones are now turned off) which are on this list -[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) +[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) Q: What should I now? @@ -63,7 +69,7 @@ Q: I cannot update to the latest extension, but I am using builds CSE 18.7.1779. A: We have a KB article about it here: "How can I use the onlyEndpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849)" -[How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849)](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextension.md) +[How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849)](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextension.md) Q: I'm using a CSE before 18.7.1779.937. What is the workaround? diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/citrixproblems.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/citrixproblems.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/citrixproblems.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/citrixproblems.md index 92cf14041e..948c13a653 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/citrixproblems.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/citrixproblems.md @@ -1,3 +1,9 @@ +--- +title: "Chrome and Citrix problems" +description: "Chrome and Citrix problems" +sidebar_position: 80 +--- + # Chrome and Citrix problems ## Symptom: diff --git a/docs/endpointpolicymanager/troubleshooting/error/browserrouter/contactsupport.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/contactsupport.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/error/browserrouter/contactsupport.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/contactsupport.md index 9f601f30e4..c3e1f2ab7a 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/browserrouter/contactsupport.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/contactsupport.md @@ -1,3 +1,9 @@ +--- +title: "What does it mean when Endpoint Policy Manager Browser Router gives a pop-up saying to contact support to my end-users?" +description: "What does it mean when Endpoint Policy Manager Browser Router gives a pop-up saying to contact support to my end-users?" +sidebar_position: 120 +--- + # What does it mean when Endpoint Policy Manager Browser Router gives a pop-up saying to contact support to my end-users? If you see a message like what's seen below… @@ -28,7 +34,7 @@ Tips: [https://community.ivanti.com/docs/DOC-59389](https://community.ivanti.com/docs/DOC-59389) - For your AV / other software, see your own vendor's exclusions. - Endpoint Policy Manager AV Exclusions: - [How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md) + [How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md) - If you have a FEW or ONE machine showing the issue: FAQ. **Step 3 –** After that, it could still be a bug. But it would typically appear on MANY machines and @@ -36,6 +42,6 @@ not just a SINGLE or a FEW machines. That being said, if you would like for us t logs, in these cases, we need AT LEAST TWO machines to see a PATTERN in the logs. So be prepared to get logs from multiple machines showing the issue so we can do some deeper investigation. -[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) +[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) _Remember,_ We need AT LEAST two machines of logs to check in this case. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/criticalwebsiteincompatibility.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/criticalwebsiteincompatibility.md similarity index 80% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/criticalwebsiteincompatibility.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/criticalwebsiteincompatibility.md index 80411f0e7b..d08c28ef3d 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/criticalwebsiteincompatibility.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/criticalwebsiteincompatibility.md @@ -1,3 +1,9 @@ +--- +title: "I'm having a \"Browser Router Emergency\" or some kind of critical website incompatibility. What can I do?" +description: "I'm having a \"Browser Router Emergency\" or some kind of critical website incompatibility. What can I do?" +sidebar_position: 20 +--- + # I'm having a "Browser Router Emergency" or some kind of critical website incompatibility. What can I do? There are a few things you can do if you need to keep Netwrix Endpoint Policy Manager (formerly @@ -20,7 +26,7 @@ from all routes. **Step 4 –** After steps 1, 2 and 3… if you can REPRODUCE using latest CSE... then and only then.. send us log files (user and computer) via Sharefile (do not attach.) -[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) +[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) **Step 5 –** AFTER you install the latest CSE, you might want to attempt to disable the in-Browser Extensions for the affected browser, but keep Browser Router operating. Here's how to do that (see @@ -32,7 +38,7 @@ screenshot below.) reproduce the issue, you could kill JUST the affected component like Browser Router. Use these instructions: -[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) +[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) (KB shows killing PPPreferences, but in this case you would kill Endpoint Policy Manager Browser Router.) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/default.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/default.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/default.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/default.md index 27f3d13434..73647cb5fe 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/default.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/default.md @@ -1,3 +1,9 @@ +--- +title: "Why is Browser Router not showing up as the OS Default Browser since Feb24/March24 Monthly windows patches KB5035845?" +description: "Why is Browser Router not showing up as the OS Default Browser since Feb24/March24 Monthly windows patches KB5035845?" +sidebar_position: 300 +--- + # Why is Browser Router not showing up as the OS Default Browser since Feb24/March24 Monthly windows patches KB5035845? **Updated 9/12/2024**: Starting from CSE version 24.9 and later this problem has been overcome. If @@ -25,13 +31,13 @@ What won’t work: Browser” will be passed onward to Edge (instead of what you might have set it to, say, Firefox, Chrome, etc). Use this article to understand “Endpoint Policy Manager Browser Router Default Policy” type - [What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/browserrouter/defaultbrowser/defined.md) + [What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/defined.md) - Delivering File Associations specifically for PDF for Endpoint Policy Manager File Associations Manager You will also get the same experience if you attempt to use PolicyPak File Associations Manager to change HTTP or HTTPS, even if you’re not using PolicyPak Browser Router. See the -[Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?](/docs/endpointpolicymanager/fileassociations/defaultbrowser.md) +[Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultbrowser.md) topic for additional information. Troubleshooting: diff --git a/docs/endpointpolicymanager/troubleshooting/error/browserrouter/dllcompatible.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dllcompatible.md similarity index 75% rename from docs/endpointpolicymanager/troubleshooting/error/browserrouter/dllcompatible.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dllcompatible.md index 5424611a93..26439e54fe 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/browserrouter/dllcompatible.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dllcompatible.md @@ -1,3 +1,9 @@ +--- +title: "PPBRAgentExeIE_01.DLL error message occurs about Internet Explorer enhanced security. What should I do?" +description: "PPBRAgentExeIE_01.DLL error message occurs about Internet Explorer enhanced security. What should I do?" +sidebar_position: 40 +--- + # PPBRAgentExeIE_01.DLL error message occurs about Internet Explorer enhanced security. What should I do? When running IE and Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router, the diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/dnscall.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dnscall.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/dnscall.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dnscall.md index f46ca257d3..d90c57b185 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/dnscall.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/dnscall.md @@ -1,3 +1,9 @@ +--- +title: "Why does Endpoint Policy Manager PPExtensionService.exe make a call out to DNS?" +description: "Why does Endpoint Policy Manager PPExtensionService.exe make a call out to DNS?" +sidebar_position: 240 +--- + # Why does Endpoint Policy Manager PPExtensionService.exe make a call out to DNS? ## Problem: diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/extensioninactive.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/extensioninactive.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/extensioninactive.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/extensioninactive.md index 4a47fe2b09..c0ad89520c 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/extensioninactive.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/extensioninactive.md @@ -1,3 +1,9 @@ +--- +title: "I see the Endpoint Policy Manager Browser Router Chrome Extension is being installed, but it's not active. What can I do?" +description: "I see the Endpoint Policy Manager Browser Router Chrome Extension is being installed, but it's not active. What can I do?" +sidebar_position: 130 +--- + # I see the Endpoint Policy Manager Browser Router Chrome Extension is being installed, but it's not active. What can I do? From time to time it's possible that the Netwrix Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/firefox.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/firefox.md new file mode 100644 index 0000000000..71ab822326 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/firefox.md @@ -0,0 +1,31 @@ +--- +title: "Why don't routes work from Firefox to other browsers (in Firefox 49+) ?" +description: "Why don't routes work from Firefox to other browsers (in Firefox 49+) ?" +sidebar_position: 60 +--- + +# Why don't routes work from Firefox to other browsers (in Firefox 49+) ? + +If you run into issues when Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router is +configured to route site from Firefox to some other browser but its not routing at all. We've fixed +this problem with the latest CSE, but if you're using an OLDER CSE, then you could need to modify +Firefox to compensate. + +New releases of Firefox comes with the setting where we can enable multi-process windows for the +browsers. See the following screenshot: + +![492_1_image001](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/492_1_image001.webp) + +The above screenshot means that its enabled and you should expect the Endpoint Policy Manager +Browser Router will have problem in routing. To make it working please disable the setting using +Endpoint Policy Manager's pre-configured Pak for Firefox about:config as illustrated in the +screenshot: + +![492_2_image002](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/492_2_image002.webp) + +So once you check and uncheck the above option it will set the value as false like shown in below +screenshot: + +![492_3_image003](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/492_3_image003.webp) + +You should be all set for now with Endpoint Policy Manager Browser Router. Let us know if otherwise. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/forceinstall.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/forceinstall.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/forceinstall.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/forceinstall.md index 244b407685..8d343c557a 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/forceinstall.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/forceinstall.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?" +description: "Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this?" +sidebar_position: 50 +--- + # Endpoint Policy Manager Browser Router removes other Chrome ‘force installed' extensions. How can I work around this? Here's what's happening: @@ -33,7 +39,7 @@ ADMX setting on USER or COMPUTER side. Use this string found in this article: -[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) +[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) For instance, an example string might look like … @@ -59,4 +65,4 @@ the optional extensions you wish for Chrome. Again, the example extension ID above is just an example. Please use the correct one based upon your CSE. -[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) +[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/edge/fromtootherbroswers.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbroswers.md similarity index 76% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/edge/fromtootherbroswers.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbroswers.md index 9c0c8e6539..10dca17d92 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/edge/fromtootherbroswers.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbroswers.md @@ -1,3 +1,9 @@ +--- +title: "Why doesn't Edge to Other browser support work as expected?" +description: "Why doesn't Edge to Other browser support work as expected?" +sidebar_position: 90 +--- + # Why doesn't Edge to Other browser support work as expected? 1. Edge –> OTHER browser support is only valid for Windows 10 1703 and later. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/fromtootherbrowsers.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbrowsers.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/fromtootherbrowsers.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbrowsers.md index cf134084a8..77856c7319 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/fromtootherbrowsers.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/fromtootherbrowsers.md @@ -1,3 +1,9 @@ +--- +title: "Why don't routes work from IE to other browsers?" +description: "Why don't routes work from IE to other browsers?" +sidebar_position: 70 +--- + # Why don't routes work from IE to other browsers? For some customers, some Internet Explorer settings set or un-set are interfering with Netwrix diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/editpolicytemplate/keeporiginaltab.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/keeporiginaltab.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/editpolicytemplate/keeporiginaltab.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/keeporiginaltab.md index a14fd3179f..e4f7c9da95 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/editpolicytemplate/keeporiginaltab.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/keeporiginaltab.md @@ -1,3 +1,9 @@ +--- +title: "What is the PPBR \"Keep original tab open when routing / Experimental Feature\" checkbox, and why must I turn it OFF for ALL routes if I'm having trouble with ONE website?" +description: "What is the PPBR \"Keep original tab open when routing / Experimental Feature\" checkbox, and why must I turn it OFF for ALL routes if I'm having trouble with ONE website?" +sidebar_position: 150 +--- + # What is the PPBR "Keep original tab open when routing / Experimental Feature" checkbox, and why must I turn it OFF for ALL routes if I'm having trouble with ONE website? The "Keep original tab open when routing / Experimental" flag is for a specific use case and is diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/launch.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/launch.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/launch.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/launch.md index 5f688fb24a..8e5da50547 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/launch.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/launch.md @@ -1,3 +1,9 @@ +--- +title: "How to fix the Chrome / Edge Chromium launch issues?" +description: "How to fix the Chrome / Edge Chromium launch issues?" +sidebar_position: 250 +--- + # How to fix the Chrome / Edge Chromium launch issues? You might discover one or more computers will not correctly launch Chrome or Edge. diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/office365.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/office365.md new file mode 100644 index 0000000000..e8ac6dd79a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/office365.md @@ -0,0 +1,57 @@ +--- +title: "How to set \"Choose which browser opens web links in Office365\" so that Browser Router properly routes web links in Outlook" +description: "How to set \"Choose which browser opens web links in Office365\" so that Browser Router properly routes web links in Outlook" +sidebar_position: 270 +--- + +# How to set "Choose which browser opens web links in Office365" so that Browser Router properly routes web links in Outlook + +**NOTE:** Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud already has the +Office2016/Office365 ADMX settings available in the Cloud and they can be accessed via the Endpoint +Policy Manager Admin Templates Manager built-in cloud editor.‌ + +For the Endpoint Policy Manager OnPrem version, you can download the Office 365 ADMX files from +here - +[https://www.microsoft.com/en-US/download/details.aspx?id=49030](https://www.microsoft.com/en-US/download/details.aspx?id=49030) +for use in your On-Prem environment. + +Also, this policy will not work for Microsoft 365 Apps for Business, See Group Policy Support +section in the table at the link below: + +[https://learn.microsoft.com/en-us/office365/servicedescriptions/office-applications-service-description/office-applications-service-description](https://learn.microsoft.com/en-us/office365/servicedescriptions/office-applications-service-description/office-applications-service-description) + +![966_1_image-20231114102807-2](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_1_image-20231114102807-2.webp) + +11 Limited to policies for web apps and privacy policies for client apps. + +## SCENARIO 1: Using Endpoint Policy Manager Cloud + +Create a new Admin Template policy with the appropriate setting from the ADMX template (use Keyword +section to search): + +![966_2_image-20230922212443-1](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_2_image-20230922212443-1.webp) + +Now set the value to "System default browser" instead of "Microsoft Edge" in the policy: + +![966_3_image-20230922212443-2_950x650](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_3_image-20230922212443-2_950x650.webp) + +## SCENARIO 2: Using Endpoint Policy Manager On-Prem + +Once Office ADMX is deployed, create a new Admin Template policy with the appropriate setting from +the ADMX template (use Keyword section to search): + +![966_4_image-20230922212443-3_950x397](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_4_image-20230922212443-3_950x397.webp) + +Now set the value to "System default browser" instead of "Microsoft Edge" in the policy: + +![966_5_image-20230922212443-4](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_5_image-20230922212443-4.webp) + +## Verification: + +### BEFORE: + +![966_6_image-20230922212443-5](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_6_image-20230922212443-5.webp) + +### AFTER: + +![966_7_image-20230922212443-6](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_7_image-20230922212443-6.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/pattern.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/pattern.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/pattern.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/pattern.md index 5a82904425..7843e19ec0 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/pattern.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/pattern.md @@ -1,3 +1,9 @@ +--- +title: "Browser router doesn't seem to work when I use a pattern, and the URL has multiple redirects." +description: "Browser router doesn't seem to work when I use a pattern, and the URL has multiple redirects." +sidebar_position: 100 +--- + # Browser router doesn't seem to work when I use a pattern, and the URL has multiple redirects. Our suggestion would be NOT to make Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/quick.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/quick.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/quick.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/quick.md index ec0a9a41e2..b6ca26db98 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/quick.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/quick.md @@ -1,3 +1,9 @@ +--- +title: "How to quickly troubleshoot Endpoint Policy Manager Browser Router" +description: "How to quickly troubleshoot Endpoint Policy Manager Browser Router" +sidebar_position: 280 +--- + # How to quickly troubleshoot Endpoint Policy Manager Browser Router **Step 1 –** Are you licensed? And did you reboot the endpoint? @@ -47,7 +53,7 @@ In DEFAULT PROGRAMS, verify that PPBRAgent is the Default Browser for HTTP and H **CAUTION:** For Non-Domain Joined machines, we (PolicyPak) cannot set this automatically. For more information on this -problem, [Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)?](/docs/endpointpolicymanager/troubleshooting/nondomain/limitations.md) +problem, [Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/limitations.md) For Domain joined Windows 10, Look at Default Programs here, diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/removed.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/removed.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/removed.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/removed.md index 975a7b5f78..b762d75e4e 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/removed.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/removed.md @@ -1,3 +1,9 @@ +--- +title: "How does Browser Router function when Internet Explorer is removed from the machine?" +description: "How does Browser Router function when Internet Explorer is removed from the machine?" +sidebar_position: 260 +--- + # How does Browser Router function when Internet Explorer is removed from the machine? First, if you still have IE in your environment, a good read would be this blog diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/revertlegacy.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/revertlegacy.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/revertlegacy.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/revertlegacy.md index 1521ef0cd8..11fb72e30e 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/revertlegacy.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/revertlegacy.md @@ -1,3 +1,9 @@ +--- +title: "How do I revert to \"Legacy Browser Router Method & Features\" if directed?" +description: "How do I revert to \"Legacy Browser Router Method & Features\" if directed?" +sidebar_position: 140 +--- + # How do I revert to "Legacy Browser Router Method & Features" if directed? If you are having a problem with Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/routing.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/routing.md similarity index 90% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/routing.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/routing.md index 1c260db819..60af6a3d5c 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/chrome/routing.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/routing.md @@ -1,3 +1,9 @@ +--- +title: "I'm attempting to use an older CSE but routing from Edge / Chrome to other browsers is not working. Why is this?" +description: "I'm attempting to use an older CSE but routing from Edge / Chrome to other browsers is not working. Why is this?" +sidebar_position: 200 +--- + # I'm attempting to use an older CSE but routing from Edge / Chrome to other browsers is not working. Why is this? Netwrix Endpoint Policy Manager (formerly PolicyPak) was contacted by Google about the Endpoint @@ -37,7 +43,7 @@ is not working any longer. The typical ways you could encounter this are: How would I know if I'm affected by Endpoint Policy Manager being forced to take down some older Endpoint Policy Manager Browser Router Chrome Extensions? We have the list of extensions which ARE and WERE valid on this list -[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextensionid.md) +[What is the Chrome Extension ID for all the published versions of Endpoint Policy Manager Browser Router Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/chromeextensionid.md) What should you do now? diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/edge/stop.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/stop.md similarity index 83% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/edge/stop.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/stop.md index 289f156584..2936fdf537 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/edge/stop.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/stop.md @@ -1,3 +1,9 @@ +--- +title: "How can I stop websites automatically routing to Edge when I expect them to be shown in IE (and/or I get an endless loop). Why is this?" +description: "How can I stop websites automatically routing to Edge when I expect them to be shown in IE (and/or I get an endless loop). Why is this?" +sidebar_position: 220 +--- + # How can I stop websites automatically routing to Edge when I expect them to be shown in IE (and/or I get an endless loop). Why is this? This is happening because of Microsoft's own Internet Explorer to Microsoft Edge redirection for diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/tabissue.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/tabissue.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/tabissue.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/tabissue.md index 88dc22bbda..5c2ca9c06f 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/internetexplorer/tabissue.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/tabissue.md @@ -1,3 +1,9 @@ +--- +title: "How-to resolve the IE-Tab Issues in Edge for Endpoint Policy Manager Browser Router managed URLs" +description: "How-to resolve the IE-Tab Issues in Edge for Endpoint Policy Manager Browser Router managed URLs" +sidebar_position: 290 +--- + # How-to resolve the IE-Tab Issues in Edge for Endpoint Policy Manager Browser Router managed URLs Problem: diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/versions.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/versions.md new file mode 100644 index 0000000000..7a36054c41 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/versions.md @@ -0,0 +1,29 @@ +--- +title: "When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists?" +description: "When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists?" +sidebar_position: 30 +--- + +# When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists? + +Versions less than the following will not accept any EMIE lists, and Endpoint Policy Manager Browser +Router will not try to write EMIE lists: + +IE10: 10.\* +IE11 + Win7: 11.0.9600.17041 +IE11 + Win8.1: 11.0.9600.17031 + +Versions greater than or equal to the following accept EMIE v1, and Endpoint Policy Manager Browser +Router will write v1 site lists: + +IE11 + Win7: 11.0.9600.17041 +IE11 + Win8.1: 11.0.9600.17031 +IE11 + Win10 RTM: 11.0.10240.\* +IE11 + Win10 Version 1511: 11.0.10586.\* + +Versions greater than or equal to the following accept both EMIE v1 and v2, but Endpoint Policy +Manager Browser Router will write v2 site lists: + +- IE11 + Win10 Version 1511: 11.0.10586.\* +- IE 11 + Win 7: Version 11.0.9600.18347 or later +- IE + Win 8.1: Version 11.0.9600.18123 or later diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/wildcardrule.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/wildcardrule.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/browserrouter/wildcardrule.md rename to docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/wildcardrule.md index 7228da33c0..1e8e0398ab 100644 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/wildcardrule.md +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/wildcardrule.md @@ -1,3 +1,9 @@ +--- +title: "Why is my Wildcard rule not applying to top level WWW site?" +description: "Why is my Wildcard rule not applying to top level WWW site?" +sidebar_position: 160 +--- + # Why is my Wildcard rule not applying to top level WWW site? The reason this happens is that "WWW" is specific, and since browsers in some cases strip, or diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/citrixandvirtualappl/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/citrixandvirtualappl/_category_.json new file mode 100644 index 0000000000..f0194879d1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/citrixandvirtualappl/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Citrix And Virtual Applications", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/methodscloudmdmandsc/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/methodscloudmdmandsc/_category_.json new file mode 100644 index 0000000000..7d17261bb8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/methodscloudmdmandsc/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods Cloud MDM And SCCM", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/tipsandtricks/_category_.json new file mode 100644 index 0000000000..f3e4e87352 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..ed87a8234e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/browserrouter/videolearningcenter/videolearningcenter.md @@ -0,0 +1,41 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Browser Router. + +## Getting started + +- [Ensure users utilize the RIGHT browser for the right website !](/docs/endpointpolicymanager/video/browserrouter/rightbrowser.md) +- [Browser Router now with support for MS Edge](/docs/endpointpolicymanager/video/browserrouter/edgesupport.md) +- [Block web sites from opening in all browsers.](/docs/endpointpolicymanager/video/browserrouter/blockwebsites.md) +- [Endpoint Policy Manager and Edge ‘Special' policies](/docs/endpointpolicymanager/video/browserrouter/edgespecial.md) +- [Endpoint Policy Manager Browser Router and Ports](/docs/endpointpolicymanager/video/browserrouter/ports.md) +- [Endpoint Policy Manager Browser Router User-Selected Default](/docs/endpointpolicymanager/video/browserrouter/userselecteddefault.md) +- [Manage Internet Explorer 11 and Edge Compatibility, Enterprise Modes and IE-in-Edge Mode](/docs/endpointpolicymanager/video/browserrouter/ie.md) + +## Methods: Cloud, MDM, and SCCM + +- [Map the Right Website to the Right Browser using your MDM service](/docs/endpointpolicymanager/video/browserrouter/mdm.md) +- [Use PP Cloud to Manage your browsers and manage your routes to domain joined and non domain joined machines](/docs/endpointpolicymanager/video/browserrouter/cloud.md) + +## Citrix & Virtual applications + +- [Using PP Browser Router on Citrix or RDS servers with published browser applications](/docs/endpointpolicymanager/video/browserrouter/citrix.md) +- [Browser Router with Custom Browsers](/docs/endpointpolicymanager/video/browserrouter/custombrowsers.md) + +## Tips and Tricks + +- [Endpoint Policy Manager Browser Router: Set the Windows 10 Default Browser (once) then drift](/docs/endpointpolicymanager/video/browserrouter/defaultwindows10.md) +- [Browser Router now supports Chrome on Non-Domain Joined machines](/docs/endpointpolicymanager/video/browserrouter/chromenondomainjoined.md) +- [Force all websites to IE (but have some exceptions)](/docs/endpointpolicymanager/video/browserrouter/ieforce.md) +- [Use Firefox as default for ALL pages, except some pages](/docs/endpointpolicymanager/video/browserrouter/firefox.md) +- [Route all sites to Chrome, with some exceptions](/docs/endpointpolicymanager/video/browserrouter/chrome.md) +- [Route all sites to Edge (with some exceptions)](/docs/endpointpolicymanager/video/browserrouter/edge.md) +- [Internet Explorer to Endpoint Policy Manager Browser Router Site lists](/docs/endpointpolicymanager/video/browserrouter/iesitelists.md) +- [Endpoint Policy Manager Browser Router: Internet Explorer in Edge mode](/docs/endpointpolicymanager/video/browserrouter/ieedgemode.md) +- [Set the links to icons to actually show the default browser.](/docs/endpointpolicymanager/video/browserrouter/browsericon.md) diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/_category_.json b/docs/endpointpolicymanager/knowledgebase/devicemanager/_category_.json new file mode 100644 index 0000000000..267bc35462 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Device Manager", + "position": 110, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..9683a2bb74 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/knowledgebase.md @@ -0,0 +1,13 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Device Manager. + +- [How to add Devices when serial numbers contain extra characters in the device instance path](/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/serialnumber.md) +- [Why can MSIs be installed from a USB drive when the only access granted to users is READ access](/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/usbdrive.md) +- [What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)?](/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/registry.md) diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/registry.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/registry.md new file mode 100644 index 0000000000..d7bfd18e3b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/registry.md @@ -0,0 +1,64 @@ +--- +title: "What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)?" +description: "What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)?" +sidebar_position: 30 +--- + +# What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)? + +On any endpoint, details about what USB and other devices have temporary or permanent access are +stored here: + +HKEY_LOCAL_MACHINE\SOFTWARE\PolicyPak\Client-Side +Extensions\{7FA1BDCB-818A-4EF6-A1B7-EF5F85C2D702}\Admin Approval\ApprovedDevicesStorage + +Here is an example of a device which was approved via the Admin Approval tool. + +![aa1](/img/product_docs/endpointpolicymanager/device/aa1.webp) + +## To determine the Admin Approval End Time for any device: + +**Step 1 –** Grab the **EndTime** and change to **Decimal**. + +**Step 2 –** Input the **EndTime** into this Powershell script. + +``` +$my_time = 1725537001291 +(([System.DateTimeOffset]::FromUnixTimeMilliseconds($my_time)).DateTime.ToLocalTime()).ToString("s") +``` + +An example can be seen here: + +![aa2](/img/product_docs/endpointpolicymanager/device/aa2.webp) + +## To Determine the Permissions within the Registry: + +Permission bit flags: + +- READ 0x80000000 +- WRITE 0x40000000 +- EXECUTE 0x20000000 +- ALL 0x10000000 + +For example, for READ+WRITE permissions, the value is 0xC0000000. + +## Resetting the Device Manager Admin Approval Values + +From time to time you may want to reset the values on a machine such that all devices are reset, and +new Admin Approval values may be set in the future. To do this: + +**Step 1 –** Download PSExec from +[https://learn.microsoft.com/en-us/sysinternals/downloads/psexec](https://learn.microsoft.com/en-us/sysinternals/downloads/psexec) + +**Step 2 –** Run CMD as administator + +**Step 3 –** Execute psexec.exe -i -s regedit + +**Step 4 –** As SYSTEM open Regedit. Find HKEY_LOCAL_MACHINE\SOFTWARE\PolicyPak\Client-Side +Extensions\{7FA1BDCB-818A-4EF6-A1B7-EF5F85C2D702}\Admin Approval\ApprovedDevicesStorage + +**Step 5 –** Delete the whole key **ApprovedDevicesStorage** to reset AA approvals for all devices, +or chose a specific one and delete it. + +**Step 6 –** Restart PPExtensionService.exe (aka Netwrix Endpoint Policy Manager (formerly +PolicyPak) Helper Service.) diff --git a/docs/endpointpolicymanager/device/serialnumber.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/serialnumber.md similarity index 84% rename from docs/endpointpolicymanager/device/serialnumber.md rename to docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/serialnumber.md index 48b9ebff0e..9cdcdfc032 100644 --- a/docs/endpointpolicymanager/device/serialnumber.md +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/serialnumber.md @@ -1,3 +1,9 @@ +--- +title: "How to add Devices when serial numbers contain extra characters in the device instance path" +description: "How to add Devices when serial numbers contain extra characters in the device instance path" +sidebar_position: 10 +--- + # How to add Devices when serial numbers contain extra characters in the device instance path ## Problem diff --git a/docs/endpointpolicymanager/device/usbdrive.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/usbdrive.md similarity index 90% rename from docs/endpointpolicymanager/device/usbdrive.md rename to docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/usbdrive.md index 58719e1b3c..37ca85caa5 100644 --- a/docs/endpointpolicymanager/device/usbdrive.md +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/usbdrive.md @@ -1,3 +1,9 @@ +--- +title: "Why can MSIs be installed from a USB drive when the only access granted to users is READ access" +description: "Why can MSIs be installed from a USB drive when the only access granted to users is READ access" +sidebar_position: 20 +--- + # Why can MSIs be installed from a USB drive when the only access granted to users is READ access ## Problem diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/video/device/dmapprovalautorules.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmapprovalautorules.md similarity index 75% rename from docs/endpointpolicymanager/video/device/dmapprovalautorules.md rename to docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmapprovalautorules.md index b7087242fa..7f6a5dd6cb 100644 --- a/docs/endpointpolicymanager/video/device/dmapprovalautorules.md +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmapprovalautorules.md @@ -1,3 +1,9 @@ +--- +title: "Device Manager Admin Approval and Automatic Rules Creation" +description: "Device Manager Admin Approval and Automatic Rules Creation" +sidebar_position: 30 +--- + # Device Manager Admin Approval and Automatic Rules Creation Want to allow or deny specific USB devices whenever a user inserts one? And would you like to diff --git a/docs/endpointpolicymanager/video/device/dmhelpertool.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmhelpertool.md similarity index 80% rename from docs/endpointpolicymanager/video/device/dmhelpertool.md rename to docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmhelpertool.md index 35871b6c94..bd2f94713f 100644 --- a/docs/endpointpolicymanager/video/device/dmhelpertool.md +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmhelpertool.md @@ -1,3 +1,9 @@ +--- +title: "Device Manager Helper Tool" +description: "Device Manager Helper Tool" +sidebar_position: 20 +--- + # Device Manager Helper Tool This demo shows you how to enumerate the USB and other devices on the machine to enable quick Device diff --git a/docs/endpointpolicymanager/video/device/enduser.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/enduser.md similarity index 75% rename from docs/endpointpolicymanager/video/device/enduser.md rename to docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/enduser.md index 57d0ddb7fd..d5ff09816b 100644 --- a/docs/endpointpolicymanager/video/device/enduser.md +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/enduser.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Device Manager and End-User Emails to Support" +description: "Endpoint Policy Device Manager and End-User Emails to Support" +sidebar_position: 10 +--- + # Endpoint Policy Device Manager and End-User Emails to Support Got users out in the field and want them to be able to report their requests for un-blocking their diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/methodscloudmdmandsc/_category_.json b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/methodscloudmdmandsc/_category_.json new file mode 100644 index 0000000000..7d17261bb8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/methodscloudmdmandsc/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods Cloud MDM And SCCM", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..6bef2752c2 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/videolearningcenter.md @@ -0,0 +1,25 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Device Manager. + +## Getting Started + +- [Instantly Put the smackdown on USB sticks and CD-ROMs](/docs/endpointpolicymanager/video/device/usbdrive.md) +- [Allow ONE user (or group) access to USB and/or CD-ROM and DVDs](/docs/endpointpolicymanager/video/device/usbdriveallowuser.md) +- [Authorize USB Sticks by VENDOR type](/docs/endpointpolicymanager/video/device/usbdriveallowvendor.md) +- [Permit specific devices by serial number](/docs/endpointpolicymanager/video/device/serialnumber.md) +- [Restrict access only to Bitlocker drives](/docs/endpointpolicymanager/video/device/bitlockerdrives.md) +- [Endpoint Policy Device Manager and End-User Emails to Support](/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/enduser.md) +- [Device Manager Helper Tool](/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmhelpertool.md) +- [Device Manager Admin Approval and Automatic Rules Creation](/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmapprovalautorules.md) + +## Methods: Cloud, MDM and SCCM + +- [Block USB sticks using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/device/cloud.md) +- [Block and Allow USB and CD-ROMs with your MDM solution](/docs/endpointpolicymanager/video/device/mdm.md) diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/_category_.json new file mode 100644 index 0000000000..496bae5691 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Endpoint Policy Manager GP Compliance Reporter", + "position": 210, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/_category_.json new file mode 100644 index 0000000000..2423a91478 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Licensed", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/basis.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/basis.md new file mode 100644 index 0000000000..1447aca398 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/basis.md @@ -0,0 +1,11 @@ +--- +title: "Is Endpoint Policy Manager Group Policy Compliance Reporter licensed on a per-user basis or a per-computer basis?" +description: "Is Endpoint Policy Manager Group Policy Compliance Reporter licensed on a per-user basis or a per-computer basis?" +sidebar_position: 10 +--- + +# Is Endpoint Policy Manager Group Policy Compliance Reporter licensed on a per-user basis or a per-computer basis? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) products are always licensed on +a per-computer basis. Any desktop, laptop, VDI and/or concurrent Terminal Services/Citrix +connections count as a license. diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/compliancereports.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/compliancereports.md new file mode 100644 index 0000000000..20bf3b80d4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/compliancereports.md @@ -0,0 +1,15 @@ +--- +title: "I want to generate Compliance reports on Microsoft GP Preferences/Admin Templates and/or Security Settings. Which license do I need?" +description: "I want to generate Compliance reports on Microsoft GP Preferences/Admin Templates and/or Security Settings. Which license do I need?" +sidebar_position: 40 +--- + +# I want to generate Compliance reports on Microsoft GP Preferences/Admin Templates and/or Security Settings. Which license do I need? + +You require the PAID license. + +Reporting on Microsoft products (including GP Preferences, Admin Templates and Security Settings) +via Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy Compliance Reporter is only +available via the Paid License. + +The Free License allows reporting on Endpoint Policy Manager products only. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/difference.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/difference.md similarity index 77% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/difference.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/difference.md index f81d4df25d..9d031410fc 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/difference.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/difference.md @@ -1,3 +1,9 @@ +--- +title: "What's the difference between Pull Mode, Push Mode and Standalone and Server components in the Group Policy Compliance Reporter?" +description: "What's the difference between Pull Mode, Push Mode and Standalone and Server components in the Group Policy Compliance Reporter?" +sidebar_position: 60 +--- + # What's the difference between Pull Mode, Push Mode and Standalone and Server components in the Group Policy Compliance Reporter? You can use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy Compliance diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/expire.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/expire.md new file mode 100644 index 0000000000..177569253c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/expire.md @@ -0,0 +1,20 @@ +--- +title: "What happens if I try to use Endpoint Policy ManagerGroup Policy Compliance Reporter in unlicensed places? What happens if the Endpoint Policy Manager Group Policy Compliance Reporter license expires?" +description: "What happens if I try to use Endpoint Policy ManagerGroup Policy Compliance Reporter in unlicensed places? What happens if the Endpoint Policy Manager Group Policy Compliance Reporter license expires?" +sidebar_position: 90 +--- + +# What happens if I try to use Endpoint Policy ManagerGroup Policy Compliance Reporter in unlicensed places? What happens if the Endpoint Policy Manager Group Policy Compliance Reporter license expires? + +If you try to request reports from "unlicensed places" here is what happens: + +If that unlicensed place IS licensed for Netwrix Endpoint Policy Manager (formerly PolicyPak) +On-Prem, you will get data back only for Endpoint Policy Manager Application Manager. + +If that unlicensed place is NOT licensed for Endpoint Policy Manager On-Prem, you will get no data +back. + +Anytime a computer's Active Directory account is moved to an un-licensed OU, or move the computer to +another domain (or the license simply expires), then Endpoint Policy Manager + +Group Policy Compliance reporter will stop reporting on those target computers. diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/minimum.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/minimum.md new file mode 100644 index 0000000000..c76491e47a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/minimum.md @@ -0,0 +1,11 @@ +--- +title: "Is there a minimum purchase for Endpoint Policy Manager Group Policy Compliance Reporter?" +description: "Is there a minimum purchase for Endpoint Policy Manager Group Policy Compliance Reporter?" +sidebar_position: 80 +--- + +# Is there a minimum purchase for Endpoint Policy Manager Group Policy Compliance Reporter? + +For a quote for Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy Compliance +Reporter, call us at 800-883-8002 or +click [https://www.endpointpolicymanager.com/licensing-faq-ppgpcr/support-sharing/about-us/contact-us-for-a-trial-download.html](https://www.endpointpolicymanager.com/licensing-faq-ppgpcr/support-sharing/about-us/contact-us-for-a-trial-download.html). diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/multiyear.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/multiyear.md new file mode 100644 index 0000000000..1b897b8799 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/multiyear.md @@ -0,0 +1,16 @@ +--- +title: "What if I pay for multiple years of Endpoint Policy Manager Group Policy Compliance Reporter in advance?" +description: "What if I pay for multiple years of Endpoint Policy Manager Group Policy Compliance Reporter in advance?" +sidebar_position: 120 +--- + +# What if I pay for multiple years of Endpoint Policy Manager Group Policy Compliance Reporter in advance? + +By paying for multiple-years in advance for Netwrix Endpoint Policy Manager (formerly PolicyPak) +Suite (On-Prem Edition), you then lock in your per-computer license cost for the duration of your +term. + +Every year you get one-year license keys and However, you are still required to "True up" every year +and pay for any overage should your computer count increase from last year. + +We give you a one year key, and when you true up, we give you the key for the next year. diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/shareacrossteam.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/shareacrossteam.md new file mode 100644 index 0000000000..f4f4b409b2 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/shareacrossteam.md @@ -0,0 +1,13 @@ +--- +title: "Can I share Compliance Reports, tests and history across my team?" +description: "Can I share Compliance Reports, tests and history across my team?" +sidebar_position: 50 +--- + +# Can I share Compliance Reports, tests and history across my team? + +Yes, this is possible using the server component of the Netwrix Endpoint Policy Manager (formerly +PolicyPak) Group Policy Compliance Reporter. + +When the server component is used you can store and share tests, reports and history from a central +on-premise server across an entire team of Administrators. diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/tool.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/tool.md new file mode 100644 index 0000000000..2c006e708e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/tool.md @@ -0,0 +1,23 @@ +--- +title: "What if I don't run the license tool to \"True-Up\" my Endpoint Policy Manager Group Policy Compliance Reporter every year?" +description: "What if I don't run the license tool to \"True-Up\" my Endpoint Policy Manager Group Policy Compliance Reporter every year?" +sidebar_position: 110 +--- + +# What if I don't run the license tool to "True-Up" my Endpoint Policy Manager Group Policy Compliance Reporter every year? + +You must run the license tool every year to get an updated license file for Netwrix Endpoint Policy +Manager (formerly PolicyPak) Group Policy Compliance Reporter. If you fail to run the True-Up, then +your one-year license expires and the product simply stops working. + +For Endpoint Policy Manager Group Policy Compliance Reporter, you will not be able to see if those +target computers are in or out of compliance any longer. + +Endpoint Policy Manager Group Policy Compliance Reporter stops reporting on clients exactly one +year after the license file is originally generated for each product. + +So, at the 11th month mark, we automatically remind you to run the Endpoint Policy Manager License +Management tool to perform a "True-Up." We will continue to send email reminders and make a best +effort to call you if we see you're getting close to lapsing. At the one year anniversary, Endpoint +Policy Manager Group Policy Compliance Reporter will stop functioning – unless you get a new license +file from us each year. diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trial.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trial.md new file mode 100644 index 0000000000..3b7942d0f8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trial.md @@ -0,0 +1,10 @@ +--- +title: "How does Trial mode for Endpoint Policy Manager Group Policy Compliance Reporter work?" +description: "How does Trial mode for Endpoint Policy Manager Group Policy Compliance Reporter work?" +sidebar_position: 70 +--- + +# How does Trial mode for Endpoint Policy Manager Group Policy Compliance Reporter work? + +See this +article: [What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/trueup.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trueup.md similarity index 90% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/license/trueup.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trueup.md index 4b66e9dead..c339e6a432 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/trueup.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trueup.md @@ -1,3 +1,9 @@ +--- +title: "What is \"Truing Up\" for On-Premise products?" +description: "What is \"Truing Up\" for On-Premise products?" +sidebar_position: 100 +--- + # What is "Truing Up" for On-Premise products? In the previous example, you started with 3,000 machines and grew to 3,300 machines. That's great – diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/types.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/types.md similarity index 84% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/license/types.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/types.md index 85affe6832..9ed72f2d61 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/license/types.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/types.md @@ -1,3 +1,9 @@ +--- +title: "What kinds of licenses are there for Endpoint Policy Manager Group Policy Compliance Reporter?" +description: "What kinds of licenses are there for Endpoint Policy Manager Group Policy Compliance Reporter?" +sidebar_position: 20 +--- + # What kinds of licenses are there for Endpoint Policy Manager Group Policy Compliance Reporter? You can use Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy Compliance Reporter @@ -13,7 +19,7 @@ If you rename a computer to have COMPUTER in the name, then that is a Trial Lice that this type is for testing only and is Not Recommended for production roll-out. More about Trial License is in this KB: -[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) +[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) The software is contained within the standard BITS download from the portal. You simply set it up as seen in the Endpoint Policy Manager Group Policy Compliance diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/userlimit.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/userlimit.md new file mode 100644 index 0000000000..4d272269d1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/userlimit.md @@ -0,0 +1,12 @@ +--- +title: "How many people can use Endpoint Policy Manager Group Policy Compliance Reporter?" +description: "How many people can use Endpoint Policy Manager Group Policy Compliance Reporter?" +sidebar_position: 30 +--- + +# How many people can use Endpoint Policy Manager Group Policy Compliance Reporter? + +Unlimited Administrators may use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Group +Policy Compliance Reporter console. + +You only pay for endpoints to report data. diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/deliveryreports.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/deliveryreports.md similarity index 86% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/deliveryreports.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/deliveryreports.md index 99871f07be..f7c9ce34e4 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/deliveryreports.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/deliveryreports.md @@ -1,3 +1,9 @@ +--- +title: "Do I need the Group Policy Compliance Reporter product if I use Endpoint Policy ManagerCloud or Endpoint Policy Manager MDM? (Or, how do I get delivery reports for Group Policy, Cloud or MDM directives?)" +description: "Do I need the Group Policy Compliance Reporter product if I use Endpoint Policy ManagerCloud or Endpoint Policy Manager MDM? (Or, how do I get delivery reports for Group Policy, Cloud or MDM directives?)" +sidebar_position: 20 +--- + # Do I need the Group Policy Compliance Reporter product if I use Endpoint Policy ManagerCloud or Endpoint Policy Manager MDM? (Or, how do I get delivery reports for Group Policy, Cloud or MDM directives?) As a review… The Group Policy Compliance Reporter (PPGPCR) tells you when your on-prem Group Policy @@ -30,7 +36,7 @@ Policy Compliance reporter? When you acquire a Endpoint Policy Manager Cloud license, you can get directives from Endpoint Policy Manager Cloud -or- Group Policy (or both.) -[[Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash?](/docs/endpointpolicymanager/tips/onpremisecloud.md)] +[[Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/onpremisecloud.md)] As such, you might want to deliver some settings via Endpoint Policy Manager Cloud and other settings using Group diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/install.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/install.md new file mode 100644 index 0000000000..b9c4852ee8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/install.md @@ -0,0 +1,204 @@ +--- +title: "Installing and Configuring Endpoint Policy Manager GPCR for use with SQL Server using SQL Authentication" +description: "Installing and Configuring Endpoint Policy Manager GPCR for use with SQL Server using SQL Authentication" +sidebar_position: 40 +--- + +# Installing and Configuring Endpoint Policy Manager GPCR for use with SQL Server using SQL Authentication + +This document will step through preparing for and installing the GPCR server and Admin Client +software, and assumes MS SQL Server is installed on a separate, accessible server, using default +settings. + +## Configuring Active Directory + +Set who is allowed to access the GPCR client and what computers will have their data collected. + +**Step 1 –** Create a security group in the domain (e.g. GPCR Admin) and populate it with and +administrators that require access to the GPCR client (admin console) + +**Step 2 –** Create a security group in the domain (e.g. GPCR Computers) and populate it with +individual computers or other computer groups (e.g. Domain Computers) that will participate the +compliance reporting. + +## Configuring SQL Server + +### Set server Authentication + +Authentication must be set to allow both SQL and windows authentication + +**Step 1 –** Open "Microsoft SQL Server Management Studio" and connect to your server instance + +**Step 2 –** Right-click on SQL server instance and click "Properties" + +**Step 3 –** On the Server Properties page click on the "Security" tab and set the Server +authentication to "SQL Server and Windows Authentication" + +![673_1_image-20200430140138-1](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_1_image-20200430140138-1.webp) + +**Step 4 –** Click OK to Close + +**Step 5 –** If changed, restart MSSQLSERVER service + +### Create DB Admin + +Create an administrative SQL account within SSMS to own and access the GPCR database. + +**Step 1 –** Expand "Security", right-click "Logins" and select "New Login" + +**Step 2 –** On General tab + +1. Set Login name, e.g. "GPCR_DBAdmin" +2. Select radio button "SQL Server authentication" and set password +3. Uncheck "Enforce password policy" + + ![673_3_image-20200430140138-2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_3_image-20200430140138-2.webp) + +**Step 3 –** Click on "Server Roles" tab and select "public" and "sysadmin" roles + +![673_5_image-20200430140138-3](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_5_image-20200430140138-3.webp) + +**Step 4 –** Save and close + +### Create Empty DB + +GPCR requires an empty SQL database be present during the installation + +**Step 1 –** In Microsoft SSMS, right-click on "Databases" and select "New Database" + +![673_7_image-20200430140138-4_471x171](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_7_image-20200430140138-4_471x171.webp) + +**Step 2 –** Enter name for database (e.g. GPCR) + +**Step 3 –** Set Owner as DB admin created earlier (GPCR_DBAdmin in example) + +**Step 4 –** Place DB and log files where desired, if different from default + +**Step 5 –** Save and close + +## Ensuring Connectivity + +Ensure communication is open between GPCR Client and SQL server + +### Enable DTC + +The following is run on both the Netwrix Endpoint Policy Manager (formerly PolicyPak) GPCR Client +computer (Where the Admin Console is installed) and the remote SQL Server + +**Step 1 –** Open Component Services + +1. Open the "run" box (Win-R), type `"dcomcnfg"` and click OK + +![673_9_image-20200430140138-5](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_3_image-20200327172830-3.webp) + +**Step 2 –** Expand Console Root -> Component Services -> Computers -> My Computer -> Distributed +Transaction Coordinator, Right-Click on Local DTC and click Properties + +![673_11_image-20200430140138-6](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_5_image-20200327172830-4.webp) + +**Step 3 –** On the Security tab -> Security Settings and Configure as follows: + +1. Check "Network DTC Access" +2. Check "Allow Inbound" and "Allow Outbound" +3. Select "No Authentication Required" +4. Check "Enable SNA LU 6.2 Transactions" +5. Click OK + + ![673_13_image-20200430140138-7](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_7_image-20200327172830-5.webp) + +**Step 4 –** The MSDTC service will need to be restarted for the changes to take affect – Click YES +to restart now or NO to restart manually later. + +### Enable Firewall Rules + +Enable DTC through the firewall on both Endpoint Policy Manager GPCR Server and the remote SQL +Server + +**Step 1 –** Open the Windows Defender Firewall + +**Step 2 –** Click on "Allow an app or feature through Windows Defender Firewall" + +![673_15_image-20200430140138-8](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_9_image-20200327172830-6.webp) + +**Step 3 –** Find "Distributed Transaction Coordinator", check and check the appropriate Network +profile (e.g. Domain). + +![673_17_image-20200430140138-9](/img/product_docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/669_11_image-20200327172830-7.webp) + +**Step 4 –** Click OK to save and close + +## Installing GPCR + +When installing GPCR, download the latest bits from Endpoint Policy Manager. It is our +recommendation that when downloading the latest software version, to grab "everything" (latest bits +plus Paks, manuals and guidance). They can be found at +[https://portal.endpointpolicymanager.com/downloads/everything](https://portal.endpointpolicymanager.com/downloads/everything) + +### GPCR Server + +These steps assume that this is the first time GPCR has been installed. If previously installed, you +will also be prompted to choose between the previously configured database and admin group, and the +setting new values for each. + +**Step 1 –** In the downloaded ISO or ZIP, open "Endpoint Policy Manager Group Policy Compliance +Reporter" folder and run Endpoint Policy Manager GP Compliance Reporter (Server).msi + +**Step 2 –** Click "Next >" through first screen + +**Step 3 –** GPCR requires that Server and client (admin console) be at version 20.3.2366.420 at +minimum. select "Yes, I confirm" and "Next >" to continue + +**Step 4 –** Accept agreement and "Next >" to continue + +**Step 5 –** Change installation or just click "Next >" to accept default (recommended) and continue + +**Step 6 –** Click "Change" and find domain security group created earlier (GPCR Admin in example) +and click "Next >" + +![673_19_image-20200430140138-10](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_19_image-20200430140138-10.webp) + +**Step 7 –** Select "Microsoft SQL Server and "Next >" + +![673_21_image-20200430140138-11](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_21_image-20200430140138-11.webp) + +**Step 8 –** Configure Connection to SQL Server + +1. Server = Hostname or IP address of SQL server +2. Uncheck "Trusted Connection …" +3. Type in Username and password of SQL account created earlier +4. Click "Refresh" to get list of Databases on SQL server and select empty DB created earlier +5. Next > + + ![673_23_image-20200430140138-12](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/673_23_image-20200430140138-12.webp) + +**Step 9 –** Install -> click yes if prompted for \*.msi + +### GPCR Client + +The GPCR Client (Admin Console) can be installed on any computer. It is recommended that it be +installed on the computer that is used for Group Policy Administration. + +**NOTE:** The client itself is not licensed and thereby can be installed on as many computers as +required. + +**Step 1 –** In the downloaded ISO or ZIP, open "Endpoint Policy Manager Group Policy Compliance +Reporter" folder and run Endpoint Policy Manager GP Compliance Reporter (Admin Console).msi + +**Step 2 –** Click "Next >" through first screen + +**Step 3 –** GPCR requires that Server and client (admin console) be at version 20.3.2366.420 or +higher. Select "Yes, I confirm" and "Next >" to continue + +**Step 4 –** Accept agreement and "Next >" to continue + +**Step 5 –** Change installation or just click "Next >" to accept default (recommended) and continue + +**Step 6 –** Select desired application shortcuts and click "Next >" + +**Step 7 –** Install -> click yes if prompted for \*.msi + +### GPCR General configuration + +For information on completing the GPCR configuration wizard, setting up Auditing and Licensing, and +for general usage, please refer to the manual. In addition, review the KB video +[Installing Compliance Reporter Server and Client](/docs/endpointpolicymanager/video/gpocompilancereporter/install.md) diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/scenarios.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/scenarios.md similarity index 94% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/scenarios.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/scenarios.md index beb789f8dd..b06260b29e 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/scenarios.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/scenarios.md @@ -1,3 +1,9 @@ +--- +title: "What scenarios is PPGPCR not well suited for today?" +description: "What scenarios is PPGPCR not well suited for today?" +sidebar_position: 10 +--- + # What scenarios is PPGPCR not well suited for today? PPGPCR works excellently under most scenarios and conditions. That being said, PPGPCR is not well diff --git a/docs/endpointpolicymanager/requirements/gpocompilancereporter/sqlserver.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/sqlserver.md similarity index 93% rename from docs/endpointpolicymanager/requirements/gpocompilancereporter/sqlserver.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/sqlserver.md index b506be83ee..970c587e3a 100644 --- a/docs/endpointpolicymanager/requirements/gpocompilancereporter/sqlserver.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/sqlserver.md @@ -1,3 +1,9 @@ +--- +title: "What are the storage requirements when using PPGPCR with SQL server?" +description: "What are the storage requirements when using PPGPCR with SQL server?" +sidebar_position: 30 +--- + # What are the storage requirements when using PPGPCR with SQL server? There are two ways to consume storage with PPGPCR. diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..1bfa1397cb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/knowledgebase.md @@ -0,0 +1,41 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Endpoint Policy Manager GP Compliance Reporter. + +## Getting Started + +- [What scenarios is PPGPCR not well suited for today?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/scenarios.md) +- [Do I need the Group Policy Compliance Reporter product if I use Endpoint Policy ManagerCloud or Endpoint Policy Manager MDM? (Or, how do I get delivery reports for Group Policy, Cloud or MDM directives?)](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/deliveryreports.md) +- [What are the storage requirements when using PPGPCR with SQL server?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/sqlserver.md) +- [Installing and Configuring Endpoint Policy Manager GPCR for use with SQL Server using SQL Authentication](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettingstarted/install.md) + +## Getting Licensed + +- [Is Endpoint Policy Manager Group Policy Compliance Reporter licensed on a per-user basis or a per-computer basis?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/basis.md) +- [What kinds of licenses are there for Endpoint Policy Manager Group Policy Compliance Reporter?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/types.md) +- [How many people can use Endpoint Policy Manager Group Policy Compliance Reporter?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/userlimit.md) +- [I want to generate Compliance reports on Microsoft GP Preferences/Admin Templates and/or Security Settings. Which license do I need?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/compliancereports.md) +- [Can I share Compliance Reports, tests and history across my team?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/shareacrossteam.md) +- [What's the difference between Pull Mode, Push Mode and Standalone and Server components in the Group Policy Compliance Reporter?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/difference.md) +- [How does Trial mode for Endpoint Policy Manager Group Policy Compliance Reporter work?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trial.md) +- [Is there a minimum purchase for Endpoint Policy Manager Group Policy Compliance Reporter?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/minimum.md) +- [What happens if I try to use Endpoint Policy ManagerGroup Policy Compliance Reporter in unlicensed places? What happens if the Endpoint Policy Manager Group Policy Compliance Reporter license expires?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/expire.md) +- [What is "Truing Up" for On-Premise products?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/trueup.md) +- [What if I don't run the license tool to "True-Up" my Endpoint Policy Manager Group Policy Compliance Reporter every year?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/tool.md) +- [What if I pay for multiple years of Endpoint Policy Manager Group Policy Compliance Reporter in advance?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/gettinglicensed/multiyear.md) + +## Troubleshooting + +- [How can I use Group Policy Compliance Reporter with multiple domains?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/domainmultiple.md) +- [What Server-side items should I send to Tech Support if asked?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/serverside.md) +- [What does "Unsupported item" mean in PPGPCR reports and tests?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/unsupporteditem.md) +- [GPCR Snapshot fails with error "System.InvalidOperationException" when using a remote SQL server and one is a clone of the other](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexception.md) +- [When using a remote SQL Server, GPCR Snapshot fails with error "System.InvalidOperationException" and "MSDTC has been disabled" in Debug log](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexceptionmsdtc.md) +- [When does the Auditor process send up events to the server?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/processauditor.md) +- [How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/logenhanced.md) diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..09e2a51e2d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/domainmultiple.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/domainmultiple.md new file mode 100644 index 0000000000..b1ec2e6480 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/domainmultiple.md @@ -0,0 +1,114 @@ +--- +title: "How can I use Group Policy Compliance Reporter with multiple domains?" +description: "How can I use Group Policy Compliance Reporter with multiple domains?" +sidebar_position: 10 +--- + +# How can I use Group Policy Compliance Reporter with multiple domains? + +First – make sure you have GPCR implemented in the primary domain correctly. + +## Group Policy Compliance Reporter Implementation + +**Step 1 –** Make sure you have the latest download of Compliance Reporter, which you should have if +you recently downloaded the BITS from the portal + +**Step 2 –** Pick a server where you want to run Compliance Reporter + +**Step 3 –** Work through this video to install Compliance Reporter + +- [Installing Compliance Reporter Server and Client](/docs/endpointpolicymanager/video/gpocompilancereporter/install.md) + +**Step 4 –** Work through this video to setup Compliance Reporter and for machines to report in +(this is the Server version) + +- [Setting up Client-less Endpoint Auditing (Push Mode with Server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepush.md) + +## From within the videos above, here is a summary of some important steps: + +Preparatory Steps (before installing GPCR) + +**Step 1 –** Determine the AD Computer security group to be used + +1. Used for 2 Purposes + + - for Server to Accept RSOP uploads + - for ILT on the Scheduled Task GPO (optional) + +**Step 2 –** Confirm that a shortname will work for Auditor path, recommend FQDN + +1. Ie. Are you using DNS Suffix Search Lists in the primary domain and in other domains such that a + shortname will resolve into its FQDN correctly +2. In most cases, its safer to use the FQDN of the GPCR server + +**Step 3 –** Will we have access to Create GPO from Server or do we need to export + +1. Ie. Will the account that the admin/engineer is logged into while using GPCR have + access/permissions to create GPO's + +**Step 4 –** Recommended to Import `ADMX` files (for troubleshooting, further configuration, +logging, etc.) + +1. We have some Netwrix Endpoint Policy Manager (formerly PolicyPak) ADMX templates and among those + are several settings specific to GPCR that allows for enabling additional logging and managing + when and how often RSOP checkins occur +2. Recommend to have those imported to the domain Central Store of all domains to be available if + needed + +**Step 5 –** Understand pros and cons of doing all computers or just selections from certain sites +that are representative of the site and its population (and how the AD group plays into that) + +1. In domains that have a few hundred to a low thousand and are all well connected in large + locations, it is often ok to deploy the scheduled task GPO to all machines for all to check in +2. However for larger domains, and also when remote sites might be less well connected, having lower + bandwidth, its recommended to identify segments of computers to be "representatives" of their + population. That is, choose some number at a location to receive the GPO and be the + representatives of what machines at that location are receiving. + - This cuts down on bandwidth used and load on the server +3. The AD group created earlier can be used, by only having those computers desired as members. + +## Overall Server Setup Steps (detailed in videos links above) + +**Step 1 –** Install Server piece + +- This is a Windows Service + +**Step 2 –** Install Server Console + +- Often on same server as server service, but could be another server as well + +**Step 3 –** Configure Server settings via Console + +1. Will need the AD Group created for this step +2. Will need the server name (shortname or FQDN) for this step +3. Will need to be able to create a GPO or export and import later for this step + +![758_1_image-20200130171300-1_950x485](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/758_1_image-20200130171300-1_950x485.webp) + +## Enabling Other Domains to connect to GPCR + +**Step 1 –** Now that you have the server up and running in the primary domain, the following steps +are needed in each additional domain. + +**Step 2 –** Copy the GPO you created (during step 3 above configuring server) from Domain 1 to +Domain 2 and deploy it there + +1. Do a GPO Backup from Domain 1 +2. Copy the Backup folder to a server on Domain 2 +3. Restore GPO to Domain 2 +4. This article describes the general process of backing up and restoring GPO's, specifically in the + "About Backup and Import (between domains)" section - + [https://www.endpointpolicymanager.com/pp-blog/backing-up-your-gpos-with-and-without-policypak-data-dont-get-burned](https://www.endpointpolicymanager.com/pp-blog/backing-up-your-gpos-with-and-without-policypak-data-dont-get-burned) + +**Step 3 –** Create an AD group with the SAME NAME as the AD Group in Domain 1 + +**Step 4 –** Add computers in Domain 2 to the new Domain 2 AD Group + +### NOTE – Why a Group in each Domain is Required + +- Currently GPCR cannot innumerate members of a Domain Local group that are not in the same domain. + Even with a two way forest trust in place +- Therefore the workaround as noted above is to create the corresponding local domain group of the + same name as the primary GPCR domain + + ![758_3_image-20200130171300-2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/758_3_image-20200130171300-2.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/logenhanced.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/logenhanced.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/logenhanced.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/logenhanced.md index 524c3ebe6c..bf11c30c61 100644 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/logenhanced.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/logenhanced.md @@ -1,3 +1,9 @@ +--- +title: "How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?" +description: "How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?" +sidebar_position: 70 +--- + # How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so? If asked by Netwrix Endpoint Policy Manager (formerly PolicyPak) Support to turn on enhanced diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/processauditor.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/processauditor.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/processauditor.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/processauditor.md index e27779b45c..2bdab3f5d8 100644 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/processauditor.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/processauditor.md @@ -1,3 +1,9 @@ +--- +title: "When does the Auditor process send up events to the server?" +description: "When does the Auditor process send up events to the server?" +sidebar_position: 60 +--- + # When does the Auditor process send up events to the server? So the ` Auditor.exe` process is kicked off via a scheduled task based upon specific Group Policy diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/serverside.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/serverside.md new file mode 100644 index 0000000000..981cd5f5dc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/serverside.md @@ -0,0 +1,12 @@ +--- +title: "What Server-side items should I send to Tech Support if asked?" +description: "What Server-side items should I send to Tech Support if asked?" +sidebar_position: 20 +--- + +# What Server-side items should I send to Tech Support if asked? + +The PPGPCR Server contents are in the following folder. Please ZIP the folder and send to us if +requested. + +**NOTE:** You do not need to STOP the PPGPCR Server service first. diff --git a/docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexception.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexception.md similarity index 83% rename from docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexception.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexception.md index dc8eb70119..b770c879fe 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexception.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexception.md @@ -1,3 +1,9 @@ +--- +title: "GPCR Snapshot fails with error \"System.InvalidOperationException\" when using a remote SQL server and one is a clone of the other" +description: "GPCR Snapshot fails with error \"System.InvalidOperationException\" when using a remote SQL server and one is a clone of the other" +sidebar_position: 40 +--- + # GPCR Snapshot fails with error "System.InvalidOperationException" when using a remote SQL server and one is a clone of the other When using a remote SQL server as the database for Netwrix Endpoint Policy Manager (formerly @@ -15,7 +21,7 @@ The MSDTC transaction manager was unable to pull the transaction from the source ``` To enable diagnostic logging, follow the directions in the article -[How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?](/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/logenhanced.md)g-for-ppgpcr-server-if-asked/ +[How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/logenhanced.md)g-for-ppgpcr-server-if-asked/ The resulting GPCR Server log can be found in: `C:\ProgramData\PolicyPak\PolicyPak Group Policy Compliance Reporter Server\Diagnostics` diff --git a/docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexceptionmsdtc.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexceptionmsdtc.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexceptionmsdtc.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexceptionmsdtc.md index e0dee2d85d..e891edc3c2 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/gpocompilancereporter/systeminvalidoperationexceptionmsdtc.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/systeminvalidoperationexceptionmsdtc.md @@ -1,3 +1,9 @@ +--- +title: "When using a remote SQL Server, GPCR Snapshot fails with error \"System.InvalidOperationException\" and \"MSDTC has been disabled\" in Debug log" +description: "When using a remote SQL Server, GPCR Snapshot fails with error \"System.InvalidOperationException\" and \"MSDTC has been disabled\" in Debug log" +sidebar_position: 50 +--- + # When using a remote SQL Server, GPCR Snapshot fails with error "System.InvalidOperationException" and "MSDTC has been disabled" in Debug log When using a remote SQL as the database for Netwrix Endpoint Policy Manager (formerly PolicyPak) @@ -14,7 +20,7 @@ tool.` ---> System.Runtime.InteropServices.COMException`: The transaction manage support for remote/network transactions. (Exception from HRESULT: 0x8004D024) To enable diagnostic logging, follow the directions in the article -[How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?](/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/logenhanced.md) +[How do I turn on enhanced logging for Endpoint Policy Manager Group Policy Compliance Reporter if asked to do so?](/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/logenhanced.md) The resulting GPCR Server log can be found in: `C:\ProgramData\PolicyPak\PolicyPak Group Policy Compliance Reporter Server\Diagnostics` diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/unsupporteditem.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/unsupporteditem.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/unsupporteditem.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/unsupporteditem.md index ac463c5953..bf5dc01c69 100644 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/unsupporteditem.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/knowledgebase/troubleshooting/unsupporteditem.md @@ -1,3 +1,9 @@ +--- +title: "What does \"Unsupported item\" mean in PPGPCR reports and tests?" +description: "What does \"Unsupported item\" mean in PPGPCR reports and tests?" +sidebar_position: 30 +--- + # What does "Unsupported item" mean in PPGPCR reports and tests? PPGPCR can report upon many items. But PPGPCR cannot report on every data type contained within a diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..f402df76f1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/troubleshooting/_category_.json new file mode 100644 index 0000000000..0ee716333e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/usingendpointpolicym/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/usingendpointpolicym/_category_.json new file mode 100644 index 0000000000..bb8443979e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/usingendpointpolicym/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Using Endpoint Policy Manager Group Policy Compliance Reporter", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..37f3e2e02f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/videolearningcenter.md @@ -0,0 +1,33 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Endpoint Policy Manager GP Compliance Reporter. + +## What does it do, and why do I need it? + +- [2 Minute Quick Overview for Managers](/docs/endpointpolicymanager/video/gpocompilancereporter/overviewmanager.md) +- [7 Minute Technical Overview for IT Pros](/docs/endpointpolicymanager/video/gpocompilancereporter/overviewtechnical.md) +- [Standalone Mode](/docs/endpointpolicymanager/video/gpocompilancereporter/modestandalone.md) +- [Server Mode](/docs/endpointpolicymanager/video/gpocompilancereporter/modeserver.md) + +## Getting Started + +- [Installing Compliance Reporter Server and Client](/docs/endpointpolicymanager/video/gpocompilancereporter/install.md) +- [Using Pull Mode (with or without PPGPCR server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepull.md) +- [Setting up Client-less Endpoint Auditing (Push Mode with Server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepush.md) +- [Enhanced Security for Server](/docs/endpointpolicymanager/video/gpocompilancereporter/securityenhanced.md) + +## Using Endpoint Policy Manager Group Policy Compliance Reporter + +- [Endpoint Policy Manager GP Compliance Reporter: Using an Existing GPO as a test](/docs/endpointpolicymanager/video/gpocompilancereporter/existinggpos.md) +- [Take existing GPOs and quickly bring them into PPGPCR (and keep them updated)](/docs/endpointpolicymanager/video/gpocompilancereporter/importgpos.md) +- [Import STIG files to make your applications more secure](/docs/endpointpolicymanager/video/gpocompilancereporter/importstig.md) + +## Troubleshooting + +- [Open required firewall ports](/docs/endpointpolicymanager/video/gpocompilancereporter/firewallports.md) diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/whatdoesitdoandwhydo/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/whatdoesitdoandwhydo/_category_.json new file mode 100644 index 0000000000..d4b636352d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicymanage/videolearningcenter/whatdoesitdoandwhydo/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "What Does It Do And Why Do I Need It", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/_category_.json new file mode 100644 index 0000000000..dec388d336 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Endpoint Policy RDP Manager", + "position": 180, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/_category_.json new file mode 100644 index 0000000000..8a826b99da --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/_category_.json b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/_category_.json new file mode 100644 index 0000000000..fc90d7d6e9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Remote Work And VDI Scenarios", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/cloud.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/cloud.md new file mode 100644 index 0000000000..597c1955a2 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/cloud.md @@ -0,0 +1,13 @@ +--- +title: "Create and update .RDP files for end-users using Endpoint Policy Manager Cloud Edition" +description: "Create and update .RDP files for end-users using Endpoint Policy Manager Cloud Edition" +sidebar_position: 20 +--- + +# Create and update .RDP files for end-users using Endpoint Policy Manager Cloud Edition + +How do you create an RDP file on the desktop? You could just "copy it there" but then it's not kept +up to date if a user changes it. Welcome Endpoint Policy Manager RDP Manager. Endpoint Policy +Manager RDP Manager enables you to deliver .RDP files using the Endpoint Policy Manager Cloud +Edition and dictate connections as YOU want them defined. Don't leave it up to end users--you set it +for them! diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/itemleveltargeting.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/itemleveltargeting.md new file mode 100644 index 0000000000..8beaaa32e6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/itemleveltargeting.md @@ -0,0 +1,10 @@ +--- +title: "Use Item Level Targeting to Deliver Targeted .RDP Files" +description: "Use Item Level Targeting to Deliver Targeted .RDP Files" +sidebar_position: 40 +--- + +# Use Item Level Targeting to Deliver Targeted .RDP Files + +Deliver unique RDP sessions to multiple users, machines, security groups and more using Netwrix +Endpoint Policy Manager (formerly PolicyPak)'s RDP Manager and Item Level Targeting! diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/mdm.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/mdm.md new file mode 100644 index 0000000000..3fba52897a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/mdm.md @@ -0,0 +1,12 @@ +--- +title: "Create and update .RDP files for end-users using Endpoint Policy Manager MDM Edition" +description: "Create and update .RDP files for end-users using Endpoint Policy Manager MDM Edition" +sidebar_position: 30 +--- + +# Create and update .RDP files for end-users using Endpoint Policy Manager MDM Edition + +How do you create an RDP file on the desktop? You could just "copy it there" but then it's not kept +up to date if a user changes it. Welcome Endpoint Policy Manager RDP Manager. Endpoint Policy +Manager RDP manager enables you to deliver .RDP files and dictate connections as YOU want them +defined. Don't leave it up to end users-- you set it for them! diff --git a/docs/endpointpolicymanager/video/remotedesktopprotocol/vdiscenarios.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/vdiscenarios.md similarity index 97% rename from docs/endpointpolicymanager/video/remotedesktopprotocol/vdiscenarios.md rename to docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/vdiscenarios.md index c9f7f7b370..502ba2f232 100644 --- a/docs/endpointpolicymanager/video/remotedesktopprotocol/vdiscenarios.md +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/vdiscenarios.md @@ -1,3 +1,9 @@ +--- +title: "Create and update .RDP files for end-users for Remote Work and VDI scenarios" +description: "Create and update .RDP files for end-users for Remote Work and VDI scenarios" +sidebar_position: 10 +--- + # Create and update .RDP files for end-users for Remote Work and VDI scenarios How do you create an RDP file on the desktop? You could just "copy it there" but then it's not kept diff --git a/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..c32d54fc76 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/videolearningcenter.md @@ -0,0 +1,16 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 10 +--- + +# Video Learning Center + +See the following Video topics for Endpoint Policy Manager RDP Manager. + +## Remote Work and VDI Scenarios + +- [Create and update .RDP files for end-users for Remote Work and VDI scenarios](/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/vdiscenarios.md) +- [Create and update .RDP files for end-users using Endpoint Policy Manager Cloud Edition](/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/cloud.md) +- [Create and update .RDP files for end-users using Endpoint Policy Manager MDM Edition](/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/mdm.md) +- [Use Item Level Targeting to Deliver Targeted .RDP Files](/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/itemleveltargeting.md) diff --git a/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/_category_.json b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/_category_.json new file mode 100644 index 0000000000..c806e4220c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Feature Manager For Windows", + "position": 160, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..9e8de7bf9d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/knowledgebase.md @@ -0,0 +1,13 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Feature Manager for Windows. + +## Troubleshooting + +- [Endpoint Policy Feature Manager for Windows doesn't appear to be working and we're getting error code 0x800f0954. What can I try?](/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/troubleshooting/code0x800f0954.md) diff --git a/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..51f22c0d00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/error/feature/code0x800f0954.md b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/troubleshooting/code0x800f0954.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/error/feature/code0x800f0954.md rename to docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/troubleshooting/code0x800f0954.md index 6ba4f6fd50..66eaf4ac71 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/feature/code0x800f0954.md +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/knowledgebase/troubleshooting/code0x800f0954.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Feature Manager for Windows doesn't appear to be working and we're getting error code 0x800f0954. What can I try?" +description: "Endpoint Policy Feature Manager for Windows doesn't appear to be working and we're getting error code 0x800f0954. What can I try?" +sidebar_position: 10 +--- + # Endpoint Policy Feature Manager for Windows doesn't appear to be working and we're getting error code 0x800f0954. What can I try? Underneath the hood …PPFMW is calling the DISM command. diff --git a/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/allvideos/_category_.json b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/allvideos/_category_.json new file mode 100644 index 0000000000..a91d46f556 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/allvideos/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "All Videos", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..f46ed849c7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/featuremanagerforwin/videolearningcenter/videolearningcenter.md @@ -0,0 +1,16 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Scripts and Feature Manager for Windows. + +## All Videos + +- [Feature Manager For Windows](/docs/endpointpolicymanager/video/feature/windows.md) +- [Feature Manager For Windows Servers](/docs/endpointpolicymanager/video/feature/windowsservers.md) +- [Feature Manager for Windows + Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/feature/cloud.md) +- [Feature Manager for Windows + MDM](/docs/endpointpolicymanager/video/feature/mdm.md) diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/_category_.json new file mode 100644 index 0000000000..487a5961d7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "File Associations Manager", + "position": 80, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..a6ccf81b36 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/knowledgebase.md @@ -0,0 +1,23 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for File Associations Manager. + +## Troubleshooting + +- [Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultbrowser.md) +- [How does PP File Associations Manager merge between GPOs and/or Collections?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/gpos.md) +- [What happens if I use MDT, or in-box Group Policy or MDM to set OEMDefaultAssociations.XML BEFORE Endpoint Policy Manager File Associations Manager ?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/oemdefaultassociations.md) +- [Why is Browser Router's "Default Browser" or File Associations Manager's configuration not working when I also have a Default Associations Configuration file?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultassociationsconfiguration.md) +- [How do I revert to "Legacy File Associations Methods & Features" if directed (especially for LTSB/LTSC)?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/legacy.md) + +## Tips and Tricks + +- [How can I make Cortana and other web searches to use system default browser instead of Microsoft Edge?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/cortana.md) +- [How can I associate .HTM files with a specific browser, like Internet Explorer?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/specificbrowser.md) +- [How can I open images with Windows Photo Viewer?](/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/windowsphotoviewer.md) diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/_category_.json new file mode 100644 index 0000000000..a6d7d9b805 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/cortana.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/cortana.md similarity index 75% rename from docs/endpointpolicymanager/troubleshooting/fileassociations/cortana.md rename to docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/cortana.md index 2f0e1e1697..e3b47d0637 100644 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/cortana.md +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/cortana.md @@ -1,3 +1,9 @@ +--- +title: "How can I make Cortana and other web searches to use system default browser instead of Microsoft Edge?" +description: "How can I make Cortana and other web searches to use system default browser instead of Microsoft Edge?" +sidebar_position: 10 +--- + # How can I make Cortana and other web searches to use system default browser instead of Microsoft Edge? Microsoft created a protocol that masks the URLs so that they can be opened in Microsoft Edge in @@ -12,7 +18,7 @@ How to solve it? You will need to install EdgeDeflector before you can send search queries from Cortana to the default browser, set through Endpoint Policy Manager software. More -info: [What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/browserrouter/defaultbrowser/defined.md) +info: [What is meant by "Default Browser" within Endpoint Policy Manager Browser router?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/tipsandtricks/defined.md) Then set the Policy for PPFAM as shown in the following screenshot: diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/specificbrowser.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/specificbrowser.md new file mode 100644 index 0000000000..7092c56b77 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/specificbrowser.md @@ -0,0 +1,19 @@ +--- +title: "How can I associate .HTM files with a specific browser, like Internet Explorer?" +description: "How can I associate .HTM files with a specific browser, like Internet Explorer?" +sidebar_position: 20 +--- + +# How can I associate .HTM files with a specific browser, like Internet Explorer? + +You can use Netwrix Endpoint Policy Manager (formerly PolicyPak) File Associations Manager to +associate a .HTM file with IE like this. + +However, doing this WILL NOT route URLs. + +So if you set PPFAM association HTM -> IE and click to some .HTM file in Windows File Explorer (or +open it in some third party program) it will be opened with IE. + +But note that if you type a URL into, say, the Firefox or Chrome address bar (or follow some +hyperlink) to navigate to `file://server/site.htm`, it will stay in the same browser and not +magically open in IE. diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/windowsphotoviewer.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/windowsphotoviewer.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/fileassociations/windowsphotoviewer.md rename to docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/windowsphotoviewer.md index f26f2c9252..20e000891b 100644 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/windowsphotoviewer.md +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/tipsandtricks/windowsphotoviewer.md @@ -1,3 +1,9 @@ +--- +title: "How can I open images with Windows Photo Viewer?" +description: "How can I open images with Windows Photo Viewer?" +sidebar_position: 30 +--- + # How can I open images with Windows Photo Viewer? Picture this: you have a VDI environment where no Windows Universal/Metro apps are installed, but diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..51f22c0d00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/defaultassociationsconfiguration.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultassociationsconfiguration.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/fileassociations/defaultassociationsconfiguration.md rename to docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultassociationsconfiguration.md index fc1167cc8b..f5e4ac2a2a 100644 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/defaultassociationsconfiguration.md +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultassociationsconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Why is Browser Router's \"Default Browser\" or File Associations Manager's configuration not working when I also have a Default Associations Configuration file?" +description: "Why is Browser Router's \"Default Browser\" or File Associations Manager's configuration not working when I also have a Default Associations Configuration file?" +sidebar_position: 40 +--- + # Why is Browser Router's "Default Browser" or File Associations Manager's configuration not working when I also have a Default Associations Configuration file? If you're using Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router -OR- you're diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultbrowser.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultbrowser.md new file mode 100644 index 0000000000..fd199320cc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/defaultbrowser.md @@ -0,0 +1,13 @@ +--- +title: "Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?" +description: "Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?" +sidebar_position: 10 +--- + +# Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser? + +Since File Associations Manager handles protocol associations as well as file type associations, it +may be tempting to map http or https to a particular browser as a way of enforcing a default +browser. That will work until Browser Router has any rules at all in that component, and then +Browser Router takes over. If you want to set a default browser, use Browser Router instead of File +Associations Manager. diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/gpos.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/gpos.md new file mode 100644 index 0000000000..da10d7b561 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/gpos.md @@ -0,0 +1,24 @@ +--- +title: "How does PP File Associations Manager merge between GPOs and/or Collections?" +description: "How does PP File Associations Manager merge between GPOs and/or Collections?" +sidebar_position: 20 +--- + +# How does PP File Associations Manager merge between GPOs and/or Collections? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) File Associations Manager works particularly +well, because instead of having one flat file which everyone must use and agree upon, it allows the +use to distribute the directives across Endpoint Policy Manager Collections or GPOs. + +For example, if you have 2 GPOs (or Collections): + +**Step 1 –** GPO1 / Collection1: .`txt -> Notepad.exe`, .`log -> Notepad.exe` + +**Step 2 –** GPO2 / Colleciton2: .`txt -> Sublime.exe`, .`cfg -> Sublime.exe` + +and assuming GPO 2 is processed last based upon natural GP precedence, then you get the following +resulting association list: + +- .`txt -> Sublime.exe`, (Because GPO2 wins in the conflict.) +- .`log-> Notepad.exe`, (Because there are no conflicts.) +- `.cfg -> Sublime.exe` (Because there are no conflicts.) diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/legacy.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/legacy.md new file mode 100644 index 0000000000..3be22213a1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/legacy.md @@ -0,0 +1,45 @@ +--- +title: "How do I revert to \"Legacy File Associations Methods & Features\" if directed (especially for LTSB/LTSC)?" +description: "How do I revert to \"Legacy File Associations Methods & Features\" if directed (especially for LTSB/LTSC)?" +sidebar_position: 50 +--- + +# How do I revert to "Legacy File Associations Methods & Features" if directed (especially for LTSB/LTSC)? + +If you are having a problem with Netwrix Endpoint Policy Manager (formerly PolicyPak) File +Associations Manager (PPFAM) not working as expected, you may be asked by tech support to "Revert to +Legacy File Assoc Method & Features". + +This might be required if you are attempting to use Endpoint Policy Manager File Associations +Manager on an older version of Windows 10, say, LTSB or LTSC. You can still get Endpoint Policy +Manager File Associations Manager to work, but you must utilize the Legacy behavior. + +First, be sure you are eligible to use this function by copying the latest Endpoint Policy Manager +ADMX files to your Central Store or using Endpoint Policy Manager Cloud. + +Directions for Central Store: +[Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md) + +Directions for Endpoint Policy Manager Cloud (if they are not already pre-placed there): +[PolicyPak Cloud: Upload and use your own ADMX files to PolicyPak Cloud](/docs/endpointpolicymanager/video/cloud/admxfiles.md) + +Then, the setting you should use if directed by support is entitled: + +`Computer Configuration | Policies | Admin Templates | PolicyPak ADMX Settings | Client-side Extensions | File Associations Manager | Revert to Legacy File Assoc Method & Features` +and set to Enabled to return back to the legacy behavior. + +![837_1_image-20201027212337-3](/img/product_docs/endpointpolicymanager/troubleshooting/fileassociations/837_1_image-20201027212337-3.webp) + +## What does "Revert to Legacy File Assoc Method & Features" mean? + +By establishing to use Legacy File Assoc Method & Features the following occurs: + +- Endpoint Policy Manager File Associations Manager policies will ONLY apply on the COMPUTER side. + + **NOTE:** The MMC and/or Cloud editors cannot know you've enabled this setting; and as such + those editors will still work, but the CSE will then ignore the USER side directives. + +- Endpoint Policy Manager File Associations Manager policies can only take effect on DOMAIN JOINED + machines. +- Endpoint Policy Manager File Associations Manager policies can only take effect when you log out + and back in. diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/oemdefaultassociations.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/oemdefaultassociations.md new file mode 100644 index 0000000000..ea4ed5a77f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/knowledgebase/troubleshooting/oemdefaultassociations.md @@ -0,0 +1,22 @@ +--- +title: "What happens if I use MDT, or in-box Group Policy or MDM to set OEMDefaultAssociations.XML BEFORE Endpoint Policy Manager File Associations Manager ?" +description: "What happens if I use MDT, or in-box Group Policy or MDM to set OEMDefaultAssociations.XML BEFORE Endpoint Policy Manager File Associations Manager ?" +sidebar_position: 30 +--- + +# What happens if I use MDT, or in-box Group Policy or MDM to set OEMDefaultAssociations.XML BEFORE Endpoint Policy Manager File Associations Manager ? + +If you attempt to: + +- Pre-set the file associations in the image or +- Set using Group Policy via the "Set a default associations configuration file" or +- Attempt to set it using MDM… + +Then that method will win over Endpoint Policy Manager File Associations Manager, and you will not +get the Endpoint Policy Manager File Associations Manager benefits. + +Therefore, use only Endpoint Policy Manager File Associations Manager and not the above methods to +achieve File Associations goals. Remove any in-box Group Policy settings, etc, which are attempting +to set File Associations and use only Endpoint Policy Manager to do it. + +![660_1_faq4-img1](/img/product_docs/endpointpolicymanager/fileassociations/660_1_faq4-img1.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/methodscloudmdmsccmp/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/methodscloudmdmsccmp/_category_.json new file mode 100644 index 0000000000..7bdacf3b44 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/methodscloudmdmsccmp/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods Cloud MDM SCCM PDQ Etc", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/tipsandtricks/_category_.json new file mode 100644 index 0000000000..ec873edc2f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..a2746a9735 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/fileassociationsmana/videolearningcenter/videolearningcenter.md @@ -0,0 +1,35 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +For more information on File Associations Manager see the following videos. + +## Getting Started + +- [Endpoint Policy Manager File Associations Manager: Manage Windows 10 & 11 File Associations](/docs/endpointpolicymanager/video/fileassociations/windows10.md) +- [Endpoint Policy Manager File Associations Manager: Apply once (and drift)](/docs/endpointpolicymanager/video/fileassociations/applyonce.md) +- [Associate Programs to Universal Windows Apps (Metro Apps)](/docs/endpointpolicymanager/video/fileassociations/universalwindowsapps.md) +- [Manage all File Associations with the PPFAM Wizard](/docs/endpointpolicymanager/video/fileassociations/wizard.md) +- [Endpoint Policy Manager File Associations Manager: Use our preconfigured advice](/docs/endpointpolicymanager/video/fileassociations/preconfiguredadvice.md) + +## Methods: Cloud, MDM, SCCM, PDQ, etc. + +- [Managing File Associations with an MDM service](/docs/endpointpolicymanager/video/fileassociations/mdm.md) +- [Endpoint Policy Manager Cloud: Managing File Assocations](/docs/endpointpolicymanager/video/fileassociations/cloud.md) +- [Setting Default File Associations with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/fileassociations/pdqdeploy.md) +- [Using File Association Manager in the Endpoint Policy Manager Cloud environment](/docs/endpointpolicymanager/video/fileassociations/cloudusage.md) + +## Tips and Tricks + +- [Force IE to use Adobe Reader for PDFs](/docs/endpointpolicymanager/video/fileassociations/adobereader.md) +- [Endpoint Policy Manager: How to get mailto: to open in Office 365](/docs/endpointpolicymanager/video/fileassociations/mailto.md) +- [Windows 10 File Associations: Set, Change and Remove Easily](/docs/endpointpolicymanager/video/fileassociations/windows10modify.md) +- [File Associations Manager Helper Tool](/docs/endpointpolicymanager/video/fileassociations/helpertool.md) +- [Endpoint Policy Manager File Associations Manager: Understanding the First Login](/docs/endpointpolicymanager/video/fileassociations/firstlogin.md) +- [Endpoint Policy Manager File Associations Manager: Helper Application](/docs/endpointpolicymanager/video/fileassociations/helperapplication.md) +- [Endpoint Policy Manager File Associations Trick: Acro Reader AND Writer](/docs/endpointpolicymanager/video/fileassociations/acroreader.md) +- [Endpoint Policy Manager File Associations: Don't ask questions (even when you did it right)](/docs/endpointpolicymanager/video/fileassociations/windows10questions.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/_category_.json new file mode 100644 index 0000000000..c072aa1a5d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started With Cloud", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/_category_.json new file mode 100644 index 0000000000..1aba3e88d3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Client Tips Tricks And FAQs", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/integration/azurevirutaldesktop.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md similarity index 97% rename from docs/endpointpolicymanager/integration/azurevirutaldesktop.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md index 73265163b5..f478f2e282 100644 --- a/docs/endpointpolicymanager/integration/azurevirutaldesktop.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md @@ -1,3 +1,9 @@ +--- +title: "How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image" +description: "How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image" +sidebar_position: 100 +--- + # How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image The goal of this article is to define the steps needed to install the Netwrix Endpoint Policy diff --git a/docs/endpointpolicymanager/install/cloud/clientsilent.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/clientsilent.md similarity index 88% rename from docs/endpointpolicymanager/install/cloud/clientsilent.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/clientsilent.md index 78df95cea2..d08d972053 100644 --- a/docs/endpointpolicymanager/install/cloud/clientsilent.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/clientsilent.md @@ -1,3 +1,9 @@ +--- +title: "How do I deploy the Endpoint Policy Manager Cloud Client via command line silently?" +description: "How do I deploy the Endpoint Policy Manager Cloud Client via command line silently?" +sidebar_position: 120 +--- + # How do I deploy the Endpoint Policy Manager Cloud Client via command line silently? The Command line is an easy way to deploy the Netwrix Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/cloud/policy/edit.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/edit.md similarity index 84% rename from docs/endpointpolicymanager/cloud/policy/edit.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/edit.md index c9351c0733..d84e760fe3 100644 --- a/docs/endpointpolicymanager/cloud/policy/edit.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/edit.md @@ -1,3 +1,9 @@ +--- +title: "What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)" +description: "What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)" +sidebar_position: 10 +--- + # What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?) The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Policy Editor allows you to create diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/groups.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/groups.md new file mode 100644 index 0000000000..2fb75f8d26 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/groups.md @@ -0,0 +1,18 @@ +--- +title: "How can I move a computer from one Endpoint Policy Manager Cloud group to another via command line?" +description: "How can I move a computer from one Endpoint Policy Manager Cloud group to another via command line?" +sidebar_position: 150 +--- + +# How can I move a computer from one Endpoint Policy Manager Cloud group to another via command line? + +The syntax for the command is `ppcloud /move /jointoken:"**********************"` + +This must be run from an elevated command prompt. + +Information on creating jointokens: + +- Manual: + [https://helpcenter.netwrix.com/bundle/endpointpolicymanager_AppendixE/page/Tools.html](https://helpcenter.netwrix.com/bundle/endpointpolicymanager_AppendixE/page/Tools.html) and +- Video: + [Endpoint Policy Manager Cloud: Automatically Join Groups with JOINTOKEN](/docs/endpointpolicymanager/video/cloud/jointoken.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/printers.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/printers.md new file mode 100644 index 0000000000..4e3db740d8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/printers.md @@ -0,0 +1,31 @@ +--- +title: "Printers won't come back once removed by user" +description: "Printers won't come back once removed by user" +sidebar_position: 80 +--- + +# Printers won't come back once removed by user + +What should you do when Printers won't come back when someone removes it from a managed computer? + +## Summary: + +You're using Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud (PPC) Preference object to +deploy TCP/IP printers and it is working fine until someone removes that printer. You waited for +default PPC refresh, tried with running `"ppcloud /sync" `and log off and log back in and even tried +a reboot, but the required printer won't come back. + +## Reason: + +PPC doesn't see any update in a destination computer's object so it will not execute the next step, +which is to install the Printer. You need to do a little change -nothing configuration related- in +that Printer's PPC + +Pref Object. It will enable the destination computer to identify the change for that object in the +cloud and sync it locally. Then PPC will be able to install that Printer back on the computer. + +## Workaround: + +We've edited the value for Printer's location in the PPC Pref Object. + +![747_1_front-desk-retry](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/747_1_front-desk-retry.webp) diff --git a/docs/endpointpolicymanager/cloud/security/publickeypoliciessettings.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/publickeypoliciessettings.md similarity index 84% rename from docs/endpointpolicymanager/cloud/security/publickeypoliciessettings.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/publickeypoliciessettings.md index a37387ca7e..b7ccd82c67 100644 --- a/docs/endpointpolicymanager/cloud/security/publickeypoliciessettings.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/publickeypoliciessettings.md @@ -1,3 +1,9 @@ +--- +title: "How do I configure Security Settings | Public Key Policies using Endpoint Policy Manager Cloud?" +description: "How do I configure Security Settings | Public Key Policies using Endpoint Policy Manager Cloud?" +sidebar_position: 70 +--- + # How do I configure Security Settings | Public Key Policies using Endpoint Policy Manager Cloud? Below is an example of how you can configure Security Settings. You start by creating a real GPO: diff --git a/docs/endpointpolicymanager/cloud/remoteworkdeliverymanager.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/remoteworkdeliverymanager.md similarity index 95% rename from docs/endpointpolicymanager/cloud/remoteworkdeliverymanager.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/remoteworkdeliverymanager.md index deb3abb791..0ebb5f1618 100644 --- a/docs/endpointpolicymanager/cloud/remoteworkdeliverymanager.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/remoteworkdeliverymanager.md @@ -1,3 +1,9 @@ +--- +title: "How to use Remote Work Delivery Manager to apply Firewall policies" +description: "How to use Remote Work Delivery Manager to apply Firewall policies" +sidebar_position: 30 +--- + # How to use Remote Work Delivery Manager to apply Firewall policies **Step 1 –** Using a Windows 10 computer configure the Firewall Rules as desired. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/removeendpoint.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/removeendpoint.md new file mode 100644 index 0000000000..5c21a85118 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/removeendpoint.md @@ -0,0 +1,13 @@ +--- +title: "If I want to totally stop using Endpoint Policy ManagerCloud on an endpoint, how would I remove the Endpoint Policy Manager Cloud client pieces remotely?" +description: "If I want to totally stop using Endpoint Policy ManagerCloud on an endpoint, how would I remove the Endpoint Policy Manager Cloud client pieces remotely?" +sidebar_position: 40 +--- + +# If I want to totally stop using Endpoint Policy ManagerCloud on an endpoint, how would I remove the Endpoint Policy Manager Cloud client pieces remotely? + +If you use Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud UI and use the **Delete +permanently** command, the next time the Cloud Client syncs to the Cloud Service all cloud pieces +(Cloud agent and Cloud CSE) are physically removed from the endpoint automatically. + +![588_1_image001](/img/product_docs/endpointpolicymanager/install/cloud/588_1_image001.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/syncfrequency.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/syncfrequency.md new file mode 100644 index 0000000000..9f6533a516 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/syncfrequency.md @@ -0,0 +1,12 @@ +--- +title: "When does Endpoint Policy Managersync to Endpoint Policy Manager Cloud?" +description: "When does Endpoint Policy Managersync to Endpoint Policy Manager Cloud?" +sidebar_position: 60 +--- + +# When does Endpoint Policy Managersync to Endpoint Policy Manager Cloud? + +The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client will sync once an hour after +the computer starts. + +If a computer started at 2:22, the next sync will be at 3:22. diff --git a/docs/endpointpolicymanager/cloud/targetingeditor.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/targetingeditor.md similarity index 96% rename from docs/endpointpolicymanager/cloud/targetingeditor.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/targetingeditor.md index 8c34abfc8d..95c1387427 100644 --- a/docs/endpointpolicymanager/cloud/targetingeditor.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/targetingeditor.md @@ -1,3 +1,9 @@ +--- +title: "Using Targeting Editor in Endpoint Policy Manager Cloud Settings" +description: "Using Targeting Editor in Endpoint Policy Manager Cloud Settings" +sidebar_position: 90 +--- + # Using Targeting Editor in Endpoint Policy Manager Cloud Settings How can I target a User or a Group membership with Netwrix Endpoint Policy Manager (formerly diff --git a/docs/endpointpolicymanager/cloud/policy/type.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/type.md similarity index 91% rename from docs/endpointpolicymanager/cloud/policy/type.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/type.md index 8e33ed369e..72a21b68c3 100644 --- a/docs/endpointpolicymanager/cloud/policy/type.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/type.md @@ -1,3 +1,9 @@ +--- +title: "Are Endpoint Policy Manager Cloud policies processed on User or Computer side (and why do I only sometimes see User or Computer side ILT?)" +description: "Are Endpoint Policy Manager Cloud policies processed on User or Computer side (and why do I only sometimes see User or Computer side ILT?)" +sidebar_position: 140 +--- + # Are Endpoint Policy Manager Cloud policies processed on User or Computer side (and why do I only sometimes see User or Computer side ILT?) There are really two levels of Policy type in Netwrix Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/cloud/unlink.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/unlink.md similarity index 77% rename from docs/endpointpolicymanager/cloud/unlink.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/unlink.md index 4d2fdd8752..8740ae044d 100644 --- a/docs/endpointpolicymanager/cloud/unlink.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/unlink.md @@ -1,3 +1,9 @@ +--- +title: "How to remove (unlink) all Example policies at once from the All-Built-in Group" +description: "How to remove (unlink) all Example policies at once from the All-Built-in Group" +sidebar_position: 20 +--- + # How to remove (unlink) all Example policies at once from the All-Built-in Group ![799_1_image-20201230211039-1](/img/product_docs/endpointpolicymanager/cloud/799_1_image-20201230211039-1.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/updatefrequency.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/updatefrequency.md new file mode 100644 index 0000000000..a137c94509 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/updatefrequency.md @@ -0,0 +1,12 @@ +--- +title: "How often does the Endpoint Policy Manager cloud client pull down new or updated directives?" +description: "How often does the Endpoint Policy Manager cloud client pull down new or updated directives?" +sidebar_position: 50 +--- + +# How often does the Endpoint Policy Manager cloud client pull down new or updated directives? + +The Netwrix Endpoint Policy Manager (formerly PolicyPak) cloud client pulls down new or updated +directives every 60 minutes while the computer is on. + +You can also run the `PPUPDATE` command or `PPCLOUD /SYNC` which will force an update now. diff --git a/docs/endpointpolicymanager/integration/vdisolutions.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/vdisolutions.md similarity index 96% rename from docs/endpointpolicymanager/integration/vdisolutions.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/vdisolutions.md index e82059b1cc..9baf8106f2 100644 --- a/docs/endpointpolicymanager/integration/vdisolutions.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/vdisolutions.md @@ -1,3 +1,9 @@ +--- +title: "How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon" +description: "How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon" +sidebar_position: 110 +--- + # How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon The end goal is to install the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud (PPC) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/version.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/version.md new file mode 100644 index 0000000000..0e663a2533 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/version.md @@ -0,0 +1,17 @@ +--- +title: "How to find which PPCloud Client version & CSE version a registered computer is running from within the Endpoint Policy Manager Cloud portal" +description: "How to find which PPCloud Client version & CSE version a registered computer is running from within the Endpoint Policy Manager Cloud portal" +sidebar_position: 160 +--- + +# How to find which PPCloud Client version & CSE version a registered computer is running from within the Endpoint Policy Manager Cloud portal + +![975_1_image-20230526004959-1_950x398](/img/product_docs/endpointpolicymanager/cloud/975_1_image-20230526004959-1_950x398.webp) + +**Step 1 –** Login to the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Portal and +select the **Company Details** tab. + +**Step 2 –** Select the **Computer list** report. + +**Step 3 –** View the PPC Client Version and PPC CSE version columns in the **Computer list** +report, filter the columns if needed. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/_category_.json new file mode 100644 index 0000000000..99d4a80942 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Client Troubleshooting", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/autoupdates.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/autoupdates.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/cloud/autoupdates.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/autoupdates.md index 95a0e972a5..3771eda773 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/autoupdates.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/autoupdates.md @@ -1,3 +1,9 @@ +--- +title: "My cloud client lost it's join to Endpoint Policy Manager Cloud , and a re-install of the cloud MSI I previously downloaded isn't working / re-syncing. What should I do?" +description: "My cloud client lost it's join to Endpoint Policy Manager Cloud , and a re-install of the cloud MSI I previously downloaded isn't working / re-syncing. What should I do?" +sidebar_position: 110 +--- + # My cloud client lost it's join to Endpoint Policy Manager Cloud , and a re-install of the cloud MSI I previously downloaded isn't working / re-syncing. What should I do? Starting Sep 1, 2017 we updated the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/ciscoanyconnect.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/ciscoanyconnect.md new file mode 100644 index 0000000000..3924dbf043 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/ciscoanyconnect.md @@ -0,0 +1,22 @@ +--- +title: "I'm using Cisco Anyconnect and all the computers I register via Endpoint Policy Manager Cloud are being overwritten. Why is this and what can I do?" +description: "I'm using Cisco Anyconnect and all the computers I register via Endpoint Policy Manager Cloud are being overwritten. Why is this and what can I do?" +sidebar_position: 100 +--- + +# I'm using Cisco Anyconnect and all the computers I register via Endpoint Policy Manager Cloud are being overwritten. Why is this and what can I do? + +When you use Cisco AnyConnect, the same MAC address is used for all the computers you register +Specifically it will use (00-05-9A-3C-7A-00). + ([https://forum.networklessons.com/t/cisco-asa-anyconnect-remote-access-vpn/833/41?page=3](https://forum.networklessons.com/t/cisco-asa-anyconnect-remote-access-vpn/833/41?page=3) as +you can see in that link.) + +The result is that Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud will match the +existing record and overwrite. + +The workaround is to use Endpoint Policy Manager Cloud in Loose to match on UUID only (not MAC) as +seen below. + +This is dump MAC as a matching criteria and use only UUID which is somewhat less aggressive. + +![817_1_image001_950x578](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/integration/817_1_image001_950x578.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/clientsideextension.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/clientsideextension.md new file mode 100644 index 0000000000..0eb39778a7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/clientsideextension.md @@ -0,0 +1,76 @@ +--- +title: "When rolling out Endpoint Policy Manager Cloud, the Client Side Extension does not get installed with the Cloud Client on initial rollout" +description: "When rolling out Endpoint Policy Manager Cloud, the Client Side Extension does not get installed with the Cloud Client on initial rollout" +sidebar_position: 170 +--- + +# When rolling out Endpoint Policy Manager Cloud, the Client Side Extension does not get installed with the Cloud Client on initial rollout + +When rolling out a new installation of the Netwrix Endpoint Policy Manager (formerly PolicyPak) +cloud endpoint software, the CSE may not get installed following the manual installation of the +Cloud Client software. Any further attempts to re-install the Cloud Client have the same results. + +## Reason + +One reason for this issue is a corrupt, incomplete, or otherwise malformed MSI of the Client Side +Extension (CSE) cached on the client system. The file being present prevents it from re-downloading. +The file being malformed prevents it from installing. + +## Verification + +Review cached CSE installation file + +**Step 1 –** In Windows Explorer, browse to folder +"`C:\ProgramData\PolicyPak\Downloaded Installations\PolicyPak ClientSide Extension\xx.xx.xxxx"` +(where xx.xx.xxxx represents the version of CSE being installed) + +**Step 2 –** Compare size of file "Endpoint Policy Manager ClientSide Extension, xx.xx.xxxx.msi" to +the same file on other computers + +**NOTE:** The Install`*.log` file will only be approximately 6 KB instead of Usual 900+ KB + +- There will sometimes be multiple logs files for each attempt + +![608_1_image-20201029193618-1](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/install/608_1_image-20201029193618-1.webp) + +## Resolution + +To resolve this scenario: + +### Option 1: + +Delete the malformed file and re-run the installation + +**Step 1 –** Delete the malformed MSI +`(C:\ProgramData\PolicyPak\Downloaded Installations\PolicyPak ClientSide Extension\xx.xx.xxxx\ PolicyPak Client-Side Extension, xx.xx.xxxx.msi"` + +**Step 2 –** Uninstall the "Endpoint Policy Manager Cloud Client" + +![608_2_image-20201029193618-2](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/install/608_2_image-20201029193618-2.webp) + +**Step 3 –** Rerun the installation of the Cloud Client + +**Step 4 –** Verify both Cloud Client and Client Side Extension are installed + +### Option 2: + +Manually install the Client Side Extension. + +Download the CSE from the Endpoint Policy Manager Portal + +**Step 1 –** Browse to the portal and sign in + +- [https://portal.endpointpolicymanager.com](https://portal.endpointpolicymanager.com) + +**Step 2 –** On the Home page, download the "Latest Bits" in the form of either a ZIP or ISO file + +![608_3_image-20201029193618-3](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/install/608_3_image-20201029193618-3.webp) + +- Follow the prompts to complete the download. + +**Step 3 –** Once downloaded, open or mount the file, open the "Client Side Extension (CSE)" folder +and copy out the "Endpoint Policy Manager Client Side Extension x??.msi" + +**Step 4 –** Run the new MSI to install the CSE + +**NOTE:** Can be run from anywhere, does not have to be in the cached install folder above diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/expired.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/expired.md new file mode 100644 index 0000000000..2259373a69 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/expired.md @@ -0,0 +1,18 @@ +--- +title: "Endpoint Policy Manager Cloud shows \"The license certificate has expired\". Why is this?" +description: "Endpoint Policy Manager Cloud shows \"The license certificate has expired\". Why is this?" +sidebar_position: 130 +--- + +# Endpoint Policy Manager Cloud shows "The license certificate has expired". Why is this? + +If you see this when running ppcloud command, this means that this machine WAS getting a license, +but you have now over-subscribed your account. + +This computer then transitions to the WAITING LIST and can pick up a new license if one becomes +available. + +To learn more about the WAITING LIST, +[Endpoint Policy Manager Cloud Client: Why are computers appearing in WAITING LIST and how can I fix it?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/waitinglist.md). + +![308_1_jhhj](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/308_1_jhhj.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/grouppolicyeditors.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/grouppolicyeditors.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/cloud/grouppolicyeditors.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/grouppolicyeditors.md index d5df3f2649..4711c7d5aa 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/grouppolicyeditors.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/grouppolicyeditors.md @@ -1,3 +1,9 @@ +--- +title: "How can I see the result of Endpoint Policy Manager Cloud inside the Group Policy Editors?" +description: "How can I see the result of Endpoint Policy Manager Cloud inside the Group Policy Editors?" +sidebar_position: 10 +--- + # How can I see the result of Endpoint Policy Manager Cloud inside the Group Policy Editors? When a computer is joined to a domain, you can check the values on a machine using GPresult /R and diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/install/incomplete.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/incomplete.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/cloud/install/incomplete.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/incomplete.md index 1828fc8b20..cd9b020d5c 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/install/incomplete.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/incomplete.md @@ -1,3 +1,9 @@ +--- +title: "My Endpoint Policy Manager Cloud Client or Client Side Extension isn't completing the installation; How do I fix it?" +description: "My Endpoint Policy Manager Cloud Client or Client Side Extension isn't completing the installation; How do I fix it?" +sidebar_position: 220 +--- + # My Endpoint Policy Manager Cloud Client or Client Side Extension isn't completing the installation; How do I fix it? If you find that when installing or updating the either the Cloud Client (PPC Client) or Client Side @@ -78,5 +84,5 @@ September or October 2023. __NOTE:__ If you have a slow connection on the endpoint, the CSE can be downloaded from our customer portal and pre-installed. Please refer to the following KB article -> -[How can I best install Endpoint Policy Manager Cloud for remote clients over a slow link/internet connection?](/docs/endpointpolicymanager/install/cloud/slowinternet.md) +[How can I best install Endpoint Policy Manager Cloud for remote clients over a slow link/internet connection?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/slowinternet.md) ```` diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/invalidcertificate.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/invalidcertificate.md new file mode 100644 index 0000000000..19b4678d90 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/invalidcertificate.md @@ -0,0 +1,10 @@ +--- +title: "What is the Endpoint Policy Manager Cloud client installation error \"The remote certificate is invalid according to the validation procedure.\"" +description: "What is the Endpoint Policy Manager Cloud client installation error \"The remote certificate is invalid according to the validation procedure.\"" +sidebar_position: 160 +--- + +# What is the Endpoint Policy Manager Cloud client installation error "The remote certificate is invalid according to the validation procedure." + +One customer reported that this was because of a missing SonicWall certificate. Check for this or +something similar on your configuration. diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/outage.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/outage.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/cloud/outage.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/outage.md index a2d2c2e612..5a18d785ee 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/outage.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/outage.md @@ -1,3 +1,9 @@ +--- +title: "What happens if there is an outage on Endpoint Policy Manager Cloud ?" +description: "What happens if there is an outage on Endpoint Policy Manager Cloud ?" +sidebar_position: 150 +--- + # What happens if there is an outage on Endpoint Policy Manager Cloud ? From time to time, Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud could become @@ -5,7 +11,7 @@ unavailable or "goes down". This is rare, but it can happen. First, to verify and ensure the problem is with the Endpoint Policy Manager Cloud service, and not something on your end, please see the following article -[Troubleshoot communication from the Cloud Client and Cloud Service](/docs/endpointpolicymanager/troubleshooting/cloud/servicecommunication.md) (and +[Troubleshoot communication from the Cloud Client and Cloud Service](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/servicecommunication.md) (and the sub-KB articles at the end). However, if the Endpoint Policy Manager Cloud service itself is down, you might see the following diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyserver.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyserver.md new file mode 100644 index 0000000000..6b162b7a51 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyserver.md @@ -0,0 +1,16 @@ +--- +title: "How must my Proxy Server be configured to allow Endpoint Policy Manager Cloud communication?" +description: "How must my Proxy Server be configured to allow Endpoint Policy Manager Cloud communication?" +sidebar_position: 50 +--- + +# How must my Proxy Server be configured to allow Endpoint Policy Manager Cloud communication? + +The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client communication is always +encrypted end to end. Endpoint Policy Manager cloud will try on port 443 or 80 as necessary. If you +need to configure your Proxy Server to allow communication to specific hosts, you need to set the +following: + +- cloud-agent.endpointpolicymanager.com via HTTPS/443 +- cloud-events.endpointpolicymanager.com via HTTPS/443 +- ppdl.blob.core.windows.net via HTTPS/443 diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/proxyservices.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyservices.md similarity index 80% rename from docs/endpointpolicymanager/troubleshooting/cloud/proxyservices.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyservices.md index 7083ceaa2f..38ec687995 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/proxyservices.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyservices.md @@ -1,3 +1,9 @@ +--- +title: "I always use a proxy and the cloud client cannot seem to make contact with the services (see FAQ Item #3 above first.) What else can I try?" +description: "I always use a proxy and the cloud client cannot seem to make contact with the services (see FAQ Item #3 above first.) What else can I try?" +sidebar_position: 70 +--- + # I always use a proxy and the cloud client cannot seem to make contact with the services (see FAQ Item #3 above first.) What else can I try? The Netwrix Endpoint Policy Manager (formerly PolicyPak) cloud service is running as Local Service. diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/registrationlimit.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationlimit.md similarity index 86% rename from docs/endpointpolicymanager/troubleshooting/cloud/registrationlimit.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationlimit.md index afe33fb95e..7427cb7852 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/registrationlimit.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationlimit.md @@ -1,3 +1,9 @@ +--- +title: "Understanding and working within Endpoint Policy Manager Clouds Computer registration limit." +description: "Understanding and working within Endpoint Policy Manager Clouds Computer registration limit." +sidebar_position: 210 +--- + # Understanding and working within Endpoint Policy Manager Clouds Computer registration limit. The maximum number of computers you can register per hour with Netwrix Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/registrationmode.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationmode.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/cloud/registrationmode.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationmode.md index 4a2186a3d6..b689a71920 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/registrationmode.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationmode.md @@ -1,3 +1,9 @@ +--- +title: "Why do I see duplicate computer entries in Endpoint Policy Manager Cloud (Or, what is Loose, Strict and Advanced Registration)?" +description: "Why do I see duplicate computer entries in Endpoint Policy Manager Cloud (Or, what is Loose, Strict and Advanced Registration)?" +sidebar_position: 180 +--- + # Why do I see duplicate computer entries in Endpoint Policy Manager Cloud (Or, what is Loose, Strict and Advanced Registration)? If Netwrix Endpoint Policy Manager (formerly PolicyPak) is uninstalled while the endpoint is diff --git a/docs/endpointpolicymanager/troubleshooting/error/cloud/securitytoken.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/securitytoken.md similarity index 75% rename from docs/endpointpolicymanager/troubleshooting/error/cloud/securitytoken.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/securitytoken.md index bd5d09150e..e41b4ab3ce 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/cloud/securitytoken.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/securitytoken.md @@ -1,3 +1,9 @@ +--- +title: "I get the message \"At least one security token in the message could not be validated\" during PPCloud client installation. How do I work around this?" +description: "I get the message \"At least one security token in the message could not be validated\" during PPCloud client installation. How do I work around this?" +sidebar_position: 80 +--- + # I get the message "At least one security token in the message could not be validated" during PPCloud client installation. How do I work around this? During Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client installation you might get diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/servicecommunication.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/servicecommunication.md similarity index 86% rename from docs/endpointpolicymanager/troubleshooting/cloud/servicecommunication.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/servicecommunication.md index 627e88d390..bbc36791da 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/servicecommunication.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/servicecommunication.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshoot communication from the Cloud Client and Cloud Service" +description: "Troubleshoot communication from the Cloud Client and Cloud Service" +sidebar_position: 20 +--- + # Troubleshoot communication from the Cloud Client and Cloud Service To test the connection between the client and service, start by entering the @@ -44,10 +50,10 @@ Additional Considerations - If the connection fails, that could mean there is some kind of proxy. To configure the proxy for the system, see the - [I always use a proxy and the cloud client cannot seem to make contact with the services (see FAQ Item #3 above first.) What else can I try?](/docs/endpointpolicymanager/troubleshooting/cloud/proxyservices.md) topic + [I always use a proxy and the cloud client cannot seem to make contact with the services (see FAQ Item #3 above first.) What else can I try?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyservices.md) topic for additional information. - If the connection passes, that could mean the Date and Time are wrong on the machine. First manually try to correct the date and time. Then run `PPCLOUD /SYNC` command and see if it succeeds. If that still fails to work, see the - [I am getting an error about "GPSVC failed at sign-in". This error occurs exactly one time. What does this mean?](/docs/endpointpolicymanager/troubleshooting/error/gpsvcfailed.md) topic + [I am getting an error about "GPSVC failed at sign-in". This error occurs exactly one time. What does this mean?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/gpsvcfailed.md) topic for additional information on alternative time fix instructions. diff --git a/docs/endpointpolicymanager/troubleshooting/error/cloud/sync.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/sync.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/error/cloud/sync.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/sync.md index 2493f29afb..a2890c16b6 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/cloud/sync.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/sync.md @@ -1,3 +1,9 @@ +--- +title: "How to resolve error message \"Could not sync with cloud…\" caused by disabling TLS 1.0" +description: "How to resolve error message \"Could not sync with cloud…\" caused by disabling TLS 1.0" +sidebar_position: 60 +--- + # How to resolve error message "Could not sync with cloud…" caused by disabling TLS 1.0 If you disable TLS 1.0 on your Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Client diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/syncfail.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/syncfail.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/cloud/syncfail.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/syncfail.md index 5a2d90a635..646bb55ac5 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/syncfail.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/syncfail.md @@ -1,3 +1,9 @@ +--- +title: "How can I see if an Endpoint Policy Manager Cloud joined computer is syncing in the background, even if PPCLOUD /Sync appears to fail?" +description: "How can I see if an Endpoint Policy Manager Cloud joined computer is syncing in the background, even if PPCLOUD /Sync appears to fail?" +sidebar_position: 30 +--- + # How can I see if an Endpoint Policy Manager Cloud joined computer is syncing in the background, even if PPCLOUD /Sync appears to fail? Right now, we realize the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Service is diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/transition.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/transition.md new file mode 100644 index 0000000000..f4dfb14a57 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/transition.md @@ -0,0 +1,27 @@ +--- +title: "How do I transition from Endpoint Policy ManagerCloud to Endpoint Policy Manager Group Policy Edition?" +description: "How do I transition from Endpoint Policy ManagerCloud to Endpoint Policy Manager Group Policy Edition?" +sidebar_position: 40 +--- + +# How do I transition from Endpoint Policy ManagerCloud to Endpoint Policy Manager Group Policy Edition? + +**Step 1 –** Uninstall the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Client on the +endpoints.  This will MAINTAIN the Endpoint Policy Manager Client Side Extension . + +![585_1_jm-1_900x536](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/585_1_jm-1_900x536.webp) + +**Step 2 –** Leave in place -or- Upgrade to the LATEST Endpoint Policy Manager Client Side Extension +using SCCM or PDQ Deploy Example: +[https://www.endpointpolicymanager.com/video/managing-group-policy-using-Endpoint Policy Manager-and-pdq-deploy.html ](https://www.endpointpolicymanager.com/video/managing-group-policy-using-endpointpolicymanager-and-pdq-deploy.html) + +**Step 3 –** In Endpoint Policy Manager Cloud, you will already have some POLICIES. You can DOWNLOAD +the policies from Endpoint Policy Manager Cloud like this. (see below.) + +**Step 4 –** Then in new GPOs, IMPORT the XML policies to the right node in a Endpoint Policy +Manager on-prem GPO. + +Note that some items might be restricted to COMPUTER or USER side, and may be actively prohibited on +the "wrong" side. For those, you will have to recreate the policies. + +![585_2_jm-2_900x438](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/585_2_jm-2_900x438.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/twofactorauthenticationcode.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/twofactorauthenticationcode.md similarity index 82% rename from docs/endpointpolicymanager/troubleshooting/cloud/twofactorauthenticationcode.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/twofactorauthenticationcode.md index d942ab4a1e..6879091db4 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/twofactorauthenticationcode.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/twofactorauthenticationcode.md @@ -1,3 +1,9 @@ +--- +title: "Two-factor Authentication: You're not receiving code for email-based two-factor authentication" +description: "Two-factor Authentication: You're not receiving code for email-based two-factor authentication" +sidebar_position: 140 +--- + # Two-factor Authentication: You're not receiving code for email-based two-factor authentication We're assuming that you are able to receive emails from other third-party applications or external diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/log/verbose.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/verbose.md similarity index 76% rename from docs/endpointpolicymanager/troubleshooting/cloud/log/verbose.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/verbose.md index 444f714ddc..56d7a54923 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/log/verbose.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/verbose.md @@ -1,3 +1,9 @@ +--- +title: "How to enable verbose MSIEXEC logging for the installation of Endpoint Policy Manager Cloud Client MSI/Client Side Extension MSI?" +description: "How to enable verbose MSIEXEC logging for the installation of Endpoint Policy Manager Cloud Client MSI/Client Side Extension MSI?" +sidebar_position: 200 +--- + # How to enable verbose MSIEXEC logging for the installation of Endpoint Policy Manager Cloud Client MSI/Client Side Extension MSI? Below is the example of using msiexec command to create a verbose installation log file, define its diff --git a/docs/endpointpolicymanager/troubleshooting/error/cloud/verifysecurity.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/verifysecurity.md similarity index 82% rename from docs/endpointpolicymanager/troubleshooting/error/cloud/verifysecurity.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/verifysecurity.md index 5f9a1ba181..985047e93d 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/cloud/verifysecurity.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/verifysecurity.md @@ -1,3 +1,9 @@ +--- +title: "I'm getting an error when installing the cloud client which says \"An error occured when verifying security for the message\"" +description: "I'm getting an error when installing the cloud client which says \"An error occured when verifying security for the message\"" +sidebar_position: 90 +--- + # I'm getting an error when installing the cloud client which says "An error occured when verifying security for the message" Please ensure that the system time on the client system is correct. You can try diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/versions.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/versions.md new file mode 100644 index 0000000000..260ada8394 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/versions.md @@ -0,0 +1,30 @@ +--- +title: "The Incorrect (non-matching) version of PPPUPDATE is installed on a PPC endpoint" +description: "The Incorrect (non-matching) version of PPPUPDATE is installed on a PPC endpoint" +sidebar_position: 190 +--- + +# The Incorrect (non-matching) version of PPPUPDATE is installed on a PPC endpoint + +## PROBLEM: + +When running ` PPUPDATE` on an endpoint that is registered with Netwrix Endpoint Policy Manager +(formerly PolicyPak) Cloud the incorrect version of `PPUPDATE` is shown. The `PPUPDATE `version +displayed does not match the version of the Endpoint Policy Manager Client-Side Extension installed. + +In the screenshots below the CSE version installed is 21.11.2984 but the PPUPDATE version is showing +as 20.1.2317. + +![897_1_image-20220125020029-1](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/897_1_image-20220125020029-1.webp) + +![897_2_image-20220125020029-2](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/897_2_image-20220125020029-2.webp) + +## CAUSE: + +The Endpoint Policy Manager Cloud Client has overwritten the `PPUPDATE` version with an older +version. + +## RESOLUTION: + +Try running a repair on the Endpoint Policy Manager CSE version using Programs and Features, and if +that does not work then reinstall the Endpoint Policy Manager CSE manually to fix the issue. diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/waitinglist.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/waitinglist.md similarity index 86% rename from docs/endpointpolicymanager/troubleshooting/cloud/waitinglist.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/waitinglist.md index f1e478b963..7ef3f35ab8 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/waitinglist.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/waitinglist.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Cloud Client: Why are computers appearing in WAITING LIST and how can I fix it?" +description: "Endpoint Policy Manager Cloud Client: Why are computers appearing in WAITING LIST and how can I fix it?" +sidebar_position: 120 +--- + # Endpoint Policy Manager Cloud Client: Why are computers appearing in WAITING LIST and how can I fix it? The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud WAITING LIST is used to describe TWO diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudlicensing/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudlicensing/_category_.json new file mode 100644 index 0000000000..e38d1fcdfa --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudlicensing/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Cloud Licensing", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudlicensing/usage.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudlicensing/usage.md new file mode 100644 index 0000000000..24395180a3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudlicensing/usage.md @@ -0,0 +1,79 @@ +--- +title: "How is Endpoint Policy Manager Cloud usage counted and calculated toward my True-Up?" +description: "How is Endpoint Policy Manager Cloud usage counted and calculated toward my True-Up?" +sidebar_position: 10 +--- + +# How is Endpoint Policy Manager Cloud usage counted and calculated toward my True-Up? + +If you chose the Netwrix Endpoint Policy Manager (formerly PolicyPak) Enterprise or Endpoint Policy +Manager Enterprise editions, which comes with entitlement to use Endpoint Policy Manager Cloud, then +Endpoint Policy Manager Cloud entitles you to Yearly Post-Pay Licensing. This allows you to install +the Endpoint Policy Manager Cloud client on as many computers as you wish. + +During every month, each day we count number of computers consumed and produce an average across +that billing cycle. + +Every month will have a highest number of computers used on any specific day. The highest number is +used as the monthly highest number. + +For each month in your year, all the Monthly highest numbers are added together, then averaged over +12 months. You will then True up your usage for Endpoint Policy Manager Cloud. + +You will also True up your usage (if any) for any Endpoint Policy Manager use with Active Directory, +SCCM, or MDM. + +Here is an example showing only three months: + +You start with Endpoint Policy Manager Cloud Enterprise Edition on April 15th. + +April: + +- On April 15 you install the Endpoint Policy Manager Cloud Client MSI on 100 computers, and have + thus consumed 100 licenses on Day 1. +- On April 20 you install the Endpoint Policy Manager Cloud Client MSI on 200 more computers and + have consumed 300 licenses total. +- On April 25 you install the Endpoint Policy Manager Cloud Client MSI on 500 more computers and + have consumed 800 licenses total. +- On April 30 you un-install the Endpoint Policy Manager Cloud Client MSI on 100 computers, making + your consumption 700 licenses total. + +Your Monthly Highest number for April is 800. + +May: + +- On May 1 you install the Endpoint Policy Manager Cloud Client MSI on 300 more computers, and have + thus consumed 1000 licenses total. +- On May 20 you install the Endpoint Policy Manager Cloud Client MSI on 200 more computers and have + consumed 1200 licenses total. +- On May 25 you install the Endpoint Policy Manager Cloud Client MSI on 500 more computers and have + consumed 1700 licenses total. +- On May 30 you UN-install the Endpoint Policy Manager Cloud Client MSI on 300 computers, making + your consumption 1500 licenses total. + +Your Monthly Highest number for May is 1700. + +June: + +- On June 1 you UN-install the Endpoint Policy Manager Cloud Client MSI on 1000 computers, reducing + your license count to 700. +- In the remainder of June you neither consumed nor reduced your license usage. + +Your Monthly Highest number for June is 700. + +Then, assuming the Monthly Highest Numbers for each month was something like: + +- April: 800 +- May: 1700 +- June: 700 +- July: 1000 +- August: 1200 +- September: 900 +- October: 1000 +- November: 1500 +- December: 1500 +- January: 1000 +- February: 800 +- March: 900 + +Your average among the Monthly Highest Number would be 1083. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/_category_.json new file mode 100644 index 0000000000..a9778e34e0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Cloud Portal Security", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/add/administrator.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/administrator.md similarity index 91% rename from docs/endpointpolicymanager/cloud/add/administrator.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/administrator.md index a414dd1af2..fc18b06deb 100644 --- a/docs/endpointpolicymanager/cloud/add/administrator.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/administrator.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Cloud Portal - Adding new company admins - Quickstart" +description: "Endpoint Policy Manager Cloud Portal - Adding new company admins - Quickstart" +sidebar_position: 20 +--- + # Endpoint Policy Manager Cloud Portal - Adding new company admins - Quickstart In order to protect the security of your Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud diff --git a/docs/endpointpolicymanager/cloud/security/datasafety.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/datasafety.md similarity index 91% rename from docs/endpointpolicymanager/cloud/security/datasafety.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/datasafety.md index a9cc37c48e..8e0efc85b9 100644 --- a/docs/endpointpolicymanager/cloud/security/datasafety.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/datasafety.md @@ -1,3 +1,9 @@ +--- +title: "What data is stored in Endpoint Policy Manager Cloud, and how is that data safely communicated and stored ?" +description: "What data is stored in Endpoint Policy Manager Cloud, and how is that data safely communicated and stored ?" +sidebar_position: 10 +--- + # What data is stored in Endpoint Policy Manager Cloud, and how is that data safely communicated and stored ? ## What is stored: @@ -42,7 +48,7 @@ endpoint data can be seen at[Endpoint Policy Manager Cloud + PPLPM + Events: Collect Events in the Cloud](/docs/endpointpolicymanager/video/leastprivilege/cloudevents.md) and details about specific event types (for example) can be found here: - [List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/tips/eventcategories.md) + [List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md) #### How is data is stored at rest with Endpoint Policy Manager Cloud: diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportaltroublesh/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportaltroublesh/_category_.json new file mode 100644 index 0000000000..c88f43e08d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportaltroublesh/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Cloud Portal Troubleshooting", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportaltroublesh/entraid.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportaltroublesh/entraid.md new file mode 100644 index 0000000000..6e4915775f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportaltroublesh/entraid.md @@ -0,0 +1,64 @@ +--- +title: "How do I fully reset my Azure AD connection between Azure and Endpoint Policy Manager Cloud to start over?" +description: "How do I fully reset my Azure AD connection between Azure and Endpoint Policy Manager Cloud to start over?" +sidebar_position: 10 +--- + +# How do I fully reset my Azure AD connection between Azure and Endpoint Policy Manager Cloud to start over? + +If you're having issues getting Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud and Azure +sync'd, here is what to try: + +**Step 1 –** First, you need to be logged into your Azure account you're using FOR the configuration +between Endpoint Policy Manager Cloud and Azure. + +**Step 2 –** Navigate to [https://myapps.microsoft.com/](https://myapps.microsoft.com/) + +**Step 3 –** Select "Endpoint Policy Manager Azure AD Connector' application + +**Step 4 –** Click "Manage your application" + +**Step 5 –** Click "Revoke permissions" + +![951_1_image-20230318014644-1_950x496](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_1_image-20230318014644-1_950x496.webp) + +![951_2_image-20230318014644-2_950x298](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_2_image-20230318014644-2_950x298.webp) + +**Step 6 –** Then in PPC Portal: + +- Create Azure AD configuration +- Activate Azure AD configuration +- Sync Azure AD configuration + +![951_3_image-20230318014644-3_950x521](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_3_image-20230318014644-3_950x521.webp) + +If that still doesn't work, you can force Azure to remove the Endpoint Policy Manager application. +The steps from Microsoft are here: + +[https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-application-permissions?pivots=portal](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-application-permissions?pivots=portal) + +You can use a Powershell script and force remove the app and try again. Put the script below into +block #6 as seen here. + +Afterward, back in Endpoint Policy Manager Cloud re-create the connection. + +![951_4_image-20230318014644-4_950x350](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_4_image-20230318014644-4_950x350.webp) + +Connect-AzureAD + +``` +# Get Service Principal using objectId +$sp = Get-AzureADServicePrincipal -ObjectId "d240f374-28e9-4275-8521-110ff55fb61c" +# Get all delegated permissions for the service principal +$spOAuth2PermissionsGrants = Get-AzureADOAuth2PermissionGrant -All $true| Where-Object { $_.clientId -eq $sp.ObjectId } +# Remove all delegated permissions +$spOAuth2PermissionsGrants | ForEach-Object { +    Remove-AzureADOAuth2PermissionGrant -ObjectId $_.ObjectId +} +# Get all application permissions for the service principal +$spApplicationPermissions = Get-AzureADServiceAppRoleAssignedTo -ObjectId $sp.ObjectId -All $true | Where-Object { $_.PrincipalType -eq "ServicePrincipal" } +# Remove all delegated permissions +$spApplicationPermissions | ForEach-Object { +    Remove-AzureADServiceAppRoleAssignment -ObjectId $_.PrincipalId -AppRoleAssignmentId $_.objectId +} +``` diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/_category_.json new file mode 100644 index 0000000000..5343f8773f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Event Collection", + "position": 80, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/eventcollection/childgroups.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/childgroups.md similarity index 79% rename from docs/endpointpolicymanager/cloud/eventcollection/childgroups.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/childgroups.md index baf8bb6738..c313663645 100644 --- a/docs/endpointpolicymanager/cloud/eventcollection/childgroups.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/childgroups.md @@ -1,3 +1,9 @@ +--- +title: "How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?" +description: "How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?" +sidebar_position: 10 +--- + # How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups? The default behavior is that a child group automatically inherits the parent's existing Event diff --git a/docs/endpointpolicymanager/cloud/eventcollection/report.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/report.md similarity index 86% rename from docs/endpointpolicymanager/cloud/eventcollection/report.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/report.md index 71af683c00..f56f3d98f9 100644 --- a/docs/endpointpolicymanager/cloud/eventcollection/report.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/report.md @@ -1,3 +1,9 @@ +--- +title: "How to use Endpoint Policy Manager Cloud Event Collector to Report and generate policies from the events generated" +description: "How to use Endpoint Policy Manager Cloud Event Collector to Report and generate policies from the events generated" +sidebar_position: 30 +--- + # How to use Endpoint Policy Manager Cloud Event Collector to Report and generate policies from the events generated By following this guide, you will be able to generate reports for interesting events from the @@ -37,7 +43,7 @@ The steps are as follows: ![1331_4_7343ac11bad81555a0df4d9b989c7992](/img/product_docs/endpointpolicymanager/cloud/eventcollection/1331_4_7343ac11bad81555a0df4d9b989c7992.webp) **Step 5 –** You can select the drop-down option to select the **Event IDs**. See the -[List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/tips/eventcategories.md) topic for +[List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md) topic for additional information on the event categories and IDs. ![1331_5_1abd34538213d5d2da7bf97cdc936d01](/img/product_docs/endpointpolicymanager/cloud/eventcollection/1331_5_1abd34538213d5d2da7bf97cdc936d01.webp) diff --git a/docs/endpointpolicymanager/cloud/eventcollection/splunk.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/splunk.md similarity index 95% rename from docs/endpointpolicymanager/cloud/eventcollection/splunk.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/splunk.md index 81b8a0e231..ea883f6bda 100644 --- a/docs/endpointpolicymanager/cloud/eventcollection/splunk.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/splunk.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Cloud Event Forwarding to Splunk" +description: "Endpoint Policy Manager Cloud Event Forwarding to Splunk" +sidebar_position: 20 +--- + # Endpoint Policy Manager Cloud Event Forwarding to Splunk Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud customers are entitled to have one day of diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/activedirectory.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/activedirectory.md new file mode 100644 index 0000000000..e402febfac --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/activedirectory.md @@ -0,0 +1,10 @@ +--- +title: "Is there an \"Active Directory Connector\" to map on-prem OUs and Groups to Endpoint Policy Manager Cloud?" +description: "Is there an \"Active Directory Connector\" to map on-prem OUs and Groups to Endpoint Policy Manager Cloud?" +sidebar_position: 50 +--- + +# Is there an "Active Directory Connector" to map on-prem OUs and Groups to Endpoint Policy Manager Cloud? + +No, there is no Active Directory connector. Our feedback is that most companies don't want something +reaching into their Active Directory and causing a security concern. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/client.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/client.md new file mode 100644 index 0000000000..f17c8329c0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/client.md @@ -0,0 +1,28 @@ +--- +title: "When must I use the Endpoint Policy ManagerCloud Client installer versus the on-prem Endpoint Policy Manager CSE?" +description: "When must I use the Endpoint Policy ManagerCloud Client installer versus the on-prem Endpoint Policy Manager CSE?" +sidebar_position: 20 +--- + +# When must I use the Endpoint Policy ManagerCloud Client installer versus the on-prem Endpoint Policy Manager CSE? + +The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Client is the software you download +to enable a machine to join your instance of Endpoint Policy Manager Cloud, claim a license, and +download policies. + +The Endpoint Policy Manager Cloud Client will also download the Endpoint Policy Manager Client Side +Extension to process of the policies. + +When you install the Endpoint Policy Manager cloud client, the CSE is downloaded from the cloud +service automatically at the same time. + +To keep the Endpoint Policy Manager Cloud Client up to date, as well as the Endpoint Policy Manager +Client Side Extension, you need to be proactive. + +Please see this article for keeping things proactive: + +[https://www.endpointpolicymanager.com/resources/pp-blog/using-rings-to-test-and-update-the-policypak-client-side-extension-and-how-to-stay-supported/](https://www.endpointpolicymanager.com/resources/pp-blog/using-rings-to-test-and-update-the-policypak-client-side-extension-and-how-to-stay-supported/) + +This video also has some important information on how to perform updates: + +[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientdomainnondomain.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientdomainnondomain.md new file mode 100644 index 0000000000..f391323259 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientdomainnondomain.md @@ -0,0 +1,13 @@ +--- +title: "Can I use an Endpoint Policy Manager Cloud installer and license for domain-joined and non-domain joined machines?" +description: "Can I use an Endpoint Policy Manager Cloud installer and license for domain-joined and non-domain joined machines?" +sidebar_position: 40 +--- + +# Can I use an Endpoint Policy Manager Cloud installer and license for domain-joined and non-domain joined machines? + +Yes, you can install the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Client for all +Windows machines: non-domain joined and domain joined. That being said, the opposite is not true. +You cannot install the on-prem CSE and have it connect to the cloud service. You need the cloud +client to claim a cloud license, and that can be used for either/both Domain Joined and non-DJ +machines. diff --git a/docs/endpointpolicymanager/install/cloud/clientremote.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientremote.md similarity index 90% rename from docs/endpointpolicymanager/install/cloud/clientremote.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientremote.md index 49e5e97ce2..054bf886bb 100644 --- a/docs/endpointpolicymanager/install/cloud/clientremote.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientremote.md @@ -1,3 +1,9 @@ +--- +title: "What are the ways I can install the Endpoint Policy Manager Cloud Client on Remote Machines?" +description: "What are the ways I can install the Endpoint Policy Manager Cloud Client on Remote Machines?" +sidebar_position: 70 +--- + # What are the ways I can install the Endpoint Policy Manager Cloud Client on Remote Machines? There are a few ways you can get the Cloud Client installed on your endpoints. Netwrix Endpoint diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/cloud.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/cloud.md new file mode 100644 index 0000000000..eed1f619e9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/cloud.md @@ -0,0 +1,12 @@ +--- +title: "What are the OS requirements for Endpoint Policy Manager Cloud?" +description: "What are the OS requirements for Endpoint Policy Manager Cloud?" +sidebar_position: 30 +--- + +# What are the OS requirements for Endpoint Policy Manager Cloud? + +All PolicyPak products are supported only on existing supported versions of Microsoft Windows. For +Microsoft's supported list, see this list: + +[https://docs.microsoft.com/en-us/windows/release-health/release-information](https://docs.microsoft.com/en-us/windows/release-health/release-information) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/creditcard.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/creditcard.md new file mode 100644 index 0000000000..05c89088d5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/creditcard.md @@ -0,0 +1,16 @@ +--- +title: "How do I start credit card billing with Endpoint Policy Manager SaaS Edition?" +description: "How do I start credit card billing with Endpoint Policy Manager SaaS Edition?" +sidebar_position: 90 +--- + +# How do I start credit card billing with Endpoint Policy Manager SaaS Edition? + +To start Netwrix Endpoint Policy Manager (formerly PolicyPak) SaaS / Cloud billing, you need to go +the Endpoint Policy Manager Portal (not the Cloud Service.) + +Then when you're there, click on **SaaS Billing**, then **Start Subscription**. + +Follow the directions after that. + +![936_1_image001](/img/product_docs/endpointpolicymanager/cloud/936_1_image001.webp) diff --git a/docs/endpointpolicymanager/cloud/fakedc.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/fakedc.md similarity index 97% rename from docs/endpointpolicymanager/cloud/fakedc.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/fakedc.md index bd7bb617c7..6fd5f7b977 100644 --- a/docs/endpointpolicymanager/cloud/fakedc.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/fakedc.md @@ -1,3 +1,9 @@ +--- +title: "What editors are there in Endpoint Policy Manager Cloud (and when would I need a \"Fake DC\" to do editing?)" +description: "What editors are there in Endpoint Policy Manager Cloud (and when would I need a \"Fake DC\" to do editing?)" +sidebar_position: 60 +--- + # What editors are there in Endpoint Policy Manager Cloud (and when would I need a "Fake DC" to do editing?) ## Part 1: Why we recommend a "Fake DC" and joined Windows 10 machine diff --git a/docs/endpointpolicymanager/install/cloud/slowinternet.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/slowinternet.md similarity index 80% rename from docs/endpointpolicymanager/install/cloud/slowinternet.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/slowinternet.md index 833307fcd6..de17562f96 100644 --- a/docs/endpointpolicymanager/install/cloud/slowinternet.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/slowinternet.md @@ -1,3 +1,9 @@ +--- +title: "How can I best install Endpoint Policy Manager Cloud for remote clients over a slow link/internet connection?" +description: "How can I best install Endpoint Policy Manager Cloud for remote clients over a slow link/internet connection?" +sidebar_position: 80 +--- + # How can I best install Endpoint Policy Manager Cloud for remote clients over a slow link/internet connection? To enroll your client machine with the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud @@ -33,6 +39,6 @@ Support for a download link. For more details about setting up machines for VDI environments please check the following topics. -[Can I embed the Endpoint Policy ManagerClient Side Extension and/or Endpoint Policy Manager Cloud client into a master image for VDI, MDT, Ghost, Citrix, etc?](/docs/endpointpolicymanager/tips/embedclient.md) +[Can I embed the Endpoint Policy ManagerClient Side Extension and/or Endpoint Policy Manager Cloud client into a master image for VDI, MDT, Ghost, Citrix, etc?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/embedclient.md) -[How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/integration/azurevirutaldesktop.md) +[How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/transition.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/transition.md new file mode 100644 index 0000000000..1bb7fe02e8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/transition.md @@ -0,0 +1,272 @@ +--- +title: "How do I transition from Endpoint Policy Managerusing Group Policy or SCCM method to Endpoint Policy Manager Cloud" +description: "How do I transition from Endpoint Policy Managerusing Group Policy or SCCM method to Endpoint Policy Manager Cloud" +sidebar_position: 10 +--- + +# How do I transition from Endpoint Policy Managerusing Group Policy or SCCM method to Endpoint Policy Manager Cloud + +Transitioning from Endpoint Policy Manager using Group Policy or SCCM method to Endpoint Policy +Manager Cloud is very straightforward. + +_Remember,_ Once Endpoint Policy Manager settings are created, they are transferable to XML, which +can be used with any method: Group Policy, Intune, SCCM, or Endpoint Policy Manager Cloud. + +This topic assumes you will have policies in the Group Policy editor and want to transfer them to +Endpoint Policy Manager Cloud. The actual current delivery method you are starting from doesn’t +matter. You can start from Group Policy, SCCM, or an MDM service like Intune and transfer over to +Endpoint Policy Manager Cloud. + +Here is an overview of the steps involved in transitioning an existing investment in Endpoint Policy +Manager with Group Policy or SCCM method over to Endpoint Policy Manager Cloud: + +**Step 1 –** Pre-testing that Endpoint Policy Manager Cloud is working at all with the built-in +policies. + +**Step 2 –** Exporting existing Endpoint Policy Manager settings within Group Policy to XML and +importing them into Endpoint Policy Manager Cloud. + +**Step 3 –** Optional: Backup and Restore entire GPO to Endpoint Policy Manager cloud. + +**Step 4 –** Use In-Cloud Editors to create and update rules. + +**Step 5 –** Using Endpoint Policy Manager Cloud to create company groups and/or use Endpoint Policy +Manager Cloud to Azure connector. + +**Step 6 –** Linking Endpoint Policy Manager Cloud XML to Endpoint Policy Manager Cloud Company +Groups or Azure Groups. + +**Step 7 –** Deploying the Endpoint Policy Manager Cloud Client and/or CSE to endpoints. + +**Step 8 –** Removing existing Group Policy, SCCM or Intune based Endpoint Policy Manager setting +settings from machines + +**Step 9 –** Report using Endpoint Policy Manager Cloud to verify expected settings are achieved. + +**Step 10 –** Keeping Endpoint Policy Manager Cloud computers up to date with client software using +Endpoint Policy Manager Cloud Groups. + +## Pre-testing that Endpoint Policy Manager Cloud is working at all with the built-in policies. + +Start by verifying that your Endpoint Policy Manager Cloud account is generally working. See the +[Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) topic for additional +information. + +You will be verifying that your Endpoint Policy Manager Cloud account is licensed, operational and +working as expected. + +## Exporting existing Endpoint Policy Manager settings within Group Policy to XML and importing them into Endpoint Policy Manager Cloud. + +Continue to export your existing invested Endpoint Policy Manager settings into XML format. + +You can export one setting at a time like this: + +![941_1_image-20230521113923-1_950x502](/img/product_docs/endpointpolicymanager/cloud/941_1_image-20230521113923-1_950x502.webp) + +You can export a Collection like this: + +![941_2_image-20230521113923-2_950x589](/img/product_docs/endpointpolicymanager/cloud/941_2_image-20230521113923-2_950x589.webp) + +Or you can export a whole category like this: + +![941_3_image-20230521113923-3](/img/product_docs/endpointpolicymanager/cloud/941_3_image-20230521113923-3.webp) + +You can also export settings en-mass across multiple GPOs using the Endpoint Policy Manager Exporter +Utility. The steps to do that are here +[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/methods/exporterutility.md) + +Then you can upload them straight into Endpoint Policy Manager cloud using the Upload and link a new +XML here. Or you can go to the XML Settings tab (not shown) and also upload them there for later +use. + +![941_4_image-20230521113923-4_950x326](/img/product_docs/endpointpolicymanager/cloud/941_4_image-20230521113923-4_950x326.webp) + +You may also view the XML in notepad and copy/paste the XML straight into Endpoint Policy Manager +cloud using the same setting, Upload and link a new XML here as seen around the 5 minute and 20 +second mark continuing onward. + +See the +[Endpoint Policy ManagerCloud: How to deploy Endpoint Policy Manager specific settings (using in-cloud editors and exporting from on-prem)](/docs/endpointpolicymanager/video/cloud/deploy/endpointpolicymanagersettings.md) topic +for additional information. + +## Optional: Backup and Restore entire GPO to Endpoint Policy Manager cloud + +You might also have a GPO with a lot of settings, which contain Microsoft and/or Endpoint Policy +Manager settings. You can transfer the whole contents of that GPO with a GPO Backup and Endpoint +Policy Manager Cloud Import. + +![941_5_image-20230521113923-5_950x386](/img/product_docs/endpointpolicymanager/cloud/941_5_image-20230521113923-5_950x386.webp) + +The result will be a de-constructed GPO with all relevant parts as XML, available to re-link later +to Company or Azure groups. + +See the [How to import GPOs to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/import.md) topic for +additional information. + +## Use In-Cloud Editors to create and update rules (for most policies) + +Now that all your rules are lifted and shifted from GPO Editor to XML to Cloud, you can use the +in-cloud editors to perform most new policy types and edit existing policies. + +![941_6_image-20230521113923-6_950x448](/img/product_docs/endpointpolicymanager/cloud/941_6_image-20230521113923-6_950x448.webp) + +Here’s an example of how to use the Endpoint Policy Manager Cloud in-cloud editors to create and +edit Endpoint Policy Manager Least Privilege Manager items. + +![941_7_image-20230521113923-7_950x1063](/img/product_docs/endpointpolicymanager/cloud/941_7_image-20230521113923-7_950x1063.webp) + +See the +[Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) topic +for additional information. + +You are advised to maintain a Windows based MMC editing station for testing because not every +editing function may be available in the Endpoint Policy Manager Cloud editors. Most items are, but +a few are not. Details about Endpoint Policy Manager Cloud and Test Lab Best Practices are here: +Getting Started with Cloud > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md). + +## Using Endpoint Policy Manager Cloud to create company groups and/or use the Endpoint Policy Manager Cloud to Azure connector + +Now you can craft your Company Group assignment and then adding computers to it. + +See the [Working with Groups](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/workingwith.md) topic for additional +information. + +An example of crafting your own Company groups, linking existing XMLs, creating new policies and +Adding/Removing computers from these Company Groups can be seen here. + +![941_8_image-20230521113923-8_950x503](/img/product_docs/endpointpolicymanager/cloud/941_8_image-20230521113923-8_950x503.webp) + +Another option is the ability to mate your Endpoint Policy Manager Cloud instance with your Azure +Instance and use Azure Groups as well. You can establish a connection between Endpoint Policy +Manager Cloud and Azure using these steps: + +![941_9_image-20230521113923-9_950x491](/img/product_docs/endpointpolicymanager/cloud/941_9_image-20230521113923-9_950x491.jpeg) + +Then Azure groups will appear at the same level as Company Groups and you can link XML to those +Azure groups. + +![941_10_image-20230521113923-10_950x286](/img/product_docs/endpointpolicymanager/cloud/941_10_image-20230521113923-10_950x286.jpeg) + +Provided the Endpoint Policy Manager Cloud Client is on the machine (one of the next steps), the +computer will pick up the policies in either the Computer Group or Azure Group. (`PPCLOUD /sync` +will show these details.) + +![941_11_image-20230521113923-11_950x295](/img/product_docs/endpointpolicymanager/cloud/941_11_image-20230521113923-11_950x295.jpeg) + +## Linking Endpoint Policy Manager Cloud XML to Endpoint Policy Manager Cloud Company Groups or Azure Groups + +Because your XML policies are now uploaded to Endpoint Policy Manager Cloud, you are ready to link +them over to the Company Group or Azure Group of your choice. Remember that Endpoint Policy Manager +Cloud acts nearly the same as on-prem GPO with the following attributes: + +- Groups are like OUs, though a computer may be in two Endpoint Policy Manager Cloud Groups (where + in on-prem AD it may only be in one.) +- Block Inheritance is available +- Enforced is available +- Precedence is available + +See the [Working with Groups](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/workingwith.md) topic for additional +information. + +## Deploying the Endpoint Policy Manager Cloud Client and/or CSE to endpoints + +Now you’re ready to deliver the Endpoint Policy Manager Cloud client to your machines, which will +join the machines to Endpoint Policy Manager Cloud. + +![941_12_image-20230521113923-12_950x461](/img/product_docs/endpointpolicymanager/cloud/941_12_image-20230521113923-12_950x461.webp) + +**NOTE:** If the machines already have the Endpoint Policy Manager CSE installed, there is no need +to uninstall the Endpoint Policy Manager CSE. It is permitted to pre-install the CSE on the machine +before the Endpoint Policy Manager Cloud client and could actually save you a lot of time during +Endpoint Policy Manager Cloud client rollout. + +There are a myriad of ways to install the Endpoint Policy Manager Cloud client, since it is just an +MSI. When the Cloud Client is installed it will automatically install the Endpoint Policy Manager +CSE if it is not present on the machine like what’s seen here. + +![941_13_image-20230521113923-13_950x691](/img/product_docs/endpointpolicymanager/cloud/941_13_image-20230521113923-13_950x691.webp) + +**NOTE:** The machine may also upgrade to a later CSE if a Endpoint Policy Manager Cloud group +dictates a later CSE; but the CSE will never downgrade. (See the last section in this guide for more +details.) + +Additionally, you may wish to investigate the idea of having computers automatically join the +Endpoint Policy Manager Cloud group of your choice with the Jointoken property. Two videos on that +topic are: + +- [Endpoint Policy Manager Cloud: Automatically Join Groups with JOINTOKEN](/docs/endpointpolicymanager/video/cloud/jointoken.md) +- [Endpoint Policy Manager Cloud + MDM Services: Install Cloud Client + automatically join PPC Groups and get policy.](/docs/endpointpolicymanager/video/cloud/mdm.md) + +**NOTE:** There are some other KB topicswith advanced scenarios on installing the Endpoint Policy +Manager Cloud client for Azure Virtual Desktops, VDI and other scenarios. Please open a ticket at +[Netwrix Support](https://www.netwrix.com/sign_in.html?rf=tickets.html#netwrix-support), if you have +trouble locating those articles. + +**NOTE:** Here's some command line examples to help install the Endpoint Policy Manager Cloud client +silently. See the +[How do I deploy the Endpoint Policy Manager Cloud Client via command line silently?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/clientsilent.md) topic +for additional information. + +## Removing existing settings to machines (GPO and Non-GPO method) + +Now you are ready to remove existing policy from machines. This will vary depending on the source +method of deploying policy. + +- For GPO, we recommend unlinking the GPO(s) which have Endpoint Policy Manager / now transferred + settings. Then run `GPupdate  /force`,  then   `GPresult /h out1.html` and ensure the settings you + want are now absent from the Group Policy Results. +- For SCCM and MDM/Intune, perform an uninstall of the wrapped up XMLs / MSIs. You can also verify + the XML settings are removed from your endpoint from the Users or Groups or Computer folder. See + the + [What is the processing order of all policies and how are conflicts resolved (and how can I see the final RsOP) of those policies (between GPO, Cloud, XML, etc)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/conflictresolved.md) topic + for additional information. + +## Report using Endpoint Policy Manager Cloud to verify expected settings are achieved + +There are two ways to determine if your endpoint(s) got the policies you expected. + +On the client + +Method one is akin to GP update and you simply run `PPCLOUD /sync` (performs a SYNC then displays) +or Endpoint Policy Manager Cloud /status (no sync, just displays), and you can see any specific +machines' current state and policies. + +![941_14_image-20230521113923-14_950x823](/img/product_docs/endpointpolicymanager/cloud/941_14_image-20230521113923-14_950x823.webp) + +See the [Manually Syncing with PolicyPak Cloud](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/verify.md#manually-syncing-with-policypak-cloud) +topic for additional information.[](https://helpcenter.netwrix.com/en-US/bundle/Endpoint Policy +Manager_AppendixE/page/Manually_Syncing_with_Endpoint Policy Manager_Cloud.html) + +On the server + +Additionally, you may mass report upon machines using the Endpoint Policy Manager Cloud reporting +mechanism. + +![941_15_image-20230521113923-15_950x386](/img/product_docs/endpointpolicymanager/cloud/941_15_image-20230521113923-15_950x386.webp) + +See the [Endpoint Policy Manager Cloud Reporting Demo](/docs/endpointpolicymanager/video/cloud/reports.md) topic for +additional information. + +Either method will inform you if the settings you lifted and shifted to Endpoint Policy Manager +Cloud are now on the endpoint. + +## Keeping Endpoint Policy Manager Cloud Client and Endpoint Policy Manager CSE up to date + +Finally, it is important to keep the Endpoint Policy Manager Cloud Client and the Endpoint Policy +Manager CSE up to date. Endpoint Policy Manager Company Groups control the versions of the Endpoint +Policy Manager Cloud Client and Endpoint Policy Manager CSE. + +![941_16_image-20230521113923-16_950x529](/img/product_docs/endpointpolicymanager/cloud/941_16_image-20230521113923-16_950x529.webp) + +You should always do small scale testing of upgrades of the Endpoint Policy Manager CSE and Endpoint +Policy Manager Cloud Client version to ensure safety before you roll it out to everyone via the All +group. + +See the +[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) topic +for additional information on the Microsoft Ring methodology, which aligns to Endpoint Policy +Manager best practices. + +See the +[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) topic +for additional information on how to perform small scale testing before large scale upgrades. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..cbf73a22f3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/knowledgebase.md @@ -0,0 +1,90 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for getting started with Cloud. + +## Getting Started + +- [How do I transition from Endpoint Policy Managerusing Group Policy or SCCM method to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/transition.md) +- [What are the OS requirements for Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/cloud.md) +- [When must I use the Endpoint Policy ManagerCloud Client installer versus the on-prem Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/client.md) +- [Can I use an Endpoint Policy Manager Cloud installer and license for domain-joined and non-domain joined machines?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientdomainnondomain.md) +- [Is there an "Active Directory Connector" to map on-prem OUs and Groups to Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/activedirectory.md) +- [What editors are there in Endpoint Policy Manager Cloud (and when would I need a "Fake DC" to do editing?)](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/fakedc.md) +- [What are the ways I can install the Endpoint Policy Manager Cloud Client on Remote Machines?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/clientremote.md) +- [How can I best install Endpoint Policy Manager Cloud for remote clients over a slow link/internet connection?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/slowinternet.md) +- [How do I start credit card billing with Endpoint Policy Manager SaaS Edition?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/gettingstarted/creditcard.md) + +## Cloud Portal Security + +- [What data is stored in Endpoint Policy Manager Cloud, and how is that data safely communicated and stored ?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/datasafety.md) +- [Endpoint Policy Manager Cloud Portal - Adding new company admins - Quickstart](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/administrator.md) + +## Cloud Licensing + +- [How is Endpoint Policy Manager Cloud usage counted and calculated toward my True-Up?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudlicensing/usage.md) + +## Client Troubleshooting + +- [How can I see the result of Endpoint Policy Manager Cloud inside the Group Policy Editors?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/grouppolicyeditors.md) +- [Troubleshoot communication from the Cloud Client and Cloud Service](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/servicecommunication.md) +- [How can I see if an Endpoint Policy Manager Cloud joined computer is syncing in the background, even if PPCLOUD /Sync appears to fail?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/syncfail.md) +- [How do I transition from Endpoint Policy ManagerCloud to Endpoint Policy Manager Group Policy Edition?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/transition.md) +- [How must my Proxy Server be configured to allow Endpoint Policy Manager Cloud communication?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyserver.md) +- [How to resolve error message "Could not sync with cloud…" caused by disabling TLS 1.0](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/sync.md) +- [I always use a proxy and the cloud client cannot seem to make contact with the services (see FAQ Item #3 above first.) What else can I try?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/proxyservices.md) +- [I get the message "At least one security token in the message could not be validated" during PPCloud client installation. How do I work around this?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/securitytoken.md) +- [I am getting an error about "GPSVC failed at sign-in". This error occurs exactly one time. What does this mean?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/installandupgradetro/gpsvcfailed.md) +- [I'm using Cisco Anyconnect and all the computers I register via Endpoint Policy Manager Cloud are being overwritten. Why is this and what can I do?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/ciscoanyconnect.md) +- [My cloud client lost it's join to Endpoint Policy Manager Cloud , and a re-install of the cloud MSI I previously downloaded isn't working / re-syncing. What should I do?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/autoupdates.md) +- [Endpoint Policy Manager Cloud Client: Why are computers appearing in WAITING LIST and how can I fix it?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/waitinglist.md) +- [Endpoint Policy Manager Cloud shows "The license certificate has expired". Why is this?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/expired.md) +- [Two-factor Authentication: You're not receiving code for email-based two-factor authentication](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/twofactorauthenticationcode.md) +- [What happens if there is an outage on Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/outage.md) +- [What is the Endpoint Policy Manager Cloud client installation error "The remote certificate is invalid according to the validation procedure."](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/invalidcertificate.md) +- [When rolling out Endpoint Policy Manager Cloud, the Client Side Extension does not get installed with the Cloud Client on initial rollout](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/clientsideextension.md) +- [Why do I see duplicate computer entries in Endpoint Policy Manager Cloud (Or, what is Loose, Strict and Advanced Registration)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationmode.md) +- [The Incorrect (non-matching) version of PPPUPDATE is installed on a PPC endpoint](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/versions.md) +- [How to enable verbose MSIEXEC logging for the installation of Endpoint Policy Manager Cloud Client MSI/Client Side Extension MSI?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/verbose.md) +- [Understanding and working within Endpoint Policy Manager Clouds Computer registration limit.](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/registrationlimit.md) +- [My Endpoint Policy Manager Cloud Client or Client Side Extension isn't completing the installation; How do I fix it?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttroubleshootin/incomplete.md) + +## Cloud Portal Troubleshooting + +- [How do I fully reset my Azure AD connection between Azure and Endpoint Policy Manager Cloud to start over?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportaltroublesh/entraid.md) + +## Mac Integration + +- [What are the step by step instructions to install the MacOS Client for Endpoint Policy Manager Cloud manually?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/client.md) +- [How to get signature info from pkg installer?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signature.md) +- [Where are log files for the Endpoint Policy Manager MacOS?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/mac.md) +- [How to get SHA of the package](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/sha.md) +- [How to get SigningID of the package?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signingid.md) + +## Client Tips, Tricks, and FAQs + +- [What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/edit.md) +- [How to remove (unlink) all Example policies at once from the All-Built-in Group](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/unlink.md) +- [How to use Remote Work Delivery Manager to apply Firewall policies](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/remoteworkdeliverymanager.md) +- [If I want to totally stop using Endpoint Policy ManagerCloud on an endpoint, how would I remove the Endpoint Policy Manager Cloud client pieces remotely?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/removeendpoint.md) +- [How often does the Endpoint Policy Manager cloud client pull down new or updated directives?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/updatefrequency.md) +- [When does Endpoint Policy Managersync to Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/syncfrequency.md) +- [How do I configure Security Settings | Public Key Policies using Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/publickeypoliciessettings.md) +- [Printers won't come back once removed by user](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/printers.md) +- [Using Targeting Editor in Endpoint Policy Manager Cloud Settings](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/targetingeditor.md) +- [How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md) +- [How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/vdisolutions.md) +- [How do I deploy the Endpoint Policy Manager Cloud Client via command line silently?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/clientsilent.md) +- [Are Endpoint Policy Manager Cloud policies processed on User or Computer side (and why do I only sometimes see User or Computer side ILT?)](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/type.md) +- [How can I move a computer from one Endpoint Policy Manager Cloud group to another via command line?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/groups.md) +- [How to find which PPCloud Client version & CSE version a registered computer is running from within the Endpoint Policy Manager Cloud portal](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/version.md) + +## Event Collection + +- [How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/childgroups.md) +- [ Endpoint Policy Manager Cloud Event Forwarding to Splunk](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/splunk.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/_category_.json new file mode 100644 index 0000000000..25c07553ac --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Mac Integration", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/client.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/client.md new file mode 100644 index 0000000000..52ac91e6af --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/client.md @@ -0,0 +1,71 @@ +--- +title: "What are the step by step instructions to install the MacOS Client for Endpoint Policy Manager Cloud manually?" +description: "What are the step by step instructions to install the MacOS Client for Endpoint Policy Manager Cloud manually?" +sidebar_position: 10 +--- + +# What are the step by step instructions to install the MacOS Client for Endpoint Policy Manager Cloud manually? + +![888_1_image001_950x671](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_1_image001_950x671.webp) + +**Step 1 –** First download the MacOS Client for Netwrix Endpoint Policy Manager (formerly +PolicyPak) Cloud as seen here. + +**Step 2 –** Download the Endpoint Policy Manager Cloud PFX file like what's seen here (requires a +password) and keep the file and password handy. + +![888_2_image002_950x256](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_2_image002_950x256.webp) + +**Step 3 –** Next, double-click on the installer to run. When the installer finishes, the Endpoint +Policy Manager command will be installed for all users. + +![888_3_image_10_950x461](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_3_image_10_950x461.webp) + +**Step 4 –** After installation completes you will be asked to "Open Preferences" like what's seen +here. + +![888_4_image_11_950x745](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_4_image_11_950x745.webp) + +**Step 5 –** Select Privacy, then Unlock, and then grant Endpoint Policy Manager access to the Disk +like what's seen here. + +![888_5_image_12_950x864](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_5_image_12_950x864.webp) + +At this point the MacOS Client for Endpoint Policy Manager Cloud is installed, but it is not yet +enrolled in Endpoint Policy Manager Cloud. + +**Step 6 –** Using the SUDO command, register the machine in Endpoint Policy Manager Cloud with the +certificate you downloaded earlier. + +1. Open a terminal window +2. Enter the following command + + `sudo policypak cloud-register --certificate /path/to/certificate.pfx --password 'certificate_password' ` + + Where: + ` /path/to/certificate.pfx` - the folder in which the certificate was downloaded. + + "certificate_password" - the password that was added when exporting the certificate. Export from + step 3. + +**Step 7 –** After completing the operation, the message "`Registered: YES` " should appear in the +terminal window. + +![888_6_image_13_950x238](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_6_image_13_950x238.webp) + +Now the `PolicyPak` command is registered and available to use, but it must be run as root (or under +sudo.) + +![888_7_image_14_950x292](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_7_image_14_950x292.webp) + +**Step 8 –** Sync with Endpoint Policy Manager Cloud with the command + +`sudo policypak sync` + +When you see Synchronized: Yes you are ready to make rules in Endpoint Policy Manager Cloud. + +![888_8_image_15_950x267](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_8_image_15_950x267.webp) + +You should see your Mac in the MacOS | All group like what's seen here. + +![888_9_image_16_950x511](/img/product_docs/endpointpolicymanager/cloud/install/mac/888_9_image_16_950x511.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/mac.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/mac.md new file mode 100644 index 0000000000..895cdc9df6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/mac.md @@ -0,0 +1,11 @@ +--- +title: "Where are log files for the Endpoint Policy Manager MacOS?" +description: "Where are log files for the Endpoint Policy Manager MacOS?" +sidebar_position: 30 +--- + +# Where are log files for the Endpoint Policy Manager MacOS? + +`/Library/Application Support/PolicyPak/Logs` + +These log files should be small enough to attach directly in email to an existing SRX. diff --git a/docs/endpointpolicymanager/cloud/install/mac/sha.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/sha.md similarity index 88% rename from docs/endpointpolicymanager/cloud/install/mac/sha.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/sha.md index f85174e7f1..bc0f447c2d 100644 --- a/docs/endpointpolicymanager/cloud/install/mac/sha.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/sha.md @@ -1,3 +1,9 @@ +--- +title: "How to get SHA of the package" +description: "How to get SHA of the package" +sidebar_position: 40 +--- + # How to get SHA of the package `shasum -a 256 /path/to/file` diff --git a/docs/endpointpolicymanager/cloud/install/mac/signature.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signature.md similarity index 92% rename from docs/endpointpolicymanager/cloud/install/mac/signature.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signature.md index bffac5e4ac..4d6eb71a31 100644 --- a/docs/endpointpolicymanager/cloud/install/mac/signature.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signature.md @@ -1,3 +1,9 @@ +--- +title: "How to get signature info from pkg installer?" +description: "How to get signature info from pkg installer?" +sidebar_position: 20 +--- + # How to get signature info from pkg installer? Open a terminal window and run the command: diff --git a/docs/endpointpolicymanager/cloud/install/mac/signingid.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signingid.md similarity index 92% rename from docs/endpointpolicymanager/cloud/install/mac/signingid.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signingid.md index bc6394544a..410bd054d6 100644 --- a/docs/endpointpolicymanager/cloud/install/mac/signingid.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/macintegration/signingid.md @@ -1,3 +1,9 @@ +--- +title: "How to get SigningID of the package?" +description: "How to get SigningID of the package?" +sidebar_position: 50 +--- + # How to get SigningID of the package? **Step 1 –** Install the desired pkg on the machine. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/video/cloud/armsupport.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/gettingstarted/armsupport.md similarity index 76% rename from docs/endpointpolicymanager/video/cloud/armsupport.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/gettingstarted/armsupport.md index c6958525f6..5b951a4461 100644 --- a/docs/endpointpolicymanager/video/cloud/armsupport.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/gettingstarted/armsupport.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Cloud with ARM Support (QuickStart)" +description: "Endpoint Policy Manager Cloud with ARM Support (QuickStart)" +sidebar_position: 10 +--- + # Endpoint Policy Manager Cloud with ARM Support (QuickStart) Want to use Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud with ARM but not sure how to diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/security/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/security/_category_.json new file mode 100644 index 0000000000..c712017dac --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/security/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Security", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/testlabbestpractices/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/testlabbestpractices/_category_.json new file mode 100644 index 0000000000..eab16522d8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/testlabbestpractices/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Test Lab Best Practices", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/tipsandtricks/_category_.json new file mode 100644 index 0000000000..a6b1131336 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/upkeepanddailyuse/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/upkeepanddailyuse/_category_.json new file mode 100644 index 0000000000..242272f954 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/upkeepanddailyuse/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Upkeep And Daily Use", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/usingwithothermethod/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/usingwithothermethod/_category_.json new file mode 100644 index 0000000000..f61854bb4f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/usingwithothermethod/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Using With Other METHODS MDM And Group Policy", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..c28e7fdffa --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/videolearningcenter/videolearningcenter.md @@ -0,0 +1,55 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for all things installation and upkeep. + +## Getting Started + +- [Endpoint Policy Manager Cloud: Two minute introduction](/docs/endpointpolicymanager/video/cloud/introduction.md) +- [Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) +- [Endpoint Policy ManagerCloud: How to deploy Microsoft Group Policy Settings using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/deploy/grouppolicysettings.md) +- [Endpoint Policy ManagerCloud: How to deploy Endpoint Policy Manager specific settings (using in-cloud editors and exporting from on-prem)](/docs/endpointpolicymanager/video/cloud/deploy/endpointpolicymanagersettings.md) +- [Endpoint Policy ManagerCloud: Use in-cloud ADMX settings maintained by Endpoint Policy Manager for Windows, Office, Chrome and more](/docs/endpointpolicymanager/video/cloud/admxsettings.md) +- [Endpoint Policy ManagerCloud: Upload and use your own ADMX files to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/admxfiles.md) +- [Endpoint Policy Manager Cloud: General Tips about On-Prem to PP Cloud Export](/docs/endpointpolicymanager/video/cloud/integration/onpremiseexport.md) +- [Endpoint Policy Manager Cloud and Security Settings (More examples)](/docs/endpointpolicymanager/video/cloud/securitysettings.md) +- [Endpoint Policy Manager Cloud + GPPrefs (More examples)](/docs/endpointpolicymanager/video/cloud/preferences.md) + +## Test Lab Best Practices + +- [Endpoint Policy Manager Cloud: What you need to get Started](/docs/endpointpolicymanager/video/cloud/testlab/start.md) +- [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) +- [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/cloud/testlab/renameendpoint.md) +- [Endpoint Policy Manager Cloud: On-Prem Test Lab (tying it all together)](/docs/endpointpolicymanager/video/cloud/testlab/onpremise.md) + +## Using with other METHODS (MDM and Group Policy) + +- [Endpoint Policy Manager Cloud + MDM Services: Install Cloud Client + automatically join PPC Groups and get policy.](/docs/endpointpolicymanager/video/cloud/mdm.md) +- [Endpoint Policy ManagerCloud and Endpoint Policy Manager OnPremise – Together using PPCloud Licenses](/docs/endpointpolicymanager/video/cloud/integration/onpremise.md) + +## Security + +- [Endpoint Policy Manager Cloud: Security Features](/docs/endpointpolicymanager/video/cloud/security/features.md) +- [Endpoint Policy Manager Cloud: Immutable Log](/docs/endpointpolicymanager/video/cloud/security/immutablelog.md) +- [Endpoint Policy Manager Cloud Logs and Automatically Pushing via Email](/docs/endpointpolicymanager/video/cloud/security/emaillogs.md) +- [Endpoint Policy Manager Cloud: Adding New Admins](/docs/endpointpolicymanager/video/cloud/add/administrator.md) + +## Tips and Tricks + +- [Install the PP Cloud client with a PP Least Priv Manager Rule](/docs/endpointpolicymanager/video/cloud/install/leastprivilegemanagerrule.md) +- [Endpoint Policy Manager Cloud + Azure AD: Better Together for Computer ILT and Computer Policy Targeting](/docs/endpointpolicymanager/video/cloud/integration/entraid.md) +- [PP Cloud + File Info Viewer: Get file info, without the MMC console](/docs/endpointpolicymanager/video/cloud/integration/fileinfoviewer.md) +- [Endpoint Policy Manager Cloud: Restricted Groups Editor](/docs/endpointpolicymanager/video/cloud/restricted_groups_editor.md) + +## Upkeep and Daily Use + +- [Endpoint Policy Manager Cloud Reporting Demo](/docs/endpointpolicymanager/video/cloud/reports.md) +- [Endpoint Policy Manager Cloud: Strict vs. Loose Computer Registration Mode](/docs/endpointpolicymanager/video/cloud/registrationmode.md) +- [Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) +- [Endpoint Policy Manager Cloud: Automatically Join Groups with JOINTOKEN](/docs/endpointpolicymanager/video/cloud/jointoken.md) +- [How to import GPOs to Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/import.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/_category_.json new file mode 100644 index 0000000000..9b0e97c1f1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started With Endpoint Policy Manager Misc", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/_category_.json new file mode 100644 index 0000000000..5b7df2d3a4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Endpoint Policy Manager And Netwrix Auditor", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/changemanagementtools.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/changemanagementtools.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/changemanagementtools.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/changemanagementtools.md index 20bdbfd342..908c085ebb 100644 --- a/docs/endpointpolicymanager/troubleshooting/changemanagementtools.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/changemanagementtools.md @@ -1,3 +1,9 @@ +--- +title: "Understanding the Difference Between Endpoint Policy Manager and GPO Change Management Tools" +description: "Understanding the Difference Between Endpoint Policy Manager and GPO Change Management Tools" +sidebar_position: 10 +--- + # Understanding the Difference Between Endpoint Policy Manager and GPO Change Management Tools Netwrix Endpoint Policy Manager (formerly PolicyPak) is not a "drop-in replacement" for Group Policy diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/mmcsnapin.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/mmcsnapin.md new file mode 100644 index 0000000000..03b4c10797 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/mmcsnapin.md @@ -0,0 +1,77 @@ +--- +title: "How do I configure the MMC snap-in to open GPOs in Netwrix Auditor?" +description: "How do I configure the MMC snap-in to open GPOs in Netwrix Auditor?" +sidebar_position: 10 +--- + +# How do I configure the MMC snap-in to open GPOs in Netwrix Auditor? + +For a video overview of this process see +[Endpoint Policy Manager and Netwrix Auditor - Setup Steps](/docs/endpointpolicymanager/video/integration/auditorsetup.md) + +**NOTE:** Only the latest Endpoint Policy Manager MMC console supports the Endpoint Policy Manager → +Netwrix Auditor. Make sure to use the Endpoint Policy Manager download and install the latest MMC +console. + +## Initial Setup for Netwrix Auditor + +**Step 1 –** In Netwrix Auditor, determine where you Report Manager URL is. The item is found in +Netwrix Auditor under **Settings** > **Audit Database** > **Report Manager UR**. + +![970_1_image-20231016154007-8_950x412](/img/product_docs/endpointpolicymanager/integration/auditor/970_1_image-20231016154007-8_950x412.webp) + +**Step 2 –** Click on the link to open up Report Manager in SQL Server Reporting Services (SSRS). + +**Step 3 –** Create a new SSRS Folder and give it any name you like. + +![970_2_image-20231016154007-9_950x454](/img/product_docs/endpointpolicymanager/integration/auditor/970_2_image-20231016154007-9_950x454.webp) + +**Step 4 –** Enter the folder you just created then upload the` .RDL` file provided from the +Endpoint Policy Manager Extras Folder. + +![970_3_image-20231016154007-10_950x605](/img/product_docs/endpointpolicymanager/integration/auditor/970_3_image-20231016154007-10_950x605.webp) + +**Step 5 –** The result after the upload is shown below.. + +![970_4_image-20231016154007-11](/img/product_docs/endpointpolicymanager/integration/auditor/970_4_image-20231016154007-11.webp) + +**Step 6 –** Click the report to get the reference string you'll use in future steps. This will +contain the Netwrix Auditor server, up to and including the specific URL which expresses just before +the report name. + +![970_5_image-20231016154007-12_950x839](/img/product_docs/endpointpolicymanager/integration/auditor/970_5_image-20231016154007-12_950x839.webp) + +As an example, the string should look like this: +http://NetwrixAuditorServer/Reports_SQLEXPRESS/report/PolicyPak + +**Step 7 –** Keep this string handy in Notepad or similar for thenext steps. + +## Using the PolicyPak MMC to Call Netwrix Auditor + +**Step 1 –** Use the latest Endpoint Policy Manager MMC to configure your management machine to use +Netwrix Auditor . Left click on the Netwrix Endpoint Policy Manager node, then right-click to **Open +in Netwrix Auditor**.  Input the string you collected earlier. + +![970_6_image-20231016154007-13_950x582](/img/product_docs/endpointpolicymanager/integration/auditor/970_6_image-20231016154007-13_950x582.webp) + +## Optional Configuration: Use PolicyPak ADMX to configure the value automatically + +**Step 1 –** If you have many Endpoint Policy Manager administrators using the MMC snap-in and you +wish to mass-configure this value, you may do so via the Endpoint Policy Manager `ADMX `Files. + +Always use the latest Endpoint Policy Manager ` ADMX` files, are available in the Endpoint Policy +Manager download. + +Please see [Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md) to begin +using, or update the Endpoint Policy Manager ADMX settings + +**Step 2 –** After the ` ADMX` files are in place, create a Group Policy Object and target it for +your MMC management stations. + +**NOTE:** Endpoint Policy Manager CSE will ignore this policy because it is exclusively regarding +the MMC snap-in. + +![970_7_image-20231016154007-14_950x683](/img/product_docs/endpointpolicymanager/integration/auditor/970_7_image-20231016154007-14_950x683.webp) + +**Step 3 –** Going forward, the ADMX setting will command the MMC snap-in and it will be +unconfigurable. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/permissions.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/permissions.md new file mode 100644 index 0000000000..a30df6ffad --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/permissions.md @@ -0,0 +1,55 @@ +--- +title: "How can I minimize or eliminate requests to authenticate to Netwrix Auditor (and what permissions are needed to see Endpoint Policy Manager's Netwrix Auditor Reports?)" +description: "How can I minimize or eliminate requests to authenticate to Netwrix Auditor (and what permissions are needed to see Endpoint Policy Manager's Netwrix Auditor Reports?)" +sidebar_position: 20 +--- + +# How can I minimize or eliminate requests to authenticate to Netwrix Auditor (and what permissions are needed to see Endpoint Policy Manager's Netwrix Auditor Reports?) + +While using the Netwrix Endpoint Policy Manager (formerly PolicyPak) MMC to view Netwrix Auditor +data, you might be prompted for Username and Password credentials. There are a few things you need +to do to minimize or eliminate these requests. An example authentication request can be seen here. + +![969_1_image-20231017185713-1_950x344](/img/product_docs/endpointpolicymanager/integration/auditor/969_1_image-20231017185713-1_950x344.webp) + +**NOTE:** First, note that if your browser is Firefox you must set the "URIS / SPNEGO" settings to +passthru authentication requests. One way to do this is via Endpoint Policy Manager Application +Settings Manager with these instructions: +[Firefox: How do I use the NTLM passthru (URIS) settings in the Firefox / about:config AppSets?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/ntlmpassthru.md). +You may also use the Firefox ADMX settings to perform a similar option. + +If you are using Edge as your default browser, these steps are un-necessary and you will likely not +be prompted for credentials. + +However, you might also be denied access to the specific Endpoint Policy Manager report, like what's +seen here. + +![969_2_image-20231017185713-2_950x355](/img/product_docs/endpointpolicymanager/integration/auditor/969_2_image-20231017185713-2_950x355.webp) + +**Step 1 –** To correct for this and ensure the highlighted user in the previous screenshot (or +group the person is a member of) has access, you there are a few ways to accomplish the task. + +- Way #1: Configure the access for that user or a group to the Netwrix Auditor data as described + here: + [Role-Based Access and Delegation (netwrix.com)](https://helpcenter.netwrix.com/bundle/Auditor_10.6/page/Content/Auditor/Admin/MonitoringPlans/Delegation.htm) +- Way #2: Manually adjust SQL Server Reporting Services and grant proper access.. + +You will need main credentials to SQL Server Reporting Services before beginning. + +**Step 2 –** Then from the Home screen, click the three dots next to the Endpoint Policy Manager +reporting folder (note it could have a different name if it was set up in a unique fashion.) Then +click Manage. + +![969_3_image-20231017185713-3_950x439](/img/product_docs/endpointpolicymanager/integration/auditor/969_3_image-20231017185713-3_950x439.webp) + +**Step 3 –** Then add in your DOMAIN\GROUP or DOMAIN\USER like what's seen here and select Browser +role and select OK (figure on the left). + +The result can be seen in the figure on the right. + +![969_4_image-20231017185713-4_950x351](/img/product_docs/endpointpolicymanager/integration/auditor/969_4_image-20231017185713-4_950x351.webp) + +Final result can be seen here where the user is now permitted to see the Endpoint Policy Manager +report. + +![969_5_image-20231017185713-5_950x730](/img/product_docs/endpointpolicymanager/integration/auditor/969_5_image-20231017185713-5_950x730.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/requirements/support/arm.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/arm.md similarity index 90% rename from docs/endpointpolicymanager/requirements/support/arm.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/arm.md index 7229d8b002..4c47adcdb4 100644 --- a/docs/endpointpolicymanager/requirements/support/arm.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/arm.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager ARM Support Supportability Statement" +description: "Endpoint Policy Manager ARM Support Supportability Statement" +sidebar_position: 60 +--- + # Endpoint Policy Manager ARM Support Supportability Statement As of build 23.11, Netwrix Endpoint Policy Manager (formerly PolicyPak) generally the ARM family of diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guide.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guide.md new file mode 100644 index 0000000000..c3e1635198 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guide.md @@ -0,0 +1,10 @@ +--- +title: "Does Endpoint Policy Manager have a Quick Start Guide?" +description: "Does Endpoint Policy Manager have a Quick Start Guide?" +sidebar_position: 10 +--- + +# Does Endpoint Policy Manager have a Quick Start Guide? + +Yes, see the [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md) topic to help you get +started with Netwrix Endpoint Policy Manager (formerly PolicyPak) immediately. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guideinstall.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guideinstall.md new file mode 100644 index 0000000000..caa4c2be36 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guideinstall.md @@ -0,0 +1,10 @@ +--- +title: "Does Endpoint Policy Manager have an Installation Quick Start Guide?" +description: "Does Endpoint Policy Manager have an Installation Quick Start Guide?" +sidebar_position: 20 +--- + +# Does Endpoint Policy Manager have an Installation Quick Start Guide? + +Yes, see the [Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md) topic for information on how to install +Netwrix Endpoint Policy Manager (formerly PolicyPak) . diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/history.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/history.md new file mode 100644 index 0000000000..cfd4676cca --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/history.md @@ -0,0 +1,138 @@ +--- +title: "How has Endpoint Policy Manager Evolved over the years?" +description: "How has Endpoint Policy Manager Evolved over the years?" +sidebar_position: 30 +--- + +# How has Endpoint Policy Manager Evolved over the years? + +Every year Netwrix Endpoint Policy Manager (formerly PolicyPak) continues to add new features for +customers. Here is a list of new functions and milestones along with their release years. + +Before 2017 + +- Endpoint Policy Manager Application Settings Manager: Manage 500+ applications and keep them + secure +- Endpoint Policy Manager Browser Router: Open the right browser for the right website +- Endpoint Policy Manager Java Rules Manager: Map the right version of Java for the right website + +2017 + +- New Component: File Associations Manager: Quickly map PDF, MAILTO:, and others to the right apps. +- Reduce GPOs and convert them to use for MDM: + [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/administrativetemplates/reducegpos.md) +- Least Privilege Manager: SecureRun(TM) blocks Ransomware + [Events](/docs/endpointpolicymanager/video/leastprivilege/events.md) +- New Component: New Endpoint Policy Manager Start Screen & Taskbar Manager: Manage Windows 10 tile + layouts perfectly. + +2018 + +- New Component: Endpoint Policy Manager Scripts Manager: Perform any function via BAT, .JS or + PowerShell +- Least Privilege Manager Helper Tools: Enable Standard users to update Network Card and Printer + settings, plus uninstall applications + [Overcome Network Card, Printer, and Remove Programs UAC prompts](/docs/endpointpolicymanager/video/leastprivilege/uacprompts.md) + +2019 + +- Least Privlege Discovery Auditing, Block & Allow UWP applications, Manage Security of Child + Processes +- IE Sitelist to Browser Router import +- Least Privilege Manager Block PowerShell Malware + attacks:[Block PowerShell in General, Open up for specific items](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/powershellblock.md) +- New Component — Endpoint Policy Manager Feature Manager for Windows. Quickly add / remove features + from Windows 10 & Windows Server. + +2020 + +- New Component — Endpoint Policy Manager RDP Manager: Enable remote work users to have .RDP files + to connect to your resources. +- Browser Router - New Edge Support / IE In Edge Mode + [Manage Internet Explorer 11 and Edge Compatibility, Enterprise Modes and IE-in-Edge Mode](/docs/endpointpolicymanager/video/browserrouter/ie.md) +- Browser Router Apply Once then Drift + [Endpoint Policy Manager Browser Router: Set the Windows 10 Default Browser (once) then drift](/docs/endpointpolicymanager/video/browserrouter/defaultwindows10.md) +- File Associations Manager Apply Once then Drift + [Endpoint Policy Manager File Associations Manager: Apply once (and drift)](/docs/endpointpolicymanager/video/fileassociations/applyonce.md) +- File Associations Manager Apply settings on USER side +- Added Triggers to Endpoint Policy Manager Scripts & Triggers: Run a script at VPN launch or many + other events +- Added Email method for PPLPM Admin Approval + [Using Email / Long Codes](/docs/endpointpolicymanager/video/leastprivilege/longcodes.md) +- New Component — Remote Work Delivery Manager: Deliver software to Windows 10 via SMB share, Amazon + S3 or other cloud services +- Least Privlege Manager: Automatically block unsigned Applications + [Least Privilege Manager: Block All Unsigned with SecureRun](/docs/endpointpolicymanager/video/leastprivilege/securerun/preventunsigned.md) +- Compliance Reporter now 10x faster + +2021 + +- New Component: Endpoint Policy Manager VPN Manager: Enable remote work users to have Always On and + standard VPN connections. +- CSE and MMC are now Multi-Domain compatible +- Updated licensing where Professional and Enterprise customers can use Endpoint Policy Manager with + Active Directory, with SCCM, with MDM and/or Endpoint Policy Manager Cloud + +2022 + +- Device Manager: Block WPD / Phones that act like media players +- Cloud: More in-cloud editors +- Least Privilege Manager + Netwrix sbPam Integration +- Least Privilege Manager: Native support for changing IP and adding Printers +- Least Privilege Manager: Force user to re-authenticate with Self Elevate +- Least Privilege Manager: Certificate Rules with Wildcards +- Least Privilege Manager: Send Long Codes to Notepad instead of opening up in mail program +- Router Neutral Site Support +- Cloud: 10x faster login +- Cloud: Jointoken sharing between admins +- Cloud + Least Privilege Manager: Store events and make rules +- Least Privilege Manager for Macintosh and PPCLOUD +- New Component: Preferences 2.0 Drive Maps +- New Component: Preferences 2.0 Registry +- New Component: Preferences 2.0 Printers +- Updated Feature: MMC Snap-in allows Cut/Paste for most rules and collections +- Updated Feature: GPO Export Manager v2 (Export Everything) +- New Feature: Enable/Disable for policies / collections + +2023 + +- ARM Client Support +- New Component: Endpoint Policy Manager Shortcuts +- New Component: Network Control Manager +- New License Option: Enterprise Full (Aka Enterprise+) +- New Method for Package Manager: WinGet Policy type +- PP Device Manager: BitLocker volume ID and Serial ID can be set in Device Manager policy +- MMC: Endpoint Policy Manager and Netwrix Auditor Integration +- MMC: Reporting History of Endpoint Policy Manager items +- Endpoint Policy Manager and Netwrix Privilege Secure: UI Updates, Lite licenses for Netwrix + Privilege Secure customers and Netwrix Privilege Secure to Endpoint Policy Manager upgrade path +- Update: Improved clarity of when you're licensed and what for +- Cloud: Azure Group Integration +- Cloud: Improved PP Cloud Sync Method +- Cloud: Splunk Integration (since retired) +- Cloud: Immutable log improvements +- Least Privilege Manager: Optional force re-authenticate with Self Update +- Least Privilege Manager: Wildcards in CN matches +- Least Privilege Manager: Right-click Run As improvements +- MAC Improvements: Direct Rules, Local and Cloud Logging, SUDO Rules. +- Least Privilege Manager: NTFS Traverse (aka "Overcome ACLs") + +2024 + +- Least Privilege Manager: Parent Process Filter (aka Install New Teams) +- Least Privilege Manager: Windows 11 Style Menus +- Least Privilege Manager Admin Approval: Automatic Rule Creation from Admin Approval Tool +- Least Privilege Manager: Automatic Rule Creation from Audit Event (improvements) +- Least Privilege Manager: Process Interception (aka Double-click behavior) changeable to Natural, + Admin Approval, or Self Elevate +- Least Privilege Manager: DFS Paths resolution on client +- Least Privilege Manager: Elevate UWP and Windows Store Apps +- Least Privilege Manager: Least Privilege Manager + Netwrix Privilege Secure Self Elevate working + together +- Network Security Manager DNS name Support +- Grace Period Pop-Ups removal (Licensing Notices now in Event Logs) +- Device Manager Automatic Rules Creation from Device Manager Admin Approval tool +- Device Manager Admin Approval and Branding +- Endpoint Policy Manager CSE Process Exclusions to actively exclude entanglement in other systems +- Standalone (non-MMC) Policy Editor +- MMC: GPO What changed, history and rollback diff --git a/docs/endpointpolicymanager/gettingstarted/prepare.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/prepare.md similarity index 96% rename from docs/endpointpolicymanager/gettingstarted/prepare.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/prepare.md index 24225bac86..44cbb61abc 100644 --- a/docs/endpointpolicymanager/gettingstarted/prepare.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/prepare.md @@ -1,3 +1,9 @@ +--- +title: "How must I prepare for my Endpoint Policy Manager QuickStart / Onboarding?" +description: "How must I prepare for my Endpoint Policy Manager QuickStart / Onboarding?" +sidebar_position: 80 +--- + # How must I prepare for my Endpoint Policy Manager QuickStart / Onboarding? _Remember,_ This session is designed to integrateNetwrix Endpoint Policy Manager (formerly @@ -34,7 +40,7 @@ is access to a Domain Controller necessary.. If you happen to use a DC for the G but not mandatory. **NOTE:** Check this link on how to install the GPMC on your Admin / GPMC machine: -[What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?](/docs/endpointpolicymanager/install/methods.md) +[What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/methods.md) Here are the options for remote viewing of the Admin/GPMC machine: @@ -97,7 +103,7 @@ first tests. - If you can do without a special Antivirus or special security software on this example machine, that will be best. If you MUST use A/V or security software, please perform these steps: - [How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md) + [How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md) For Endpoint Policy Manager Group Policy Edition: @@ -117,7 +123,7 @@ For Endpoint Policy Manager Cloud and Endpoint Policy Manager MDM: First, know that Endpoint Policy Manager and other security software may not play nicely together right away. As such, please review and follow these guidelines first: -[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md) +[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/antivirusandothersys/antivirus.md) Second, please install all of the following software on your example endpoint(s): diff --git a/docs/endpointpolicymanager/gettingstarted/rightclick.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/rightclick.md similarity index 83% rename from docs/endpointpolicymanager/gettingstarted/rightclick.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/rightclick.md index 4b3aa0e8ed..77ffcef1dd 100644 --- a/docs/endpointpolicymanager/gettingstarted/rightclick.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/rightclick.md @@ -1,3 +1,9 @@ +--- +title: "How does Endpoint Policy Managerhandle right-click menus in Windows 11 / Why does \"Copy with Endpoint Policy Manager SecureCopy™\" always show in Windows 11?" +description: "How does Endpoint Policy Managerhandle right-click menus in Windows 11 / Why does \"Copy with Endpoint Policy Manager SecureCopy™\" always show in Windows 11?" +sidebar_position: 70 +--- + # How does Endpoint Policy Managerhandle right-click menus in Windows 11 / Why does "Copy with Endpoint Policy Manager SecureCopy™" always show in Windows 11? As of builds 24.1 and onward, Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE fully diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows11.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows11.md new file mode 100644 index 0000000000..583bb2f561 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows11.md @@ -0,0 +1,127 @@ +--- +title: "How does Endpoint Policy Manager support (and not support) Windows 11?" +description: "How does Endpoint Policy Manager support (and not support) Windows 11?" +sidebar_position: 40 +--- + +# How does Endpoint Policy Manager support (and not support) Windows 11? + +For the best compatibility, you should use Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE +version 3068 and later when you use Windows 11. + +Here's the breakdown of some specific Endpoint Policy Manager components which you might want to +learn about with regard to Windows 11. + +## Endpoint Policy Manager Browser Router (with Windows 11) + +Internet Explorer is absent in Windows 11, but there is IE Mode within Windows 11 and Edge. + +IE mode still generally supports the following constructs and ideas (which you may be using with +Endpoint Policy Manager ): + +- Document Modes (which you can implement via Endpoint Policy Manager Browser Router) +- ActiveX Controls (which you can permit installation via Endpoint Policy Manager Least Privilege + Manager) +- Java support (which you can implement using Endpoint Policy Manager Java Rules Manager) +- Browser Helper Objects (which you can implement using Endpoint Policy Manager Application Settings + Manager) +- Most IE Group Policy Settings which affect zone settings and protected mode settings (which you + can dictate via GPO, Endpoint Policy Manager, and MDM or Endpoint Policy Manager Cloud.) + +Before CSE version 3068, Endpoint Policy Manager Browser Router isn't aware when Internet Explorer +(the full application) is absent. After CSE version 3068, Endpoint Policy Manager Browser Router is +aware when Internet Explorer (the full application) is absent, and only IE Mode within Edge remains. + +The updated behavior with Windows 11 and CSE version 3068 and later is that routes requested to go +to IE should go to IE in Edge mode when possible. + +The general rules are as follows: + +## Example 1: Explicit URL specifying Internet Explorer. + +If you have an explicit route to a URL and specify Internet Explorer, Endpoint Policy Manager +Browser Router will attempt to invoke IE in Edge mode. An explicit route could be something like +https://www.endpointpolicymanager.com/webinar. + +An example can be seen below. Note it doesn't matter if the pulldown is set for **Open in standalone +IE** or **Open as IE in Edge tab** is set. Those settings only matter for Windows 10 and are ignored +in Windows 11. + +![736_1_image-20220128125242-1](/img/product_docs/endpointpolicymanager/requirements/support/736_1_image-20220128125242-1.webp) + +## Example 2: Using Wildcards (or RegEx or Internet Security Zone) and attempting to set the browser to Internet Explorer + +Since there is no IE 11 in Windows 11, existing routes set like what's seen here cannot work as +expected. + +Starting with Endpoint Policy Manager CSE 3068 on Windows 11, Endpoint Policy Manager Browser Router +will route these to the Default Browser. + +![736_2_image-20220128125242-2](/img/product_docs/endpointpolicymanager/requirements/support/736_2_image-20220128125242-2.webp) + +## How are Default Browser Policies handled (With Windows 11)? + +Note there is a Endpoint Policy Manager Browser Router policy to set Default Browser which you might +have already set. Windows 11 and Endpoint Policy Manager CSE version 3068 and later will see this +and make a decision accordingly if you've set this to Internet Explorer. + +**NOTE:** Windows 10 will honor the Internet explorer setting, but Windows 11 needs to have a plan. + +![736_3_image-20220128125242-3](/img/product_docs/endpointpolicymanager/requirements/support/736_3_image-20220128125242-3.webp) + +- If you use Endpoint Policy Manager Browser Router to specify a Default Browser (Edge, Chrome, + Firefox, Custom, or User Selectable), you will get what you expect. +- If you have selected nothing (that is, you have no Endpoint Policy Manager Browser Router Default + Browser policy) then the default will be the User's selected browser. +- If you select Internet Explorer as your Default Browser, then CSE version 3068 and later on + Windows 11 will choose Edge automatically. +- If you select a Default Browser (like Firefox or Chrome) but the browser is absent on the machine, + Endpoint Policy Manager CSE version 3068 and later on Windows 11 will choose Edge automatically. + +## Endpoint Policy Manager Start Screen & Taskbar Manager (with Windows 11) + +Managing the Taskbar with Endpoint Policy Manager for Windows 10 and 11 is exactly the same. You can +use Endpoint Policy Manager Start Screen & Taskbar manager today to manage the Windows 11 Taskbar. + +However, managing the Windows 11 Start Screen is another story. + +For Windows 11, there is not currently a good way to manage the Start Screen with Endpoint Policy +Manager.  While we could build something here, Windows 11 itself only supports the following very +specific scenario: + +- We could enable you to craft the Windows 11 Start Menu. +- That Start Menu could be delivered to the machine. +- All users on the machine would pick up the exact same Start Menu. +- Only users who have no profile would pick up this new Start Menu. Users who have already logged on + before would not be able to get any changes dictated by Endpoint Policy Manager. + +This is obviously in sharp contrast to the way Windows 10 Start Menu works and what Endpoint Policy +Manager can deliver with Windows 10. In Windows 10 Endpoint Policy Manager can: + +- Enable you to craft the Windows 10 Start Menu. +- Start Menu can be delivered Per Machine or Per user. +- Any user could have a different Start Menu. +- Users who have logged on before could get the Start Menu to be adjusted. + +These differences are hardcoded into Windows 11 vs. Windows 10. As such we don't see a lot of value +in creating a Endpoint Policy Manager for Windows 11 Start Screen Manager because of the +limitations. In short, if existing users' Start Screens cannot be manipulated (again, hardcoded by +Windows 11) it obviates the need for a Start Screen Manager. Again, and equally important, if all +users on Windows 11 must get the same Start Screen (programmatic, built into Windows 11) then this +would not be useful for customers. + +So we would love to build this, if and when the internals of the Windows 11 Start Screen are changed +to be programmatically manipulatable. + +## Endpoint Policy Feature Manager (for Windows 11) + +Windows 11 features are available to manage in Endpoint Policy Manager CSE and MMC version 3068 and +later. + +## Endpoint Privilege Manager, Endpoint Policy Manager Application Settings Manager, Endpoint Policy Manager Device Manger and all others not listed (For Windows 11) + +No particular Windows 11 changes or incompatibilities. + +If you were to use an older CSE you shouldn't see any incompatibilities or any differences. + +That being said, we always recommend you use the latest CSE, as fixes and updates occur regularly. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows7.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows7.md new file mode 100644 index 0000000000..1beea085e8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows7.md @@ -0,0 +1,47 @@ +--- +title: "How does Endpoint Policy Manager support (and not support) Windows 7?" +description: "How does Endpoint Policy Manager support (and not support) Windows 7?" +sidebar_position: 50 +--- + +# How does Endpoint Policy Manager support (and not support) Windows 7? + +First, Windows 7, Server 2008 R2, Windows 8 and Server 2012 R2 are not supported by Microsoft and +not supported with Netwrix Endpoint Policy Manager (formerly PolicyPak) installed. + +Endpoint Policy Manager only supports versions of the operating system which are actively supported +by Microsoft. This is covered in this +FAQ:[Which Windows Client and Server are currently supported by Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows.md) + +That being said, Endpoint Policy Manager and unsupported operating systems are BEST EFFORT. + +However, thefinal buildwe produced that is expected to install (at all) on unsupported operating +systems is 23.8. + +Additionally Endpoint Policy Manager requires drivers which are signed and work only with Windows 10 +and later. As such, the following features are EXPECTED to be non-functional even if the CSE +installs properly on unsupported operating systems: + +- Endpoint Policy Manager Least Privilege Manager : Block DLLs +- Endpoint Policy Manager Least Privilege Manager: Open/Save Dialog with Low User Rights +- Endpoint Policy Manager Least Privilege Manager: COM Elevation +- Endpoint Policy Manager Device Manager: All of it. + +There could be more pieces which are expected not to work in Endpoint Policy Manager, but these are +the known items. + +Note for best functionality you should add some additional Microsoft .Net software. + +There are basically two major versions of .Net CLR: v2 and v4. + +- The latest version of v2 is 3.5. +- The latest of v4 is 4.8 + +It is recommended to have both installed (3.5 + 4.8). + +**NOTE:** there is never any reason to install outdated versions of .Net, so we recommend clients +continue to have the most recent .NET installed with all security updates, and keep installing and +updated all the time. + +More details about .Net framework versions can be found here: +[https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies](https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..afa66cb768 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/knowledgebase.md @@ -0,0 +1,90 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +The following topics can help you getting started with Endpoint Policy Manager (Misc). + +## Getting Started + +- [Endpoint Policy Manager Support and Resources](/docs/endpointpolicymanager/overview/gettingstarted/fastest.md) +- [Does Endpoint Policy Manager have a Quick Start Guide?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guide.md) +- [Does Endpoint Policy Manager have an Installation Quick Start Guide?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/guideinstall.md) +- [How has Endpoint Policy Manager Evolved over the years?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/history.md) +- [How does Endpoint Policy Manager support (and not support) Windows 11?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows11.md) +- [How does Endpoint Policy Manager support (and not support) Windows 7?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows7.md) +- [Endpoint Policy Manager ARM Support Supportability Statement](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/arm.md) +- [How does Endpoint Policy Managerhandle right-click menus in Windows 11 / Why does "Copy with Endpoint Policy Manager SecureCopy™" always show in Windows 11?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/rightclick.md) +- [How must I prepare for my Endpoint Policy Manager QuickStart / Onboarding?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/prepare.md) + +## Tips, Tricks, and FAQs + +- [How can use Item Level Targeting to apply a Group Policy Preferences or Endpoint Policy Manager item when the user is not a member of Domain Admins and also is not a member of the local Admin group?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/applypreferences.md) +- [Is the Security Group Item Level Targeting (ILT) option recursive or not?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/securitygroup.md) +- [Which Endpoint Policy Manager emails can / can't I opt out of ?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/emailoptout.md) +- [How can I use Item Level Targeting to specify a specific Windows 10 build and/or LTSC/LTSB?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows11.md) +- [How can I fix MMC display problems when my admin console uses high DPI?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/mmcdisplay.md) +- [How do I make an Item Level Target for Server 2016 or Server 2019 (on-prem, MDM or Endpoint Policy Manager Cloud) ?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsserver2019.md) +- [How can I use Item Level Targeting to query Azure AD Groups?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidgroups.md) +- [Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/onpremisecloud.md) +- [How does Endpoint Policy Manager perform Folder Redirection or OneDrive Known Folder Move (KFM) with Endpoint Policy Manager Group Policy, Endpoint Policy ManagerMDM or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/folderredirection.md) +- [Can I embed the Endpoint Policy ManagerClient Side Extension and/or Endpoint Policy Manager Cloud client into a master image for VDI, MDT, Ghost, Citrix, etc?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/embedclient.md) +- [Which components within the Endpoint Policy Manager product family will work with what operating system?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/operatingsystem.md) +- [How do I get Azure AD SIDs and use them with Item Level Targeting?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidsids.md) +- [How does Endpoint Policy Manager handle STIGs and/or CIS Benchmarks and/or other 3rd party Advice?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/thirdpartyadvice.md) +- [Are the services installed with Endpoint Policy Manager required? Can I disable them if I'm only using a single component?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/services.md) +- [Which Windows Client and Server are currently supported by Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows.md) +- [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md) +- [How can I use Item Level Targeting to specify Windows Virtual Desktops (WVD) Multi-session Windows?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/virtualdesktops.md) +- [List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md) +- [How do I make an Item Level Target for Windows 10 or Windows 11 endpoints](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsendpoint.md) + +## Portal Questions + +- [How do I create a Secondary (or Accounting) contact within the Portal to enable another person to participate in Endpoint Policy Manager (including downloads, updates, etc.)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/adduser.md) +- [Two-Factor Authentication in the Endpoint Policy Manager Portal](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/twofactorauthentication.md) +- [Why can't I opt out of Emails when I'm an Endpoint Policy Manager Customer?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/emailoptout.md) +- [How can I use a checksum to validate the Endpoint Policy Manager download?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/cheksum.md) +- [Portal login troubleshooting](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/login.md) +- [Changing a portal users information](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/profileupdate.md) + +## Troubleshooting (General) + +- [What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) +- [Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/antivirus.md) +- [During CSE installation on a VM the following message is displayed indicating a reboot will be needed](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/clientsideextension.md) +- [What is the processing order of all policies and how are conflicts resolved (and how can I see the final RsOP) of those policies (between GPO, Cloud, XML, etc)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/conflictresolved.md) +- [Why do I get ">Endpoint Policy ManagerBrowser Router couldn't connect to Endpoint Policy Manager extension service. Please contact support"?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/browserrouter.md) +- [How do I submit a process dump (PROCDUMP) and Process Monitor (PROCMON) capture of a hanging process?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/hangingprocess.md) +- [How do I manually collect logs if PPLOGS as User or Admin does not launch?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/manual.md) +- [How do I ensure that settings will revert when the policy no longer applies (by Group Policy, File, or Endpoint Policy Manager Cloud)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/settingsrevert.md) +- [What are the services installed by Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/services.md) +- [I see many instances of the Endpoint Policy Manager Watcher service running on my clients, is that normal?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/watcherservice.md) +- [What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/guids.md) +- [How do I turn on Debug logging if asked?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/debug.md) +- [How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support?](/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/index.md) +- [How can I increase the depth of what Endpoint Policy Manager reports (minidump files).](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/minidumpfiles.md) +- [What are the advanced CSE troubleshooting registry debugging items?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/registrydebug.md) +- [How can I present a custom dialog (or no dialog) if Browser Router (or the CSE) stops working or crashes?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/customdialog.md) +- [Troubleshooting Item Level Targeting (ILT) Evaluations when using the Endpoint Policy Manager ILT Engine](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/evaluations.md) +- [How to use ProcMon to track changes over time to specific registry keys](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/procmon.md) +- [How can I use Powershell to automatically say yes to the PPLOGS prompt?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/pplogsprompt.md) +- [Why do I get crashes and blue screens when using Endpoint Policy Manager with Forcepoint DLP?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/forepointdlp.md) + +## Endpoint Policy Manager & Netwrix Auditor + +- [How do I configure the MMC snap-in to open GPOs in Netwrix Auditor?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/mmcsnapin.md) +- [How can I minimize or eliminate requests to authenticate to Netwrix Auditor (and what permissions are needed to see Endpoint Policy Manager's Netwrix Auditor Reports?)](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/permissions.md) + +## Non-Domain Joined Troubleshooting + +- [Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/limitations.md) +- [Which items in Chrome will, and will not work when non-domain joined?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/chrome.md) +- [How to use Scripts Manager to manually install and enable Endpoint Policy Manager Browser Router for new Edge Chromium?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/edge.md) + +## Endpoint Policy Manager & Change Management Utilities + +- [Understanding the Difference Between Endpoint Policy Manager and GPO Change Management Tools](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/endpointpolicymanage/changemanagementtools.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/_category_.json new file mode 100644 index 0000000000..63d3637b68 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Non Domain Joined Troubleshooting", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/nondomain/chrome.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/chrome.md similarity index 98% rename from docs/endpointpolicymanager/troubleshooting/nondomain/chrome.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/chrome.md index a40919569c..35987664ee 100644 --- a/docs/endpointpolicymanager/troubleshooting/nondomain/chrome.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/chrome.md @@ -1,3 +1,9 @@ +--- +title: "Which items in Chrome will, and will not work when non-domain joined?" +description: "Which items in Chrome will, and will not work when non-domain joined?" +sidebar_position: 20 +--- + # Which items in Chrome will, and will not work when non-domain joined? If you use the Chrome Pak (with Netwrix Endpoint Policy Manager (formerly PolicyPak) Application diff --git a/docs/endpointpolicymanager/troubleshooting/nondomain/edge.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/edge.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/nondomain/edge.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/edge.md index 90f3cbacc5..fbe529ff02 100644 --- a/docs/endpointpolicymanager/troubleshooting/nondomain/edge.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/edge.md @@ -1,3 +1,9 @@ +--- +title: "How to use Scripts Manager to manually install and enable Endpoint Policy Manager Browser Router for new Edge Chromium?" +description: "How to use Scripts Manager to manually install and enable Endpoint Policy Manager Browser Router for new Edge Chromium?" +sidebar_position: 30 +--- + # How to use Scripts Manager to manually install and enable Endpoint Policy Manager Browser Router for new Edge Chromium? The problem is that New Edge + PPC will not install the chrome extension. We have following steps @@ -38,7 +44,7 @@ Steps: ![856_2_image-20211130230540-2_950x436](/img/product_docs/endpointpolicymanager/troubleshooting/nondomain/856_2_image-20211130230540-2_950x436.webp) \*\*\*\*\* PowerShell Script to apply using Scripts Manager: Scripts & Triggers Manager > -[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) +[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) ``` #Download the latest PPBR extension from shareFile/PolicyPak Support - Inbox/ppbr_crx/ppbr_21_2_0_0.crx diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/limitations.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/limitations.md new file mode 100644 index 0000000000..a0a00c6f79 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/limitations.md @@ -0,0 +1,40 @@ +--- +title: "Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)?" +description: "Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)?" +sidebar_position: 10 +--- + +# Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)? + +There are some items which will not work if the computer is not domain joined… + +### Using Client Side Extension 2339 or a previous version: + +1. Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router may or may not work as + expected with "External links", say, those from Outlook or Skype or Acrobat. This is because + PPBRAgent needs to be expressly specified as the "Default Browser" inside Windows 10; and with a + Non-Domain Joined machine, Endpoint Policy Manager cannot set this value ourselves. You can set + it manually on a per-computer basis. This is RESOLVED in Client Side Extension 2362 and later. +2. Endpoint Policy Manager File Associations manager will not work unless the machine is domain + joined. So if you want to use Endpoint Policy Manager File Associations manager with Endpoint + Policy Manager Cloud, Group Policy or MDM editions, then the machine must be domain joined first, + and then get its directive from the method of your choosing. This is RESOLVED in Client Side + Extension 2362 and later. + +### Using Any Client Side Extension: + +1. Chrome's plug SHOULD work and activate automatically, but in might need to be activated if it + doesn't operate as expected. + [Browser Router now supports Chrome on Non-Domain Joined machines](/docs/endpointpolicymanager/video/browserrouter/chromenondomainjoined.md). +2. Endpoint Policy Manager Application Manager will work as expected, except managing some areas of + CHROME when non-domain joined. Chrome simply has a self-imposed limitation for non-domain joined + machines. The list of settings which WILL and WON'T work is documented + [Which items in Chrome will, and will not work when non-domain joined?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/nondomainjoinedtroub/chrome.md). +3. Windows Edge (original) will report at each launch "We've turned off extensions from unknown + sources. They might be risky so we recommend keeping them off." (See picture below.) There is NO + workaround at this time. + + ![359_1_tyr](/img/product_docs/endpointpolicymanager/troubleshooting/nondomain/359_1_tyr.webp) + +4. Windows Edge + Chromium: The Browser Router Extension will not install automatically. There is NO + workaround at this time except to manually install the Chrome Extension on Edge by hand. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/_category_.json new file mode 100644 index 0000000000..cd563a925f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Portal Questions", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/adduser.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/adduser.md similarity index 78% rename from docs/endpointpolicymanager/cloud/adduser.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/adduser.md index 2e4695b0be..d840e1c779 100644 --- a/docs/endpointpolicymanager/cloud/adduser.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/adduser.md @@ -1,3 +1,9 @@ +--- +title: "How do I create a Secondary (or Accounting) contact within the Portal to enable another person to participate in Endpoint Policy Manager (including downloads, updates, etc.)?" +description: "How do I create a Secondary (or Accounting) contact within the Portal to enable another person to participate in Endpoint Policy Manager (including downloads, updates, etc.)?" +sidebar_position: 10 +--- + # How do I create a Secondary (or Accounting) contact within the Portal to enable another person to participate in Endpoint Policy Manager (including downloads, updates, etc.)? **NOTE:** This article pertains to portal.endpointpolicymanager.com.  If you need to manage users in the Netwrix diff --git a/docs/endpointpolicymanager/cloud/cheksum.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/cheksum.md similarity index 80% rename from docs/endpointpolicymanager/cloud/cheksum.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/cheksum.md index d79ae554d3..0cd0b2a8f7 100644 --- a/docs/endpointpolicymanager/cloud/cheksum.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/cheksum.md @@ -1,3 +1,9 @@ +--- +title: "How can I use a checksum to validate the Endpoint Policy Manager download?" +description: "How can I use a checksum to validate the Endpoint Policy Manager download?" +sidebar_position: 40 +--- + # How can I use a checksum to validate the Endpoint Policy Manager download? In the portal you will see a SHA256 checksum for each download. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/emailoptout.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/emailoptout.md new file mode 100644 index 0000000000..29e24c6be2 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/emailoptout.md @@ -0,0 +1,12 @@ +--- +title: "Why can't I opt out of Emails when I'm an Endpoint Policy Manager Customer?" +description: "Why can't I opt out of Emails when I'm an Endpoint Policy Manager Customer?" +sidebar_position: 30 +--- + +# Why can't I opt out of Emails when I'm an Endpoint Policy Manager Customer? + +Emails are a key component to ensure that your product is up to date, free of bugs, and that you are +made aware of any and all security concerns. As such it is not possible to opt out of emails because +they are part of our commitment to you as a customer. We are also bound legally to inform you of any +such issues. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/login.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/login.md new file mode 100644 index 0000000000..926b397a56 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/login.md @@ -0,0 +1,67 @@ +--- +title: "Portal login troubleshooting" +description: "Portal login troubleshooting" +sidebar_position: 50 +--- + +# Portal login troubleshooting + +If you're experiencing difficulties logging in to either the Netwrix Endpoint Policy Manager +(formerly PolicyPak) Portal or Cloud Portal, try the log in using the browsers incognito method.  If +the issue was caused by browser cookies then incognito will usually work. + +- Try Incognito in your browser +- Try a different browser +- In the browser where you encounter the issue.. + - Clear the browser cache + - Clear the browser cookies + +If you prefer to not clear ALL your browser cookies, see below for how to clear those specific to +Endpoint Policy Manager for different browsers - leaving other site cookies intact - and how to +clear the browser cache. + +## Incognito/Private Window + +Here's how to go incognito for different browsers. + +![926_1_image-20230913000135-1_781x183](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_1_image-20230913000135-1_781x183.webp) + +## Cookies + +Here's how to access cookie settings in different browsers. + +### Firefox + +In Firefox you have to make your way into Browser Settings and locate Privacy & Security. + +![926_2_image-20230104094340-6_657x242](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_2_image-20230104094340-6_657x242.webp) + +![926_3_image-20230104094423-7_613x558](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_3_image-20230104094423-7_613x558.webp) + +![926_4_image-20230104094459-8_610x360](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_4_image-20230104094459-8_610x360.webp) + +### Chrome + +Chrome makes is a little easier to identify and clear cookies for a specific site.  Just navigate to +the login page and follow the sequence below.  In the example below we click Remove 4 times since +there are 4 cookies in use for this specific site. + +![926_5_image-20230104092841-2_535x582](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_5_image-20230104092841-2_535x582.webp) + +### Edge + +Edge makes it even easier, similar to Chrome but only 3 steps. + +![926_6_image-20230104093408-4_491x233](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_6_image-20230104093408-4_491x233.webp) + +![926_7_image-20230104093448-5_527x138](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_7_image-20230104093448-5_527x138.webp) + +## Browser Cache + +In certain occasions you might want to clear the browser cache which clears cached data for ALL +sites you have visited.  For Chrome and Edge, remember to scroll the list and ensure only Cached +images and files is checked. + +All 3 browsers have the Ctrl-Shift-Del shortcut that provides quick access to this setting. + +![926_8_image-20230104100124-9_370x346](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_8_image-20230104100124-9_370x346.webp) ![926_9_image-20230104100144-10_322x350](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_9_image-20230104100144-10_322x350.webp) ![926_10_image-20230104100211-11_294x358](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_10_image-20230104100211-11_294x358.webp) diff --git a/docs/endpointpolicymanager/cloud/profileupdate.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/profileupdate.md similarity index 92% rename from docs/endpointpolicymanager/cloud/profileupdate.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/profileupdate.md index 25c6d17682..293e3b8020 100644 --- a/docs/endpointpolicymanager/cloud/profileupdate.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/profileupdate.md @@ -1,3 +1,9 @@ +--- +title: "Changing a portal users information" +description: "Changing a portal users information" +sidebar_position: 60 +--- + # Changing a portal users information ## Profile updates - other than email diff --git a/docs/endpointpolicymanager/cloud/twofactorauthentication.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/twofactorauthentication.md similarity index 97% rename from docs/endpointpolicymanager/cloud/twofactorauthentication.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/twofactorauthentication.md index cdb9cef713..4af4ada57a 100644 --- a/docs/endpointpolicymanager/cloud/twofactorauthentication.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/portalquestions/twofactorauthentication.md @@ -1,3 +1,9 @@ +--- +title: "Two-Factor Authentication in the Endpoint Policy Manager Portal" +description: "Two-Factor Authentication in the Endpoint Policy Manager Portal" +sidebar_position: 20 +--- + # Two-Factor Authentication in the Endpoint Policy Manager Portal In order to safegard license keys and any other potentially sensitive company information, diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/_category_.json new file mode 100644 index 0000000000..18944f95a3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips Tricks And FAQs", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/itemleveltargeting/applypreferences.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/applypreferences.md similarity index 89% rename from docs/endpointpolicymanager/itemleveltargeting/applypreferences.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/applypreferences.md index 308aaccd1e..c4cf07ce15 100644 --- a/docs/endpointpolicymanager/itemleveltargeting/applypreferences.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/applypreferences.md @@ -1,3 +1,9 @@ +--- +title: "How can use Item Level Targeting to apply a Group Policy Preferences or Endpoint Policy Manager item when the user is not a member of Domain Admins and also is not a member of the local Admin group?" +description: "How can use Item Level Targeting to apply a Group Policy Preferences or Endpoint Policy Manager item when the user is not a member of Domain Admins and also is not a member of the local Admin group?" +sidebar_position: 10 +--- + # How can use Item Level Targeting to apply a Group Policy Preferences or Endpoint Policy Manager item when the user is not a member of Domain Admins and also is not a member of the local Admin group? You can set up a configuration item so that only regular users (but no admins) are affected by a diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/emailoptout.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/emailoptout.md new file mode 100644 index 0000000000..438ab07093 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/emailoptout.md @@ -0,0 +1,39 @@ +--- +title: "Which Endpoint Policy Manager emails can / can't I opt out of ?" +description: "Which Endpoint Policy Manager emails can / can't I opt out of ?" +sidebar_position: 30 +--- + +# Which Endpoint Policy Manager emails can / can't I opt out of ? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) sends emails from time to time to keep you +updated about learning opportunities as well as technical and security updates. + +As a Primary or Secondary on the Endpoint Policy Manager account, you may opt in or out of the +following emails: + +- Every Monday: Schedule for this week's 20 minute Deep Dive Demo learnings. +- Every Friday: New Knowledge Base articles, Tips and Tricks, Videos, and ‘Endpoint Policy Manager + in the news'. +- As it happens: Portal Updates for Paks, Manuals, minor or major updates. +- As it happens: Tips and Tricks from MDMandGPanswers.com + +What you cannot opt out of are the following types of emails: + +- Direct emails from our team members. +- Automated emails with passwords resets / portal information / license information. +- Major Client Side Extension update announcements. +- Any security concerns. +- Renewal-time emails before you expire (which start 90 days before you expire.) +- General announcements and requests (like survey requests, etc.) + +You may use the portal.endpointpolicymanager.com login, then select Your Profile to choose to opt out of SOME +emails. + +If, after un-selecting the items below, you still want to receive LESS email, then you will need to +establish another email address and use that. + +We at Endpoint Policy Manager have a responsibility for ensuring that some communications get to +you, and agree to do our best. It's up to you if you wish to actively block these emails. + +![693_1_faq2](/img/product_docs/endpointpolicymanager/tips/693_1_faq2.webp) diff --git a/docs/endpointpolicymanager/tips/embedclient.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/embedclient.md similarity index 87% rename from docs/endpointpolicymanager/tips/embedclient.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/embedclient.md index d2f38f7a93..7bc345fcd3 100644 --- a/docs/endpointpolicymanager/tips/embedclient.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/embedclient.md @@ -1,3 +1,9 @@ +--- +title: "Can I embed the Endpoint Policy ManagerClient Side Extension and/or Endpoint Policy Manager Cloud client into a master image for VDI, MDT, Ghost, Citrix, etc?" +description: "Can I embed the Endpoint Policy ManagerClient Side Extension and/or Endpoint Policy Manager Cloud client into a master image for VDI, MDT, Ghost, Citrix, etc?" +sidebar_position: 100 +--- + # Can I embed the Endpoint Policy ManagerClient Side Extension and/or Endpoint Policy Manager Cloud client into a master image for VDI, MDT, Ghost, Citrix, etc? There are some rules and guidelines and thoughts. @@ -55,9 +61,9 @@ have it work. If you want to use Endpoint Policy Manager with VDI, you must foll of the knowledgebase articles directly below, or use the Endpoint Policy Manager Group Policy Edition and license an on-prem domain / OU. -[How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/integration/azurevirutaldesktop.md) +[How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md) -[How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/integration/vdisolutions.md) +[How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/vdisolutions.md) While it will technically work, you are expressly forbidden by the EULA to attempt to install the Endpoint Policy Manager Cloud client (which will install the Endpoint Policy Manager Client Side diff --git a/docs/endpointpolicymanager/itemleveltargeting/entraidgroups.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidgroups.md similarity index 81% rename from docs/endpointpolicymanager/itemleveltargeting/entraidgroups.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidgroups.md index a6c4203a64..9bdfff398e 100644 --- a/docs/endpointpolicymanager/itemleveltargeting/entraidgroups.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidgroups.md @@ -1,3 +1,9 @@ +--- +title: "How can I use Item Level Targeting to query Azure AD Groups?" +description: "How can I use Item Level Targeting to query Azure AD Groups?" +sidebar_position: 70 +--- + # How can I use Item Level Targeting to query Azure AD Groups? You cannot do this directly. However, we have a set of unsupported scripts which can help you do diff --git a/docs/endpointpolicymanager/itemleveltargeting/entraidsids.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidsids.md similarity index 96% rename from docs/endpointpolicymanager/itemleveltargeting/entraidsids.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidsids.md index 3231384210..e23567f0ce 100644 --- a/docs/endpointpolicymanager/itemleveltargeting/entraidsids.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidsids.md @@ -1,3 +1,9 @@ +--- +title: "How do I get Azure AD SIDs and use them with Item Level Targeting?" +description: "How do I get Azure AD SIDs and use them with Item Level Targeting?" +sidebar_position: 120 +--- + # How do I get Azure AD SIDs and use them with Item Level Targeting? **Step 1 –** Before you can use Azure Accounts under Item Level Targeting (ITM), you first need to diff --git a/docs/endpointpolicymanager/tips/eventcategories.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md similarity index 99% rename from docs/endpointpolicymanager/tips/eventcategories.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md index 1a0f2c369e..d5a695b0c2 100644 --- a/docs/endpointpolicymanager/tips/eventcategories.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md @@ -1,3 +1,9 @@ +--- +title: "List of Endpoint Policy Manager Event Categories and IDs" +description: "List of Endpoint Policy Manager Event Categories and IDs" +sidebar_position: 180 +--- + # List of Endpoint Policy Manager Event Categories and IDs ## Feature Specific Events diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md new file mode 100644 index 0000000000..7f524f8ebc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md @@ -0,0 +1,192 @@ +--- +title: "Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru" +description: "Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru" +sidebar_position: 160 +--- + +# Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru + +It's a Cloud, Cloud, Cloud, Cloud, Cloud, Cloud world. Except actually most of your stuff is still +likely mostly on-prem, or acts that way. Take Windows 10 for instance. Windows 10 has events in the +event logs, and maybe you already know about on-prem Event Forwarding. + +**NOTE:** If you want to learn more about on-prem Event Forwarding, you can see my Walkthrough of +that here +[Using Windows Event Forwarding to search for interesting events](/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md) +and +[How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md). + +But how do we take on-prem events from Windows 10 (or Windows Server) and get the up to the cloud +for later analysis? If you have 24, 250, or 25,000 domain joined (or even NON-domain joined) +machines, say with Windows Intune or Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud… how +can you do the equivalent of event forwarding to some central place? + +That is the job of Azure Log Analytics. I'm going to call it "LA" for short. + +LA had an original name, OMS which stood for Operations Management Suite, but as near as I can tell, +that's over. But its good to know LA's original name, because you'll see OMS pop up from time to +time in the walkthrough, docs, and software. Additionally, it's also good to know that what you'll +see here is build upon the original System Center Microsoft Operations Manager (SCOM); but I won't +be using that function. + +The official documentation for LA can be found +[https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows); +but I had a few stumbles. Some tips o' the hat to Travis Roberts' video and blog which also helped +give me a leg up. The blog is +[https://www.ciraltos.com/collect-custom-windows-event-logs-in-log-analytics/](https://www.ciraltos.com/collect-custom-windows-event-logs-in-log-analytics/) +and the helpful video series on Azure Log Analytics (though a little old now because of the name and +UI changes) can be found at: +[https://www.youtube.com/watch?v=6hgvjgPBNzE&list=PLnWpsLZNgHzVXXyN9a0jm9xNNDrikHf8I](https://www.youtube.com/watch?v=6hgvjgPBNzE&list=PLnWpsLZNgHzVXXyN9a0jm9xNNDrikHf8I) + +My goal in researching this project was to give some Endpoint Policy Manager MDM Customers a quick +guide to research interesting events that Endpoint Policy Manager automatically logs to its own +event log. But in this guide, I'm also going to show you how to collect some standard and also some +extra event logs. + +To get started you need a Log Workspace. This is basically a security block between this collection +of logs, and say another collection of logs. Each Log Workspace has a GUID based Workspace ID and +two keys (Primary and Secondary.) You'll use these to send, say, YOUR Windows 10 machines' event +logs to your workspace. And the other Azure admins … you know, those SQL server people or Exchange +or whatever … they'll send their event logs to their workspaces. + +**Step 1 –** To get started use the big search thingie to find "Log Analytics workspaces" like +what's seen here. + +![f5f03570b7ec45-img-01](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ec45-img-01.webp) + +Then, there's a little Wizard (not shown) to help you get started. Basically it's asking you for +names and which Azure region you want to keep the data in. Then after it gets going you'll see "Your +deployment is underway" like what's seen here. + +![f5f03570bb83ef-img-02](/img/product_docs/endpointpolicymanager/tips/f5f03570bb83ef-img-02.webp) + +**Step 2 –** Then you should be thrown into the Advanced settings like what's seen here. If not, +find the Workspace you just created and click Advanced in the left-side menu. It should get you to +this place. Note then the "WORKSPACE ID" and "PRIMARY KEY" like what's seen here. Hang on to those, +you'll need these in a bit. Then also download the Windows Agent 64-bit or 32-bit to get started for +your example machines. + +![f5f03570bb8f55-img-03](/img/product_docs/endpointpolicymanager/tips/f5f03570bb8f55-img-03.webp) + +In this example, we'll be installing the LA Agent by hand on a test machine. In real life you could +use, say Windows Intune to deploy it with command line options to just chuck in your Workspace ID +and Primary Keys and do the whole thing silently and automatically. + +**Step 3 –** Once you have the download, get it over to your test machine. Machine can be real or +virtual. Note that you shouldn't do this (nor do you need to) for WVD virtual machines. Those have a +magical connector to accept event logs to LA; and you shouldn't need to use this method. (Docs: +[https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics](https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics) and +a +blog [https://www.mdmandgpanswers.com/blogs/view-blog/windows-10-and-server-event-logs-to-azure-log-analytics-walkthru](https://www.mdmandgpanswers.com/blogs/view-blog/windows-10-and-server-event-logs-to-azure-log-analytics-walkthru)) + +![f5f03570bc2bfc-img-04](/img/product_docs/endpointpolicymanager/tips/f5f03570bc2bfc-img-04.webp) + +**Step 4 –** Then, Up, Up and away. Launch the agent.. which requires admin rights. (Or, pro tip: +Use Endpoint Policy Manager Scripts to install it automatically where the script is +elevated.[Endpoint Policy ManagerScripts .. Deploy Software via VPN or with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/scriptstriggers/cloud.md) + +**Step 5 –** You'll need to select "Connect the agent to Azure Log Analytics (OMS)" like what's seen +here. + +![f5f03570bad3be-img-05](/img/product_docs/endpointpolicymanager/tips/f5f03570bad3be-img-05.webp) + +**Step 6 –** Then, it's time to chuck in your Workspace ID and Workspace Key. And you'll likely keep +the default of Azure Cloud: Azure Commercial. Pull the pulldown if you have something unusual to +select here. + +![f5f03570bbca1c-img-06](/img/product_docs/endpointpolicymanager/tips/f5f03570bbca1c-img-06.webp) + +**Step 7 –** Yes, you want to check for updates when MS Update kicks in…. + +![f5f03570bc37d5-img-07](/img/product_docs/endpointpolicymanager/tips/f5f03570bc37d5-img-07.webp) + +**Step 8 –** And.. you're basically done. + +![f5f03570be8938-img-08](/img/product_docs/endpointpolicymanager/tips/f5f03570be8938-img-08.webp) + +**Step 9 –** Now let's make sure we're talking in both directions. The Microsoft Monitoring Agent is +found in Control Panel… which is a weird place, but, hey… that's okay. + +![f5f03570be4088-img-09](/img/product_docs/endpointpolicymanager/tips/f5f03570be4088-img-09.webp) + +**Step 10 –** Then click the Azure Log Analytics (OMS) tab and … see you're talking outbound. + +![f5f03570bec541-img-10](/img/product_docs/endpointpolicymanager/tips/f5f03570bec541-img-10.webp) + +**Step 11 –** Back in Azure, in the Advanced Settings page, the zero should be one ! + +![f5f03570bdece8-img-11](/img/product_docs/endpointpolicymanager/tips/f5f03570bdece8-img-11.webp) + +**Step 12 –** Now it's time to add in the actual event logs you want to capture. Note that the more +you capture, the more you pay. Strictly speaking for the Endpoint Policy Manager customer I made +this blog entry for, he only needed to capture the Endpoint Policy Manager log (which I do last.) +But just for completeness and testing, I'll capture some more too, since you might not have the +Endpoint Policy Manager Log. (And, why don't you!? Come on over and check out Endpoint Policy +Manager for Pete's sake. Really, your sake to be honest.) + +![f5f03570bc37d5-img-12](/img/product_docs/endpointpolicymanager/tips/f5f03570bc37d5-img-12.webp) + +**Step 13 –** So just type Application then +. Then System and + and bingo. Those are "well known" +logs which LA knows about and pre-populates this list. But Endpoint Policy Manager? Not as common.. +(Yet !) Therefore you could take a guess that our event logs are named Endpoint Policy Manager (they +are…). But how would you know? + +![f5f03570be8938-img-13](/img/product_docs/endpointpolicymanager/tips/f5f03570be8938-img-13.webp) + +**Step 14 –** The trick is to find the log you want to capture in Windows, and go to its properties +and get its Full Name like what's seen here. Yeah, this one was easy. + +![f5f03570be4088-img-14](/img/product_docs/endpointpolicymanager/tips/f5f03570be4088-img-14.webp) + +But some are harder. I also wanted to capture the MDM event log which has a goofy and weird name. To +get it, I went into an Event inside that log and captured its name +microsoft-windows-devicemanagement-enterprise-diagnostics-provider/Operational and its brother +microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin. + +![f5f03570bec541-img-15](/img/product_docs/endpointpolicymanager/tips/f5f03570bec541-img-15.webp) + +You can see that second log here… + +![f5f03570bdece8-img-16](/img/product_docs/endpointpolicymanager/tips/f5f03570bdece8-img-16.webp) + +**Step 15 –** Once I pasted in all the logs and added them, I clicked Save and got this! + +![f5f03570b7ec3c-img-17](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ec3c-img-17.webp) + +## Data.. data? Do we have data ? + +**Step 1 –** Click on Logs and close the sample queries. Let's just see what have. All of it (which +shouldn't be much.) + +![f5f03570b7ee5e-img-18](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ee5e-img-18.webp) + +**Step 2 –** In the top box, type SEARCH + +**Step 3 –** Then click Run. Bingo.. out should pop all the events that have been captured. You can +change the Display Time to make sure that you're getting the right events, right now. + +![f5f03570b7e690-img-19](/img/product_docs/endpointpolicymanager/tips/f5f03570b7e690-img-19.webp) + +**Step 4 –** It took a little while for the non-well-known logs to show up. But maybe it will work +faster for you than for me. If you want to give it a shot and try your non-well-known logs, like +this, give it a go. + +`Event | where Eventlog == "PolicyPak"` + +**Step 5 –** Then click Run again. + +Pow! Here come your logs. + +![f5f03570b7ed35-img-20](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ed35-img-20.webp) + +Then I can also dig into an event, and … hey look ! EastSalesUser1 ran Procmon, and Endpoint Policy +Manager did the elevation ! Amazeballs ! + +![f5f03570b7e4f0-img-21](/img/product_docs/endpointpolicymanager/tips/f5f03570b7e4f0-img-21.webp) + +That's it. Well, that's basics anyway. + +_Remember,_ this blog is a simple walkthrough / getting started. This isn't "Magic Tricks with +Windows Analytics." But if I had this guide, I would have been up and running about 10x faster. So I +hope this helps you out and shows how you can take on-prem or "Always on the go" Windows 10 machines +and record their logs, then sort thru them for actionable items and trends. diff --git a/docs/endpointpolicymanager/tips/folderredirection.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/folderredirection.md similarity index 88% rename from docs/endpointpolicymanager/tips/folderredirection.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/folderredirection.md index 0b4e02aeac..d5689223c4 100644 --- a/docs/endpointpolicymanager/tips/folderredirection.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/folderredirection.md @@ -1,3 +1,9 @@ +--- +title: "How does Endpoint Policy Manager perform Folder Redirection or OneDrive Known Folder Move (KFM) with Endpoint Policy Manager Group Policy, Endpoint Policy ManagerMDM or Endpoint Policy Manager Cloud?" +description: "How does Endpoint Policy Manager perform Folder Redirection or OneDrive Known Folder Move (KFM) with Endpoint Policy Manager Group Policy, Endpoint Policy ManagerMDM or Endpoint Policy Manager Cloud?" +sidebar_position: 90 +--- + # How does Endpoint Policy Manager perform Folder Redirection or OneDrive Known Folder Move (KFM) with Endpoint Policy Manager Group Policy, Endpoint Policy ManagerMDM or Endpoint Policy Manager Cloud? Netwrix Endpoint Policy Manager (formerly PolicyPak) as a product DOESN'T perform Folder Redirection diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/mmcdisplay.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/mmcdisplay.md new file mode 100644 index 0000000000..0daa13403a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/mmcdisplay.md @@ -0,0 +1,16 @@ +--- +title: "How can I fix MMC display problems when my admin console uses high DPI?" +description: "How can I fix MMC display problems when my admin console uses high DPI?" +sidebar_position: 50 +--- + +# How can I fix MMC display problems when my admin console uses high DPI? + +Sometimes applications will draw in an unusual way when adding or removing policies. + +To fix this, use the Group Policy editor to specify the following policy such that it hits the Admin +station. + +This policy doesn't need to hit the end-points.. just the admin machine. + +![603_1_faq-5-img-1](/img/product_docs/endpointpolicymanager/tips/603_1_faq-5-img-1.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/onpremisecloud.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/onpremisecloud.md new file mode 100644 index 0000000000..e66fe707cd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/onpremisecloud.md @@ -0,0 +1,18 @@ +--- +title: "Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash?" +description: "Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash?" +sidebar_position: 80 +--- + +# Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) On-Prem Suite and Endpoint Policy Manager Cloud +have been designed to play nicely together. + +Therefore, you can use either the Endpoint Policy Manager Cloud to deliver your setting and/or, say, +Group Policy or SCCM to deliver your setting. + +All policies are simply merged together. If there's a conflict, the on-premise directive (say, using +Group Policy) wins. + +![609_1_img19-deliveryconflict005-resized-450px](/img/product_docs/endpointpolicymanager/tips/609_1_img19-deliveryconflict005-resized-450px.webp) diff --git a/docs/endpointpolicymanager/requirements/support/operatingsystem.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/operatingsystem.md similarity index 96% rename from docs/endpointpolicymanager/requirements/support/operatingsystem.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/operatingsystem.md index 3d1418e0e2..7a4f9da3ff 100644 --- a/docs/endpointpolicymanager/requirements/support/operatingsystem.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/operatingsystem.md @@ -1,3 +1,9 @@ +--- +title: "Which components within the Endpoint Policy Manager product family will work with what operating system?" +description: "Which components within the Endpoint Policy Manager product family will work with what operating system?" +sidebar_position: 110 +--- + # Which components within the Endpoint Policy Manager product family will work with what operating system? The following matrix describes our product compatibility. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/securitygroup.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/securitygroup.md new file mode 100644 index 0000000000..baed4c744e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/securitygroup.md @@ -0,0 +1,12 @@ +--- +title: "Is the Security Group Item Level Targeting (ILT) option recursive or not?" +description: "Is the Security Group Item Level Targeting (ILT) option recursive or not?" +sidebar_position: 20 +--- + +# Is the Security Group Item Level Targeting (ILT) option recursive or not? + +The Security Group Item Level Targeting (ILT) option is Direct by default, when Primary Group is +unchecked, but Recursive when it is checked. + +![561_1_overall-faq-s1p5](/img/product_docs/endpointpolicymanager/itemleveltargeting/561_1_overall-faq-s1p5.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/services.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/services.md new file mode 100644 index 0000000000..223e75713e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/services.md @@ -0,0 +1,10 @@ +--- +title: "Are the services installed with Endpoint Policy Manager required? Can I disable them if I'm only using a single component?" +description: "Are the services installed with Endpoint Policy Manager required? Can I disable them if I'm only using a single component?" +sidebar_position: 140 +--- + +# Are the services installed with Endpoint Policy Manager required? Can I disable them if I'm only using a single component? + +Yes. The services are an integral part of every Netwrix Endpoint Policy Manager (formerly PolicyPak) +component and required for each of them to function properly. diff --git a/docs/endpointpolicymanager/troubleshooting/clientsideextension/syspreperror.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/syspreperror.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/clientsideextension/syspreperror.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/syspreperror.md index 8c42f55265..0b12360da8 100644 --- a/docs/endpointpolicymanager/troubleshooting/clientsideextension/syspreperror.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/syspreperror.md @@ -1,3 +1,9 @@ +--- +title: "SYSPREP Error with Endpoint Policy Manager Client-Side Extension" +description: "SYSPREP Error with Endpoint Policy Manager Client-Side Extension" +sidebar_position: 200 +--- + # SYSPREP Error with Endpoint Policy Manager Client-Side Extension When updating the gold .wim file used for OS imaging, you may encounter the following error when diff --git a/docs/endpointpolicymanager/tips/thirdpartyadvice.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/thirdpartyadvice.md similarity index 96% rename from docs/endpointpolicymanager/tips/thirdpartyadvice.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/thirdpartyadvice.md index 29d14d18f3..911e9bb258 100644 --- a/docs/endpointpolicymanager/tips/thirdpartyadvice.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/thirdpartyadvice.md @@ -1,3 +1,9 @@ +--- +title: "How does Endpoint Policy Manager handle STIGs and/or CIS Benchmarks and/or other 3rd party Advice?" +description: "How does Endpoint Policy Manager handle STIGs and/or CIS Benchmarks and/or other 3rd party Advice?" +sidebar_position: 130 +--- + # How does Endpoint Policy Manager handle STIGs and/or CIS Benchmarks and/or other 3rd party Advice? ## Endpoint Policy Manager and STIGS diff --git a/docs/endpointpolicymanager/troubleshooting/clientsideextension/uninstallpassword.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/uninstallpassword.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/clientsideextension/uninstallpassword.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/uninstallpassword.md index 771383dfbb..8f66625503 100644 --- a/docs/endpointpolicymanager/troubleshooting/clientsideextension/uninstallpassword.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/uninstallpassword.md @@ -1,3 +1,9 @@ +--- +title: "Set and Manage the Uninstallation Password for Endpoint Policy Manager Client-Side Extension" +description: "Set and Manage the Uninstallation Password for Endpoint Policy Manager Client-Side Extension" +sidebar_position: 210 +--- + # Set and Manage the Uninstallation Password for Endpoint Policy Manager Client-Side Extension Starting with CSE 25.2, the Endpoint Policy Manager Client-Side Extension (CSE) Installer includes diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/virtualdesktops.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/virtualdesktops.md new file mode 100644 index 0000000000..1318a797b7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/virtualdesktops.md @@ -0,0 +1,22 @@ +--- +title: "How can I use Item Level Targeting to specify Windows Virtual Desktops (WVD) Multi-session Windows?" +description: "How can I use Item Level Targeting to specify Windows Virtual Desktops (WVD) Multi-session Windows?" +sidebar_position: 170 +--- + +# How can I use Item Level Targeting to specify Windows Virtual Desktops (WVD) Multi-session Windows? + +![642_1_1](/img/product_docs/endpointpolicymanager/itemleveltargeting/642_1_1.webp) + +The query you want is: + +**Step 1 –** The Operating System is Windows 10 + +**Step 2 –** and the WMI Query:select \* from Win32_OperatingSystem, where OperatingSystemSKU = 175 + +The result will look like this: + +![642_2_2](/img/product_docs/endpointpolicymanager/itemleveltargeting/642_2_2.webp) + +**NOTE:** For other unusual SKUs and information on how to get the ID, see the Microsoft article on +[OperatingSystemSKU Enum.](https://learn.microsoft.com/en-us/dotnet/api/microsoft.powershell.commands.operatingsystemsku?view=powershellsdk-1.1.0) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows.md new file mode 100644 index 0000000000..34ca539981 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows.md @@ -0,0 +1,23 @@ +--- +title: "Which Windows Client and Server are currently supported by Endpoint Policy Manager?" +description: "Which Windows Client and Server are currently supported by Endpoint Policy Manager?" +sidebar_position: 150 +--- + +# Which Windows Client and Server are currently supported by Endpoint Policy Manager? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) supports all current versions of Windows +clients and Servers as listed on the Microsoft chart below that have not reached end of service with +Microsoft: + +Clients: +[https://learn.microsoft.com/en-us/windows/release-health/supported-versions-windows-client](https://learn.microsoft.com/en-us/windows/release-health/supported-versions-windows-client) + +Servers: [https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info](https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info) + +Any exceptions, if any, to the above will be noted in the RELEASE-NOTES in the Endpoint Policy +Manager Portal. + +**NOTE:**   For complete clarity, Endpoint Policy Manager is not supported on Server 2012 R2, +Windows 7, and so on. The final build with best effort support is 23.8, and no more builds will be +produced after that. diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows11.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows11.md new file mode 100644 index 0000000000..b9d452ed70 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windows11.md @@ -0,0 +1,113 @@ +--- +title: "How can I use Item Level Targeting to specify a specific Windows 10 build and/or LTSC/LTSB?" +description: "How can I use Item Level Targeting to specify a specific Windows 10 build and/or LTSC/LTSB?" +sidebar_position: 40 +--- + +# How can I use Item Level Targeting to specify a specific Windows 10 build and/or LTSC/LTSB? + +**Step 1 –** To target a specific Windows 10 Build, start out by using the Operating System item and +selecting Windows 10. + +**Step 2 –** Then select either: + +- WMI Query, or +- Registry match. + +![14_1_faq-4-rev-1-img-1](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_1_faq-4-rev-1-img-1.webp) + +**Step 3 –** If you choose WMI Query to detect the build number, enter the following in the Query +field: + +``` +SELECT * FROM Win32_OperatingSystem WHERE BuildNumber = "15063" +``` + +This would select Windows 1703, which is that build number. + +![14_2_faq-4-rev-1-img-2](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_2_faq-4-rev-1-img-2.webp) + +**CAUTION:** Note that you want to place a whole number and not a number with decimal places. The +BUILDNUMBER field is actually nota numeric value, but a stringvalue and must match exactly. + +**Step 4 –** If you choose REGISTRY Query to detect the build number, search for the following item +in the Registry: + +``` +Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | CurrentBuildNumber +``` + +![14_3_faq-4-rev-1-img-3](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_3_faq-4-rev-1-img-3.webp) + +**Step 5 –** Use the Registry Match item as follows for a specific Build number. + +![14_4_faq-4-rev-1-img-4](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_4_faq-4-rev-1-img-4.webp) + +Other build numbers you can use are: + +| | | +| ----- | ------------------------ | +| 10586 | Windows 10, version 1511 | +| 14393 | Windows 10, version 1607 | +| 15063 | Windows 10, version 1703 | +| 16299 | Windows 10, version 1709 | +| 17134 | Windows 10, version 1803 | +| 17763 | Windows 10, version 1809 | + +## How to Query for Minor Build Numbers + +From time to time, you might want to target a machine with an unusual build number. + +For instance, Windows 1809 had two revisions with the same build ID of 17763. These were the +original shipping version (which was pulled from Microsoft due to quality concerns), and then the +final build which was broadly deployed + +Each of these Windows 1809 builds has the Build number of 17763, but has a minor version of .1 for +the first release and .253 for the second release. + +You can see examples of the first and second Windows 1809 releases below. + +First release of Windows 1809 build 17763: + +![14_5_faq-4-rev-1-img-5](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_5_faq-4-rev-1-img-5.webp) + +Second release of Windows 1809 build 17763: + +![14_6_faq-4-rev-1-img-6](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_6_faq-4-rev-1-img-6.webp) + +The Value you want to match with an ILT Registry Match is this: + +``` +Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | UBR +``` + +UBR stands for Update Build Revision. + +This Item Level Target expresses: + +When Machine is Windows 10, and + +- When build is 17763 (Windows 1809) and +- When build's UBR is .1 (first version of 1809). + +![14_7_faq-4-rev-1-img-7](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_7_faq-4-rev-1-img-7.webp) + +## How to Query for CB/CBB vs. LTSB/LTSC + +Additionally, if you wanted to be specific and target LTSB/LTSC builds of Windows 10, you use a WMI +query filter which would specify: + +``` +SELECT OperatingSystemSKU FROM Win32_OperatingSystem WHERE OperatingSystemSKU = 125 +``` + +Or, if you want to target CB/CBB builds: + +``` +SELECT OperatingSystemSKU FROM Win32_OperatingSystem WHERE OperatingSystemSKU = 4 + +``` + +Here's an example: + +![14_8_faq-4-rev-1-img-8](/img/product_docs/endpointpolicymanager/itemleveltargeting/14_8_faq-4-rev-1-img-8.webp) diff --git a/docs/endpointpolicymanager/itemleveltargeting/windowsendpoint.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsendpoint.md similarity index 90% rename from docs/endpointpolicymanager/itemleveltargeting/windowsendpoint.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsendpoint.md index b77b840eb7..cf172793c3 100644 --- a/docs/endpointpolicymanager/itemleveltargeting/windowsendpoint.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsendpoint.md @@ -1,3 +1,9 @@ +--- +title: "How do I make an Item Level Target for Windows 10 or Windows 11 endpoints" +description: "How do I make an Item Level Target for Windows 10 or Windows 11 endpoints" +sidebar_position: 190 +--- + # How do I make an Item Level Target for Windows 10 or Windows 11 endpoints Currently Item Level Target (ILT) does not have a separate drop-down option specifically for Windows diff --git a/docs/endpointpolicymanager/itemleveltargeting/windowsserver2019.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsserver2019.md similarity index 88% rename from docs/endpointpolicymanager/itemleveltargeting/windowsserver2019.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsserver2019.md index c01408d45e..2143a02f03 100644 --- a/docs/endpointpolicymanager/itemleveltargeting/windowsserver2019.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/windowsserver2019.md @@ -1,3 +1,9 @@ +--- +title: "How do I make an Item Level Target for Server 2016 or Server 2019 (on-prem, MDM or Endpoint Policy Manager Cloud) ?" +description: "How do I make an Item Level Target for Server 2016 or Server 2019 (on-prem, MDM or Endpoint Policy Manager Cloud) ?" +sidebar_position: 60 +--- + # How do I make an Item Level Target for Server 2016 or Server 2019 (on-prem, MDM or Endpoint Policy Manager Cloud) ? Depending on the editor you are using, your Item Level Target (ILT) editor may show one of either diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/_category_.json new file mode 100644 index 0000000000..3f562314dd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting General", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/antivirus.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/antivirus.md new file mode 100644 index 0000000000..e7aa1eac35 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/antivirus.md @@ -0,0 +1,21 @@ +--- +title: "Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus?" +description: "Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus?" +sidebar_position: 20 +--- + +# Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus? + +Netwrix Endpoint Policy Manager (formerly PolicyPak)'s "Guidance" has some example VBS / VBscript +files which can be flagged if your mail service is set to detect any kind of threat. + +The VBscript examples we use are being detected...as just that. VBscripts in a zip. + +They are in this location, and sometimes they are caught, and sometimes they are not. + +![756_1_img1](/img/product_docs/endpointpolicymanager/troubleshooting/756_1_img1.webp) + +The example files we provide are examples to use or ignore. And, we even put it into the readme of +the folder about the possibility of this file being seen by download filters. + +![756_3_img2](/img/product_docs/endpointpolicymanager/troubleshooting/756_3_img2.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/browserrouter.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/browserrouter.md new file mode 100644 index 0000000000..7250501f73 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/browserrouter.md @@ -0,0 +1,29 @@ +--- +title: "Why do I get \">Endpoint Policy ManagerBrowser Router couldn't connect to Endpoint Policy Manager extension service. Please contact support\"?" +description: "Why do I get \">Endpoint Policy ManagerBrowser Router couldn't connect to Endpoint Policy Manager extension service. Please contact support\"?" +sidebar_position: 50 +--- + +# Why do I get ">Endpoint Policy ManagerBrowser Router couldn't connect to Endpoint Policy Manager extension service. Please contact support"? + +If your users get this message, this means that the Netwrix Endpoint Policy Manager (formerly +PolicyPak) Helper Service has crashed. Typically, the service will automatically restart. But if it +doesn’t, and then Endpoint Policy Manager Browser Router is used, you might see a problem like this. + +![378_1_img-01-image002](/img/product_docs/endpointpolicymanager/troubleshooting/378_1_img-01-image002.webp) + +That being said, that message is old, and has been replaced in more recent CSEs. The first order of +business is to update the Client Side Extension to the LATEST version. + +If the problem still occurs, you would see a message similar to this. Note in this version, users +are instructed to contact you, and not +[Netwrix Support.](https://www.netwrix.com/sign_in.html?rf=tickets.html#netwrix-support) + +![378_3_img-02-image004](/img/product_docs/endpointpolicymanager/troubleshooting/378_3_img-02-image004.webp) + +Again, what specifically causes this error is when the Endpoint Policy Manager Helper Service is +stopped like what's seen here. +If you want to open an investigation on WHY a machine's Endpoint Policy Manager Helper Service is +crashing, open a support ticket and prepare to generate both user and admin logs for investigation. + +![378_5_img-03-image009_950x1116](/img/product_docs/endpointpolicymanager/troubleshooting/378_5_img-03-image009_950x1116.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/clientsideextension.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/clientsideextension.md new file mode 100644 index 0000000000..76d0392511 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/clientsideextension.md @@ -0,0 +1,35 @@ +--- +title: "During CSE installation on a VM the following message is displayed indicating a reboot will be needed" +description: "During CSE installation on a VM the following message is displayed indicating a reboot will be needed" +sidebar_position: 30 +--- + +# During CSE installation on a VM the following message is displayed indicating a reboot will be needed + +``` +"The following applications are using files which the installer must update. You can either close the applications and click "Try Again" or click "Continue" so that the installer continues the installation, and replaces these files when your system restarts" +``` + +![752_1_image-20200108161845-1](/img/product_docs/endpointpolicymanager/troubleshooting/install/752_1_image-20200108161845-1.webp) + +You are receiving this message because the "Microsoft Visual C++ 2015-2019 Redistributable" that +VMware installs, is an older version than the version needed by the Netwrix Endpoint Policy Manager +(formerly PolicyPak) CSE. + +### More Information: + +VMware Tools are developed and built using VS2015 and uses the Microsoft Visual Studio 2015 +Redistributable, however, in Endpoint Policy Manager we use VS2019. + +Microsoft maintains a single version of the MS Visual C++ Redistributable for VS2015, VS2017 and +VS2019 and products built for VS2015 (e.g. VMware Tools) can use it without issue. However, the +Endpoint Policy Manager CSE cannot use the now outdated VS2015 bits, and installs the unified +version of the redistributable unless it is already present on a machine. + +To avoid seeing this message on VMs during the CSE installation process you can download and install +the required redistributable using the links below before installing the Endpoint Policy Manager +Client Side Extensions (CSE). + +[https://aka.ms/vs/16/release/vc_redist.x64.exe](https://aka.ms/vs/16/release/vc_redist.x64.exe) + +[https://aka.ms/vs/16/release/vc_redist.x86.exe](https://aka.ms/vs/16/release/vc_redist.x86.exe) diff --git a/docs/endpointpolicymanager/troubleshooting/conflictresolved.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/conflictresolved.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/conflictresolved.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/conflictresolved.md index d1439ba071..ff75bfbca6 100644 --- a/docs/endpointpolicymanager/troubleshooting/conflictresolved.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/conflictresolved.md @@ -1,3 +1,9 @@ +--- +title: "What is the processing order of all policies and how are conflicts resolved (and how can I see the final RsOP) of those policies (between GPO, Cloud, XML, etc)?" +description: "What is the processing order of all policies and how are conflicts resolved (and how can I see the final RsOP) of those policies (between GPO, Cloud, XML, etc)?" +sidebar_position: 40 +--- + # What is the processing order of all policies and how are conflicts resolved (and how can I see the final RsOP) of those policies (between GPO, Cloud, XML, etc)? When you attempt to deliver policies from multiple sources, for example Group Policy and Netwrix @@ -41,4 +47,4 @@ individual policies. As such you might see an undesired "flip flop" behavior whe Security Settings are delivered from multiple sources like Group Policy and Endpoint Policy Manager Cloud. For details on this particular problem see this existing KB: -[Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings?](/docs/endpointpolicymanager/troubleshooting/gpoexport/onpremisecloud.md) +[Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/onpremisecloud.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/customdialog.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/customdialog.md new file mode 100644 index 0000000000..47de3e467d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/customdialog.md @@ -0,0 +1,21 @@ +--- +title: "How can I present a custom dialog (or no dialog) if Browser Router (or the CSE) stops working or crashes?" +description: "How can I present a custom dialog (or no dialog) if Browser Router (or the CSE) stops working or crashes?" +sidebar_position: 150 +--- + +# How can I present a custom dialog (or no dialog) if Browser Router (or the CSE) stops working or crashes? + +Using the Netwrix Endpoint Policy Manager (formerly PolicyPak) ADMX files, you can use the "Show +error message dialog when URL routing is not possible" setting. + +Note that when the setting is: + +1. Default: It will use the default text. +2. Enabled: You can specify your own dialog title and text. NOTE that HTML is NOT supported. Must be + straight text. +3. Disabled: No dialog will appear if Endpoint Policy Manager Endpoint Policy Manager Browser Router + or the CSE has a problem. This could be desirable, but also means that functions will just stop + with no notification. + +![780_1_img-01_950x653](/img/product_docs/endpointpolicymanager/troubleshooting/780_1_img-01_950x653.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/log/debug.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/debug.md similarity index 79% rename from docs/endpointpolicymanager/troubleshooting/log/debug.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/debug.md index bfddf887a3..4defd28820 100644 --- a/docs/endpointpolicymanager/troubleshooting/log/debug.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/debug.md @@ -1,3 +1,9 @@ +--- +title: "How do I turn on Debug logging if asked?" +description: "How do I turn on Debug logging if asked?" +sidebar_position: 120 +--- + # How do I turn on Debug logging if asked? Debug logging might be required by the Netwrix Endpoint Policy Manager (formerly PolicyPak) @@ -22,5 +28,5 @@ correctly. ![385_2_image003](/img/product_docs/endpointpolicymanager/troubleshooting/log/385_2_image003.webp) **Step 4 –** After that, reproduce the problem, and run` PPLOGS` as seen in Step 3 -[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) +[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) and attach to your support case. diff --git a/docs/endpointpolicymanager/troubleshooting/itemleveltargeting/evaluations.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/evaluations.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/itemleveltargeting/evaluations.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/evaluations.md index a2b176b683..82f9e952ce 100644 --- a/docs/endpointpolicymanager/troubleshooting/itemleveltargeting/evaluations.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/evaluations.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting Item Level Targeting (ILT) Evaluations when using the Endpoint Policy Manager ILT Engine" +description: "Troubleshooting Item Level Targeting (ILT) Evaluations when using the Endpoint Policy Manager ILT Engine" +sidebar_position: 160 +--- + # Troubleshooting Item Level Targeting (ILT) Evaluations when using the Endpoint Policy Manager ILT Engine Starting with CSE 3068, Netwrix Endpoint Policy Manager (formerly PolicyPak) replaces the in-box diff --git a/docs/endpointpolicymanager/troubleshooting/fastsupport.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/fastsupport.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md index 5954eea046..fa70afe99e 100644 --- a/docs/endpointpolicymanager/troubleshooting/fastsupport.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md @@ -1,3 +1,9 @@ +--- +title: "What must I send to Endpoint Policy Manager support in order to get the FASTEST support?" +description: "What must I send to Endpoint Policy Manager support in order to get the FASTEST support?" +sidebar_position: 10 +--- + # What must I send to Endpoint Policy Manager support in order to get the FASTEST support? Follow theses steps in order for support to troubleshoot most issues. @@ -6,7 +12,7 @@ Follow theses steps in order for support to troubleshoot most issues. concerns and issues on the latest CSE. If you haven’t verified your problem exists with the latest CSE (and latest MMC or with Cloud), ensure to download the latest CSE before opening a support ticket. See the -[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) +[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) topic for additional information. **Step 2 –** After the problem is reproduced on the latest CSE, open a diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/forepointdlp.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/forepointdlp.md new file mode 100644 index 0000000000..cc378b0bf6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/forepointdlp.md @@ -0,0 +1,13 @@ +--- +title: "Why do I get crashes and blue screens when using Endpoint Policy Manager with Forcepoint DLP?" +description: "Why do I get crashes and blue screens when using Endpoint Policy Manager with Forcepoint DLP?" +sidebar_position: 190 +--- + +# Why do I get crashes and blue screens when using Endpoint Policy Manager with Forcepoint DLP? + +You must upgrade to the latest Forepoint DLP client of at least 23.10.5661. + +This was a bug in Forcepoint. + +![982_1_oct-11](/img/product_docs/endpointpolicymanager/troubleshooting/982_1_oct-11.webp) diff --git a/docs/endpointpolicymanager/install/clientsideextension/guids.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/guids.md similarity index 96% rename from docs/endpointpolicymanager/install/clientsideextension/guids.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/guids.md index fda07595c7..1fb2b6d6de 100644 --- a/docs/endpointpolicymanager/install/clientsideextension/guids.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/guids.md @@ -1,3 +1,9 @@ +--- +title: "What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?" +description: "What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear?" +sidebar_position: 110 +--- + # What CSEs are contained within Endpoint Policy Manager, what are their CSE GUIDs, and in what release did they appear? | COMPONENT | CSE EXTENSION GUID | RELEASED IN BUILD | | diff --git a/docs/endpointpolicymanager/troubleshooting/hangingprocess.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/hangingprocess.md similarity index 89% rename from docs/endpointpolicymanager/troubleshooting/hangingprocess.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/hangingprocess.md index 1bb8027e37..e5ed5ac180 100644 --- a/docs/endpointpolicymanager/troubleshooting/hangingprocess.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/hangingprocess.md @@ -1,3 +1,9 @@ +--- +title: "How do I submit a process dump (PROCDUMP) and Process Monitor (PROCMON) capture of a hanging process?" +description: "How do I submit a process dump (PROCDUMP) and Process Monitor (PROCMON) capture of a hanging process?" +sidebar_position: 60 +--- + # How do I submit a process dump (PROCDUMP) and Process Monitor (PROCMON) capture of a hanging process? Get the following tools handy: diff --git a/docs/endpointpolicymanager/troubleshooting/intelgraphicdriver.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/intelgraphicdriver.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/intelgraphicdriver.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/intelgraphicdriver.md index 0b5fca0ccc..7f2e274dce 100644 --- a/docs/endpointpolicymanager/troubleshooting/intelgraphicdriver.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/intelgraphicdriver.md @@ -1,3 +1,9 @@ +--- +title: "Intel Driver and Support Assistant" +description: "Intel Driver and Support Assistant" +sidebar_position: 200 +--- + # Intel Driver and Support Assistant If the Intel Driver and Support Assistant cannot install updates when Endpoint Policy Manager CSE is @@ -17,7 +23,7 @@ not show a UAC prompt, which is needed for the update to install. Resolution 1 See the Scenario 2 section of the -[How can I change the behavior of "Run as Admin" with Endpoint Privilege Manager and how has it changed from previous versions?](/docs/endpointpolicymanager/leastprivilege/runasadmin.md) +[How can I change the behavior of "Run as Admin" with Endpoint Privilege Manager and how has it changed from previous versions?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/runasadmin.md) topic for additional information on how to disable the Explicit Elevate option. Resolution 2 diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/manual.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/manual.md new file mode 100644 index 0000000000..cd47791a54 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/manual.md @@ -0,0 +1,92 @@ +--- +title: "How do I manually collect logs if PPLOGS as User or Admin does not launch?" +description: "How do I manually collect logs if PPLOGS as User or Admin does not launch?" +sidebar_position: 70 +--- + +# How do I manually collect logs if PPLOGS as User or Admin does not launch? + +**NOTE:** PPLOGs does not magically stop working, there is always some underlying cause.  Typically +some sort of barrier which prevents it... pplogs or other tools used in the pplogs process (like +reg.exe) from working. If there is something in your environment that is blocking the automated +(pplogs) way of gathering log information you can still fetch this information by hand. + +## First, manually collect the information for the ADMIN Logs: + +**Step 1 –** Login as an Administrator to the computer where the issue is occurring then gather the +following: + +- Copy entire `%programdata%\PolicyPak `folder, this folder includes logs, dumps, policy store, and + xmldata files. + + **NOTE:** Some of these files cannot be accessed without elevation. The easiest UI way to get + them might be to copy the` %programdata%\PolicyPak` folder to Desktop and then approve the + elevation when prompted. + +**Step 2 –** Run Regedit as Administrator, then export the following registry keys if they are +present, ignore any keys that do not exist. + +- `HKLM\Software\PolicyPak\Client-Side Extensions\{1659C456-08FC-4359-B125-BB70EE34DD55}` +- `HKLM\Software\Classes\PPBRURL` +- `HKLM\Software\Classes\PPBRNURL` +- `HKLM\Software\Clients\StartMenuInternet` +- `HKLM\Software\Policies\Google\Chrome` +- `HKLM\Software\Policies\Microsoft\Windows\Explorer` +- `HKLM\Software\Policies\Microsoft\Windows\System` +- `HKLM\Software\Policies\PolicyPak` +- `HKLM\Software\PolicyPak` +- `HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths` +- `HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID` +- `HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy \{123AA0DB-7D32-4E82-9CBB-14E096E802AF}` +- `HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions` +- `HKLM\Software\RegisteredApplications` + +**Step 3 –** Launch Event Viewer as Administrator: + +1. Expand "Applications and Services Logs", right-click on "Netwrix Endpoint Policy Manager + (formerly PolicyPak)" event log and choose "Save All Events As…", save the file as + + `"endpointpolicymanager.evtx"` + +2. Expand "Applications and Services Logs" > "Microsoft" > "Windows", right-click on "GroupPolicy" + event log and choose "Save All Events As…", save the file as + + `"GroupPolicy.evtx"` + +3. Expand "Windows Logs" then right-click the "Application" log and choose "Save All Events As…" + save the file as + + `"Application.evtx".` + +**Step 4 –** Lastly, zip up everything you have collected on the ADMIN side +as`pplogs_as_admin_SRX#.zip`(substitute your Service request number for "SRX#") then upload to the +SUPPORT INBOX on SHAREFILE: +[https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9](https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9) + +## Next, manually collect the information for the USER Logs: + +**Step 1 –** Login as a regular (non-admin) user to the computer where the issue is occurring then +gather the following: + +- Copy entire `%localappdata%\PolicyPak`, this folder is important for troubleshooting all and any + CSE issues. +- Locate and gather any Endpoint Policy Manager log files in the `%TEMP%, %USERPROFILE%`, + `%APPDATA%`, and `%LOCALAPPDATA%` folders. + +**Step 2 –** Run Regedit then export the following registry keys if they are present, ignore any +keys that do not exist. + +- `HKCU\Software\Mozilla\Firefox\Extensions` +- `HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{123AA0DB-7D32-4E82-9CBB-14E096E802AF}` +- `HKCU\Software\Microsoft\Internet Explorer\Main\EnterpriseMode` +- `HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\` +- `HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice` +- `HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice` +- `HKCU\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` +- `HKCU\Software\Policies\Microsoft\Windows\Explorer` +- `HKCU\Software\PolicyPak` + +**Step 3 –** Lastly, zip up everything you have collected on the USER side as +`pplogs_as_user_SRX#.zip` (substitute your Service request number for "SRX#") then upload to the +SUPPORT INBOX on SHAREFILE: +[https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9](https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9) diff --git a/docs/endpointpolicymanager/troubleshooting/log/minidumpfiles.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/minidumpfiles.md similarity index 76% rename from docs/endpointpolicymanager/troubleshooting/log/minidumpfiles.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/minidumpfiles.md index 4e85af2203..e953bd4d7d 100644 --- a/docs/endpointpolicymanager/troubleshooting/log/minidumpfiles.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/minidumpfiles.md @@ -1,3 +1,9 @@ +--- +title: "How can I increase the depth of what Endpoint Policy Manager reports (minidump files)." +description: "How can I increase the depth of what Endpoint Policy Manager reports (minidump files)." +sidebar_position: 130 +--- + # How can I increase the depth of what Endpoint Policy Manager reports (minidump files). You can use the Group Policy Preferences or Netwrix Endpoint Policy Manager (formerly PolicyPak) to diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/pplogsprompt.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/pplogsprompt.md new file mode 100644 index 0000000000..6e0b0c72ce --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/pplogsprompt.md @@ -0,0 +1,23 @@ +--- +title: "How can I use Powershell to automatically say yes to the PPLOGS prompt?" +description: "How can I use Powershell to automatically say yes to the PPLOGS prompt?" +sidebar_position: 180 +--- + +# How can I use Powershell to automatically say yes to the PPLOGS prompt? + +Remember that two different logs are required to get on a computer in order to get Netwrix Endpoint +Policy Manager (formerly PolicyPak) Support. Please review +[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md). + +Then, when you're ready to automatically grab the logs from the machine please use the following +commands (and see a sample result below.) + +**NOTE:** The commands must be run on the machine in question and will not work requesting the +details remotely. Therefore you can run a command like this from a scripting tool or anything else +where the command will execute on the machine itself. + +`echo y|pplogs /out:"c:\temp\pplogs_"$env:computername"_"$env:username".zip"` +`echo y|pplogs /out:"c:\temp\pplogs_"$env:computername"_admin.zip"` + +![934_1_image001_950x736](/img/product_docs/endpointpolicymanager/troubleshooting/powershell/934_1_image001_950x736.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/procmon.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/procmon.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/procmon.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/procmon.md index 9e41ad8fe8..90183aa4f2 100644 --- a/docs/endpointpolicymanager/troubleshooting/procmon.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/procmon.md @@ -1,3 +1,9 @@ +--- +title: "How to use ProcMon to track changes over time to specific registry keys" +description: "How to use ProcMon to track changes over time to specific registry keys" +sidebar_position: 170 +--- + # How to use ProcMon to track changes over time to specific registry keys More info: diff --git a/docs/endpointpolicymanager/troubleshooting/clientsideextension/registrydebug.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/registrydebug.md similarity index 99% rename from docs/endpointpolicymanager/troubleshooting/clientsideextension/registrydebug.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/registrydebug.md index a8d894ef9b..ead644b4ab 100644 --- a/docs/endpointpolicymanager/troubleshooting/clientsideextension/registrydebug.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/registrydebug.md @@ -1,3 +1,9 @@ +--- +title: "What are the advanced CSE troubleshooting registry debugging items?" +description: "What are the advanced CSE troubleshooting registry debugging items?" +sidebar_position: 140 +--- + # What are the advanced CSE troubleshooting registry debugging items? Netwrix Endpoint Policy Manager (formerly PolicyPak) supports some special troubleshooting registry diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/services.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/services.md new file mode 100644 index 0000000000..9281a934de --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/services.md @@ -0,0 +1,59 @@ +--- +title: "What are the services installed by Endpoint Policy Manager?" +description: "What are the services installed by Endpoint Policy Manager?" +sidebar_position: 90 +--- + +# What are the services installed by Endpoint Policy Manager? + +Group Policy has its own services which handle the deployment and enforcement of policy when +initiated manually or on a defined interval. + +You can see the Group Policy Client Service from Microsoft here. This is what downloads GPOs, which +may or may not contain Netwrix Endpoint Policy Manager (formerly PolicyPak) data. + +![322_1_grouppolicyclient](/img/product_docs/endpointpolicymanager/install/322_1_grouppolicyclient.webp) + +Endpoint Policy Manager provides (via Group Policy, Endpoint Policy Manager Cloud or MDM delivery) a +vast array of powerful and unique policies not possible with Group Policy alone. Many of these +unique policies must be enforced in real-time. + +There are 3 services created by the CSE. + +- Endpoint Policy Manager Helper Service (64-bit) +- Endpoint Policy Manager Watcher Service (64-bit) +- Endpoint Policy Manager Watcher Service (32-bit) + +![322_2_policypakservices](/img/product_docs/endpointpolicymanager/install/322_2_endpointpolicymanagerservices.webp) + +The Endpoint Policy Manager services provide this real-time enforcement of policies. For instance, +when you use Endpoint Policy Manager to perform the following: + +- Setting and locking down application settings (PP Application Manager) +- Making sure users only execute allowed applications (PP Least Priv / SecureRun). +- Allowing users to [run applications or access settings that require administrative privileges + without giving them full + privileges](https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html on their + system.) (PP Least Priv.) +- Manage Java control (PP Java Rules Manager.) + +The Watcher Services for PP Application Manager does what it implies: watches items in real-time. +This implements the AppLock and some real-time enforcement. + +We need three services because we support both 32 & 64 bit applications (on 64-bit machines). + +The Watcher Service is also involved in the PolicyPak CSE Auto-Updater. When the Watcher Service is +disabled, you cannot perform the automatic on-prem update of the CSE. For more information on the +automatic update feature, see the +[Rings with Endpoint Policy Manager and Active Directory](/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/activedirectory.md) topic. + +The Helper Service is required, handles a variety of functions, and is used across all of PP's +components. We need more services than just Group Policy because we do much more than Group Policy +can by itself. + +The Group Policy service from Microsoft simply downloads and applies GPOs and passes the data onward +to a corresponding Client Side Extension. + +Endpoint Policy Manager's components are also architected as Client Side Extensions, but CSEs cannot +continue to perform duties in real-time, only services can do that. Therefore, Endpoint Policy +Manager has some services to watch over and perform items in realtime. diff --git a/docs/endpointpolicymanager/troubleshooting/settingsrevert.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/settingsrevert.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/settingsrevert.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/settingsrevert.md index 34f003b6d9..796f48df1f 100644 --- a/docs/endpointpolicymanager/troubleshooting/settingsrevert.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/settingsrevert.md @@ -1,3 +1,9 @@ +--- +title: "How do I ensure that settings will revert when the policy no longer applies (by Group Policy, File, or Endpoint Policy Manager Cloud)?" +description: "How do I ensure that settings will revert when the policy no longer applies (by Group Policy, File, or Endpoint Policy Manager Cloud)?" +sidebar_position: 80 +--- + # How do I ensure that settings will revert when the policy no longer applies (by Group Policy, File, or Endpoint Policy Manager Cloud)? It's a little different for each component. diff --git a/docs/endpointpolicymanager/troubleshooting/watcherservice.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/watcherservice.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/watcherservice.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/watcherservice.md index 43738b2971..12308b2f34 100644 --- a/docs/endpointpolicymanager/troubleshooting/watcherservice.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/watcherservice.md @@ -1,3 +1,9 @@ +--- +title: "I see many instances of the Endpoint Policy Manager Watcher service running on my clients, is that normal?" +description: "I see many instances of the Endpoint Policy Manager Watcher service running on my clients, is that normal?" +sidebar_position: 100 +--- + # I see many instances of the Endpoint Policy Manager Watcher service running on my clients, is that normal? Depending on the client machine architecture (32 or 64 bit) and the number of users logged in to diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/endpointpolicymanage/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/endpointpolicymanage/_category_.json new file mode 100644 index 0000000000..ed4cd8065e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/endpointpolicymanage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Endpoint Policy Manager And Netwrix Auditor", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/gettingstartedmisc/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/gettingstartedmisc/_category_.json new file mode 100644 index 0000000000..d504aad0b1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/gettingstartedmisc/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started Misc", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/video/gettingstarted/editor.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/gettingstartedmisc/editor.md similarity index 78% rename from docs/endpointpolicymanager/video/gettingstarted/editor.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/gettingstartedmisc/editor.md index 715ef0b3da..7e2861d65d 100644 --- a/docs/endpointpolicymanager/video/gettingstarted/editor.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/gettingstartedmisc/editor.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Standalone Editor Introduction" +description: "Endpoint Policy Manager Standalone Editor Introduction" +sidebar_position: 10 +--- + # Endpoint Policy Manager Standalone Editor Introduction Don't want to use the GPMC to create or edit Netwrix Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/methodssccmandothero/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/methodssccmandothero/_category_.json new file mode 100644 index 0000000000..a91f018c37 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/methodssccmandothero/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods SCCM And Other On Prem Tools Deploying Real Microsoft GPO And Endpoint Policy Manager Settings", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/troubleshooting/_category_.json new file mode 100644 index 0000000000..d0c808bf1b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/troubleshooting/admx.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/troubleshooting/admx.md new file mode 100644 index 0000000000..2e20ed02cb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/troubleshooting/admx.md @@ -0,0 +1,13 @@ +--- +title: "Endpoint Policy Manager: Exclude Processes via ADMX" +description: "Endpoint Policy Manager: Exclude Processes via ADMX" +sidebar_position: 10 +--- + +# Endpoint Policy Manager: Exclude Processes via ADMX + +You're likely already excluding your AV and other system software from Netwrix Endpoint Policy +Manager (formerly PolicyPak). But you can use this ADMX setting to specify which processes Endpoint +Policy Manager should exclude. + + diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/_category_.json new file mode 100644 index 0000000000..27331f61d4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Upgrading And Maintenance", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/backupoptions.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/backupoptions.md new file mode 100644 index 0000000000..650a83a6c2 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/backupoptions.md @@ -0,0 +1,9 @@ +--- +title: "Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem" +description: "Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem" +sidebar_position: 10 +--- + +# Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem + + diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..4e6d0f0036 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/videolearningcenter.md @@ -0,0 +1,82 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for getting started with Endpoint Policy Manager (Misc). + +## Getting Started (Misc) + +- [Endpoint Policy ManagerPortal: How to download Endpoint Policy Manager and get free training](/docs/endpointpolicymanager/video/gettingstarted/freetraining.md) +- [Endpoint Policy ManagerSolution Methods: Group Policy, MDM, UEM Tools, and Endpoint Policy Manager Cloud compared.](/docs/endpointpolicymanager/video/gettingstarted/solutionmethods.md) +- [Endpoint Policy Manager Extras: SID EXPORTER](/docs/endpointpolicymanager/video/gettingstarted/sidexporter.md) +- [Endpoint Policy Manager CSE and Admin console with ARM machines](/docs/endpointpolicymanager/video/gettingstarted/arm.md) +- [Endpoint Policy Manager Standalone Editor Introduction](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/gettingstartedmisc/editor.md) + +## Troubleshooting + +- [Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md) +- [Gathering and Uploading Logs](/docs/endpointpolicymanager/video/troubleshooting/logs.md) +- [Process Monitor 101](/docs/endpointpolicymanager/video/troubleshooting/processmonitor.md) +- [How to make a GPO backup for us to use atEndpoint Policy Manager ](/docs/endpointpolicymanager/video/troubleshooting/gpobackup.md) +- [Endpoint Policy Manager User PowerShell to find all Endpoint Policy Manager GPOs](/docs/endpointpolicymanager/video/troubleshooting/powershell.md) +- [Endpoint Policy Manager CSE Troubleshooting: Unlicense all components, and re-license the one to isolate](/docs/endpointpolicymanager/video/troubleshooting/unlicense.md) +- [Troubleshooting ILT with the ILT Validator Tool](/docs/endpointpolicymanager/video/troubleshooting/itemleveltargeting.md) +- [Endpoint Policy Manager: Exclude Processes via ADMX](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/troubleshooting/admx.md) + +## Upgrading and Maintenance + +- [Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/backupoptions.md) +- [Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) + +## Endpoint Policy Manager & Netwrix Auditor + +- [Endpoint Policy Manager and Netwrix Auditor - Demo](/docs/endpointpolicymanager/video/integration/auditordemo.md) +- [Endpoint Policy Manager and Netwrix Auditor - Setup Steps](/docs/endpointpolicymanager/video/integration/auditorsetup.md) + +## Methods: SCCM (and Other On-prem Tools) - Deploying Real Microsoft GPO and Endpoint Policy Manager Settings + +- [Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/methods/exporterutility.md) +- [Deploy Real Group Policy using SCCM or Other Management System!](/docs/endpointpolicymanager/video/methods/sccmgrouppolicy.md) +- Deploy Endpoint Policy Manager Settings Using SCCM or Other Management System! + +## Endpoint Policy Manager and Windows Virtual Desktops (WVD) + +- [Endpoint Policy Manager & WVD (Windows Virtual Desktop) Getting Started](/docs/endpointpolicymanager/video/windowsvirtualdesktops/gettingstarted.md) +- [Endpoint Policy Manager + WVD: Elevate the installation of the Remote Deskop app](/docs/endpointpolicymanager/video/windowsvirtualdesktops/elevateinstall.md) +- [Endpoint Policy Manager + WVD: Elevate application inside WVD and bypass UAC prompts](/docs/endpointpolicymanager/video/windowsvirtualdesktops/elevateapplication.md) +- [Endpoint Policy Manager + WVD: Manage the Start Screen and Taskbar](/docs/endpointpolicymanager/video/windowsvirtualdesktops/startscreen.md) +- [Endpoint Policy Manager + WVD: Manage Applications Settings](/docs/endpointpolicymanager/video/windowsvirtualdesktops/applicationsettings.md) +- [Endpoint Policy Manager + WVD: Reducing number of GPOs and using "GPOs with Brains"](/docs/endpointpolicymanager/video/windowsvirtualdesktops/admintemplatemanager.md) +- [Endpoint Policy Manager + WVD: Browser Router ... the right browser for the right website.](/docs/endpointpolicymanager/video/windowsvirtualdesktops/browserrouter.md) +- [Endpoint Policy Manager + Windows Virtual Desktop .. Better Together Tour](/docs/endpointpolicymanager/video/windowsvirtualdesktops/tour.md) +- [Endpoint Privilege Manager + Windows Virtual Desktop](/docs/endpointpolicymanager/video/windowsvirtualdesktops/leastprivilege.md) + +## Endpoint Policy Manager and FSLogix + +- [Endpoint Policy Manager + FSLogix ... Managing your Browsers with App Masking.](/docs/endpointpolicymanager/video/fslogix/appmasking.md) +- [Endpoint Policy Manager and FSLogix Profiles: Better Together](/docs/endpointpolicymanager/video/fslogix/profiles.md) +- [Endpoint Policy Manager + FSLogix: Manage the Windows 10 Start Menu](/docs/endpointpolicymanager/video/fslogix/startmenu.md) +- [Endpoint Policy Manager + FSLogix: Set default browser based upon if the browser is masked or revealed](/docs/endpointpolicymanager/video/fslogix/browserdefault.md) +- [Endpoint Policy Manager + FSLogix: The Right Browser for the Right Website](/docs/endpointpolicymanager/video/fslogix/broswerright.md) +- [Endpoint Policy Manager + FSLogix: Setting browser configuration based upon which browser you actually have.](/docs/endpointpolicymanager/video/fslogix/browserconfiguration.md) +- [Endpoint Policy Manager + FSLogix: Elevating applications when needed (and available by FSLogix)](/docs/endpointpolicymanager/video/fslogix/elevatingapplications.md) + +## Endpoint Policy Manager & Cameyo + +- [Endpoint Policy Manager + Cameyo: Overcoming UAC prompts for Published Applications](/docs/endpointpolicymanager/video/cameyo/uacprompts.md) +- [Endpoint Policy Manager Browser Router + Cameyo: Right Browser for the Right Website](/docs/endpointpolicymanager/video/cameyo/browserright.md) +- [Endpoint Policy Manager and Cameyo: Start Screen and Taskbar Magic Tricks](/docs/endpointpolicymanager/video/cameyo/startscreen.md) +- [Cameyo and Endpoint Policy Manager Application Settings Manager](/docs/endpointpolicymanager/video/cameyo/applicationsettings.md) + +## Endpoint Policy Manager & Change Management Utilities + +- [Endpoint Policy Manager MMC: Showing History of items you create](/docs/endpointpolicymanager/video/changemanagementutilities/history.md) +- [Endpoint Policy Manager and AGPM](/docs/endpointpolicymanager/video/changemanagementutilities/advancedgrouppolicymanagement.md) +- [Endpoint Policy Manager and Quest's GPOADmin Tool](/docs/endpointpolicymanager/video/changemanagementutilities/gpoadmintool.md) +- [Endpoint Policy Manager Integrates with NetIQ GPA](/docs/endpointpolicymanager/video/changemanagementutilities/netiq.md) +- [Endpoint Policy Manager and Quest (ScriptLogic) ActiveAdministrator](/docs/endpointpolicymanager/video/changemanagementutilities/scriptlogicactiveadministrator.md) +- [Endpoint Policy Manager and SDM CHANGE MANAGER](/docs/endpointpolicymanager/video/changemanagementutilities/sdmchangemanager.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/_category_.json new file mode 100644 index 0000000000..81eb4265fb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started With Group Policy", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/endpointpolicymanage/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/endpointpolicymanage/_category_.json new file mode 100644 index 0000000000..05fa3a9662 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/endpointpolicymanage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Endpoint Policy Manager Group Policy", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/endpointpolicymanage/pdqdeploy.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/endpointpolicymanage/pdqdeploy.md new file mode 100644 index 0000000000..7d4371cf00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/endpointpolicymanage/pdqdeploy.md @@ -0,0 +1,44 @@ +--- +title: "How to use PDQ Deploy to collect PPLOGS from remote computers then save them to a network location" +description: "How to use PDQ Deploy to collect PPLOGS from remote computers then save them to a network location" +sidebar_position: 10 +--- + +# How to use PDQ Deploy to collect PPLOGS from remote computers then save them to a network location + +**NOTE:** You need to be running PDQ Deploy in Enterprise mode to use this functionality. + +**Step 1 –** Create a new PDQ Deploy package and give it a descriptive name. + +**Step 2 –** Under Steps choose **Command**. + +![784_1_hf-faq-914-img-01](/img/product_docs/endpointpolicymanager/grouppolicy/784_1_hf-faq-914-img-01.webp) + +**Step 3 –** Give the Step a descriptive name, like Collect PPLOGS as User, then, under **Details +tab** > **Command** type or paste in the command below. Replace \\server\share with a valid network +path for your environment. **Note**: Users must be able to create files under the network path you +choose. + +`echo y|pplogs /out:\\server\share\pplogs\%computername%\pplogs-%computername%-%username%.zip` + +![784_3_hf-faq-914-img-02_950x110](/img/product_docs/endpointpolicymanager/grouppolicy/784_3_hf-faq-914-img-02_950x110.webp) + +**Step 4 –** Under the **Options** tab set the **Run As** to **Logged on User**, then click **Save** +to save your progress so far. + +![784_5_hf-faq-914-img-03_950x134](/img/product_docs/endpointpolicymanager/grouppolicy/784_5_hf-faq-914-img-03_950x134.webp) + +**Step 5 –** Select the **New Step** dropdown and choose **Command** from the dropdown list. + +![784_7_hf-faq-914-img-04](/img/product_docs/endpointpolicymanager/grouppolicy/784_7_hf-faq-914-img-04.webp) + +**Step 6 –** Give the Step a descriptive name, like. Collect PPLOGS as Admin), and then under +**Details tab** > **Command** type or paste in the command below, replacing \\server\share with a +valid network path for your environment. + +`echo y|pplogs /out:\\server\share\pplogs\%computername%\pplogs-%computername%-admin.zip` + +**Step 7 –** Click **Save**, then test your deployment. Once the deployment has executed +successfully check your network share to see the results. + +![784_9_hf-faq-914-img-05](/img/product_docs/endpointpolicymanager/grouppolicy/784_9_hf-faq-914-img-05.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..be988956ff --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/knowledgebase.md @@ -0,0 +1,26 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for getting started with Group Policy. + +## Troubleshooting + +- [How can I find the name of a GPO located within a PP Log file?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/guid.md) +- [How does caching of item level targeting work when Microsoft ILT (Preferences ILT) is used?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cachepreferences.md) +- [How does caching of Item Level Targeting work when Endpoint Policy Manager ILT (ILT 2.0 Engine) is used?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cacheengine.md) +- [How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support (when using Preferences ILT engine)?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/preferences.md) +- [Microsoft August 2024 Updates Breaking New Item-Level Targeting in GPOs](/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/index.md) +- [The Group Policy "Reporting ADM" appears to stop functioning in one GPO. What can I do to fix it?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/reportingadm.md) + +## Tips, Tricks and FAQs + +- [How to insert User information in any Application via Group Policies?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/tips,tricksandfaq/insertuserinfo.md) + +## Endpoint Policy Manager Group Policy + +- [How to use PDQ Deploy to collect PPLOGS from remote computers then save them to a network location](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/endpointpolicymanage/pdqdeploy.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/tips,tricksandfaq/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/tips,tricksandfaq/_category_.json new file mode 100644 index 0000000000..a1db433b9a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/tips,tricksandfaq/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips, Tricks And FAQ", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/grouppolicy/insertuserinfo.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/tips,tricksandfaq/insertuserinfo.md similarity index 94% rename from docs/endpointpolicymanager/grouppolicy/insertuserinfo.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/tips,tricksandfaq/insertuserinfo.md index cd5ed5e599..97fdf42eb8 100644 --- a/docs/endpointpolicymanager/grouppolicy/insertuserinfo.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/tips,tricksandfaq/insertuserinfo.md @@ -1,3 +1,9 @@ +--- +title: "How to insert User information in any Application via Group Policies?" +description: "How to insert User information in any Application via Group Policies?" +sidebar_position: 10 +--- + # How to insert User information in any Application via Group Policies? ## Summary: diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..51f22c0d00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cacheengine.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cacheengine.md similarity index 85% rename from docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cacheengine.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cacheengine.md index 1cda05ad2e..be02d79c0d 100644 --- a/docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cacheengine.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cacheengine.md @@ -1,3 +1,9 @@ +--- +title: "How does caching of Item Level Targeting work when Endpoint Policy Manager ILT (ILT 2.0 Engine) is used?" +description: "How does caching of Item Level Targeting work when Endpoint Policy Manager ILT (ILT 2.0 Engine) is used?" +sidebar_position: 30 +--- + # How does caching of Item Level Targeting work when Endpoint Policy Manager ILT (ILT 2.0 Engine) is used? The Endpoint Policy Manager -specific (aka New ILT engine or ILT 2.0 engine) caches evaluation diff --git a/docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cachepreferences.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cachepreferences.md similarity index 87% rename from docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cachepreferences.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cachepreferences.md index 6e09f66058..ca2f81d2fa 100644 --- a/docs/endpointpolicymanager/grouppolicy/itemleveltargeting/cachepreferences.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/cachepreferences.md @@ -1,3 +1,9 @@ +--- +title: "How does caching of item level targeting work when Microsoft ILT (Preferences ILT) is used?" +description: "How does caching of item level targeting work when Microsoft ILT (Preferences ILT) is used?" +sidebar_position: 20 +--- + # How does caching of item level targeting work when Microsoft ILT (Preferences ILT) is used? On every Group Policy (or cloud policy/ppupdate) update, Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/guid.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/guid.md new file mode 100644 index 0000000000..b8b9a9a88c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/guid.md @@ -0,0 +1,13 @@ +--- +title: "How can I find the name of a GPO located within a PP Log file?" +description: "How can I find the name of a GPO located within a PP Log file?" +sidebar_position: 10 +--- + +# How can I find the name of a GPO located within a PP Log file? + +Use Powershell to reverse from a GPO GUID to a GPO name like this: + +Import-Module GroupPolicy + +Get-GPO -Guid 31a09564-cd4a-4520-98fa-446a2af23b4b -Domain sales.contoso.com diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/preferences.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/preferences.md new file mode 100644 index 0000000000..b54b0f51be --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/preferences.md @@ -0,0 +1,80 @@ +--- +title: "How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support (when using Preferences ILT engine)?" +description: "How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support (when using Preferences ILT engine)?" +sidebar_position: 40 +--- + +# How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support (when using Preferences ILT engine)? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Item Level Targeting is a function of Group +Policy Preferences which is also incorporated into Endpoint Policy Manager. There are two pieces to +ILT: The editor and the evaluation within the Client Side Extension. + +The ILT editor in Group Policy Preferences can be seen in every Group Policy Preferences item, like +what's seen here. + +![196_1_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_1_img-01.webp) + +The ILT editor in Endpoint Policy Manager can be seen in nearly all Endpoint Policy Manager items, +like what's seen here. + +![196_3_img-02](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_3_img-02.webp) + +If you think your Item Level Targeting isn't working, we ask that you first "backtrack" to a quick +Group Policy Preferences test and try it there first. + +Indeed, we ask you take two steps: + +**Step 1 –** Create a Group Policy Preferences Shortcut with NO Item Level Targeting. We'll call +this www.1.com . In this experiment, this will be the "Control" group. (No ILT, just to see it +working.) + +**Step 2 –** Create a Group Policy Preferences Shortcut WITH your Item Level Targeting. We'll call +this www.2.com. In this experiment, this will get your "ILT Medicine" and see if ILT is working or +not. + +## Part 1: + +So, again, use Group Policy Preferences and create a new Group Policy Preferences shortcut to +www.1.com , on the DESKTOP, with TARGET URL being www.1.com and pick any icon you want. + +![196_5_img-03](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_5_img-03.webp) + +## Part 2: + +Use Group Policy Preferences to create a Group Policy Preferences shortcut to www.2.com, on the +DESKTOP, with TARGET URL being www.2.com and pick any icon you want.. then click in the COMMON tab +and select Item Level Targeting, and put in your proposed ILT. + +![196_7_img-04](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_7_img-04.webp) + +![196_9_img-05](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_9_img-05.webp) + +Before you test, let's make sure we fully understand the experiment… + +![196_11_img-06](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_11_img-06.webp) + +Then on the endpoint run GPupdate… Here is the result you should get: + +![196_13_img-07](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_13_img-07.webp) + +So: + +**Step 1 –** If you only see www.1.com and not www.2.com, then something is wrong with your ILT +evaluation and it is evaluating to FALSE. This evaluation will also evaluate to FALSE in any +Endpoint Policy Manager item. + +**Step 2 –** If you BOTH www.1.com and www.2.com, then your ILT evaluation is evaluating to TRUE and +should also work in any Endpoint Policy Manager item. + +Now… how does Endpoint Policy Manager fit into this? + +If you take the WORKING ILT evaluation and use it in a Endpoint Policy Manager item… and it STILL +doesn't work. Then we can attempt to investigate it. + +That being said if you're really sure an ILT evaluation functions correctly in Group Policy +Preferences (see above) but not in Endpoint Policy Manager … you can continue to troubleshoot by +turning on ILT logging for Endpoint Policy Manager items using this +KB:[How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support?](/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/index.md) + +All log files require a support case to analyze. diff --git a/docs/endpointpolicymanager/troubleshooting/reportingadm.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/reportingadm.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/reportingadm.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/reportingadm.md index 8f5047eb7e..e794f78615 100644 --- a/docs/endpointpolicymanager/troubleshooting/reportingadm.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/knowledgebase/troubleshooting/reportingadm.md @@ -1,3 +1,9 @@ +--- +title: "The Group Policy \"Reporting ADM\" appears to stop functioning in one GPO. What can I do to fix it?" +description: "The Group Policy \"Reporting ADM\" appears to stop functioning in one GPO. What can I do to fix it?" +sidebar_position: 50 +--- + # The Group Policy "Reporting ADM" appears to stop functioning in one GPO. What can I do to fix it? From time to time a GPO's GPMC report might get damaged. An example looks something like this: diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/tipsandtricks/_category_.json new file mode 100644 index 0000000000..a6d7d9b805 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..559f44131a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithgr/videolearningcenter/videolearningcenter.md @@ -0,0 +1,26 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for getting started with Group Policy. + +## Getting Started + +- [Endpoint Policy Manager Explained: In about two minutes](/docs/endpointpolicymanager/video/grouppolicy/explained.md) +- [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) +- [Admin Console And CSE Installation](/docs/endpointpolicymanager/video/grouppolicy/install.md) +- [Endpoint Policy Manager with Group Policy Method: Getting Started](/docs/endpointpolicymanager/video/grouppolicy/gettingstarted.md) +- [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/grouppolicy/renameendpoint.md) +- [Integration with Group Policy (Basics: Installation, Backup, Restore and Reporting !)](/docs/endpointpolicymanager/video/grouppolicy/integration.md) + +## Tips and Tricks + +- [Manual editing Item Level Targeting to affect local Admins and other local accounts](/docs/endpointpolicymanager/video/grouppolicy/itemleveltargeting/editmanual.md) +- [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/mdm/exportgpos.md) +- [Expand Modular View of Endpoint Policy Manager Components in the GPMC back to the Flat Legacy View](/docs/endpointpolicymanager/video/grouppolicy/flatlegacyview.md) +- [Trim the MMC console for OU admins](/docs/endpointpolicymanager/video/grouppolicy/mmcconsole.md) +- [Prevent a Remote Desktop Connection Drop During GP Update](/docs/endpointpolicymanager/video/troubleshooting/grouppolicy/remotedesktopconnection.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/_category_.json new file mode 100644 index 0000000000..aaca223b7e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started With MDM", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..dfe93f78fd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/knowledgebase.md @@ -0,0 +1,13 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for getting started with MDM. + +## Troubleshooting & Tips and Tricks + +- [How can I "stack" Endpoint Policy Manager MSIs so the XML items inside the MSI execute in a predictable order?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/troubleshootingandti/stackmsi.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/troubleshootingandti/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/troubleshootingandti/_category_.json new file mode 100644 index 0000000000..9a49b0d5cc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/troubleshootingandti/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting And Tips And Tricks", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/mdm/stackmsi.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/troubleshootingandti/stackmsi.md similarity index 88% rename from docs/endpointpolicymanager/mdm/stackmsi.md rename to docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/troubleshootingandti/stackmsi.md index 5e9dd559c1..ee1d63d7c7 100644 --- a/docs/endpointpolicymanager/mdm/stackmsi.md +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/knowledgebase/troubleshootingandti/stackmsi.md @@ -1,3 +1,9 @@ +--- +title: "How can I \"stack\" Endpoint Policy Manager MSIs so the XML items inside the MSI execute in a predictable order?" +description: "How can I \"stack\" Endpoint Policy Manager MSIs so the XML items inside the MSI execute in a predictable order?" +sidebar_position: 10 +--- + # How can I "stack" Endpoint Policy Manager MSIs so the XML items inside the MSI execute in a predictable order? You use Netwrix Endpoint Policy Manager (formerly PolicyPak) Exporter tool to wrap up XMLs into an diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/exportingtipsandtric/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/exportingtipsandtric/_category_.json new file mode 100644 index 0000000000..7c7876fb82 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/exportingtipsandtric/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Exporting Tips And Tricks", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/iltwithscripts/_category_.json b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/iltwithscripts/_category_.json new file mode 100644 index 0000000000..41310afd6a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/iltwithscripts/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "ILT With Scripts", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..cb2a05f467 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gettingstartedwithmd/videolearningcenter/videolearningcenter.md @@ -0,0 +1,35 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for getting started with MDM. + +## Getting Started + +- [Deploying Real Group Policy (and Extra Endpoint Policy Manager Settings) Overview](/docs/endpointpolicymanager/video/mdm/realgrouppolicy.md) +- [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) +- [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) +- [Endpoint Policy Manager and Microsoft Intune](/docs/endpointpolicymanager/video/mdm/microsoftintune.md) +- [Endpoint Policy Manager and MobileIron MDM](/docs/endpointpolicymanager/video/mdm/mobileiron.md) +- [Endpoint Policy Managerand Workspace One (Airwatch) MDM: Deploy Group Policy and Endpoint Policy Manager superpowers today](/docs/endpointpolicymanager/video/mdm/workspaceone.md) +- [Endpoint Policy Managerand Citrix Endpoint Manager: Deploy real Group Policy and Endpoint Policy Manager settings via CEM](/docs/endpointpolicymanager/video/mdm/citrixendpointmanager.md) + +## Exporting, Tips, and Tricks + +- [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/mdm/exportgpos.md) +- [Deliver Group Policy Admin Templates Using Your MDM Service](/docs/endpointpolicymanager/video/mdm/admintemplates.md) +- [Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md) + +## Troubleshooting + +- [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/grouppolicy/renameendpoint.md) + +## ILT (with Scripts) + +- [Determine the Azure AAD Group Membership for User or Computers](/docs/endpointpolicymanager/video/mdm/itemleveltargeting/entraid.md) +- [Use Endpoint Policy Manager cloud + Azure AAD Group Membership for User or Computers](/docs/endpointpolicymanager/video/mdm/itemleveltargeting/entraidgroupmembership.md) +- [Use PP MDM to determine the Azure AAD Group Membership for User or Computers](/docs/endpointpolicymanager/video/mdm/itemleveltargeting/entraidgroupdetermine.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/_category_.json new file mode 100644 index 0000000000..d1e552300c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "GPO Export Merge Admin Templates And Preferences 2.0", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/_category_.json new file mode 100644 index 0000000000..3fab5b216e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Admin Templates Manager Tips And Tricks", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/adminstrativetemplates/disableofficeelements.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/disableofficeelements.md similarity index 89% rename from docs/endpointpolicymanager/adminstrativetemplates/disableofficeelements.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/disableofficeelements.md index a23fbb122b..16de2c343f 100644 --- a/docs/endpointpolicymanager/adminstrativetemplates/disableofficeelements.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/disableofficeelements.md @@ -1,3 +1,9 @@ +--- +title: "How do I disable elements in Office (Outlook, etc.) using Endpoint Policy Manager and ADMX files?" +description: "How do I disable elements in Office (Outlook, etc.) using Endpoint Policy Manager and ADMX files?" +sidebar_position: 20 +--- + # How do I disable elements in Office (Outlook, etc.) using Endpoint Policy Manager and ADMX files? First, download the Microsoft Office ADMX templates and disable any command from any group using diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/missingcollections.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/missingcollections.md new file mode 100644 index 0000000000..58f34d63da --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/missingcollections.md @@ -0,0 +1,16 @@ +--- +title: "I've created a collection in the Administrative Templates Manager and I've added policies to that collection. However, they are not showing up in the main window." +description: "I've created a collection in the Administrative Templates Manager and I've added policies to that collection. However, they are not showing up in the main window." +sidebar_position: 30 +--- + +# I've created a collection in the Administrative Templates Manager and I've added policies to that collection. However, they are not showing up in the main window. + +![705_1_2015-05-04_1402](/img/product_docs/endpointpolicymanager/troubleshooting/administrativetemplates/705_1_2015-05-04_1402.webp) + +If your Admin Station is Windows 7, ensure you have .Net Framework 3.5 specifically installed on +your management station. Later versions of .Net Framework are not compatible with Netwrix Endpoint +Policy Manager (formerly PolicyPak) on Windows 7. + +If your Admin Station is Windows 8 and later, ensure you have .Net Framework 4.0 or higher +specifically installed on your management station. diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/namespacealreadydefined.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/namespacealreadydefined.md new file mode 100644 index 0000000000..7c5ea86a5b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/namespacealreadydefined.md @@ -0,0 +1,15 @@ +--- +title: "I get a \"Namespace already defined\" error when making new Endpoint Policy Manager Admin Templates Manager policies. What is this?" +description: "I get a \"Namespace already defined\" error when making new Endpoint Policy Manager Admin Templates Manager policies. What is this?" +sidebar_position: 50 +--- + +# I get a "Namespace already defined" error when making new Endpoint Policy Manager Admin Templates Manager policies. What is this? + +This error occurs when your ADMX Central Store or Local Store has two ADMX items that overlap with +the same value. + +There are two articles you can read to fix the problem permanently: + +1. [https://support.microsoft.com/en-us/help/3077013/-microsoft-policies-sensors-windowslocationprovider-is-already-defined](https://support.microsoft.com/en-us/help/3077013/-microsoft-policies-sensors-windowslocationprovider-is-already-defined) And +2. [https://jorgequestforknowledge.wordpress.com/2016/10/13/namespace-already-defined-as-the-target-namespace-for-another-file-in-the-policy-store/](https://jorgequestforknowledge.wordpress.com/2016/10/13/namespace-already-defined-as-the-target-namespace-for-another-file-in-the-policy-store/) diff --git a/docs/endpointpolicymanager/troubleshooting/error/admintemplates/policyduplicates.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/policyduplicates.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/error/admintemplates/policyduplicates.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/policyduplicates.md index c02f30f5cf..4c7042c3c7 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/admintemplates/policyduplicates.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/policyduplicates.md @@ -1,3 +1,9 @@ +--- +title: "I get a \"Policy Duplicates\" error when adding new policies using Endpoint Policy Manager Admin Templates Manager. What should I do?" +description: "I get a \"Policy Duplicates\" error when adding new policies using Endpoint Policy Manager Admin Templates Manager. What should I do?" +sidebar_position: 40 +--- + # I get a "Policy Duplicates" error when adding new policies using Endpoint Policy Manager Admin Templates Manager. What should I do? When you try to use Netwrix Endpoint Policy Manager (formerly PolicyPak) Admin Templates Manager to diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settings.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settings.md new file mode 100644 index 0000000000..710686ef5e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settings.md @@ -0,0 +1,31 @@ +--- +title: "Which settings can be managed with the Admin Templates Manager component?" +description: "Which settings can be managed with the Admin Templates Manager component?" +sidebar_position: 10 +--- + +# Which settings can be managed with the Admin Templates Manager component? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Admin Templates Manager delivers all types of +Group Policy Admin Template settings (User side or Computer side) to your Windows users and +machines. + +![688_1_ppatm-gpme-user_400x1188](/img/product_docs/endpointpolicymanager/adminstrativetemplates/688_1_ppatm-gpme-user_400x1188.webp) + +The Administrative Templates for the User Configuration settings contains the following: + +- Control Panel +- Desktop +- Network +- Start Menu and TaskBar +- System +- Windows Components + +![688_2_ppatm-gpme-comp_400x1180](/img/product_docs/endpointpolicymanager/adminstrativetemplates/688_2_ppatm-gpme-comp_400x1180.webp) + +The Administrative Templates for the Computer Configuration settings contains the following: + +- Control Panel +- Desktop +- Network +- System diff --git a/docs/endpointpolicymanager/troubleshooting/administrativetemplates/settingsreport.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settingsreport.md similarity index 75% rename from docs/endpointpolicymanager/troubleshooting/administrativetemplates/settingsreport.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settingsreport.md index 54f6fb2616..ce741a95a9 100644 --- a/docs/endpointpolicymanager/troubleshooting/administrativetemplates/settingsreport.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settingsreport.md @@ -1,3 +1,9 @@ +--- +title: "I created a Collection and/or items, but I don't see them in the Group Policy settings report. Why and how can I fix it?" +description: "I created a Collection and/or items, but I don't see them in the Group Policy settings report. Why and how can I fix it?" +sidebar_position: 20 +--- + # I created a Collection and/or items, but I don't see them in the Group Policy settings report. Why and how can I fix it? If you use Netwrix Endpoint Policy Manager (formerly PolicyPak) Admin Templates Manager to create diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/versions.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/versions.md new file mode 100644 index 0000000000..d2267713ea --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/versions.md @@ -0,0 +1,12 @@ +--- +title: "What Admin Console MSI and CSE versions are supported for Endpoint Policy Manager Admin Templates Manager ?" +description: "What Admin Console MSI and CSE versions are supported for Endpoint Policy Manager Admin Templates Manager ?" +sidebar_position: 10 +--- + +# What Admin Console MSI and CSE versions are supported for Endpoint Policy Manager Admin Templates Manager ? + +The least supported combination for Netwrix Endpoint Policy Manager (formerly PolicyPak) Admin +Templates Manager MSI Console (MMC snap-in) 753 and CSE of 747. + +Whenever possible, please upgrade both the MMC and CSE to latest shipping version! diff --git a/docs/endpointpolicymanager/troubleshooting/administrativetemplates/vulnerability/windowsprintspooler.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/windowsprintspooler.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/administrativetemplates/vulnerability/windowsprintspooler.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/windowsprintspooler.md index 866fff9130..a266bd7627 100644 --- a/docs/endpointpolicymanager/troubleshooting/administrativetemplates/vulnerability/windowsprintspooler.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/windowsprintspooler.md @@ -1,3 +1,9 @@ +--- +title: "How to Mitigate Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)" +description: "How to Mitigate Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)" +sidebar_position: 60 +--- + # How to Mitigate Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) **Step 1 –** Install the July Out-of-band and later updates from Microsoft. diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/_category_.json new file mode 100644 index 0000000000..260d4cdf79 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Exporting Group Policy Preferences Using Endpoint Policy Preferences Manager", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/preferences/componentlicense.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/componentlicense.md similarity index 87% rename from docs/endpointpolicymanager/preferences/componentlicense.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/componentlicense.md index 567da827eb..ab45b0f227 100644 --- a/docs/endpointpolicymanager/preferences/componentlicense.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/componentlicense.md @@ -1,3 +1,9 @@ +--- +title: "Where is my Endpoint Policy Manager Preferences Component license and how do I request one?" +description: "Where is my Endpoint Policy Manager Preferences Component license and how do I request one?" +sidebar_position: 10 +--- + # Where is my Endpoint Policy Manager Preferences Component license and how do I request one? The Netwrix Endpoint Policy Manager (formerly PolicyPak) Preferences component is available only diff --git a/docs/endpointpolicymanager/gpoexport/delivercertificates.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/delivercertificates.md similarity index 87% rename from docs/endpointpolicymanager/gpoexport/delivercertificates.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/delivercertificates.md index 70d3d51d4e..4b053f3a42 100644 --- a/docs/endpointpolicymanager/gpoexport/delivercertificates.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/delivercertificates.md @@ -1,3 +1,9 @@ +--- +title: "Can I use Endpoint Policy Manager Cloud to deliver certificates ?" +description: "Can I use Endpoint Policy Manager Cloud to deliver certificates ?" +sidebar_position: 10 +--- + # Can I use Endpoint Policy Manager Cloud to deliver certificates ? It is possible to configure **Security Settings** > **Public Key Policies** as shown in this diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/domainjoined.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/domainjoined.md new file mode 100644 index 0000000000..fa710635e7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/domainjoined.md @@ -0,0 +1,25 @@ +--- +title: "Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around?" +description: "Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around?" +sidebar_position: 40 +--- + +# Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around? + +From time to time, a Microsoft Group Policy Preference item is not compatible with Netwrix Endpoint +Policy Manager (formerly PolicyPak) trying to process it with Endpoint Policy Manager Preferences +component. + +We have worked around many of these items, but some still remain. + +As such, we have recommended that all on-prem customers un-license Endpoint Policy Manager +Preferences component unless its absolutely necessary for a specific use case. + +This problem only manifests itself when the computer is DOMAIN JOINED and then also getting +Microsoft Group Policy Preferences items while Endpoint Policy Manager Preferences component is +licensed. + +To that end, here is the documentation to un-license a single component, like Endpoint Policy +Manager Preferences: If you're an on-Prem cloud or MDM customer. + +[What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/componentscloud.md) diff --git a/docs/endpointpolicymanager/preferences/drivemappings.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/drivemappings.md similarity index 92% rename from docs/endpointpolicymanager/preferences/drivemappings.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/drivemappings.md index 7a18e2fb49..be123a74b4 100644 --- a/docs/endpointpolicymanager/preferences/drivemappings.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/drivemappings.md @@ -1,3 +1,9 @@ +--- +title: "How to deliver network drive mappings using Group Policy Preferences on the computer side" +description: "How to deliver network drive mappings using Group Policy Preferences on the computer side" +sidebar_position: 50 +--- + # How to deliver network drive mappings using Group Policy Preferences on the computer side Normally, when you configure network drive mappings using Group Policy Preferences, this is done on diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/onpremisecloud.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/onpremisecloud.md new file mode 100644 index 0000000000..9a92f86765 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/onpremisecloud.md @@ -0,0 +1,47 @@ +--- +title: "Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings?" +description: "Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings?" +sidebar_position: 30 +--- + +# Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings? + +Microsoft stores all Security Settings in a single INF file +`("Microsoft\Windows NT\SecEdit\GptTmpl.inf")`, there can only be one instance of these settings in +use at a time. What happens when there are multiple versions of the file being used is that ALL of +the settings in each version of the INF file overwrite each other when the individual policies are +applied. + +Therefore, the quick reason you might see policy settings "vaporize" is a flip-flop between two +delivery methods: Group Policy and Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud, for +instance. + +To illustrate this point let's assume you have a Domain-Joined computer that also receives a +Security Settings policy via Endpoint Policy Manager Cloud (PPC). Then from the domain-based GPO you +have a Password Policy applied at the domain level, and from the PP Cloud side you have a Rename +Administrator account policy being applied to the computer group the computer is in. + +You might expect these two settings to MERGE within the Security Settings policy. But that's not +what happens. + +When Group Policy processes (ie: gpupdate) occurs on the Domain-Joined computer, the computer will +receive the Domain version of the Password policy, this will overwrite ALL existing Security +Settings policies currently on the machine coming from PPC. Likewise, when the PPC Security Settings +policy applies it will overwrite ALL Security Settings that were coming from the domain. + +When the Domain policy applies (gpupdate etc.) the computer will get these settings below, note that +the "Rename administrator account" policy is set to "Not Defined" for the Domain policy. + +![698_1_image-20200511225437-1](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/698_1_image-20200511225437-1.webp) + +When Endpoint Policy Manager Cloud settings are applied (PPCloud /sync, ppupdate etc.) the computer +will receive these settings below, note that there is nothing defined for "Enforce password history" +within the PPC policy. + +![698_3_image-20200511225437-2](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/698_3_image-20200511225437-2.webp) + +Video example below shows the result of having Security Settings Policy set in both PPC and in +On-Premises Group Policy, the policies will continuously replace each other every time they apply. + +We recommend you choose only one method, and set Security Settings policies in either PPC or +On-Premises Group Policy, not in both. diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/passwords.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/passwords.md new file mode 100644 index 0000000000..7ecd0c74f8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/passwords.md @@ -0,0 +1,74 @@ +--- +title: "How do I use passwords with Group Policy Preferences items within Endpoint Policy Manager Cloud?" +description: "How do I use passwords with Group Policy Preferences items within Endpoint Policy Manager Cloud?" +sidebar_position: 70 +--- + +# How do I use passwords with Group Policy Preferences items within Endpoint Policy Manager Cloud? + +Neither the Microsoft MMC nor Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud enables you +to enter in passwords. This is because when the GPOs are housed in the domain, it can be used by +attackers to reverse engineer passwords stored in the GPOs. + +In Endpoint Policy Manager Cloud this is less of a concern, because those fields are not readable by +everyone, only admins who log on to the console. That being said, this procedure is not guaranteed +to be safe, because the final cPassword values are transmitted to the endpoint and could be reverse +engineered there. So you will have to use your judgment to see if this procedure is worth it for +you. + +**Step 1 –** If you want to use a Group Policy Preferences item along with a password field, start +by populating your Preferences item (on-prem recommended) with as much data as you can, noting that +the Connect as (or other fields) are not changeable in the MMC editor. Below are two examples. + +![916_1_image001](/img/product_docs/endpointpolicymanager/preferences/916_1_image001.webp) + +![916_2_image003](/img/product_docs/endpointpolicymanager/preferences/916_2_image003.webp) + +**Step 2 –** Once you have the item, drag it to the desktop and open it for editing.  The goal is to +enter the missing details by hand, typically the cPassword field. + +![916_3_image004](/img/product_docs/endpointpolicymanager/preferences/916_3_image004.webp) + +**Step 3 –** To do get a cPassword, you need to provide an encrypted value in quotes. + +**Step 4 –** Utilize this code and replace the data string with your intended password. + +``` +require 'rubygems' +require 'openssl' +require 'base64' +data = " abc123" +def encrypt(data) +  key = "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b" +  cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC") +  cipher.encrypt +  cipher.key = key +  repacked = data.unpack('C*').pack('v*') +  encrypted_data = cipher.update(repacked) + cipher.final +  encrypted_data = Base64.encode64(encrypted_data) +  encrypted_data = encrypted_data[0, encrypted_data.index('=')] +end +encrypted_data = encrypt(data) +puts encrypted_data +``` + +You can test ithere: +[https://onecompiler.com/ruby/3y33cr579](https://onecompiler.com/ruby/3y33cr579) + +Examples: + +- Encrypting `Local*P4ssword!` provides `j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw` +- Encrypting `abc123` gives `Uz2Lr4XKoAyUj1HhrWbTLA` + +**Step 5 –** Once you have the well-formed XML you should be able to drag it back into the MMC +editor and test it (if you want). + +Or you can upload the XML to Endpoint Policy Manager Cloud. + +All well-formed XML will be accepted and should process on the endpoint. + +**NOTE:** Endpoint Policy Manager Preferences will need to be licensed for Endpoint Policy Manager +Cloud. In domain-joined scenarios that component is automatically disabled until expressly enabled. + +See +[Why is Endpoint Policy Manager Preferences (original version) "forced disabled" by default?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/forceddisabled.md) diff --git a/docs/endpointpolicymanager/preferences/printerdeploy.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/printerdeploy.md similarity index 84% rename from docs/endpointpolicymanager/preferences/printerdeploy.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/printerdeploy.md index b67ccf6f4d..4f756522dc 100644 --- a/docs/endpointpolicymanager/preferences/printerdeploy.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/printerdeploy.md @@ -1,3 +1,9 @@ +--- +title: "How To deploy a TCP/IP Printer using Group Policy Preferences in Endpoint Policy Manager Cloud" +description: "How To deploy a TCP/IP Printer using Group Policy Preferences in Endpoint Policy Manager Cloud" +sidebar_position: 30 +--- + # How To deploy a TCP/IP Printer using Group Policy Preferences in Endpoint Policy Manager Cloud To deploy a TCP/IP Printer using Group Policy Preferences in Netwrix Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/securitysettings.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/securitysettings.md new file mode 100644 index 0000000000..e7ed04caa3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/securitysettings.md @@ -0,0 +1,29 @@ +--- +title: "Why Won't my Windows Security Settings Export using GPO Export Manager" +description: "Why Won't my Windows Security Settings Export using GPO Export Manager" +sidebar_position: 20 +--- + +# Why Won't my Windows Security Settings Export using GPO Export Manager + +First, check to see if you're creating your Windows security settings on your local machine. + +![617_1_ppsec-kb-01-img-01](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_1_ppsec-kb-01-img-01.webp) + +If you are working with your local group policy editor, and then you try to export your settings +using Netwrix Endpoint Policy Manager (formerly PolicyPak) Security Settings Manager, you're going +to get this error message: + +![617_2_ppsec-kb-01-img-02](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_2_ppsec-kb-01-img-02.webp) + +Instead, manage your Windows security settings using the GPMC within a domain-based GPO as seen +here: + +![617_3_ppsec-kb-01-img-03](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_3_ppsec-kb-01-img-03.webp) + +Then use Endpoint Policy Manager Security Settings Manager to export your settings as XML for use +with the cloud or MDM service, as seen here. + +![617_4_ppsec-kb-01-img-04](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_4_ppsec-kb-01-img-04.webp) + +You'll be managing your Windows Security Settings through the cloud or MDM service in no time! diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/settings.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/settings.md new file mode 100644 index 0000000000..ea65c1c20b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/settings.md @@ -0,0 +1,14 @@ +--- +title: "Which settings can be managed with the Preferences Manager component?" +description: "Which settings can be managed with the Preferences Manager component?" +sidebar_position: 20 +--- + +# Which settings can be managed with the Preferences Manager component? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Preferences Manager handles every single one of +the Group Policy Preferences, with more than twenty configurable options. + +![626_1_pppm-gpme-user_299x531](/img/product_docs/endpointpolicymanager/preferences/626_1_pppm-gpme-user_299x531.webp) + +![626_2_pppm-gpme-comp_297x472](/img/product_docs/endpointpolicymanager/preferences/626_2_pppm-gpme-comp_297x472.webp) diff --git a/docs/endpointpolicymanager/preferences/startservice.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/startservice.md similarity index 86% rename from docs/endpointpolicymanager/preferences/startservice.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/startservice.md index 74f726b588..6a75ff7f2b 100644 --- a/docs/endpointpolicymanager/preferences/startservice.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/startservice.md @@ -1,3 +1,9 @@ +--- +title: "How to enable and start a service using Group Policy Preferences" +description: "How to enable and start a service using Group Policy Preferences" +sidebar_position: 60 +--- + # How to enable and start a service using Group Policy Preferences **Step 1 –** Create a new GPO for Group Policy Preferences. diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/_category_.json new file mode 100644 index 0000000000..32790b5dec --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "GPO Export Manager Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/securitysettings.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/securitysettings.md new file mode 100644 index 0000000000..c2843261a5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/securitysettings.md @@ -0,0 +1,37 @@ +--- +title: "Which security settings can be exported by GPO Export Manager?" +description: "Which security settings can be exported by GPO Export Manager?" +sidebar_position: 10 +--- + +# Which security settings can be exported by GPO Export Manager? + +Over thirteen types of security settings can be managed with Netwrix Endpoint Policy Manager +(formerly PolicyPak) Security Settings Manager, including: + +- Account Policies + - Password Policy + - Account Lockout Policy + - Kerberos Policy +- Local Policies + - Audit Policy + - User Rights Assignment + - Security Options +- Event Log Settings +- Restricted Groups +- System Services +- Registry +- File System +- Windows Firewall With Advanced Security +- Pubic Key Policies +- Software Restriction Policies +- Network Access Protection +- Applocker (Application Control Policies) + +**NOTE:** The following items are NOT supported by Endpoint Policy Manager Security Settings +Manager: + +- IP Security +- Wired Network (IEEE 802.3) Policies +- Wireless Network (IEEE 802.11) Policies +- Advanced Audit Policies diff --git a/docs/endpointpolicymanager/gpoexport/usercontext.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/usercontext.md similarity index 95% rename from docs/endpointpolicymanager/gpoexport/usercontext.md rename to docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/usercontext.md index eab8f89014..bd8471afb2 100644 --- a/docs/endpointpolicymanager/gpoexport/usercontext.md +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/usercontext.md @@ -1,3 +1,9 @@ +--- +title: "Why must some GPPreferences items be run in User Context?" +description: "Why must some GPPreferences items be run in User Context?" +sidebar_position: 20 +--- + # Why must some GPPreferences items be run in User Context? You might have some existing GPPreferences items, like Printer ,which won't work as expected when diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..48e58d0d22 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/knowledgebase.md @@ -0,0 +1,45 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for GPO Export Merge, Admin Templates, and Preferences +2.0. + +## GPO Export Manager: Getting Started + +- [Which security settings can be exported by GPO Export Manager?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/securitysettings.md) +- [Why must some GPPreferences items be run in User Context?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/gpoexportmanagergett/usercontext.md) + +## Admin Templates Manager: Tips and Tricks + +- [Which settings can be managed with the Admin Templates Manager component?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settings.md) +- [How do I disable elements in Office (Outlook, etc.) using Endpoint Policy Manager and ADMX files?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/disableofficeelements.md) + +## Admin Templates Manager: Troubleshooting + +- [What Admin Console MSI and CSE versions are supported for Endpoint Policy Manager Admin Templates Manager ?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/versions.md) +- [I created a Collection and/or items, but I don't see them in the Group Policy settings report. Why and how can I fix it?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/settingsreport.md) +- [I've created a collection in the Administrative Templates Manager and I've added policies to that collection. However, they are not showing up in the main window.](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/missingcollections.md) +- [I get a "Policy Duplicates" error when adding new policies using Endpoint Policy Manager Admin Templates Manager. What should I do?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/policyduplicates.md) +- [I get a "Namespace already defined" error when making new Endpoint Policy Manager Admin Templates Manager policies. What is this?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/namespacealreadydefined.md) +- [How to Mitigate Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/admintemplatesmanage/windowsprintspooler.md) + +## Exporting Group Policy Preferences / Using Endpoint Policy Preferences Manager + +- [Where is my Endpoint Policy Manager Preferences Component license and how do I request one?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/componentlicense.md) +- [Which settings can be managed with the Preferences Manager component?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/settings.md) +- [How To deploy a TCP/IP Printer using Group Policy Preferences in Endpoint Policy Manager Cloud ](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/printerdeploy.md) +- [Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/domainjoined.md) +- [How to deliver network drive mappings using Group Policy Preferences on the computer side](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/drivemappings.md) +- [How to enable and start a service using Group Policy Preferences](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/startservice.md) +- [How do I use passwords with Group Policy Preferences items within Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/passwords.md) + +## Exporting Group Policy Security Settings / Using Endpoint Policy Manager Security Settings Manager + +- [Can I use Endpoint Policy Manager Cloud to deliver certificates ?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/delivercertificates.md) +- [Why Won't my Windows Security Settings Export using GPO Export Manager](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/securitysettings.md) +- [Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/onpremisecloud.md) diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatesmanage/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatesmanage/_category_.json new file mode 100644 index 0000000000..7f8b8dc5a9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatesmanage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Admin Templates Manager Getting Started", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatesmethod/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatesmethod/_category_.json new file mode 100644 index 0000000000..07f5c5e9ff --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatesmethod/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Admin Templates Methods Cloud MDM SCCM Etc", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatestipsan/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatestipsan/_category_.json new file mode 100644 index 0000000000..339df9205c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/admintemplatestipsan/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Admin Templates Tips And Tricks", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/exportinggrouppolicy/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/exportinggrouppolicy/_category_.json new file mode 100644 index 0000000000..b685527977 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/exportinggrouppolicy/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Exporting Group Policy Preferences Using Endpoint Policy Preferences Manager", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/exportingtocloudmdma/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/exportingtocloudmdma/_category_.json new file mode 100644 index 0000000000..dd66b064eb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/exportingtocloudmdma/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Exporting To Cloud MDM And SCCM Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/gettingstartedprefer/_category_.json b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/gettingstartedprefer/_category_.json new file mode 100644 index 0000000000..c8df15ad86 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/gettingstartedprefer/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started Preferences 2.0", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..c20509eb3e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/videolearningcenter/videolearningcenter.md @@ -0,0 +1,43 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for GPO Export Merge, Admin Templates, and Preferences 2.0. + +## Exporting to Cloud, MDM, and SCCM: Getting Started + +- [Export Real GPO settings for use with PP Cloud or any MDM Service.](/docs/endpointpolicymanager/video/gpoexport/realgposettings.md) +- [Use your GPOs with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/gpoexport/cloudimport.md) +- [Endpoint Policy Export Manager with MDM (like Intune)](/docs/endpointpolicymanager/video/gpoexport/mdm.md) +- [Endpoint Policy Manager Exporter and SCCM: Deploy real GPOs via SCCM](/docs/endpointpolicymanager/video/gpoexport/sccm.md) +- [GPO MERGE TOOL REVERSE](/docs/endpointpolicymanager/video/gpoexport/mergetool.md) + +## Admin Templates Manager: Getting Started + +- [Endpoint Policy Manager Admin Templates: Collections and Item Level Targeting](/docs/endpointpolicymanager/video/administrativetemplates/collections.md) +- [Endpoint Policy Manager Admin Templates Manager: Switched Policies (without Loopback)](/docs/endpointpolicymanager/video/administrativetemplates/switchedpolicies.md) + +## Admin Templates Methods: Cloud, MDM, SCCM, etc. + +- [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/mdm/exportgpos.md) +- [Endpoint Policy Manager Cloud: Deploy Group Policy Admin template settings over the internet](/docs/endpointpolicymanager/video/administrativetemplates/deployinternet.md) + +## Admin Templates: Tips & Tricks + +- [The Ultimate Guide to Managing Screensavers](/docs/endpointpolicymanager/video/administrativetemplates/screensavers.md) + +## Getting Started: Preferences 2.0 + +- [Endpoint Policy Manager Preferences: Printers (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/consolidateprinter.md) +- [Endpoint Policy Manager Preferences: Drive Maps (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/drivemaps.md) +- [Endpoint Policy Manager Preferences: Registry Items (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/consolidateregistry.md) +- [Endpoint Policy Manager Preferences: Shortcuts (Consolidate GPOs and also deploy them via PP Cloud and your MDM service)](/docs/endpointpolicymanager/video/preferences/shortcuts.md) + +## Exporting Group Policy Preferences / Using Endpoint Policy Preferences Manager + +- [Deliver GPPrefs items without using loopback mode](/docs/endpointpolicymanager/video/preferences/delivergpprefs.md) +- [Endpoint Policy Manager Cloud: Use PP Cloud to create a new local user on your endpoints](/docs/endpointpolicymanager/video/preferences/cloudlocaluser.md) diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/_category_.json b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/_category_.json new file mode 100644 index 0000000000..20659d890a --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Java Enterprise Rules Manager", + "position": 130, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/javaenterpriserules/evaluateurls.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/evaluateurls.md similarity index 83% rename from docs/endpointpolicymanager/javaenterpriserules/evaluateurls.md rename to docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/evaluateurls.md index eb6ec39133..fcfd051067 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/evaluateurls.md +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/evaluateurls.md @@ -1,3 +1,9 @@ +--- +title: "How are URLs evaluated within Endpoint Policy Manager Java Rules Manager?" +description: "How are URLs evaluated within Endpoint Policy Manager Java Rules Manager?" +sidebar_position: 40 +--- + # How are URLs evaluated within Endpoint Policy Manager Java Rules Manager? Java Rules Manager requires exact matching:: diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/javaprompts.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/javaprompts.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/javaenterpriserules/javaprompts.md rename to docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/javaprompts.md index 172bf6ab06..713a0cf95a 100644 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/javaprompts.md +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/javaprompts.md @@ -1,3 +1,9 @@ +--- +title: "I'm using Endpoint Policy Manager Java Rules Manager, but I still get Java prompts when visiting a webpage, or attempting to run a Java applet. What can I do?" +description: "I'm using Endpoint Policy Manager Java Rules Manager, but I still get Java prompts when visiting a webpage, or attempting to run a Java applet. What can I do?" +sidebar_position: 10 +--- + # I'm using Endpoint Policy Manager Java Rules Manager, but I still get Java prompts when visiting a webpage, or attempting to run a Java applet. What can I do? First, Java Applets work in Internet Explorer and in Firefox. They do not work in Chrome or @@ -46,7 +52,7 @@ Then they are asked to "Allow Now" or "Allow and Remember". The fastest way to automate "Allow and Remember" for Firefox per website is to read and follow this KB: -[Firefox: How do I set "Allow Now", "Allow and Remember" or "Block Plugin" as plug-ins are requested?](/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/allowremember.md) +[Firefox: How do I set "Allow Now", "Allow and Remember" or "Block Plugin" as plug-ins are requested?](/docs/endpointpolicymanager/knowledgebase/applicationmanager/knowledgebase/preconfiguredappsets/allowremember.md) ### Type 3: Java Messages Specifically Found in Internet Explorer diff --git a/docs/endpointpolicymanager/requirements/support/javaenterpriserules/version64bit.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/version64bit.md similarity index 77% rename from docs/endpointpolicymanager/requirements/support/javaenterpriserules/version64bit.md rename to docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/version64bit.md index 9a3676a5f9..190b434e5e 100644 --- a/docs/endpointpolicymanager/requirements/support/javaenterpriserules/version64bit.md +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/version64bit.md @@ -1,3 +1,9 @@ +--- +title: "Does Endpoint Policy Manager Java Rules Manager work with 64-bit versions of Java?" +description: "Does Endpoint Policy Manager Java Rules Manager work with 64-bit versions of Java?" +sidebar_position: 50 +--- + # Does Endpoint Policy Manager Java Rules Manager work with 64-bit versions of Java? Yes. But you can think of it as two separate systems: diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionjava.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionjava.md new file mode 100644 index 0000000000..af750ebfed --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionjava.md @@ -0,0 +1,12 @@ +--- +title: "What is the earliest version / what versions of Java are required for Java Rules Manager to work with?" +description: "What is the earliest version / what versions of Java are required for Java Rules Manager to work with?" +sidebar_position: 60 +--- + +# What is the earliest version / what versions of Java are required for Java Rules Manager to work with? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Java Rules Manager will work when Java 7 U 40 +or later is on the machine. Then you can make maps to any version of Java higher or lower. + +Keep in mind that PPJRM will not work without at LEAST Java 7 U 40 installed on the machine. diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/versionlatest.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionlatest.md similarity index 89% rename from docs/endpointpolicymanager/troubleshooting/javaenterpriserules/versionlatest.md rename to docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionlatest.md index 579120519a..567a7d6d4b 100644 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/versionlatest.md +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionlatest.md @@ -1,3 +1,9 @@ +--- +title: "Why is the latest Java version installed being used instead of the version specified by Java Rules Manager?" +description: "Why is the latest Java version installed being used instead of the version specified by Java Rules Manager?" +sidebar_position: 70 +--- + # Why is the latest Java version installed being used instead of the version specified by Java Rules Manager? Problem: diff --git a/docs/endpointpolicymanager/javaenterpriserules/virtualizedbrowsers.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/virtualizedbrowsers.md similarity index 75% rename from docs/endpointpolicymanager/javaenterpriserules/virtualizedbrowsers.md rename to docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/virtualizedbrowsers.md index cb86d6db2a..aa9764ee81 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/virtualizedbrowsers.md +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/virtualizedbrowsers.md @@ -1,3 +1,9 @@ +--- +title: "How does Endpoint Policy Manager Java Rules Manager work with Virtualized Browsers and/or Java?" +description: "How does Endpoint Policy Manager Java Rules Manager work with Virtualized Browsers and/or Java?" +sidebar_position: 30 +--- + # How does Endpoint Policy Manager Java Rules Manager work with Virtualized Browsers and/or Java? The answer is complicated but here goes: diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/wildcards.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/wildcards.md new file mode 100644 index 0000000000..f5349a4ad9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/wildcards.md @@ -0,0 +1,36 @@ +--- +title: "How are wildcards supported when used with IP addresses in the Java Rules Manager MMC console?" +description: "How are wildcards supported when used with IP addresses in the Java Rules Manager MMC console?" +sidebar_position: 20 +--- + +# How are wildcards supported when used with IP addresses in the Java Rules Manager MMC console? + +Supported syntaxes: + +- 192.168.2.2 +- 81.22.2.1 +- 255.255.255.255 +- 251.251.251.251 +- 12.12.\* +- 12.\* + +Unsupported syntax examples: + +- 12.\*.\* +- 12.\*.\*.\* +- 12.12.\*.12 +- 12.\*.12.\* +- 12.\*.12.12 +- 12.\*.\*.12 + +Some more examples: + +- \*.238.1.3 – Works +- \*.1.3 – Works +- \*.3 – works fine loaded java 7_80 + +Rules which will not work: + +- 137.238.1.\* – will not work; Java isn't loaded +- 137.238.1.\*/is/javatest/ – will not work; Java isn't loaded diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..63accb1eb7 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/knowledgebase.md @@ -0,0 +1,19 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Java Enterprise Rules Manager. + +## Getting Started + +- [I'm using Endpoint Policy Manager Java Rules Manager, but I still get Java prompts when visiting a webpage, or attempting to run a Java applet. What can I do?](/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/javaprompts.md) +- [How are wildcards supported when used with IP addresses in the Java Rules Manager MMC console?](/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/wildcards.md) +- [How does Endpoint Policy Manager Java Rules Manager work with Virtualized Browsers and/or Java?](/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/virtualizedbrowsers.md) +- [How are URLs evaluated within Endpoint Policy Manager Java Rules Manager?](/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/evaluateurls.md) +- [Does Endpoint Policy Manager Java Rules Manager work with 64-bit versions of Java?](/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/version64bit.md) +- [What is the earliest version / what versions of Java are required for Java Rules Manager to work with?](/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionjava.md) +- [Why is the latest Java version installed being used instead of the version specified by Java Rules Manager?](/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/knowledgebase/gettingstarted/versionlatest.md) diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/methodssccmxmlmdmclo/_category_.json b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/methodssccmxmlmdmclo/_category_.json new file mode 100644 index 0000000000..bf69c0ad15 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/methodssccmxmlmdmclo/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods SCCM XML MDM Cloud PDQ Citrix Etc", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/troubleshooting/_category_.json new file mode 100644 index 0000000000..09e2a51e2d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..4a7a0b1b82 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/javaenterpriserulesm/videolearningcenter/videolearningcenter.md @@ -0,0 +1,33 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Java Enterprise Rules Manager. + +## Getting Started + +- [Use Group Policy to dictate which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/gettingstarted.md) + +- [Endpoint Policy ManagerJava Rules Manager and Endpoint Policy Manager Browser Router: Better Together](/docs/endpointpolicymanager/video/javaenterpriserules/browserrouter.md) + +- [Block ALL Java (with some exceptions)](/docs/endpointpolicymanager/video/javaenterpriserules/block.md) + +- [Using item Level Targeting to Specify which version of Java to use](/docs/endpointpolicymanager/video/javaenterpriserules/itemleveltargeting.md) + +- [Endpoint Policy Manager Java Rules Manager... Import from Oracle's Deployment Rule Sets](/docs/endpointpolicymanager/video/javaenterpriserules/oracledeploymentrulesets.md) + +## Methods: SCCM, XML, MDM, Cloud, PDQ, Citrix, etc. + +- [Deploy and Manage Java with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/javaenterpriserules/integration/pdqdeploy.md) +- [Deploying Multiple Versions of Java to the Same Endpoint Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/javaenterpriserules/versionsmultiple.md) +- [Use Endpoint Policy Manager Cloud to choose which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/cloud.md) +- [Use SCCM, KACE, etc to specify different websites for different Java](/docs/endpointpolicymanager/video/javaenterpriserules/sccm.md) +- [Manage Java with Java Rules Manager and your MDM service](/docs/endpointpolicymanager/video/javaenterpriserules/mdm.md) + +## Troubleshooting + +- [Endpoint Policy Manager Java Rules Manager: XML Surgery](/docs/endpointpolicymanager/video/javaenterpriserules/xmlsurgery.md) diff --git a/docs/endpointpolicymanager/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..34cec41e26 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/knowledgebase.md @@ -0,0 +1,35 @@ +--- +title: "Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles" +description: "Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles" +sidebar_position: 20 +--- + +# Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles + +In the following topics, you will find the Endpoint Policy Manager Knowledge Base articles and Video +Learning Center sessions: + +| | | | +| ------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | +| ![allthingslicensing](/img/product_docs/endpointpolicymanager/allthingslicensing.webp) | All Things Licensing | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![gettingstartedmisc](/img/product_docs/endpointpolicymanager/gettingstartedmisc.webp) | Getting Started with Endpoint Policy Manager (Misc) | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![gettingstartedcloud](/img/product_docs/endpointpolicymanager/gettingstartedcloud.webp) | Getting Started with Cloud | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![allthingsinstallationupkeep](/img/product_docs/endpointpolicymanager/allthingsinstallationupkeep.webp) | All Thinks Installation & Upkeep | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![gettingstartedgrouppolicy](/img/product_docs/endpointpolicymanager/gettingstartedmisc.webp) | Getting Started with Group Policy | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![gettingstartedmdm](/img/product_docs/endpointpolicymanager/gettingstartedmdm.webp) | Getting Started with MDM | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![gpoexportmergeadmintemplatespreferences](/img/product_docs/endpointpolicymanager/gpoexportmergeadmintemplatespreferences.webp) | GPO Export Merge, Admin Templates & Preferences 2.0 | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![fileassociationsmanager](/img/product_docs/endpointpolicymanager/fileassociationsmanager.webp) | File Associations Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![browserrouter](/img/product_docs/endpointpolicymanager/browserrouter.webp) | Browser Router | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![leastprivilegemanager](/img/product_docs/endpointpolicymanager/leastprivilegemanager.webp) | Least Privilege Manager Windows and Mac | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![devicemanager](/img/product_docs/endpointpolicymanager/devicemanager.webp) | Device Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![networksecuritymanager](/img/product_docs/endpointpolicymanager/networksecuritymanager.webp) | Network Security Manager | - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![javaenterpriserulesmanager](/img/product_docs/endpointpolicymanager/javaenterpriserulesmanager.webp) | Java Enterprise Rules Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![startscreentaskbarmanager](/img/product_docs/endpointpolicymanager/startscreentaskbarmanager.webp) | Start Screen & Task Bar Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![scriptstriggersmanager](/img/product_docs/endpointpolicymanager/scriptstriggersmanager.webp) | Scripts & Triggers Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![featuremanagerwindows](/img/product_docs/endpointpolicymanager/featuremanagerwindows.webp) | Feature Manager for Windows | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![remoteworkdeliverymanager](/img/product_docs/endpointpolicymanager/remoteworkdeliverymanager.webp) | Remote Work Delivery Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![rdpmanager](/img/product_docs/endpointpolicymanager/rdpmanager.webp) | Endpoint Policy Manager RDP Manager | - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![softwarepackagemanager](/img/product_docs/endpointpolicymanager/softwarepackagemanager.webp) | Software Package Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![applicationmanager](/img/product_docs/endpointpolicymanager/applicationmanager.webp) | Application Manager | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![gpcompliancereporter](/img/product_docs/endpointpolicymanager/gpcompliancereporter.webp) | Endpoint Policy Manager GP Compliance Reporter | - [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) | +| ![archive](/img/product_docs/endpointpolicymanager/archive.webp) | Archive | - [Archive](/docs/endpointpolicymanager/knowledgebase/archive/overview.md) | diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/_category_.json new file mode 100644 index 0000000000..ac12d13766 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Least Privilege Manager", + "position": 100, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/_category_.json new file mode 100644 index 0000000000..d4592f76d1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Eventing", + "position": 100, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md new file mode 100644 index 0000000000..e92e27efd5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md @@ -0,0 +1,156 @@ +--- +title: "How to use Netwrix Auditor to Report on Endpoint Policy Manager events" +description: "How to use Netwrix Auditor to Report on Endpoint Policy Manager events" +sidebar_position: 20 +--- + +# How to use Netwrix Auditor to Report on Endpoint Policy Manager events + +This topic shows you how to generate reports for interesting events from the Endpoint Policy Manager +event logs, that you can then use to create LPM policies as needed. + +## Report + +![1325_1](/img/product_docs/endpointpolicymanager/integration/auditor/1325_1.webp) + +Policy created in LPM using the report details above. + +![1325_2](/img/product_docs/endpointpolicymanager/integration/auditor/1325_2.webp) + +## Getting Started + +In order to receive Endpoint Policy Manager reports for events via Netwrix Auditor, you need to +complete the following steps. + +**Step 1 –** Creating a monitoring plan for Endpoint Policy Manager events. + +**Step 2 –** Configuring sources, filters, events, database settings. + +**Step 3 –** Optional: configure alerts. + +## Creating a monitoring plan for Endpoint Policy Manager events + +Navigate to **Start** > Netwrix Auditor > Netwrix Auditor **Event Log Manager**. + +On the main page, you are prompted to select a monitoring plan. Click **Add** to add new plan. + +![1325_3](/img/product_docs/endpointpolicymanager/integration/auditor/1325_3.webp) + +**Step 1 –** Give the new plan a descriptive name and select **Enable event log collection**. Then +add a **Notification recipient** email address. You can specify one or more email addresses for +users to receive daily Event Log collection status notifications. Use a semicolon to separate +addresses. + +![1325_4](/img/product_docs/endpointpolicymanager/integration/auditor/1325_4.webp) + +**Step 2 –** In the **General** tab enter credentials for the account that will be used to collect +data from the endpoints. Use an account that has local admin rights on the endpoints, and one that +can also read Active directory. Then click the **Add** button next to the Monitored computers +section. + +![1325_5](/img/product_docs/endpointpolicymanager/integration/auditor/1325_5.webp) + +**Step 3 –** Choose how you would like to add monitored computers, either by Computer name, by +Active Directory container, or via IP Range. + +![1325_6](/img/product_docs/endpointpolicymanager/integration/auditor/1325_6.webp) + +**NOTE:** You can add multiple types of computer items to your monitoring plan. + +![1325_7](/img/product_docs/endpointpolicymanager/integration/auditor/1325_7.webp) + +**Step 4 –** In the **Notifications** tab you can configure SMTP settings. + +![1325_8](/img/product_docs/endpointpolicymanager/integration/auditor/1325_8.webp) + +**Step 5 –** Under the **Audit Database** tab you can review and verify your database settings. +Netwrix Auditor Event Log Manager synchronizes Audit Database and reports settings with the default +Audit Database configuration from Netwrix Auditor Server. If this option is disabled, contact your +Netwrix Auditor Global administrator and make sure that these settings are properly configured in +Netwrix Auditor Server. See the Audit Database topic in the +[Netwrix Auditor > Configuration Documentation](https://helpcenter.netwrix.com/category/auditor_configuration) +for additional information. + +![1325_9](/img/product_docs/endpointpolicymanager/integration/auditor/1325_9.webp) + +**Step 6 –** In the **Advanced** tab you can check if Network traffic compression is enabled +(recommended). Also, you can specify the notification delivery time. + +![1325_10](/img/product_docs/endpointpolicymanager/integration/auditor/1325_10.webp) + +**Step 7 –** Filter out the desired events and get them into the Netwrix Auditor Reports. To do so, +get back to the **General** tab and configure the **Audit archiving filters**. + +![1325_11](/img/product_docs/endpointpolicymanager/integration/auditor/1325_11.webp) + +**Step 8 –** Once there, you can add the filtering in the Inclusive filters section. Click **Add** +to proceed. + +In the next window, we need to specify the following parameters: + +- Filter name +- Description for the filter +- Event log – here we need to type in Endpoint Policy Manager manually, as it is not available in + the drop down list. +- Write to – here you can select the location to store filtered events, either a long-term archive + or a database. It is recommended to use both locations. + +![1325_12](/img/product_docs/endpointpolicymanager/integration/auditor/1325_12.webp) + +**Step 9 –** Depending on targeted events, in the **Event Fields** tab you may enlist the event IDs +to capture. See the +[List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md) topic for +additional information on event IDs. + +For example, here is the list of event IDs related to Endpoint Policy Manager Least Privilege +Manager Global Audit events: + +![1325_13](/img/product_docs/endpointpolicymanager/integration/auditor/1325_13.webp) + +You may adjust the settings in the**Events Fields filtering** section according to your needs. + +Once the configuration is done, you may click **OK** and save all your progress so far. + +**Step 10 –** Go back to the main monitoring plan configuration window for Netwrix Auditor Event Log +Manager, and click **Configure** under alerts filtering: + +![1325_14](/img/product_docs/endpointpolicymanager/integration/auditor/1325_14.webp) + +Then click **Add** to add a new alert. + +![1325_15](/img/product_docs/endpointpolicymanager/integration/auditor/1325_15.webp) + +**Step 11 –** In the next window add alerts for any event IDs as needed using the screenshots below +as a guide. + +**NOTE:** There is no need to configure anything under the **Insertion Strings** tab at this time. + +Single Event Alert Example: + +![1325_16](/img/product_docs/endpointpolicymanager/integration/auditor/1325_16.webp) + +![1325_17](/img/product_docs/endpointpolicymanager/integration/auditor/1325_17.webp) + +Group of Specific Events Alert Example: + +![1325_18](/img/product_docs/endpointpolicymanager/integration/auditor/1325_18.webp) + +![1325_19](/img/product_docs/endpointpolicymanager/integration/auditor/1325_19.webp) + +This is all the configuration required for Netwrix Auditor Event Log Manager to report on Endpoint +Policy Manager Events. + +**Step 12 –** Now, if you would like to review the event log reports, start the Netwrix Auditor +software and go to the **Reports** section. There, navigate to the following report path: +**Predefined** > **Windows Server**> **Event Log** > **All events by Computer** and click **View**. + +![1325_20](/img/product_docs/endpointpolicymanager/integration/auditor/1325_20.webp) + +Here you can specify the conditions and filters to represent in the report, such as date range, +Event level etc. + +![1325_21](/img/product_docs/endpointpolicymanager/integration/auditor/1325_21.webp) + +**NOTE:** You can click on the interactive link in the **Date** column to see event details: + +![1325_22](/img/product_docs/endpointpolicymanager/integration/auditor/1325_22.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/subprocesses.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/subprocesses.md new file mode 100644 index 0000000000..1df6701c00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/subprocesses.md @@ -0,0 +1,17 @@ +--- +title: "Does Endpoint Policy Manager log sub-processes when launched from within CMD or Powershell?" +description: "Does Endpoint Policy Manager log sub-processes when launched from within CMD or Powershell?" +sidebar_position: 30 +--- + +# Does Endpoint Policy Manager log sub-processes when launched from within CMD or Powershell? + +Yes. In the example below, an elevated command prompt (perhaps elevated by Self Elevate), you can +see the command net stop spooler logged in the event log. + +![1335_1_3cd9340de297397c581bc79215cfae2d](/img/product_docs/endpointpolicymanager/leastprivilege/1335_1_3cd9340de297397c581bc79215cfae2d.webp) + +**NOTE:** If you are not seeing this be sure to upgrade to latest CSE. + +_Remember,_ internal commands like: DIR or SET won't be logged; the command must be an external +command. diff --git a/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md index 992f9821e0..42ec7a5b05 100644 --- a/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md @@ -1,3 +1,9 @@ +--- +title: "How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding." +description: "How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding." +sidebar_position: 10 +--- + # How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding. #### Enable the Windows Remote Management (WinRM) Service on the Endpoints. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..23d1eb829e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/knowledgebase.md @@ -0,0 +1,94 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Least Privilege Manager. + +## Licensing + +- [What is the difference between Endpoint Privilege Manager Standard and Complete licenses?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/licensing/license.md) + +## Tips (How does PPLPM work?) + +- [Which account does an elevated process run within?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/accountelevatedprocess.md) +- [Does Endpoint Privilege Manager block Macro attacks?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/macroattacks.md) +- [How secure is it just to use the digital signature? Can someone spoof a digital signature?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/digitalsignature.md) +- [Is Endpoint Privilege Manager compatible alongside an existing installation of Microsoft Applocker?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/applocker.md) +- [How can I change the behavior of "Run as Admin" with Endpoint Privilege Manager and how has it changed from previous versions?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/runasadmin.md) + +## Tips (Specific Workaround for Apps and Scenarios) + +- [How to create an LPM Policy for (SynTPEnh.exe) Synaptics Pointing Device Driver](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/synapticspointingdevicedriver.md) +- [Install Windows Fonts for users or Elevate end-users to install fonts themselves](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installfonts.md) +- [How do I elevate MMC snap ins without granting administrative rights?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mmcsnapin.md) +- [How do I use Least Privilege Manager to Elevate .reg files to allow import by standard users](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/registry.md) +- [How-to elevate Windows Defender Firewall in Endpoint Privilege Manager?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/windowsdefender.md) +- [How do I elevate installers that are classified as Installers but not Applications? Like Ninite, 7z, or Self-Extract?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installers.md) +- [Allowing access/edit rights to specific files for standard users](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/editrights.md) +- [How to Elevate applications with a .application extension using Least Privilege Manager](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/applicationextension.md) +- [How do I elevate .MSP files such as Adobe Acrobat updates?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mspfiles.md) +- [FTK Imager crashes with 'Server Busy' dialog box when "Image Mounting" while running elevated](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/serverbusy.md) + +## Tips (Files, Folders and Dialogs) + +- [How can I make all files in a folder, or all files in all recursive folders Elevated, Blocked, or Allow & Log?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsfilesfoldersandd/allfiles.md) + +## Tips and SecureRun (TM) + +- [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md) +- [How do I setup SecureRun when there are so many variables and still ensure my rules work no matter what version of the software I have I installed?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/setup.md) +- [When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/enablepowershell.md) +- [What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/blockedscripttypes.md) +- [How to run WebEx Meeting as regular user when SecureRun is enabled](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/webex.md) +- [How to install and run MYKI Password Manager as regular user when SecureRun is enabled](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/mykipasswordmanager.md) +- [How do I allow a Chrome extension blocked by SecureRun to be installed?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/chromeextension.md) +- [Least Privilege Manager and SecureRun Implementation Best Practices](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/bestpractices.md) +- [How does the option "Show Admin Approval dialog for untrusted application" in Admin Approval work?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/adminapprovalwork.md) + +## Tips for Admin Approval, Self Elevate, Apply on Demand, SecureCopy and UI Branding + +- [Can I use Endpoint Privilege Manager to LOWER / remove admin rights from Administrators from an application or process, like Internet Explorer?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/reduceadminrights.md) +- [I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/dragdrop.md) +- [How do I use the Filter section in Endpoint Privilege Manager ?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/scope.md) +- [How do I install an Active X control if it is not digitally signed?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/activexcontrol.md) +- [How to Defend against malicious PowerShell attacks (DLLs)?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/maliciousattacks.md) +- [How can I integrate Endpoint Privilege Manager and Servicenow (or any other help desk) via email?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/servicenow.md) +- [Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/selfelevation.md) +- [How does the "Show Pop-Up" message checkbox work along side "Force user re-authenticate" and "Justification text required" checkboxes?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/optionsshowpopupmessage.md) +- [How does custom menu item text work after builds 23.8 and later?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/custommenuitemtext.md) + +## Tips (Old, use only if asked) + +- [Endpoint Privilege Manager: How do I elevate single line commands (second batch file method)?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/singlelinecommands.md) +- [How to elevate Print driver installation using Endpoint Privilege Manager? (alternate method)](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/printerdriverinstall.md) + +## Troubleshooting + +- [What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/determinewhy.md) +- [Why doesn't Endpoint Privilege Manager work Windows 7 + SHA256 signed.JS and .VBS files ?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/supportedenvironments.md) +- [I want all the files in a folder to be ALLOWED when SecureRun is used. What is the correct syntax?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/correctsyntax.md) +- [If multiple Endpoint Privilege Manager rules would apply, which rule takes precedence?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ruleprecedence.md) +- [How are DRIVE MAPS and UNC paths supported in Endpoint Privilege Manager?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/drivemaps.md) +- [Why does Endpoint Policy Manager SecureRun block "inline commands" and what can I do to overcome or revert the behavior ?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/inlinecommands.md) +- [How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/wildcards.md) +- [How do I overcome OneDrive block prompts when SecureRun is on?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/onedrive.md) +- [Why is my File Info Deny rule for SQL MGMT Studio version 14.x and lower not working?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ssms.md) +- [Why is my File Info Deny rule for WinSCP Setup 17.x and lower not working?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/winscp.md) +- [How-to Fix EXPLORER.EXE crash when right-clicking document files, pdf, docx, xlsx, etc.?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/explorercrash.md) +- [Error message The element 'emailSettings' in namespace "…AdminApproval" has incomplete content encountered when editing Admin Approval policy](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/emailsettings.md) +- [How-to troubleshoot LPM rules for Kaseya Agent Service?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/kaseyaagentservice.md) + +## Eventing + +- [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md) +- [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md) + +## Netwrix Privilege Secure for Access Management Integration + +- [How to Resolve Could not establish trust relationship for the SSL or TLS Secure Channel error message](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/establishtrust.md) +- [How does the Netwrix Privilege Secure MMC UI relate to the Endpoint Policy Manager MMC UI?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/mmc.md) +- [How can I create Endpoint Policy ManagerLeast Privilege Manager policies with Netwrix Privilege Secure (even when the Endpoint Policy Manager Client Side Extension is unlicensed?)](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/createpolicies.md) diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/licensing/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/licensing/_category_.json new file mode 100644 index 0000000000..4e06c332b6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/licensing/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Licensing", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/license.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/licensing/license.md similarity index 81% rename from docs/endpointpolicymanager/leastprivilege/license.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/licensing/license.md index 947ead3909..cf368b93ba 100644 --- a/docs/endpointpolicymanager/leastprivilege/license.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/licensing/license.md @@ -1,3 +1,9 @@ +--- +title: "What is the difference between Endpoint Privilege Manager Standard and Complete licenses?" +description: "What is the difference between Endpoint Privilege Manager Standard and Complete licenses?" +sidebar_position: 10 +--- + # What is the difference between Endpoint Privilege Manager Standard and Complete licenses? The Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager UI has designations diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/macintegration/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/macintegration/_category_.json new file mode 100644 index 0000000000..82a5eb7ff6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/macintegration/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Mac Integration", + "position": 80, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/macintegration/logs.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/macintegration/logs.md new file mode 100644 index 0000000000..182003839b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/macintegration/logs.md @@ -0,0 +1,153 @@ +--- +title: "Logging guide for Endpoint Privilege Manager for Mac Clients" +description: "Logging guide for Endpoint Privilege Manager for Mac Clients" +sidebar_position: 10 +--- + +# Logging guide for Endpoint Privilege Manager for Mac Clients + +This guide will help you understand local Mac logging and also how to send those logs to Netwrix +Endpoint Policy Manager (formerly PolicyPak) Cloud if desired. + +## Understanding log files on the client + +The Endpoint Policy Manager logs are located in /Library/Application Support/PolicyPak/Logs. If +requested by Support, zip up these three logs. As the customer, you can find useful information +within endpointpolicymanagerd.log and cloud.log (details below). + +![1329_1_6e10551394ec326177434ffc228df475](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_1_6e10551394ec326177434ffc228df475.webp) + +### Understanding Endpoint Policy ManagerD.Log + +This log shows every process that ran on the computer. When installed, Endpoint Policy Manager needs +to monitor all processes on the endpoint to determine if there is a policy against that process and +then acts upon it if necessary. This log shows those processes and the policy information, if there +is a policy. + +No Existing Policy + +![1329_2_d6a33d883a790b8367004838c34e770f](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_2_d6a33d883a790b8367004838c34e770f.webp) + +Policy Exists + +![1329_3_4b3667fda4b8ee8bc6b9d9a09ef88ee8](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_3_4b3667fda4b8ee8bc6b9d9a09ef88ee8.webp) + +### Understanding Cloud.log + +Cloud.log contains actioned items from the endpointpolicymanagerd.log file, processes that ran by the user and +were either Allowed, Elevated or Blocked by Endpoint Policy Manager policies. + +**NOTE:** To get a better understanding of how you policies are working, or not working, +endpointpolicymanagerd.log will tell not only what processes were affected by policies, but also what processes +weren’t – and maybe should have been. + +![1329_4_30c21b2015b47e5d92143f82a31997eb](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_4_30c21b2015b47e5d92143f82a31997eb.webp) + +## Setting up Endpoint Policy Manager Cloud Groups for Event Collection + +Having these logs locally is all well and good, but we also have the ability to centrally store +these logs and present the data in a more readable format. + +Our Event Collector in the cloud can take these events, upload them to your Endpoint Policy Manager +cloud instance, and allow you to pull reports based on this data. + +**NOTE:** This is a paid, extra service that is not enabled by default. + +Event collection is part of the Group configuration. There are two types of groups that your +endpoints can be a part of: Built-in and Company. + +Built-in + +Without going into too many details here (there are KB articles where you can get more information +on this topic), the main Built-in Group is the Allgroup. Every endpoint that has an account will +automatically be a member of Windows or, in this case, MacOSs All group. If this group is configured +with Event Collection, all endpoints will send their cloud.log data up to the cloud. + +Computer + +Computer groups are created and configured by you, the Endpoint Policy Manager cloud instance +administrator. You specify what computer accounts are members here, and thereby only those endpoints +will upload the data you specify in that group Event Collection configuration. + +There are a few ways to add a computer to a group, but the most common way is directly through the +group. + +**Step 1 –** Highlight the group you want to add the computer(s) to. + +**Step 2 –** Click on **Add/Remove Computer from Group** (under Actions). + +![1329_5_cd439679970dd94379dc97da3de13756](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_5_cd439679970dd94379dc97da3de13756.webp) + +**Step 3 –** Click **Available Computers**. + +![1329_6_89a9d67a0c348b5ab03d304ea9392884](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_6_89a9d67a0c348b5ab03d304ea9392884.webp) + +**Step 4 –** Check the ones to add and click **Add**. + +Event Collection Configuration + +To configure Event Collection, highlight the group and click **Edit Group** under Actions. On the +resulting pop-up window, click on the **Event Collector** tab. + +![1329_7_44a2bef19cdb90973520bb3702397eb4](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_7_44a2bef19cdb90973520bb3702397eb4.webp) + +The **Event submission interval** dictates how often the logs get uploaded to the cloud. This is +separate and distinct from the **Refresh interval for computers** on the previous tab, which +dictates how often the endpoint synchronizes the policies with the cloud. + +You can also choose which events are collected and stored in the cloud. On large networks, this will +save you from a lot of noise when looking for specific things. We generally recommend starting will +All events until you figure out what it is you want to see, and then just select the ones you want. + +When **Selected Events** is selected, clicking on the Info icon brings up a list of Event IDs that +can be selected. In the image below are highlighted the two Event types that shown in the cloud.log +example above. + +![1329_8_464e110a1254c22ecac8a612b13ffc76](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_8_464e110a1254c22ecac8a612b13ffc76.webp) + +Notes on Collection configuration: + +- When the Allgroup is configured, all endpoints will receive the configuration. +- When a Parent group is configured, all child groups will, by default, inherit the configuration as + well. This behavior, however, can be altered to block inheritance. +- If a computer is a member of multiple groups, the behavior is essentially accumulative. That is, + all selected IDs will be included and uploaded in the shortest interval set. + +See the +[How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/childgroups.md) +topic for additional information. + +Forcing Event submission + +If you are testing, or just want to upload the data immediately, you can force the upload of the +cloud.log file with the following command: + +`policypak cloud-push-logs` + +![1329_9_e5dddf2ba28a115aa5782c49a21fbac6](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_9_e5dddf2ba28a115aa5782c49a21fbac6.webp) + +**NOTE:** This command can be run by a standard user. It does not require elevated or administrative +rights to perform. + +## Reporting on Collected Events + +All the collected events can be accessed through the **Computers (Collected Events)** report on the +Reports tab and selecting **Endpoint Policy Manager Least Privilege Manager for macOS**. + +![1329_10_2ab64dc549729d2f51cdf61ab7d88108](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_10_2ab64dc549729d2f51cdf61ab7d88108.webp) + +Next, configure the time period you want to report on. The default is the beginning of the day, but +this can be altered to the desired start and stop time and date. Click **Show** to see the results. + +![1329_11_7135ed6ab54692983796dd995a2517e4](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_11_7135ed6ab54692983796dd995a2517e4.webp) + +The results can be filtered to show only the desired information. For example, show only specific +computers or only Elevation events. Every column can be filtered by clicking on the ellipsis within +the column header. + +![1329_12_3996f6bea2016ba07eaf96f5c05b43c0](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_12_3996f6bea2016ba07eaf96f5c05b43c0.webp) + +For offline analysis, the report can be exported to either Excel or, if very large, CSV format. This +can be done before or after filtering. + +![1329_13_50b225886bba8747a9460411f4662cc9](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_13_50b225886bba8747a9460411f4662cc9.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/_category_.json new file mode 100644 index 0000000000..c983761b21 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Netwrix Privilege Secure For Access Management Integration", + "position": 110, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/integration/createpolicies.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/createpolicies.md similarity index 87% rename from docs/endpointpolicymanager/integration/createpolicies.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/createpolicies.md index 5ce219a9ab..ea3f9ccaa0 100644 --- a/docs/endpointpolicymanager/integration/createpolicies.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/createpolicies.md @@ -1,3 +1,9 @@ +--- +title: "How can I create Endpoint Policy ManagerLeast Privilege Manager policies with Netwrix Privilege Secure (even when the Endpoint Policy Manager Client Side Extension is unlicensed?)" +description: "How can I create Endpoint Policy ManagerLeast Privilege Manager policies with Netwrix Privilege Secure (even when the Endpoint Policy Manager Client Side Extension is unlicensed?)" +sidebar_position: 30 +--- + # How can I create Endpoint Policy ManagerLeast Privilege Manager policies with Netwrix Privilege Secure (even when the Endpoint Policy Manager Client Side Extension is unlicensed?) Starting with builds later than July 2023, the Netwrix Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/establishtrust.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/establishtrust.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/error/leastprivilege/establishtrust.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/establishtrust.md index 4629370378..a48780776c 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/establishtrust.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/establishtrust.md @@ -1,3 +1,9 @@ +--- +title: "How to Resolve Could not establish trust relationship for the SSL or TLS Secure Channel error message" +description: "How to Resolve Could not establish trust relationship for the SSL or TLS Secure Channel error message" +sidebar_position: 10 +--- + # How to Resolve Could not establish trust relationship for the SSL or TLS Secure Channel error message PROBLEM: diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/mmc.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/mmc.md new file mode 100644 index 0000000000..f8e47cc835 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/netwrixprivilegesecu/mmc.md @@ -0,0 +1,43 @@ +--- +title: "How does the Netwrix Privilege Secure MMC UI relate to the Endpoint Policy Manager MMC UI?" +description: "How does the Netwrix Privilege Secure MMC UI relate to the Endpoint Policy Manager MMC UI?" +sidebar_position: 20 +--- + +# How does the Netwrix Privilege Secure MMC UI relate to the Endpoint Policy Manager MMC UI? + +In the Netwrix Privilege Secure download you will find NPS for Endpoint Group Policy Snap-in x64 and +x86 installers. + +![972_1_image](/img/product_docs/endpointpolicymanager/integration/privilegesecure/972_1_image.webp) + +This MSI is meant to increase what is possible with a Group Policy editor and let you create NPS +Endpoint rules (aka Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager) +rules. + +When you install the NPS Endpoint Group Policy Snap-In on a machine (which has the Group Policy +Editor and/or Group Policy Management Console) you will see the Netwrix Privilege Secure node and +Least Privilege Manager within it. All GPOs l have the same look and feel and editing ability. + +![972_2_image-20230627090846-2_950x515](/img/product_docs/endpointpolicymanager/integration/965_1_image-20230627091218-5_950x515.webp) + +If you want to upgrade to Endpoint Policy Manager and see both Netwrix Privilege Secure and all the +other Endpoint Policy Manager nodes, you need to install the Endpoint Policy Manager Admin Console. +This can be installed on top of the Privilege Secure Admin Console, or installed directly. + +![972_3_image-20230627090846-3_950x70](/img/product_docs/endpointpolicymanager/integration/privilegesecure/972_3_image-20230627090846-3_950x70.webp) + +The result can be seen here with Netwrix Privilege Secure / Least Privilege Manager and all the +Endpoint Policy Manager nodes. + +![972_4_image-20230627090846-4_950x534](/img/product_docs/endpointpolicymanager/integration/privilegesecure/972_4_image-20230627090846-4_950x534.webp) + +The Endpoint Policy Manager Admin Console MSI is a superset of the Privilege Secure Console MSI. + +**CAUTION:** It is technically possible to upgrade to the latest version of the Privilege Secure +Console MSI after installing some version of the Endpoint Policy Manager Admin Console MSI. If you +do this, you will remove the Endpoint Policy Manager nodes and be left only with the Netwrix +Privilege Secure node. Any Endpoint Policy Manager data and directives will still be in the GPO and +active. Therefore it is recommended if you upgrade to Endpoint Policy Manager Admin Console MSI, +then you maintain your console with upgrades only via the Endpoint Policy Manager Admin Console MSI +and don't attempt a re-install of Privilege Secure Console MSI. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/_category_.json new file mode 100644 index 0000000000..6e3c7a173f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And SecureRun TM", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/adminapprovalwork.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/adminapprovalwork.md similarity index 82% rename from docs/endpointpolicymanager/leastprivilege/securerun/adminapprovalwork.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/adminapprovalwork.md index 6f282d5ad1..44d0cca781 100644 --- a/docs/endpointpolicymanager/leastprivilege/securerun/adminapprovalwork.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/adminapprovalwork.md @@ -1,3 +1,9 @@ +--- +title: "How does the option \"Show Admin Approval dialog for untrusted application\" in Admin Approval work?" +description: "How does the option \"Show Admin Approval dialog for untrusted application\" in Admin Approval work?" +sidebar_position: 90 +--- + # How does the option "Show Admin Approval dialog for untrusted application" in Admin Approval work? If the Show Admin Approval dialog for untrusted applications is enabled,then the decision on whether diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md index 2d62016eca..e503c2b17e 100644 --- a/docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md @@ -1,3 +1,9 @@ +--- +title: "How can I allow \"Inline commands\" blocked by SecureRun when a random path or filename is created each time?" +description: "How can I allow \"Inline commands\" blocked by SecureRun when a random path or filename is created each time?" +sidebar_position: 10 +--- + # How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time? On occasion, applications will pass inline commands that contain a randomly generated path or batch diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/bestpractices.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/bestpractices.md similarity index 94% rename from docs/endpointpolicymanager/leastprivilege/securerun/bestpractices.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/bestpractices.md index 48a4f7a95c..804e996ac8 100644 --- a/docs/endpointpolicymanager/leastprivilege/securerun/bestpractices.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/bestpractices.md @@ -1,3 +1,9 @@ +--- +title: "Least Privilege Manager and SecureRun Implementation Best Practices" +description: "Least Privilege Manager and SecureRun Implementation Best Practices" +sidebar_position: 80 +--- + # Least Privilege Manager and SecureRun Implementation Best Practices Least Privilege Manager is a powerful tool to manage local admin rights and elevate only the diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/blockedscripttypes.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/blockedscripttypes.md new file mode 100644 index 0000000000..d5a349ef02 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/blockedscripttypes.md @@ -0,0 +1,22 @@ +--- +title: "What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ?" +description: "What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ?" +sidebar_position: 40 +--- + +# What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ? + +The official list is as follows and might increase without notice. + +- BAT +- CMD +- JS +- JSE +- VBS +- VBE +- .PS1 +- .JAR (not technically a script; but also blocked) + +**NOTE:** For .PS1, in order to enable Powershell at all, you need to make an express (ALLOW rule +for powershell.exe). That rule can be found in +[When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/enablepowershell.md) diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/chromeextension.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/chromeextension.md new file mode 100644 index 0000000000..f4fa6d03cd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/chromeextension.md @@ -0,0 +1,60 @@ +--- +title: "How do I allow a Chrome extension blocked by SecureRun to be installed?" +description: "How do I allow a Chrome extension blocked by SecureRun to be installed?" +sidebar_position: 70 +--- + +# How do I allow a Chrome extension blocked by SecureRun to be installed? + +When SecureRun is enabled, it may block some Chrome Extensions from installing. Two examples of this +are Adobe Acrobat and Power Automate Desktop. + +The commands that are run to install these extensions are as follows: + +``` +C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://njjljiblognghfjfpcdpdbpbfcmhgafg/ --parent-window=0 < \\.\pipe\LOCAL\edge.nativeMessaging.in.8c9048e3136bfe0b > \\.\pipe\LOCAL\edge.nativeMessaging.out.8c9048e3136bfe0b +``` + +``` +C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.602ecca2de172262 > \\.\pipe\chrome.nativeMessaging.out.602ecca2de172262 +``` + +To allow the extensions to be installed, create a New Executable Policy for each extension that is +being blocked. This can be done on either the Computer or User side, depending on who is a member of +the OU. + +![700_1_image-20211111230736-1](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_1_image-20211111230736-1.webp) + +**Step 1 –** Create a Combo Rule. + +![700_2_image-20211111230736-2](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_2_image-20211111230736-2.webp) + +**Step 2 –** Select **Path**, **Command-line arguments** and **Apply to child processes**. + +![700_3_image-20211111230736-3](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_3_image-20211111230736-3.webp) + +**Step 3 –** Under Path Condition, add file `%SYSTEMROOT%\System32\cmd.exe`. + +![700_4_image-20211111230736-4](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_4_image-20211111230736-4.webp) + +**Step 4 –** Under Command-line Arguments, select **Strict equality**; check **Ignore arguments +case**; under Arguments, we are going to take the first part of the installation command, after +`cmd.exe`, and replace the last part with asterisks. + +![700_5_image-20211111230736-5](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_5_image-20211111230736-5.webp) + +``` +/d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://*/* +``` + +``` +/d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://*/* +``` + +**Step 5 –** Set action as .Allow and Log. + +![700_6_image-20211111230736-6](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_6_image-20211111230736-6.webp) + +**Step 6 –** Rename, set ILT if required and click **Finish**. + +![700_7_image-20211111230736-7](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_7_image-20211111230736-7.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/enablepowershell.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/enablepowershell.md new file mode 100644 index 0000000000..f59914fc3b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/enablepowershell.md @@ -0,0 +1,11 @@ +--- +title: "When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this?" +description: "When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this?" +sidebar_position: 30 +--- + +# When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this? + +You need to use EXE Policy with rule Allow and log for +Powershell.[ Go to https://www.endpointpolicymanager.com/pp-files/allow-powershell.php](https://www.endpointpolicymanager.com/pp-files/allow-powershell.php) +and import it to enable PowerShell to run with SecureRun enabled. diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/mykipasswordmanager.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/mykipasswordmanager.md similarity index 97% rename from docs/endpointpolicymanager/leastprivilege/securerun/mykipasswordmanager.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/mykipasswordmanager.md index 47c9e9af1c..146e9731b9 100644 --- a/docs/endpointpolicymanager/leastprivilege/securerun/mykipasswordmanager.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/mykipasswordmanager.md @@ -1,3 +1,9 @@ +--- +title: "How to install and run MYKI Password Manager as regular user when SecureRun is enabled" +description: "How to install and run MYKI Password Manager as regular user when SecureRun is enabled" +sidebar_position: 60 +--- + # How to install and run MYKI Password Manager as regular user when SecureRun is enabled ## Option 1: diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/setup.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/setup.md new file mode 100644 index 0000000000..4a685f4fe2 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/setup.md @@ -0,0 +1,55 @@ +--- +title: "How do I setup SecureRun when there are so many variables and still ensure my rules work no matter what version of the software I have I installed?" +description: "How do I setup SecureRun when there are so many variables and still ensure my rules work no matter what version of the software I have I installed?" +sidebar_position: 20 +--- + +# How do I setup SecureRun when there are so many variables and still ensure my rules work no matter what version of the software I have I installed? + +### Using Secure Run – Best Practices + +#### Getting Started + +Watch this quick video for tips on setting up Secure Run: +[Stop Ransomware and other unknown zero day attacks with Endpoint Policy Manager SecureRun(TM)](/docs/endpointpolicymanager/video/leastprivilege/securerun/stopransomware.md). + +In addition we have a tool called Auto Rules Generator for generating rules from a machine that has +all your apps. It is in the Extras folder of the main Netwrix Endpoint Policy Manager (formerly +PolicyPak) download. For more information on this issue, please see +[Auto Rules Generator Tool (with SecureRun)](/docs/endpointpolicymanager/video/leastprivilege/autorulesgeneratortool.md). + +#### How do we setup SecureRun when each version of the software references more than one .exe to start the program? + +- There is the option to **Apply to Child Processes**. In most cases this will elevate any other + processes needed. +- If you do not use this option, you have to create rules for each process. But you can use the Auto + Rules Generator to find all those .exe's and generate rules for all quickly. + +![315_1_lpm-faq-03-img-01](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_1_lpm-faq-03-img-01.webp) + +#### How do we setup SecureRun when there are so many variables and make them work no matter what version of the software was installed? + +- Start with the AutoRules Generator to try to mass generate the rules you need. +- In You can do a Single rule or a Combo + +![315_2_lpm-faq-03-img-02](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_2_lpm-faq-03-img-02.webp) + +- For a Single many customers will use Hashto ensure only that specific file is elevated. However + this doesn't allow for future versions to be allowed. +- For future proof situations, a Combo of a **Signature**, along with **File Info**, is often used. + That way you ensure that it is always that Vendor with the Signature, and with File Info you can + specify to allow Higher or Equals, thereby allowing future versions to be elevated. + +![315_3_lpm-faq-03-img-03](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_3_lpm-faq-03-img-03.webp) + +![315_4_lpm-faq-03-img-04](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_4_lpm-faq-03-img-04.webp) + +### Summary + +There are various ways to slice and dice to create the rules you want, but most common is to use +**Signature** with **File Info** set to Higher or Equals and, optionally Path with just filename +entered (though if the app changes names often you might omit using the Path). + +The more rule types you use the more secure it becomes, but keeping it usable is always the goal. +Generally only use Hash by itself because its pretty secure, and then some combination of the others +as noted above. diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/webex.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/webex.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/securerun/webex.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/webex.md index 2225ef4b76..3ac8192b5e 100644 --- a/docs/endpointpolicymanager/leastprivilege/securerun/webex.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/webex.md @@ -1,3 +1,9 @@ +--- +title: "How to run WebEx Meeting as regular user when SecureRun is enabled" +description: "How to run WebEx Meeting as regular user when SecureRun is enabled" +sidebar_position: 50 +--- + # How to run WebEx Meeting as regular user when SecureRun is enabled You need to create a new Least Privilege Manager policy on either the Computer or User side, and @@ -76,7 +82,7 @@ steps. **NOTE:** You can also use Endpoint Policy Manager Remote Work Delivery Manager to deliver the certificate file at the desired location of the remote computer. For more information on this issue, -please see  Remote Work Delivery Manager > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) +please see  Remote Work Delivery Manager > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) Use Endpoint Policy Manager Scripts Manager to deliver the Certificate in Intermediate Certification Authorities for a Computer. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsfilesfoldersandd/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsfilesfoldersandd/_category_.json new file mode 100644 index 0000000000..8892650cff --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsfilesfoldersandd/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips Files Folders And Dialogs", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/allfiles.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsfilesfoldersandd/allfiles.md similarity index 76% rename from docs/endpointpolicymanager/leastprivilege/elevate/allfiles.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsfilesfoldersandd/allfiles.md index 69b46b75cd..018ae6c0a4 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/allfiles.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsfilesfoldersandd/allfiles.md @@ -1,3 +1,9 @@ +--- +title: "How can I make all files in a folder, or all files in all recursive folders Elevated, Blocked, or Allow & Log?" +description: "How can I make all files in a folder, or all files in all recursive folders Elevated, Blocked, or Allow & Log?" +sidebar_position: 10 +--- + # How can I make all files in a folder, or all files in all recursive folders Elevated, Blocked, or Allow & Log? There are two methods to Elevate, Block or Allow&Log multiple files and folders. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/_category_.json new file mode 100644 index 0000000000..3b764696e8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips For Admin Approval Self Elevate Apply On Demand SecureCopy And UI Branding", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/policyeditor/activexcontrol.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/activexcontrol.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/policyeditor/activexcontrol.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/activexcontrol.md index 73318e89d5..85368107ee 100644 --- a/docs/endpointpolicymanager/leastprivilege/policyeditor/activexcontrol.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/activexcontrol.md @@ -1,3 +1,9 @@ +--- +title: "How do I install an Active X control if it is not digitally signed?" +description: "How do I install an Active X control if it is not digitally signed?" +sidebar_position: 40 +--- + # How do I install an Active X control if it is not digitally signed? When an ActiveX control is digitally signed, and you use Netwrix Endpoint Policy Manager (formerly diff --git a/docs/endpointpolicymanager/leastprivilege/custommenuitemtext.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/custommenuitemtext.md similarity index 86% rename from docs/endpointpolicymanager/leastprivilege/custommenuitemtext.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/custommenuitemtext.md index 33089fae12..0352358d3f 100644 --- a/docs/endpointpolicymanager/leastprivilege/custommenuitemtext.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/custommenuitemtext.md @@ -1,3 +1,9 @@ +--- +title: "How does custom menu item text work after builds 23.8 and later?" +description: "How does custom menu item text work after builds 23.8 and later?" +sidebar_position: 90 +--- + # How does custom menu item text work after builds 23.8 and later? Starting in builds 23.8 and later, we changed the behavior of the custom menu items so you can have diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/dragdrop.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/dragdrop.md similarity index 77% rename from docs/endpointpolicymanager/leastprivilege/elevate/dragdrop.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/dragdrop.md index c515b33a7b..86ed71b98e 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/dragdrop.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/dragdrop.md @@ -1,3 +1,9 @@ +--- +title: "I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?" +description: "I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?" +sidebar_position: 20 +--- + # I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try? When Netwrix Endpoint Policy Manager (formerly PolicyPak) elevates a process it also changes its diff --git a/docs/endpointpolicymanager/leastprivilege/powershell/maliciousattacks.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/maliciousattacks.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/powershell/maliciousattacks.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/maliciousattacks.md index 7d7a1f74a8..b863e71402 100644 --- a/docs/endpointpolicymanager/leastprivilege/powershell/maliciousattacks.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/maliciousattacks.md @@ -1,3 +1,9 @@ +--- +title: "How to Defend against malicious PowerShell attacks (DLLs)?" +description: "How to Defend against malicious PowerShell attacks (DLLs)?" +sidebar_position: 50 +--- + # How to Defend against malicious PowerShell attacks (DLLs)? Even after blocking the PowerShell executables there are still ways in which bad actors can use DLLs diff --git a/docs/endpointpolicymanager/leastprivilege/policyeditor/optionsshowpopupmessage.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/optionsshowpopupmessage.md similarity index 87% rename from docs/endpointpolicymanager/leastprivilege/policyeditor/optionsshowpopupmessage.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/optionsshowpopupmessage.md index 1f2b3c8f7d..1ba02ebab4 100644 --- a/docs/endpointpolicymanager/leastprivilege/policyeditor/optionsshowpopupmessage.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/optionsshowpopupmessage.md @@ -1,3 +1,9 @@ +--- +title: "How does the \"Show Pop-Up\" message checkbox work along side \"Force user re-authenticate\" and \"Justification text required\" checkboxes?" +description: "How does the \"Show Pop-Up\" message checkbox work along side \"Force user re-authenticate\" and \"Justification text required\" checkboxes?" +sidebar_position: 80 +--- + # How does the "Show Pop-Up" message checkbox work along side "Force user re-authenticate" and "Justification text required" checkboxes? In CSEs 23.6 and later, there are several options you may select:. diff --git a/docs/endpointpolicymanager/leastprivilege/reduceadminrights.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/reduceadminrights.md similarity index 81% rename from docs/endpointpolicymanager/leastprivilege/reduceadminrights.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/reduceadminrights.md index d4b0fa7cc8..d68efc1746 100644 --- a/docs/endpointpolicymanager/leastprivilege/reduceadminrights.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/reduceadminrights.md @@ -1,3 +1,9 @@ +--- +title: "Can I use Endpoint Privilege Manager to LOWER / remove admin rights from Administrators from an application or process, like Internet Explorer?" +description: "Can I use Endpoint Privilege Manager to LOWER / remove admin rights from Administrators from an application or process, like Internet Explorer?" +sidebar_position: 10 +--- + # Can I use Endpoint Privilege Manager to LOWER / remove admin rights from Administrators from an application or process, like Internet Explorer? Yes. The basic steps are in these two screenshots: diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/scope.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/scope.md new file mode 100644 index 0000000000..0c8863b03e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/scope.md @@ -0,0 +1,175 @@ +--- +title: "How do I use the Filter section in Endpoint Privilege Manager ?" +description: "How do I use the Filter section in Endpoint Privilege Manager ?" +sidebar_position: 30 +--- + +# How do I use the Filter section in Endpoint Privilege Manager ? + +The Scope filter section can be found in various rule types in Netwrix Endpoint Policy Manager +(formerly PolicyPak) Least Privilege Manager. For instance, it exists in every explicit rule, like +this: + +![319_1_faq-img-01_950x578](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_1_faq-img-01_950x578.webp) + +And also in SecureRun™ rules like this: + +![319_2_faq-img-02_950x537](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_2_faq-img-02_950x537.webp) + +**NOTE:** At this time, Policy Scope rules are not yet available for: + +- Global Settings Policy (to perform Discovery audits.) +- Admin Approval Policy + +These are coming soon. + +**NOTE:** The Policy Scope option is only available when used on the Computer side; on the User side +it is greyed out because this setting is only meant to express to the COMPUTER (system) how to work +with User, and User and System Processes. On the User side, the processes are always in the context +of the User. + +![319_3_faq-img-03_950x571](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_3_faq-img-03_950x571.webp) + +In this topic, we are going over various use cases when you might use the Policy Scope option (which +again, will only be un-gray / valid on the Computer side.) + +## Scenario 1: Enhanced SecureRun / Prevent untrusted executables and scripts from running even by LOCAL SYSTEM. + +When you apply SecureRun on the user or computer side, you're saying "Block all untrusted +executables started by users." But this does not, by default, block the attack vector of the System +performing the attack. You can see the example below where the Standard User is blocked from an +executable attempt, but System is still allowed. + +![319_4_faq-img-04_950x647](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_4_faq-img-04_950x647.webp) + +However, you can switch SecureRun on the computer side to now say "Block all untrusted executables +started by users or LOCAL SYSTEM." You would do this on the Computer side, and specify User and +System Processes, as shown below. + +![319_5_faq-img-05_950x547](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_5_faq-img-05_950x547.webp) + +The result is that both User and System attempts to run un-trusted executables will be prevented. + +When could this occur? + +- If a normal (user-level) process exploits a security vulnerability to escalate his own privileges + and run some arbitrary code with higherprivileges (like LOCAL SYSTEM in this case). +- If malware launched software on a machine that runs as Local System and existed at + `c:\anything\Program.exe` (like PSEXEC, other ransomware, etc.). In this case, it would be owned + by the user (who is not on the SecureRun list.) However, if the malware executed + the` c:\anything\Program.exe` as SYSTEM, this attack would be prevented, because the owner of the + `c:\anything\Program.exe` is the User (as the attacker) but would not on the SecureRun list (even + though the process is being run AS SYSTEM.) + +This would strengthen security if a malware ended up using an elevated process to attempt to perform +its work as LOCAL SYSTEM and tries to run an un-trusted file. Therefore, when the application +(`.EXE`) or script, etc., was attempted to fire off, because the user isn't on the SecureRun trusted +list, the attack attempt will fail. + +For a video demo of this scenario, +see [SecureRun to block User AND System executables](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securerun/usersystemexecutables.md) + +## Scenario 2: Specific rule to block an app from being run, even as local System. + +You might want to explicitly block attack vectors such as PSEXEC (which was used in WannaCry), or +entirely block PowerShell.  If you specify to do this only on the User side (or set Computer side +scope to User processed only), then only user processes will be affected: + +![319_6_faq-img-06_950x195](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_6_faq-img-06_950x195.webp) + +You can shore up this attack vector by making the explicit deny rule on the Computer side: + +![319_7_faq-img-07_950x381](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_7_faq-img-07_950x381.webp) + +When you do,  this happens: + +![319_8_faq-img-08_950x183](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_8_faq-img-08_950x183.webp) + +### Scenario 2B: Block Powershell.exe completely, but allow Local System to run a specific .PS1 script + +In the previous example, we blocked Powershell (or PSEXEC, etc.) from all user and system processes. + +However, you might need to run some Powershell scripts as SYSTEM to perform some maintenance tasks.  +Since PowerShell is now being blocked for all Computer side processes, you cannot run a specific +script with PowerShel: + +![319_9_faq-img-09_950x271](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_9_faq-img-09_950x271.webp) + +To enable this, simply add another rule to ALLOW AND LOG, for example, `C:\SCRIPTS\ITSCRIPT1.ps1`, +and set the scope to User and System processes, but use the scope Filter to SYSTEM. + +![319_10_faq-img-10_950x453](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_10_faq-img-10_950x453.webp) + +Result: + +![319_11_faq-img-11_950x375](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_11_faq-img-11_950x375.webp) + +For more information on this issue, see + [Block PowerShell in General, Open up for specific items](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/powershellblock.md) + +## Scenario 3: Running or Elevating applications or installers, but blocking other admins from running them. + +In this scenario you want to do work with Endpoint Policy Manager Least Privilege Manager (Elevate, +Allow, or Block) but prevent other admins (local admins or domain admins) from overcoming your rule. + +To perform this, you'll need to apply these two rules: + +1. First one BLOCKS `ABC.EXE` or `ABC.CMD` or `ABC.MSI`. This must be done on the COMPUTER side with + SCOPE = USER AND SYSTEM. Then, filter the scope by group (more on this in a second.) + +2. Second rule ALLOWS or ELEVATES `ABC.EXE` or `ABC.CMD` or `ABC.MSI`. The scope doesn't matter. You + can do this on the COMPUTER or USER side. (leaving the default filters in place.) + +If you want toblock only LOCAL admins (but not domain admins) then Rule #1 needs to look like this. +(Note that this group is not available when editing a GPO from a DC, and only available when +creating the GPO from a Windows 10 computer): + +![319_12_faq-img-12_950x482](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_12_faq-img-12_950x482.webp) + +If you want toblock both local admins and domain administrators, then Rule #1 needs to look like +this. + +![319_13_faq-img-13_950x534](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_13_faq-img-13_950x534.webp) + +_Remember,_ rule 2, the rule that does the ELEVATE or ALLOW, is just a standard rule, and can be +done on the user or computer side, like this: + +![319_14_faq-img-14_950x458](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_14_faq-img-14_950x458.webp) + +video +3: [Elevate apps as standard user, BLOCK other Admins](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/appblock.md) + +## Scenario 4:  Elevating a Service account + +You might have a service which requires specific privileges. Maybe your service, by default, uses +Local System, and you want to give it less rights. + +With Endpoint Policy Manager Least Privilege Manager, you can remove the powerful privileges of the +service account and strip out LOCAL SYSTEM and grant a specific user the permissions required. + +If you want a process to be run via special user account, follow these steps you would need to do +the following: + +**Step 1 –** Make a rule for an `.exe` from which the service runs. + +We recommend to make a File Info + Signature rule, but PATH rules would work as well. + +e.g. `C:\Program Files\AppABC \AppService.exe` + +**Step 2 –** On the Actions page select "Run with custom token" and configure the TOKEN and/or exact +PRIVILEGES the process needs like Load Driver Privilege (SeLoadDriverPrivilege), Bypass Traverse +Checking (SeChangeNotify). + +**Step 3 –** On the final page select Scope = User and System Processes + +AND + +Scope Filter should be trimmed to the specific account you specified to run the service runs as. + +**NOTE:** It's also possible to use Scope Filter = SERVICES to make the rule apply to all services +that run from the specified `.exe `regardless of the user. + +![319_15_faq-img-15_950x467](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_15_faq-img-15_950x467.webp) + +video: +[Reduce or specify Service Account Rights](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/serviceaccountrights.md) diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/selfelevation.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/selfelevation.md new file mode 100644 index 0000000000..5be56d2752 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/selfelevation.md @@ -0,0 +1,39 @@ +--- +title: "Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers" +description: "Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers" +sidebar_position: 70 +--- + +# Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers + +**Step 1 –** When creating the Self Elevation Policy in LPM, create the rule as you would normally +and choose whichever Executable types you wish the members of the local group to be able to execute, +and also whether or not the policy should apply to child processes. + +![959_1_image-20230522075042-1](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_1_image-20230522075042-1.jpeg) + +**Step 2 –** When you get to the **Allowed Users** section be sure to use the **Add custom +user/group by SID as member** option. + +![959_2_image-20230522075042-2](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_2_image-20230522075042-2.webp) + +**Step 3 –** At this point you will need to look up the SID for the local group you wish to have the +Self Elevation policy apply to. This can be done by running the command "whoami /groups" on the +computer where the local group exists. + +![959_3_image-20230522075042-3](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_3_image-20230522075042-3.webp) + +**Step 4 –** In this example, I will be using the SID for the BUILTIN\Users group "S-1-5-32-545" + +![959_4_image-20230522075042-4](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_4_image-20230522075042-4.webp) + +**Step 5 –** Your policy should look similar to the example below. + +![959_5_image-20230522075042-5](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_5_image-20230522075042-5.webp) + +**Step 6 –** Lastly, deploy the policy and test if Self Elevation works. If the LPM Self Elevation +policy applies successfully to the local group then when you right click on any of the Executable +types you selected in the policy, you should see the **Run Self Elevated with PolicyPak** option +available. + +![959_6_image-20230522075042-6](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_6_image-20230522075042-6.webp) diff --git a/docs/endpointpolicymanager/integration/servicenow.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/servicenow.md similarity index 86% rename from docs/endpointpolicymanager/integration/servicenow.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/servicenow.md index 0a41617b48..0b506e5f41 100644 --- a/docs/endpointpolicymanager/integration/servicenow.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/servicenow.md @@ -1,3 +1,9 @@ +--- +title: "How can I integrate Endpoint Privilege Manager and Servicenow (or any other help desk) via email?" +description: "How can I integrate Endpoint Privilege Manager and Servicenow (or any other help desk) via email?" +sidebar_position: 60 +--- + # How can I integrate Endpoint Privilege Manager and Servicenow (or any other help desk) via email? Please consider watching this video before continuing: diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/_category_.json new file mode 100644 index 0000000000..64ff566b2e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips How Does PPLPM Work", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/accountelevatedprocess.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/accountelevatedprocess.md similarity index 82% rename from docs/endpointpolicymanager/leastprivilege/accountelevatedprocess.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/accountelevatedprocess.md index 95aead0bd9..66ce03e5b1 100644 --- a/docs/endpointpolicymanager/leastprivilege/accountelevatedprocess.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/accountelevatedprocess.md @@ -1,3 +1,9 @@ +--- +title: "Which account does an elevated process run within?" +description: "Which account does an elevated process run within?" +sidebar_position: 10 +--- + # Which account does an elevated process run within? Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager does not need a special diff --git a/docs/endpointpolicymanager/integration/applocker.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/applocker.md similarity index 92% rename from docs/endpointpolicymanager/integration/applocker.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/applocker.md index 5b8b57abc0..2915a369d3 100644 --- a/docs/endpointpolicymanager/integration/applocker.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/applocker.md @@ -1,3 +1,9 @@ +--- +title: "Is Endpoint Privilege Manager compatible alongside an existing installation of Microsoft Applocker?" +description: "Is Endpoint Privilege Manager compatible alongside an existing installation of Microsoft Applocker?" +sidebar_position: 40 +--- + # Is Endpoint Privilege Manager compatible alongside an existing installation of Microsoft Applocker? In short, yes. AppLocker will generally take effect in double-click scenarios and be the mechanism diff --git a/docs/endpointpolicymanager/leastprivilege/digitalsignature.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/digitalsignature.md similarity index 87% rename from docs/endpointpolicymanager/leastprivilege/digitalsignature.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/digitalsignature.md index 8dbf09c8dd..8a5cef6b55 100644 --- a/docs/endpointpolicymanager/leastprivilege/digitalsignature.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/digitalsignature.md @@ -1,3 +1,9 @@ +--- +title: "How secure is it just to use the digital signature? Can someone spoof a digital signature?" +description: "How secure is it just to use the digital signature? Can someone spoof a digital signature?" +sidebar_position: 30 +--- + # How secure is it just to use the digital signature? Can someone spoof a digital signature? Digital Signature is signed by the application vendor and it is nearly impossible to associate diff --git a/docs/endpointpolicymanager/leastprivilege/macroattacks.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/macroattacks.md similarity index 84% rename from docs/endpointpolicymanager/leastprivilege/macroattacks.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/macroattacks.md index 4274b63c51..19593a5e44 100644 --- a/docs/endpointpolicymanager/leastprivilege/macroattacks.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/macroattacks.md @@ -1,3 +1,9 @@ +--- +title: "Does Endpoint Privilege Manager block Macro attacks?" +description: "Does Endpoint Privilege Manager block Macro attacks?" +sidebar_position: 20 +--- + # Does Endpoint Privilege Manager block Macro attacks? Partially, yes, but this is by design. diff --git a/docs/endpointpolicymanager/leastprivilege/runasadmin.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/runasadmin.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/runasadmin.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/runasadmin.md index 6ad66de3c7..93c645ea00 100644 --- a/docs/endpointpolicymanager/leastprivilege/runasadmin.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipshowdoespplpmwork/runasadmin.md @@ -1,3 +1,9 @@ +--- +title: "How can I change the behavior of \"Run as Admin\" with Endpoint Privilege Manager and how has it changed from previous versions?" +description: "How can I change the behavior of \"Run as Admin\" with Endpoint Privilege Manager and how has it changed from previous versions?" +sidebar_position: 50 +--- + # How can I change the behavior of "Run as Admin" with Endpoint Privilege Manager and how has it changed from previous versions? In 2022, Netwrix Endpoint Policy Manager (formerly PolicyPak) introduced a new feature that enables diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/_category_.json new file mode 100644 index 0000000000..ad13ab7518 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips Old Use Only If Asked", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/printerdriverinstall.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/printerdriverinstall.md similarity index 88% rename from docs/endpointpolicymanager/leastprivilege/elevate/printerdriverinstall.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/printerdriverinstall.md index f093a8940c..6f07926094 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/printerdriverinstall.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/printerdriverinstall.md @@ -1,3 +1,9 @@ +--- +title: "How to elevate Print driver installation using Endpoint Privilege Manager? (alternate method)" +description: "How to elevate Print driver installation using Endpoint Privilege Manager? (alternate method)" +sidebar_position: 20 +--- + # How to elevate Print driver installation using Endpoint Privilege Manager? (alternate method) These directions should only be performed if asked by support. The normal method to elevate print diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/singlelinecommands.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/singlelinecommands.md new file mode 100644 index 0000000000..7c44bbab22 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsolduseonlyifaske/singlelinecommands.md @@ -0,0 +1,21 @@ +--- +title: "Endpoint Privilege Manager: How do I elevate single line commands (second batch file method)?" +description: "Endpoint Privilege Manager: How do I elevate single line commands (second batch file method)?" +sidebar_position: 10 +--- + +# Endpoint Privilege Manager: How do I elevate single line commands (second batch file method)? + +Here is the way to elevate commands which are single line, like this one: + +``` +Abc.exe /switch1 parameter=XYZ /switch2 +``` + +An example of elevating the SCCM computer setup can be seen below: + +![479_1_pplpm-faq2-image001](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/479_1_pplpm-faq2-image001.webp) + +![479_2_pplpm-faq2-image002](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/479_2_pplpm-faq2-image002.webp) + +![479_3_pplpm-faq2-image003](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/479_3_pplpm-faq2-image003.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/_category_.json new file mode 100644 index 0000000000..c5ebbf514d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips Specific Workaround For Apps And Scenarios", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/applicationextension.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/applicationextension.md similarity index 94% rename from docs/endpointpolicymanager/leastprivilege/elevate/applicationextension.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/applicationextension.md index 912152eaab..0db49a6bde 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/applicationextension.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/applicationextension.md @@ -1,3 +1,9 @@ +--- +title: "How to Elevate applications with a .application extension using Least Privilege Manager" +description: "How to Elevate applications with a .application extension using Least Privilege Manager" +sidebar_position: 80 +--- + # How to Elevate applications with a .application extension using Least Privilege Manager **Method 1 (Recommended): Elevating the underlying .EXE** diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/block.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/block.md new file mode 100644 index 0000000000..0b6e2def57 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/block.md @@ -0,0 +1,122 @@ +--- +title: "How to Block running PowerShell 2.0 using Least Privilege Manager" +description: "How to Block running PowerShell 2.0 using Least Privilege Manager" +sidebar_position: 110 +--- + +# How to Block running PowerShell 2.0 using Least Privilege Manager + +Issue: + +Blocking PowerShell Version 2 using a traditional command line rule in Endpoint Policy Manager Least +Privilege Manager results in multiple block events being generated every second in the Endpoint +Policy Manager event log. + +![1319_1_61042bd4123a78ef7686b114b9eea335](/img/product_docs/endpointpolicymanager/leastprivilege/powershell/1319_1_61042bd4123a78ef7686b114b9eea335.webp) + +Cause: + +When you try to run PowerShell -v 2 (or an equivalent) from the PowerShell prompt the following is +happening: + +First, the parent (PowerShell) creates a child with the following command line: + +`C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe` -version 2 + +When it fails (due to the fact the PP LPM Client Side Extensions (CSE) blocks it), the parent (the +initial PowerShell process) creates a temporary child process with another command line: + +`C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe` + +`C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe` -version 2. + +The child process then creates another child process with the initial command line and Endpoint +Policy Manager (formerly PolicyPak) Least Privilege Managerblocks it. + +Then it repeats, in an endless loop. + +Workaround: + +Since we cannot alter the internal PowerShell logic that attempts to restart the child process to +overcome the failure, we have to use the two scripts below to work around the issue. The two +policies below are also attached as XML for your convenience. + +![1319_2_d3a2208d260469bdbfdfc7edaf6848ba](/img/product_docs/endpointpolicymanager/leastprivilege/powershell/1319_2_d3a2208d260469bdbfdfc7edaf6848ba.webp) + +![1319_3_5745adb2d8b01ee9555aa6db772eae6a](/img/product_docs/endpointpolicymanager/leastprivilege/powershell/1319_3_5745adb2d8b01ee9555aa6db772eae6a.webp) + +Lastly, test using the command directly below to ensure that PowerShell Version 2.0 is now +successfully blocked and that there are no longer multiple block events being created in the +Endpoint Policy Manager event log. + +PowerShell -version 2.0 + +[Copy]() + +PowerShell V2 Workaround + +``` + + +   +     +       +         +           +             +              CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US +             +             +              Microsoft® Windows® Operating System +              10.0.14393.206 +              *powersh* +              10.0.14393.206 +             +             +              -v* 2* +              false +             +           +           +            false +           +           +             +              false +             +           +         +       +     +     +       +         +           +             +              CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US +             +             +              Microsoft® Windows® Operating System +              10.0.14393.206 +              *powersh* +              10.0.14393.206 +             +             +              * -v* 2* +              false +             +           +           +            false +           +           +             +              false +             +           +         +       +     +   + +``` diff --git a/docs/endpointpolicymanager/leastprivilege/editrights.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/editrights.md similarity index 88% rename from docs/endpointpolicymanager/leastprivilege/editrights.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/editrights.md index 5fe66c67ae..66a829325a 100644 --- a/docs/endpointpolicymanager/leastprivilege/editrights.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/editrights.md @@ -1,3 +1,9 @@ +--- +title: "Allowing access/edit rights to specific files for standard users" +description: "Allowing access/edit rights to specific files for standard users" +sidebar_position: 70 +--- + # Allowing access/edit rights to specific files for standard users While you are working in an environment where access rights have been configured in a secure way, diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/installers.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installers.md similarity index 86% rename from docs/endpointpolicymanager/leastprivilege/elevate/installers.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installers.md index 297f3262aa..153ce1ebc4 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/installers.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installers.md @@ -1,3 +1,9 @@ +--- +title: "How do I elevate installers that are classified as Installers but not Applications? Like Ninite, 7z, or Self-Extract?" +description: "How do I elevate installers that are classified as Installers but not Applications? Like Ninite, 7z, or Self-Extract?" +sidebar_position: 60 +--- + # How do I elevate installers that are classified as Installers but not Applications? Like Ninite, 7z, or Self-Extract? The problem is when you elevating an application but it keeps giving the UAC prompt. diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/installfonts.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installfonts.md similarity index 99% rename from docs/endpointpolicymanager/leastprivilege/elevate/installfonts.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installfonts.md index 7578c9282b..95909777d2 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/installfonts.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/installfonts.md @@ -1,3 +1,9 @@ +--- +title: "Install Windows Fonts for users or Elevate end-users to install fonts themselves" +description: "Install Windows Fonts for users or Elevate end-users to install fonts themselves" +sidebar_position: 20 +--- + # Install Windows Fonts for users or Elevate end-users to install fonts themselves **Business case**: Your users don't have rights to install fonts, but you may want them to install diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mmcsnapin.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mmcsnapin.md new file mode 100644 index 0000000000..393ac534f4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mmcsnapin.md @@ -0,0 +1,86 @@ +--- +title: "How do I elevate MMC snap ins without granting administrative rights?" +description: "How do I elevate MMC snap ins without granting administrative rights?" +sidebar_position: 30 +--- + +# How do I elevate MMC snap ins without granting administrative rights? + +A standard user may not be able to run an MMC console without elevated rights. For instance, a +standard user does not have the ability to start, stop, or change the configuration within any +service. This article takes you through the process to create a policy to allow this and other items +similar to this. + +**Step 1 –** Create a new GPO or edit an existing one. + +**Step 2 –** Expand the Endpoint Policy Manager node and select **Least Privilege Manager**. + +**NOTE:** User or Computer policies may be used, but general recommendation is to target to users. + +**Step 3 –** Create a new **New Executable Policy**. + +![203_1_image-20200229095829-1](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_1_image-20200229095829-1.webp) + +**Step 4 –** Select **Use combo rule (advanced)** and click **NEXT**. + +![203_3_image-20200229095829-2](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_3_image-20200229095829-2.webp) + +**Step 5 –** Select **Apply command-line arguments**, leaving everything else as-is and click +**NEXT**. + +![203_5_image-20200229095829-3](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_5_image-20200229095829-3.webp) + +**Step 6 –** Under **Path Condition**, click **Add** > **Add file** **...** + +![203_7_image-20200229095829-4](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_7_image-20200229095829-4.webp) + +**Step 7 –** In the Path field, type in `*\mmc.exe"` and click **OK**. + +![203_9_image-20200229095829-5](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_9_image-20200229095829-5.webp) + +**Step 8 –** Click on **Command-line Arguments**, select **Strict equality**, and under +**Arguments** type in the exact path to `services.msc` ("`C:\Windows\system32\services.msc`") and +click **NEXT**. + +![203_11_image-20210521112229-2](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_11_image-20210521112229-2.webp) + +**Step 9 –** Ensure "**Run with elevated privileges**" is selected and click **NEXT**. + +![203_12_image-20200229095829-7](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_12_image-20200229095829-7.webp) + +**Step 10 –** Name it according to your conventions (e.g. "`Elevate Services.msc`") and click +**FINISH**. + +**NOTE:** Users will not acquire this new GPO until Group Policy is refreshed on the user's computer +either through automatic or manual means. + +## TESTING + +To test this out, you can use the RUN command.Be sure to type in the exact command you've specified +in step 8. Only then will elevation occur. + +![203_14_image001_950x730](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_14_image001_950x730.webp) + +Additionally, you can test with a command prompt. Again, the command has to match exactly. + +![203_15_image002_950x541](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_15_image002_950x541.webp) + +**NOTE:** If you attempt other avenues, like from the Start menu or alternate command lines, they +will not work. In the example below it does not work because it is notthe exact same command line. + +![203_16_image003_950x496](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_16_image003_950x496.webp) + +In order to make this work, you need to specify a second policy with alternate approved command +lines. For instance, you could do this, which removes the requirement for +`c:\windows\system32\services.msc` + +![203_17_image004_950x475](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_17_image004_950x475.webp) + +The result would be that the shorter command line:` mmc services.msc` is accepted and runs elevated. + +![203_18_image005_950x579](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_18_image005_950x579.webp) + +However, at no time would the shortest expression, of only "`services.msc`" work. The required MMC +must appear before the command line. + +![203_19_image006_950x612](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_19_image006_950x612.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/mspfiles.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mspfiles.md similarity index 91% rename from docs/endpointpolicymanager/leastprivilege/elevate/mspfiles.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mspfiles.md index 0feefc818e..02cecec89d 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/mspfiles.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mspfiles.md @@ -1,3 +1,9 @@ +--- +title: "How do I elevate .MSP files such as Adobe Acrobat updates?" +description: "How do I elevate .MSP files such as Adobe Acrobat updates?" +sidebar_position: 90 +--- + # How do I elevate .MSP files such as Adobe Acrobat updates? This article explains how to elevate .MSP installation files in general. We will use Adobe update diff --git a/docs/endpointpolicymanager/leastprivilege/allow/nonadminuser.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/nonadminuser.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/allow/nonadminuser.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/nonadminuser.md index bdd4eb145b..21c830af44 100644 --- a/docs/endpointpolicymanager/leastprivilege/allow/nonadminuser.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/nonadminuser.md @@ -1,3 +1,9 @@ +--- +title: "How to Allow a Non-Admin user to manage a specific Service using SC.EXE with Least Privilege Manager" +description: "How to Allow a Non-Admin user to manage a specific Service using SC.EXE with Least Privilege Manager" +sidebar_position: 120 +--- + # How to Allow a Non-Admin user to manage a specific Service using SC.EXE with Least Privilege Manager The steps in the example below will allow a Non-Admin user to manage the Remote Registry service @@ -50,9 +56,6 @@ choose its startup type. You can use the XML policy below as an example. -``` -[Copy](javascript:void(0);) -``` XML Policy diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/registry.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/registry.md new file mode 100644 index 0000000000..f91f1655e3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/registry.md @@ -0,0 +1,115 @@ +--- +title: "How do I use Least Privilege Manager to Elevate .reg files to allow import by standard users" +description: "How do I use Least Privilege Manager to Elevate .reg files to allow import by standard users" +sidebar_position: 40 +--- + +# How do I use Least Privilege Manager to Elevate .reg files to allow import by standard users + +The registry requires elevated rights to be updated. Least Privilege Manager can be used to elevate +the rights of a standard user to allow specific .reg files be imported without an administrator. + +**NOTE:** We recommend you put the .REG file on a server so the file itself is under permissions +which cannot be tampered with. It could be a risk to put the .REG file locally on the hard drive +where anyone could edit the raw contents. + +## Method 1: New Executable Policy + +**Step 1 –** Create new GPO where required. + +**Step 2 –** Expand Netwrix Endpoint Policy Manager (formerly PolicyPak) node on either Computer, or +User Configuration side, and click ,**Least Privilege Manager**. + +**Step 3 –** Add new EXE Policy (a or b). + +![621_1_image-20200510100624-1](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_1_image-20200510100624-1.webp) + +**Step 4 –** Select **Use Combo Rule …** and click **NEXT**. + +![621_3_image-20200510100625-2](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_3_image-20200510100625-2.webp) + +**Step 5 –** Under **Conditions** check **Path**, and under Settings check **Command-line +arguments** and **Apply to child processes** . Click **Next**. + +![621_5_image-20200510100625-3](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_5_image-20200510100625-3.webp) + +**Step 6 –** Under **Path Condition** click the **Add** drop-down and select **Add file ...**. + +![621_7_image-20200510100625-4](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_7_image-20200510100625-4.webp) + +**Step 7 –** Either browse for `regedit.exe`, or type in "`%SYSTEMROOT%\regedit.exe`" and click +**OK**. + +![621_9_po_950x46](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_9_po_950x46.webp) + +**Step 8 –** Click on **Command-line Arguments** + +1. Under **Check Mode** select **Strict equality** +2. In the **Arguments** box type in text entered in Path Condition (step7) and path to `.reg` file + to elevate +3. Check **Ignore arguments case** +4. Click **Next**. + + ![621_11_image-20200510100625-6](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_11_image-20200510100625-6.webp) + +**Step 9 –** Select **Run with elevated privileges** and Click **Next**. + +![621_13_image-20200510100625-7](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_13_image-20200510100625-7.webp) + +**Step 10 –** Rename and set Item Level Targeting if required and click **Finish**. + +## Method 2: New Script Policy + +Before you create the policy, place your script on a server or secure, shared location (e.g. +`\\server\share\PSscript.ps1`). The following is a sample script that can be used with either +PowerShell or as a batch file to import a `.REG` file: + +``` +Regedit.exe /s \\server\share\NewRegValue.reg +``` + +**Step 1 –** Create new GPO where required. + +**Step 2 –** Expand PolicyPak node on either Computer or User Configuration side and click on +.**Least Privilege Manager**. + +**Step 3 –** Create new SCRIPT Policy (a or b). + +![621_15_image-20200510100625-8](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_15_image-20200510100625-8.webp) + +**Step 4 –** Select **Use Combo Rule …** and click **Next**. + +**NOTE:** Although you can use a simple rule and simply use path as the qualifying factor, for +security purposes it is recommended you have multiple qualifying factors. + +![621_17_image-20200510100625-9](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_3_image-20200510100625-2.webp) + +**Step 5 –** Under Conditions check **Path** and **Hash** and click **Next**. + +![621_19_image-20200510100625-10](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_19_image-20200510100625-10.webp) + +**NOTE:** If you make changes to the script, the Hash value will need to be updated for the policy +to remain valid. Alternatively, if you digitally sign your script, Signature can be used instead of +Hash as the second method of validation. + +**Step 6 –** Under Path Condition click the **Add** drop-down and select .**Add file ...**. + +![621_21_image-20200510100625-11](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_21_image-20200510100625-11.webp) + +**Step 7 –** Browse to the location of the` PowerShell script -> When Prompted`, allow to +automatically fill in Hash value, + +![621_23_image-20200510100625-12](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_23_image-20200510100625-12.webp) + +![621_25_image-20200510100625-13](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_25_image-20200510100625-13.webp) + +**Step 8 –** Click on **Hash Condition** to confirm Value has been `set -> If desired`, and change +algorithm to setting of . + +![621_27_image-20200510100625-14](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_27_image-20200510100625-14.webp) + +**Step 9 –** Select "**Run with elevated privileges**and click **Next**. + +![621_29_image-20200510100625-15](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_13_image-20200510100625-7.webp) + +**Step 10 –** Rename and set Item Level Targeting if required and click **Finish**. diff --git a/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/serverbusy.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/serverbusy.md similarity index 89% rename from docs/endpointpolicymanager/troubleshooting/error/leastprivilege/serverbusy.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/serverbusy.md index 75f2af172d..bb525cf46a 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/serverbusy.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/serverbusy.md @@ -1,3 +1,9 @@ +--- +title: "FTK Imager crashes with 'Server Busy' dialog box when \"Image Mounting\" while running elevated" +description: "FTK Imager crashes with 'Server Busy' dialog box when \"Image Mounting\" while running elevated" +sidebar_position: 100 +--- + # FTK Imager crashes with 'Server Busy' dialog box when "Image Mounting" while running elevated When attempting to mount an image with an elevated "FTK Imager" application, a "Server Busy" diff --git a/docs/endpointpolicymanager/leastprivilege/synapticspointingdevicedriver.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/synapticspointingdevicedriver.md similarity index 85% rename from docs/endpointpolicymanager/leastprivilege/synapticspointingdevicedriver.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/synapticspointingdevicedriver.md index aa429cf310..4ae0040691 100644 --- a/docs/endpointpolicymanager/leastprivilege/synapticspointingdevicedriver.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/synapticspointingdevicedriver.md @@ -1,3 +1,9 @@ +--- +title: "How to create an LPM Policy for (SynTPEnh.exe) Synaptics Pointing Device Driver" +description: "How to create an LPM Policy for (SynTPEnh.exe) Synaptics Pointing Device Driver" +sidebar_position: 10 +--- + # How to create an LPM Policy for (SynTPEnh.exe) Synaptics Pointing Device Driver Problem: The application Synaptics Pointing Device Driver (SynTPEnh.exe) is reported by the Global diff --git a/docs/endpointpolicymanager/leastprivilege/allow/uipathassistant.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/uipathassistant.md similarity index 96% rename from docs/endpointpolicymanager/leastprivilege/allow/uipathassistant.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/uipathassistant.md index 6f38183e3e..dc9a8e489b 100644 --- a/docs/endpointpolicymanager/leastprivilege/allow/uipathassistant.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/uipathassistant.md @@ -1,3 +1,9 @@ +--- +title: "How to Allow UiPath Assistant to run when running PowerShell is blocked for all Users" +description: "How to Allow UiPath Assistant to run when running PowerShell is blocked for all Users" +sidebar_position: 130 +--- + # How to Allow UiPath Assistant to run when running PowerShell is blocked for all Users Blocking PowerShell for everyone can also cause applications that depend on PowerShell to not run diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/windowsdefender.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/windowsdefender.md similarity index 83% rename from docs/endpointpolicymanager/leastprivilege/elevate/windowsdefender.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/windowsdefender.md index 7dab2d66a3..bb01d46599 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/windowsdefender.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/windowsdefender.md @@ -1,10 +1,16 @@ +--- +title: "How-to elevate Windows Defender Firewall in Endpoint Privilege Manager?" +description: "How-to elevate Windows Defender Firewall in Endpoint Privilege Manager?" +sidebar_position: 50 +--- + # How-to elevate Windows Defender Firewall in Endpoint Privilege Manager? ## Option 1: For detailed steps on how to elevate the Windows Defender Firewall snap-in, replacing Services.msc with WF.msc, see -[How do I elevate MMC snap ins without granting administrative rights?](/docs/endpointpolicymanager/leastprivilege/elevate/mmcsnapin.md) +[How do I elevate MMC snap ins without granting administrative rights?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsspecificworkarou/mmcsnapin.md) ## Option 2: diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..fdb9c60748 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 90, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/correctsyntax.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/correctsyntax.md similarity index 76% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/correctsyntax.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/correctsyntax.md index 1a5ebb565c..e841cecc73 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/correctsyntax.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/correctsyntax.md @@ -1,3 +1,9 @@ +--- +title: "I want all the files in a folder to be ALLOWED when SecureRun is used. What is the correct syntax?" +description: "I want all the files in a folder to be ALLOWED when SecureRun is used. What is the correct syntax?" +sidebar_position: 40 +--- + # I want all the files in a folder to be ALLOWED when SecureRun is used. What is the correct syntax? If you want to allow all files in a folder to be permitted when SecureRun is used, do not use this diff --git a/docs/endpointpolicymanager/troubleshooting/log/leastprivilege/determinewhy.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/determinewhy.md similarity index 84% rename from docs/endpointpolicymanager/troubleshooting/log/leastprivilege/determinewhy.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/determinewhy.md index b893259700..fd17316457 100644 --- a/docs/endpointpolicymanager/troubleshooting/log/leastprivilege/determinewhy.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/determinewhy.md @@ -1,3 +1,9 @@ +--- +title: "What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED?" +description: "What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED?" +sidebar_position: 20 +--- + # What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED? The log file you want to look in is` %LOCALAPPDATA%\PolicyPak\PolicyPak` diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/drivemaps.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/drivemaps.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/drivemaps.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/drivemaps.md index e8b3050e41..45c3d41589 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/drivemaps.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/drivemaps.md @@ -1,3 +1,9 @@ +--- +title: "How are DRIVE MAPS and UNC paths supported in Endpoint Privilege Manager?" +description: "How are DRIVE MAPS and UNC paths supported in Endpoint Privilege Manager?" +sidebar_position: 60 +--- + # How are DRIVE MAPS and UNC paths supported in Endpoint Privilege Manager? First, let's start with UNC paths. diff --git a/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/emailsettings.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/emailsettings.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/error/leastprivilege/emailsettings.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/emailsettings.md index bb9eab66ff..26a6ddcc1d 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/emailsettings.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/emailsettings.md @@ -1,3 +1,9 @@ +--- +title: "Error message The element 'emailSettings' in namespace \"…AdminApproval\" has incomplete content encountered when editing Admin Approval policy" +description: "Error message The element 'emailSettings' in namespace \"…AdminApproval\" has incomplete content encountered when editing Admin Approval policy" +sidebar_position: 140 +--- + # Error message The element 'emailSettings' in namespace "…AdminApproval" has incomplete content encountered when editing Admin Approval policy ## PROBLEM: diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/explorercrash.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/explorercrash.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/explorercrash.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/explorercrash.md index e14d2257ed..af47ee4272 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/explorercrash.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/explorercrash.md @@ -1,3 +1,9 @@ +--- +title: "How-to Fix EXPLORER.EXE crash when right-clicking document files, pdf, docx, xlsx, etc.?" +description: "How-to Fix EXPLORER.EXE crash when right-clicking document files, pdf, docx, xlsx, etc.?" +sidebar_position: 130 +--- + # How-to Fix EXPLORER.EXE crash when right-clicking document files, pdf, docx, xlsx, etc.? **NOTE:** This should be automatically fixed for MOST CUSTOMERS with CSE BUILD 3068 and later, these diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/inlinecommands.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/inlinecommands.md new file mode 100644 index 0000000000..9435d46529 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/inlinecommands.md @@ -0,0 +1,100 @@ +--- +title: "Why does Endpoint Policy Manager SecureRun block \"inline commands\" and what can I do to overcome or revert the behavior ?" +description: "Why does Endpoint Policy Manager SecureRun block \"inline commands\" and what can I do to overcome or revert the behavior ?" +sidebar_position: 70 +--- + +# Why does Endpoint Policy Manager SecureRun block "inline commands" and what can I do to overcome or revert the behavior ? + +Windows operations like Command Prompt and PowerShell allow scripts to run. That is, they allow to +run various commands and NOT just executables (e.g. .exe files). + +Netwrix Endpoint Policy Manager (formerly PolicyPak) SecureRun automatically blocks unknown and +un-trusted scripts. You can read about these automatically blocked script types here: + +[What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/blockedscripttypes.md) + +But it's possible to pass the commands on the command line + +For example, one can run something like this from the Run dialog (or in many other ways.) + +``` +cmd /c "mkdir C:\TEST & copy c:\Windows\notepad.exe C:\TEST" +``` + +![538_1_image-20201215000203-1](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/securerun_and_inline_commands.webp) + +Normally, users don't do this. But it could be valid during an application installation or program +setup. + +This technique is essentially what is used in much modern malware, as seen in this diagram. + +![538_2_image-20201215000203-2](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_2_image-20201215000203-2.webp) + +When commands are run in this way, Endpoint Policy Manager SecureRun cannot know precisely what to +do. + +Remember that SecureRun's primary duty is to check "File Owner." And, since this inline command has +no owner, Endpoint Policy Manager SecureRun cannot make a definitive determination of "Should it run +or not?" + +In older versions of Endpoint Policy Manager, Endpoint Policy Manager Least Privilege Manager +SecureRun™ did not trap for these inline commands or make any determination. + +In current versions, Endpoint Policy Manager, Endpoint Policy Manager Least Privilege Manager +SecureRun™ assumes this behavior of inline commands should be interpreted as unexpected/bad +behavior. + +That being said, you might have a reliance on this behavior for an application setup or valid +process. As such you have three options as workarounds. + +## Option 1: Analyze the statement and create an explicit Allow and Log Rule (Most Secure) + +In this example, assume you determined you had an inline command you needed to explicitly overcome a +SecureRun block: + +``` +cmd /c "mkdir C:\TEST & copy c:\Windows\notepad.exe C:\TEST" +``` + +To overcome this, you would need to make an Executable rule (not a Script rule). You would specify a +Combo rule, then specify Path and Command Line Arguments like what's seen here. + +![538_3_image-20201215000203-3](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_3_image-20201215000203-3.webp) + +The Path Condition part would be CMD.EXE: + +![538_4_image-20201215000203-4](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_4_image-20201215000203-4.webp) + +Then the most secure would be "Strict equality" and then specify the arguments which make up the +remainder of the command. + +Note that other configurations may work, but only "Strict equality" would be the most secure. + +![538_5_image-20201215000203-5](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_5_image-20201215000203-5.webp) + +Finally, set Allow And Log. + +![538_6_image-20201215000203-6](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_6_image-20201215000203-6.webp) + +Now you have a rule which is explicitly enabled to overcome a SecureRun block. + +## Option 2: Explicitly set Endpoint Policy Manager SecureRun to Disabled (Least Secure; not recommended) + +If Endpoint Policy Manager SecureRun has no configuration or is explicitly Disabled, like what's +seen here, then the inline checking will not function. + +![538_7_image-20201215000203-7](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_7_image-20201215000203-7.webp) + +## Option 3: Universally revert Endpoint Privilege Manager SecureRun™ Inline Command Processing Behavior to bypass inline commands (Less Secure; possibly recommended) + +In Endpoint Policy Manager CSE build 2725 we have introduced an ADMX setting entitled "Use legacy +(less secure) Endpoint Policy Manager Least Privilege Manager SecureRun Inline Processing Method." + +When this value is set to Enabled, you are telling the Endpoint Policy Manager Least Privilege +Manager that you want the SecureRun behavior to be reverted back to the original behavior. + +In this method, the Endpoint Policy Manager Least Privilege Manager SecureRun commandline parser +will ignore inline commands, and all processes like this will continue. + +![538_8_hfkb-1008-img-op-03-01_1379x575](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_8_hfkb-1008-img-op-03-01_1379x575.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/kaseyaagentservice.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/kaseyaagentservice.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/kaseyaagentservice.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/kaseyaagentservice.md index f0c12728d1..7fd45e0191 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/kaseyaagentservice.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/kaseyaagentservice.md @@ -1,3 +1,9 @@ +--- +title: "How-to troubleshoot LPM rules for Kaseya Agent Service?" +description: "How-to troubleshoot LPM rules for Kaseya Agent Service?" +sidebar_position: 150 +--- + # How-to troubleshoot LPM rules for Kaseya Agent Service? It seems that the Kaseya Agent service starts before the Netwrix Endpoint Policy Manager (formerly diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/onedrive.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/onedrive.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/onedrive.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/onedrive.md index 655e83a8d2..2391ae7e41 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/onedrive.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/onedrive.md @@ -1,3 +1,9 @@ +--- +title: "How do I overcome OneDrive block prompts when SecureRun is on?" +description: "How do I overcome OneDrive block prompts when SecureRun is on?" +sidebar_position: 100 +--- + # How do I overcome OneDrive block prompts when SecureRun is on? Required executables must be configured to be able to run OneDrive along with SecureRun. @@ -77,4 +83,4 @@ We've combined known command-line args in that XML guidance, as shown in below s But if you're receiving a different command-line prompt then check the following KB for more help: -[How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/wildcards.md) +[How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/wildcards.md) diff --git a/docs/endpointpolicymanager/troubleshooting/log/leastprivilege/restorecontextmenu.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/restorecontextmenu.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/log/leastprivilege/restorecontextmenu.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/restorecontextmenu.md index 5d35c768af..441ca53c66 100644 --- a/docs/endpointpolicymanager/troubleshooting/log/leastprivilege/restorecontextmenu.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/restorecontextmenu.md @@ -1,3 +1,9 @@ +--- +title: "Restore Windows 11 Specific Right-Click Context Menu" +description: "Restore Windows 11 Specific Right-Click Context Menu" +sidebar_position: 10 +--- + # Restore Windows 11 Specific Right-Click Context Menu The Endpoint Policy Manager team is working to fix a known bug that occurs when upgrading one diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ruleprecedence.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ruleprecedence.md new file mode 100644 index 0000000000..3619be0de5 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ruleprecedence.md @@ -0,0 +1,17 @@ +--- +title: "If multiple Endpoint Privilege Manager rules would apply, which rule takes precedence?" +description: "If multiple Endpoint Privilege Manager rules would apply, which rule takes precedence?" +sidebar_position: 50 +--- + +# If multiple Endpoint Privilege Manager rules would apply, which rule takes precedence? + +When a process is created, PPLPM evaluates the result in the following order: + +1. Explicit rules on computer side +2. Explicit rules on user side +3. The rule inherited from the parent process +4. SecureRun on computer side +5. SecureRun on user side + +Once a rule is found, we stop the search and do what the rule says. diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/ruleproductinfo.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ruleproductinfo.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/ruleproductinfo.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ruleproductinfo.md index d13d216a60..f3a295d1a3 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/ruleproductinfo.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ruleproductinfo.md @@ -1,3 +1,9 @@ +--- +title: "Why does my LPM rule for Product Info not work when the MSI is on a NAS share?" +description: "Why does my LPM rule for Product Info not work when the MSI is on a NAS share?" +sidebar_position: 160 +--- + # Why does my LPM rule for Product Info not work when the MSI is on a NAS share? Problem: diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/sage50.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/sage50.md similarity index 77% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/sage50.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/sage50.md index 7a401a3687..2d2fedb695 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/sage50.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/sage50.md @@ -1,3 +1,9 @@ +--- +title: "How can I use Endpoint Privilege Manager to get Sage 50 to work without admin rights?" +description: "How can I use Endpoint Privilege Manager to get Sage 50 to work without admin rights?" +sidebar_position: 80 +--- + # How can I use Endpoint Privilege Manager to get Sage 50 to work without admin rights? After working with one customer, we have included the Sage 50 pre-configured XML in the guidance, @@ -16,7 +22,7 @@ The customer's own remediation was to elevate the Print spooler also needs to be However, this is likely more than required, and instead, we would advise to merely attempt to change the integrity level of the spooler using these directions: -[I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?](/docs/endpointpolicymanager/leastprivilege/elevate/dragdrop.md) +[I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/dragdrop.md) Both avenues to adjust the spooler service are "use at your own risk." diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/ssms.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ssms.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/ssms.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ssms.md index ba583e1837..e14a45f8fd 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/ssms.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/ssms.md @@ -1,3 +1,9 @@ +--- +title: "Why is my File Info Deny rule for SQL MGMT Studio version 14.x and lower not working?" +description: "Why is my File Info Deny rule for SQL MGMT Studio version 14.x and lower not working?" +sidebar_position: 110 +--- + # Why is my File Info Deny rule for SQL MGMT Studio version 14.x and lower not working? ## PROBLEM: diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/supportedenvironments.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/supportedenvironments.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/supportedenvironments.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/supportedenvironments.md index 8a7d64c521..08de9c358c 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/supportedenvironments.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/supportedenvironments.md @@ -1,3 +1,9 @@ +--- +title: "Why doesn't Endpoint Privilege Manager work Windows 7 + SHA256 signed.JS and .VBS files ?" +description: "Why doesn't Endpoint Privilege Manager work Windows 7 + SHA256 signed.JS and .VBS files ?" +sidebar_position: 30 +--- + # Why doesn't Endpoint Privilege Manager work Windows 7 + SHA256 signed.JS and .VBS files ? Windows 7 doesn't have the internal "plumbing" to see SHA256 signed.JS and .VBS files are signed. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/wildcards.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/wildcards.md new file mode 100644 index 0000000000..d752eacbc3 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/wildcards.md @@ -0,0 +1,30 @@ +--- +title: "How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager?" +description: "How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager?" +sidebar_position: 90 +--- + +# How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager? + +When creating a PATH rule in LPM you can use wildcards at almost any level for the folder or file +name. + +For example, all of the PATHs below are valid: + +![667_1_image-20210312232539-1](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_1_image-20210312232539-1.webp) + +The same thing applies to using wildcards in Command-line arguments, all of the command-line +argument examples below are valid. + +Syntax when you know the file name starts with a 2: + +![667_2_image-20210316100826-1_942x394](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_2_image-20210316100826-1_942x394.webp) + +Syntax to substitute the name of any folder directly after %LocalAppData% and the file name starts +with a 2: + +![667_3_image-20210316101015-2_944x398](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_3_image-20210316101015-2_944x398.webp) + +Syntax to substitute the name of any folder after Microsoft and the file name starts with a 2: + +![667_4_image-20210316101118-3_940x391](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_4_image-20210316101118-3_940x391.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/winscp.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/winscp.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/winscp.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/winscp.md index a5d04feae6..c3b65065a6 100644 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/winscp.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/winscp.md @@ -1,3 +1,9 @@ +--- +title: "Why is my File Info Deny rule for WinSCP Setup 17.x and lower not working?" +description: "Why is my File Info Deny rule for WinSCP Setup 17.x and lower not working?" +sidebar_position: 120 +--- + # Why is my File Info Deny rule for WinSCP Setup 17.x and lower not working? PROBLEM: diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/acltraversentfsandre/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/acltraversentfsandre/_category_.json new file mode 100644 index 0000000000..e78fce2243 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/acltraversentfsandre/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "ACL Traverse NTFS And Registry", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/_category_.json new file mode 100644 index 0000000000..0127d618fd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Admin Approval Self Elevate Apply On Demand SecureCopy(TM) And UI Branding", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/autorulesfromadmin.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/autorulesfromadmin.md new file mode 100644 index 0000000000..13c300d950 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/autorulesfromadmin.md @@ -0,0 +1,12 @@ +--- +title: "Endpoint Privilege Manager Automatic Rules Creation from Admin Approval Requests" +description: "Endpoint Privilege Manager Automatic Rules Creation from Admin Approval Requests" +sidebar_position: 10 +--- + +# Endpoint Privilege Manager Automatic Rules Creation from Admin Approval Requests + +After setting up Admin Approval you might want to convert those requests into automatic rules. Learn +how to take inbound requests and immediately convert them into rules. + + diff --git a/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/justificationandauthentication.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/justificationandauthentication.md similarity index 86% rename from docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/justificationandauthentication.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/justificationandauthentication.md index b2135bc592..a4e935388b 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/justificationandauthentication.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/justificationandauthentication.md @@ -1,3 +1,9 @@ +--- +title: "Remember Justification and Authentication" +description: "Remember Justification and Authentication" +sidebar_position: 20 +--- + # Remember Justification and Authentication Want to set up number of runs (or number of hours) to keep justification & authentication diff --git a/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/overrideselfelevate.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/overrideselfelevate.md similarity index 80% rename from docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/overrideselfelevate.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/overrideselfelevate.md index 3b5ce13bee..84b7eb6e4e 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/overrideselfelevate.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/overrideselfelevate.md @@ -1,3 +1,9 @@ +--- +title: "Override Self Elevate Context Menu Action" +description: "Override Self Elevate Context Menu Action" +sidebar_position: 30 +--- + # Override Self Elevate Context Menu Action Do you have a specific rule you want to override against a blanket Self Elevate policy? The default diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/selfelevate.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/selfelevate.md new file mode 100644 index 0000000000..77388ca41f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/selfelevate.md @@ -0,0 +1,10 @@ +--- +title: "Changing Double-Click Behavior with Process Interception (Self Elevate / Admin Approval)" +description: "Changing Double-Click Behavior with Process Interception (Self Elevate / Admin Approval)" +sidebar_position: 40 +--- + +# Changing Double-Click Behavior with Process Interception (Self Elevate / Admin Approval) + +If you'd prefer the double-click behavior to be Self Elevate instead of UAC prompts or Admin +Approval here's how to adjust and decide which behavior you want. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/basicsandgettingstar/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/basicsandgettingstar/_category_.json new file mode 100644 index 0000000000..e6e1eb3206 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/basicsandgettingstar/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Basics And Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/_category_.json new file mode 100644 index 0000000000..1f6e32bf46 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Best Practices", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevateuwp.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/elevateuwp.md similarity index 80% rename from docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevateuwp.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/elevateuwp.md index c8cdc8b389..5d9e28d503 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevateuwp.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/elevateuwp.md @@ -1,3 +1,9 @@ +--- +title: "PPLPM Elevating UWP Applications" +description: "PPLPM Elevating UWP Applications" +sidebar_position: 10 +--- + # PPLPM Elevating UWP Applications PPLPM can elevate UWP applications. See the best practices in this video before you get started. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/msi.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/msi.md new file mode 100644 index 0000000000..598a5b6ace --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/msi.md @@ -0,0 +1,12 @@ +--- +title: "Best Practices of MSI installations from the Windows Store (UWP Applications)" +description: "Best Practices of MSI installations from the Windows Store (UWP Applications)" +sidebar_position: 20 +--- + +# Best Practices of MSI installations from the Windows Store (UWP Applications) + +With Endpoint Policy Manager and UWP rules you can elevate an MSI that comes from the Windows Store. +See how in this video. + + diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/businesssolutions/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/businesssolutions/_category_.json new file mode 100644 index 0000000000..dd82d7b4da --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/businesssolutions/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Business Solutions", + "position": 90, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/businesssolutions/denyselfelevate.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/businesssolutions/denyselfelevate.md new file mode 100644 index 0000000000..5b816c9cfb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/businesssolutions/denyselfelevate.md @@ -0,0 +1,12 @@ +--- +title: "PPLPM: Deny Wins Over Self Elevate (using Java installation as example)" +description: "PPLPM: Deny Wins Over Self Elevate (using Java installation as example)" +sidebar_position: 10 +--- + +# PPLPM: Deny Wins Over Self Elevate (using Java installation as example) + +Want to allow Self Elevate but deny specific vendors' software, like Oracle Java so developers can't +install them? See how in this video! + + diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/eventing/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/eventing/_category_.json new file mode 100644 index 0000000000..e6254f9d86 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/eventing/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Eventing", + "position": 80, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/video/leastprivilege/preventevents.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/eventing/preventevents.md similarity index 83% rename from docs/endpointpolicymanager/video/leastprivilege/preventevents.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/eventing/preventevents.md index eda20a619c..0214bd93eb 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/preventevents.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/eventing/preventevents.md @@ -1,3 +1,9 @@ +--- +title: "Automatically Prevent 6210 and 6215 Events from Known Good Identities" +description: "Automatically Prevent 6210 and 6215 Events from Known Good Identities" +sidebar_position: 10 +--- + # Automatically Prevent 6210 and 6215 Events from Known Good Identities When Endpoint Policy Manager SecureRun is not enabled, it will automatically generate 6210 events diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/helperstoolsandtipsa/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/helperstoolsandtipsa/_category_.json new file mode 100644 index 0000000000..f3546825e6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/helperstoolsandtipsa/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Helpers Tools And Tips And Tricks", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/howtoandtechsupport/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/howtoandtechsupport/_category_.json new file mode 100644 index 0000000000..bfd79b6e40 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/howtoandtechsupport/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "How To And Tech Support", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/_category_.json new file mode 100644 index 0000000000..81a731789e --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Mac Integration", + "position": 110, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/applicationpackage.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/applicationpackage.md new file mode 100644 index 0000000000..17b0a9a872 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/applicationpackage.md @@ -0,0 +1,11 @@ +--- +title: "Endpoint Policy Manager Least Priv Manager for Macs Application Package Support" +description: "Endpoint Policy Manager Least Priv Manager for Macs Application Package Support" +sidebar_position: 30 +--- + +# Endpoint Policy Manager Least Priv Manager for Macs Application Package Support + +Got Macs and need to do Least Privilege Functions upon them? Then use Netwrix Endpoint Policy +Manager (formerly PolicyPak) for Mac which hooks into Endpoint Policy Manager Cloud and remove local +admin rights for Macs! diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/cloudinstall.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/cloudinstall.md new file mode 100644 index 0000000000..9cfa2f5851 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/cloudinstall.md @@ -0,0 +1,9 @@ +--- +title: "Endpoint Policy Managerfor MacOS Installation (using Endpoint Policy Manager Cloud)" +description: "Endpoint Policy Managerfor MacOS Installation (using Endpoint Policy Manager Cloud)" +sidebar_position: 10 +--- + +# Endpoint Policy Managerfor MacOS Installation (using Endpoint Policy Manager Cloud) + +Got Macs and want to get PolicyPak installed quickly? Here's your guide! diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/collectdiagnostics.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/collectdiagnostics.md new file mode 100644 index 0000000000..79ba1632ca --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/collectdiagnostics.md @@ -0,0 +1,10 @@ +--- +title: "Collect Diagnostics" +description: "Collect Diagnostics" +sidebar_position: 90 +--- + +# Collect Diagnostics + +Automatically locate all relevant Endpoint Policy Manager for Mac logs and get them Zipped up and +ready for investigation by the Endpoint Policy Manager team. diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/finder.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/finder.md similarity index 82% rename from docs/endpointpolicymanager/video/leastprivilege/mac/finder.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/finder.md index 54b32d6372..e96c9feb83 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/finder.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/finder.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager MacOS: Mac Finder Policies" +description: "Endpoint Policy Manager MacOS: Mac Finder Policies" +sidebar_position: 70 +--- + # Endpoint Policy Manager MacOS: Mac Finder Policies Need to deliver Applications to the /Applications folder, or specific files to specific app or user diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/macjointoken.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/macjointoken.md new file mode 100644 index 0000000000..5a0e3c81bf --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/macjointoken.md @@ -0,0 +1,10 @@ +--- +title: "Mac and Jointoken" +description: "Mac and Jointoken" +sidebar_position: 20 +--- + +# Mac and Jointoken + +Create a Jointoken in Endpoint Policy Manager, then use the Mac client to automatically place the +endpoint in one or more groups. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmounpart2.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmounpart2.md new file mode 100644 index 0000000000..619cdde94c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmounpart2.md @@ -0,0 +1,10 @@ +--- +title: "Endpoint Privilege Manager for Mac: Mount / Unmount Part II" +description: "Endpoint Privilege Manager for Mac: Mount / Unmount Part II" +sidebar_position: 60 +--- + +# Endpoint Privilege Manager for Mac: Mount / Unmount Part II + +This is Part II where you can learn some advanced parameters which you can mix and match to dial in +the exact experience you want with Mac mounting, unmounting and elevation. diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmountpart1.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmountpart1.md similarity index 78% rename from docs/endpointpolicymanager/video/leastprivilege/mac/mountunmountpart1.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmountpart1.md index 6631b1d2c1..a4583afeea 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmountpart1.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmountpart1.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Privilege Manager for Mac: Mount / Unmount Part I" +description: "Endpoint Privilege Manager for Mac: Mount / Unmount Part I" +sidebar_position: 50 +--- + # Endpoint Privilege Manager for Mac: Mount / Unmount Part I Take a quick tour of Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/policycandidates.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/policycandidates.md similarity index 79% rename from docs/endpointpolicymanager/video/leastprivilege/mac/policycandidates.md rename to docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/policycandidates.md index 1705cbd4e9..ea7b630809 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/policycandidates.md +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/policycandidates.md @@ -1,3 +1,9 @@ +--- +title: "Mac Policy Candidates Admin Tool" +description: "Mac Policy Candidates Admin Tool" +sidebar_position: 100 +--- + # Mac Policy Candidates Admin Tool The Endpoint Policy Manager Mac Policy Candidates Admin tool allows admins to analyze applications, diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/privilege.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/privilege.md new file mode 100644 index 0000000000..a3384aa04d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/privilege.md @@ -0,0 +1,12 @@ +--- +title: "Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps)" +description: "Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps)" +sidebar_position: 80 +--- + +# Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps) + +Got applications which launch that need admin rights to install their MacOS helper apps? Here's how +to overcome that problem! + + diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/systemsettings.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/systemsettings.md new file mode 100644 index 0000000000..dd452fb119 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/systemsettings.md @@ -0,0 +1,12 @@ +--- +title: "Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy" +description: "Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy" +sidebar_position: 40 +--- + +# Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy + +If you have MacOS and want to overcome the System Settings prompts which require administrative +rights; watch this video to see how its done. + + diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/methodscloudmdmsccmp/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/methodscloudmdmsccmp/_category_.json new file mode 100644 index 0000000000..5a9c8fe303 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/methodscloudmdmsccmp/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods Cloud MDM SCCM PDQ", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/netwrixprivilegesecu/_category_.json b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/netwrixprivilegesecu/_category_.json new file mode 100644 index 0000000000..b73453e8fc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/netwrixprivilegesecu/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Netwrix Privilege Secure For Access Management Integration", + "position": 100, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/netwrixprivilegesecu/selfelevatemode.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/netwrixprivilegesecu/selfelevatemode.md new file mode 100644 index 0000000000..d1720414fe --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/netwrixprivilegesecu/selfelevatemode.md @@ -0,0 +1,10 @@ +--- +title: "Endpoint Privilege Manager: NPS Self Elevate Mode (Paid Feature)" +description: "Endpoint Privilege Manager: NPS Self Elevate Mode (Paid Feature)" +sidebar_position: 10 +--- + +# Endpoint Privilege Manager: NPS Self Elevate Mode (Paid Feature) + +With Endpoint Policy Manager you can use the power of the Self Elevate Feature in conjunction with +the proxy and brokering of the Netwrix Privilege Secure Server. diff --git a/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..05fd893321 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/videolearningcenter.md @@ -0,0 +1,121 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for more information on Least Privilege Manager. + +## Basics and Getting Started + +- [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) +- [Use Group Policy to remove local admin rights (then Endpoint Policy Manager to enable Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/removelocaladmin.md) +- [Link to Computer, Filter by User](/docs/endpointpolicymanager/video/leastprivilege/userfilter.md) +- [Installing applications-and-Preconfigured-Rules](/docs/endpointpolicymanager/video/leastprivilege/installapplications.md) +- [Auto Rules Generator Tool (with SecureRun)](/docs/endpointpolicymanager/video/leastprivilege/autorulesgeneratortool.md) +- [Endpoint Policy Manager Application Control with PP Least Privilege Manager](/docs/endpointpolicymanager/video/leastprivilege/applicationcontrol.md) +- [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) +- [COM Support](/docs/endpointpolicymanager/video/leastprivilege/comsupport.md) +- [Overcome UAC prompts for Active X controls](/docs/endpointpolicymanager/video/leastprivilege/uacpromptsactivex.md) + +## How-To & Tech Support + +- [Elevate (or smack down) scripts and Java JAR files](/docs/endpointpolicymanager/video/leastprivilege/elevate/scripts.md) +- [Enable end-users to install their own fonts](/docs/endpointpolicymanager/video/leastprivilege/elevate/installfonts.md) +- [Manage, block and allow Windows Universal (UWP) applications](/docs/endpointpolicymanager/video/leastprivilege/windowsuniversalapplications.md) +- [More security with Combo Rules](/docs/endpointpolicymanager/video/leastprivilege/securitycomborules.md) +- [Least Privilege Manager: Deny Messages](/docs/endpointpolicymanager/video/leastprivilege/denymessages.md) +- [Prevent Edge from Launching](/docs/endpointpolicymanager/video/leastprivilege/preventedge.md) +- [Stop Ransomware and other unknown zero day attacks with Endpoint Policy Manager SecureRun(TM)](/docs/endpointpolicymanager/video/leastprivilege/securerun/stopransomware.md) +- [Least Privilege Manager: Block All Unsigned with SecureRun](/docs/endpointpolicymanager/video/leastprivilege/securerun/preventunsigned.md) +- [Endpoint Privilege Manager: Use Item Level Targeting to hone in when rules apply.](/docs/endpointpolicymanager/video/leastprivilege/itemleveltargeting.md) + +## Methods: Cloud, MDM, SCCM, PDQ + +- [Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) +- [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) +- [Deploying Apps that Require Admin Rights Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeploy.md) +- [Blocking Malware with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeployblockmalware.md) + +## Best Practices + +- [Best Practices for Elevating User-Based Installs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevatinguserbasedinstalls.md) +- [PPLPM Elevating UWP Applications](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/elevateuwp.md) +- [Best Practices of MSI installations from the Windows Store (UWP Applications) ](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/bestpractices/msi.md) +- [Security and Child Processes](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securitychildprocesses.md) +- [Increase security by reducing rights on Open/Save dialogs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/opensavedialogs.md) +- [Endpoint Privilege Manager and Wildcards](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/wildcards.md) +- [Reduce or specify Service Account Rights](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/serviceaccountrights.md) +- [Block PowerShell in General, Open up for specific items](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/powershellblock.md) +- [SecureRun to block User AND System executables](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securerun/usersystemexecutables.md) +- [Elevate apps as standard user, BLOCK other Admins](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/appblock.md) +- [Endpoint Policy Manager Least Priv Manager: Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/selfelevatemode.md) + +## ACL Traverse: NTFS and Registry + +- [Endpoint Policy Manager: ACL Traverse to enable users to delete icons on desktop](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/deleteicons.md) +- [Endpoint Policy Manager and ACL Traverse: How to give rights to modify HOSTS files and similar](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/modifyhosts.md) +- [Endpoint Policy Manager ACL and File Traverse: Let any application in Programfiles overcome NTFS permissions](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/ntfspermissions.md) +- [Endpoint Policy Manager: Overcome ACLs in Registry even as Standard User](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/registry.md) + +## Admin Approval, Self Elevate, Apply on Demand, SecureCopy(TM), and UI Branding + +- [Admin Approval demo](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/demo.md) +- [Using Email / Long Codes](/docs/endpointpolicymanager/video/leastprivilege/longcodes.md) +- [Understand "Enforce Admin Approval for all installers" behavior](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/enforce.md) +- [Endpoint Privilege Manager: Admin Approval Email method (with Notepad instead)](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/email.md) +- [Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/demo.md) +- [Endpoint Privilege: Re-Authenticate with Self Elevate](/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/reauthenticate.md) +- [Least Privilege Manager: Apply On Demand](/docs/endpointpolicymanager/video/leastprivilege/applyondemand.md) +- [SecureCopy(TM). Empower users to copy then elevate items](/docs/endpointpolicymanager/video/leastprivilege/securecopy.md) +- [Branding the UI and Dialogs](/docs/endpointpolicymanager/video/leastprivilege/branding.md) +- [Endpoint Privilege Manager Automatic Rules Creation from Admin Approval Requests](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/adminapprovalselfele/autorulesfromadmin.md) + +## Helpers Tools & Tips and Tricks + +- [Overcome Network Card, Printer, and Remove Programs UAC prompts](/docs/endpointpolicymanager/video/leastprivilege/uacprompts.md) +- [Endpoint Policy Manager Least Priv Manager Tools Setup](/docs/endpointpolicymanager/video/leastprivilege/toolssetup.md) +- [Getting the helper tools as desktop shortcuts](/docs/endpointpolicymanager/video/leastprivilege/helperdesktopshortcut.md) +- [Endpoint Privilege Manager: Install Printers via Native NTPRINT Dialog](/docs/endpointpolicymanager/video/leastprivilege/ntprintdialog.md) +- [Endpoint Privilege Manager: Edit IP SETTINGS EDIT VIA WIN GUI](/docs/endpointpolicymanager/video/leastprivilege/wingui.md) + +## Eventing + +- [Events](/docs/endpointpolicymanager/video/leastprivilege/events.md) +- [Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) +- [Endpoint Policy Manager Cloud + PPLPM + Events: Collect Events in the Cloud](/docs/endpointpolicymanager/video/leastprivilege/cloudevents.md) +- [Using Windows Event Forwarding to search for interesting events](/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md) +- [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md) + +## Business Solutions + +- [Endpoint Policy Manager and WinGet: Overcome UAC prompts when standard users use Windows Package Manager](/docs/endpointpolicymanager/video/leastprivilege/winget.md) +- [Overcome Print Nightmare Standard User UAC Prompts](/docs/endpointpolicymanager/video/leastprivilege/printeruacprompts.md) +- [Microsoft WDAC recommended block rules Guidance](/docs/endpointpolicymanager/video/leastprivilege/microsoftrecommendations.md) +- [PPLPM: Deny Wins Over Self Elevate (using Java installation as example)](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/businesssolutions/denyselfelevate.md) + +## Netwrix Privilege Secure for Access Management Integration + +- [Netwrix Privilege Secure Client - Getting Started with MMC with/without Endpoint Policy Manager ](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecure.md) +- [Netwrix Privilege Secure and the NPS/Endpoint Policy Manager Client](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecureclient.md) +- [Endpoint Privilege Manager: NPS Self Elevate Mode (Paid Feature)](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/netwrixprivilegesecu/selfelevatemode.md) +- [Netwrix Privilege Secure and LICENSING](/docs/endpointpolicymanager/video/leastprivilege/integration/license.md) + +## Mac Integration + +- [Endpoint Policy Managerfor MacOS Installation (using Endpoint Policy Manager Cloud)](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/cloudinstall.md) +- [Mac and Jointoken](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/macjointoken.md) +- [Endpoint Policy Manager Least Priv Manager for Macs Application Package Support](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/applicationpackage.md) +- [Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/systemsettings.md) +- [Endpoint Policy Manager Cloud and SUDO support](/docs/endpointpolicymanager/video/leastprivilege/mac/sudosupport.md) +- [Endpoint Policy Manager Cloud Mac + SUDO Using Wildcard Example](/docs/endpointpolicymanager/video/leastprivilege/mac/wildcards.md) +- [Application Launch Approval](/docs/endpointpolicymanager/video/leastprivilege/mac/applicationlaunch.md) +- [Endpoint Policy Manager Cloud +Least Privilege Manager for Mac Events collector](/docs/endpointpolicymanager/video/leastprivilege/mac/eventscollector.md) +- [Endpoint Policy Manager for Mac and Admin Approval](/docs/endpointpolicymanager/video/leastprivilege/mac/adminapproval.md) +- [Endpoint Privilege Manager for Mac: Mount / Unmount Part I](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmountpart1.md) +- [Endpoint Privilege Manager for Mac: Mount / Unmount Part II](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmounpart2.md) +- [Endpoint Policy Manager MacOS: Mac Finder Policies](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/finder.md) +- [Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps)](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/privilege.md) +- [Collect Diagnostics](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/collectdiagnostics.md) diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/_category_.json b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/_category_.json new file mode 100644 index 0000000000..c4164e6d25 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Network Security Manager", + "position": 120, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/_category_.json new file mode 100644 index 0000000000..8a826b99da --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/applicationsports.md b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/applicationsports.md new file mode 100644 index 0000000000..10dd200add --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/applicationsports.md @@ -0,0 +1,9 @@ +--- +title: "Endpoint Policy Manager Network Security Manager - Applications and Ports" +description: "Endpoint Policy Manager Network Security Manager - Applications and Ports" +sidebar_position: 30 +--- + +# Endpoint Policy Manager Network Security Manager - Applications and Ports + +Got applications you want to lockdown to use specific IPs and ports? Use this video to get the gist. diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/auditingevents.md b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/auditingevents.md new file mode 100644 index 0000000000..a282596293 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/auditingevents.md @@ -0,0 +1,9 @@ +--- +title: "Endpoint Policy Manager Network Security Manager - Auditing Events" +description: "Endpoint Policy Manager Network Security Manager - Auditing Events" +sidebar_position: 50 +--- + +# Endpoint Policy Manager Network Security Manager - Auditing Events + +Need to turn on eventing? You can do this per Process then per activity. See how in this video. diff --git a/docs/endpointpolicymanager/video/networksecurity/basics.md b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/basics.md similarity index 77% rename from docs/endpointpolicymanager/video/networksecurity/basics.md rename to docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/basics.md index dd27646efe..5cd912c97f 100644 --- a/docs/endpointpolicymanager/video/networksecurity/basics.md +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/basics.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Network Security Manager - The Basics" +description: "Endpoint Policy Manager Network Security Manager - The Basics" +sidebar_position: 10 +--- + # Endpoint Policy Manager Network Security Manager - The Basics Here's a demo of Netwrix Endpoint Policy Manager (formerly PolicyPak) Network Security Manager and diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/domainnames.md b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/domainnames.md new file mode 100644 index 0000000000..98a0a1d0e9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/domainnames.md @@ -0,0 +1,9 @@ +--- +title: "Endpoint Policy Manager Network Security Manager - Using Domain Names" +description: "Endpoint Policy Manager Network Security Manager - Using Domain Names" +sidebar_position: 20 +--- + +# Endpoint Policy Manager Network Security Manager - Using Domain Names + +Want to use Domain Names to allow and block? You can do that ! diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/globalsettings.md b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/globalsettings.md new file mode 100644 index 0000000000..613c54aaab --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/globalsettings.md @@ -0,0 +1,11 @@ +--- +title: "Endpoint Policy Manager Network Security Manager - Global settings" +description: "Endpoint Policy Manager Network Security Manager - Global settings" +sidebar_position: 40 +--- + +# Endpoint Policy Manager Network Security Manager - Global settings + +Learn how you can specify the text of the dialog box presented to users when Network Security +Manager is actively managing a process. You can even use links in the dialog to send them to your +helpdesk for more information ! diff --git a/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..84d46129e9 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/videolearningcenter.md @@ -0,0 +1,17 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 10 +--- + +# Video Learning Center + +See the following Video topics for Network Security Manager. + +## Getting Started + +- [Endpoint Policy Manager Network Security Manager - The Basics](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/basics.md) +- [Endpoint Policy Manager Network Security Manager - Using Domain Names](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/domainnames.md) +- [Endpoint Policy Manager Network Security Manager - Applications and Ports](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/applicationsports.md) +- [Endpoint Policy Manager Network Security Manager - Global settings](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/globalsettings.md) +- [Endpoint Policy Manager Network Security Manager - Auditing Events](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/auditingevents.md) diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/_category_.json new file mode 100644 index 0000000000..ffa04bd601 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Remote Work Delivery Manager", + "position": 170, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..eef38fd2a0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/knowledgebase.md @@ -0,0 +1,21 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Remote Work Delivery Manager. + +## Tips and Tricks + +- [How can I make applications install sequentially / in order (and how does it work?)](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installsequentially.md) +- [How to Install UWP applications using Endpoint Policy Manager Remote Work Delivery Manager](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installuwp.md) +- [How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/updateclientsideextension.md) +- [What variables can I use in place for source or destination in Remote Work Delivery Manager?](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/variables.md) +- [How To deploy a TCP/IP Printer using Endpoint Policy Manager Remote Work Delivery Manager](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/printers.md) + +## Troubleshooting + +- [My Dropbox link won't verify in Remote Work Delivery Manager](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/troubleshooting/dropboxlink.md) diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/_category_.json new file mode 100644 index 0000000000..b43a933aa8 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/remoteworkdelivery/installsequentially.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installsequentially.md similarity index 89% rename from docs/endpointpolicymanager/remoteworkdelivery/installsequentially.md rename to docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installsequentially.md index 33559be6eb..9042e4421e 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/installsequentially.md +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installsequentially.md @@ -1,3 +1,9 @@ +--- +title: "How can I make applications install sequentially / in order (and how does it work?)" +description: "How can I make applications install sequentially / in order (and how does it work?)" +sidebar_position: 10 +--- + # How can I make applications install sequentially / in order (and how does it work?) By default, Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager will diff --git a/docs/endpointpolicymanager/remoteworkdelivery/installuwp.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installuwp.md similarity index 97% rename from docs/endpointpolicymanager/remoteworkdelivery/installuwp.md rename to docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installuwp.md index a6c08af179..fff193957c 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/installuwp.md +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/installuwp.md @@ -1,3 +1,9 @@ +--- +title: "How to Install UWP applications using Endpoint Policy Manager Remote Work Delivery Manager" +description: "How to Install UWP applications using Endpoint Policy Manager Remote Work Delivery Manager" +sidebar_position: 20 +--- + # How to Install UWP applications using Endpoint Policy Manager Remote Work Delivery Manager Using the Azure VPN Client UWP application as an example, this article will cover the steps needed diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/printers.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/printers.md new file mode 100644 index 0000000000..42e281dbd4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/printers.md @@ -0,0 +1,83 @@ +--- +title: "How To deploy a TCP/IP Printer using Endpoint Policy Manager Remote Work Delivery Manager" +description: "How To deploy a TCP/IP Printer using Endpoint Policy Manager Remote Work Delivery Manager" +sidebar_position: 50 +--- + +# How To deploy a TCP/IP Printer using Endpoint Policy Manager Remote Work Delivery Manager + +**Step 1 –** Zip up the Printer setup files and store on a network share that is accessible to the +users that need to have the printer installed. + +For Example: + +![571_1_image-20210320020022-1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_1_image-20210320020022-1.webp) + +**NOTE:** This zip should contain the driver INF file for the printer to be installed. + +![571_2_image-20210320020022-2](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_2_image-20210320020022-2.webp) + +**Step 2 –** Using the Microsoft Group Policy Management Console (GPMC), create a new Netwrix +Endpoint Policy Manager (formerly PolicyPak) RWDM Standard Policy on either the Computer side (using +Switched-Mode), or the User side. + +![571_3_image-20210320020022-3](/img/product_docs/endpointpolicymanager/remoteworkdelivery/722_3_image-20201105183910-3.webp) + +**Step 3 –** At the Welcome screen select Copy a single file, and click **Next**. + +![571_4_image-20210320020022-4](/img/product_docs/endpointpolicymanager/remoteworkdelivery/722_4_image-20201105183910-4.webp) + +**Step 4 –** Select Apply this policy to all users who log on to the computer (switched mode), then +click **Next**. + +![571_5_image-20210320020022-5](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_5_image-20210320020022-5.webp) + +**Step 5 –** Enter the UNC path to the printer zip file from step 1 above, then click **Next**. + +![571_6_image-20210320020022-6](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_6_image-20210320020022-6.webp) + +**Step 6 –** Specify the target folder on the endpoint(s) where you would like the zip to be +downloaded to, provide the file name for the destination, then click **Next**.  + +**NOTE:** The target folder will be created if it does not exist + +![571_7_image-20210320020022-7](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_7_image-20210320020022-7.webp) + +**Step 7 –** Accept the default values and click **Next**. + +![571_8_image-20210320020022-8](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_8_image-20210320020022-8.webp) + +**Step 8 –** Select **Once** then click **Next**. + +![571_9_image-20210320020022-9](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_9_image-20210320020022-9.webp) + +At the Post-copy actions screen select the **Run PowerShell script**, and **Run process or script as +user** options, then add/edit the command lines below as needed to reflect what is needed for your +specific printer model, then click **Next**. + +TIP:[ Go to https://www.pdq.com/blog/using-powershell-to-install-printers/ for more information on this topic.](https://www.pdq.com/blog/using-powershell-to-install-printers/) + +``` +Expand-Archive -LiteralPath 'c:\temp\canon.zip' -DestinationPath C:\Temp    pnputil.exe /a "C:\Temp\Canon\Driver\CNS30MA64.INF"    Start-Sleep -s 10    Add-PrinterDriver -Name "Canon Generic Plus PS3"    Add-PrinterPort -Name "IP Port" -PrinterHostAddress "192.168.1.27"    Add-Printer -DriverName "Canon Generic Plus PS3" -Name "Canon Generic Plus PS3" -PortName "IP Port"  +``` + +![571_10_image-20210320020022-10](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_10_image-20210320020022-10.webp) + +**Important**: The Add-PrinterDriver -Name section above the name specified (i.e., "Canon Generic +Plus PS3" in this example) must match one of the names in the INF file! + +![571_11_image-20210320020022-11](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_11_image-20210320020022-11.webp) + +**Step 9 –** Skip the Revert actions screen unless you wish to add a revert action. + +**Step 10 –** At the Policy settings screen give the policy a descriptive name, then click +**Finish**. + +![571_12_image-20210320020022-12](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_12_image-20210320020022-12.webp) + +**Step 11 –** Run GPUPDATE on an endpoint that receives this policy to test, then verify under +Printers & Scanners that you see the printer installed. + +**NOTE:** The printer may take around 30 seconds to install. + +![571_13_image-20210320020022-13](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_13_image-20210320020022-13.webp) diff --git a/docs/endpointpolicymanager/remoteworkdelivery/updateclientsideextension.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/updateclientsideextension.md similarity index 93% rename from docs/endpointpolicymanager/remoteworkdelivery/updateclientsideextension.md rename to docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/updateclientsideextension.md index bd68445241..dee0c6de87 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/updateclientsideextension.md +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/updateclientsideextension.md @@ -1,3 +1,9 @@ +--- +title: "How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?" +description: "How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?" +sidebar_position: 30 +--- + # How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension? If you do not have an existing software distribution solution, delivery of software and updates can diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/variables.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/variables.md new file mode 100644 index 0000000000..8578a58242 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/variables.md @@ -0,0 +1,59 @@ +--- +title: "What variables can I use in place for source or destination in Remote Work Delivery Manager?" +description: "What variables can I use in place for source or destination in Remote Work Delivery Manager?" +sidebar_position: 40 +--- + +# What variables can I use in place for source or destination in Remote Work Delivery Manager? + +The following variables are honored in Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote +Work Delivery Manager. + +Using the list below you can use these variables as sources or destinations. + +For instance to copy files from `\\server2016\share` to `%DesktopDir%` simply put in `%DesktopDir%` +in the Destination slo: + +![806_1_img](/img/product_docs/endpointpolicymanager/remoteworkdelivery/806_1_img.webp) + +The acceptable variables are below. Be sure to encapsulate them all with %, like %DestopDir% + +``` +AppDataDir +CommonAppdataDir +CommonDesktopDir +CommonFavoritesDir +CommonProgramsDir +CommonStartMenuDir +CommonStartUpDir +Desktop +DesktopDir +Documents +DocumentsDir +Downloads +DownloadsDir +Favorites +FavoritesDir +Links +LinksDir +Music +MusicDir +NetPlacesDir +Pictures +PicturesDir +ProgramFilesDir +ProgramFilesX86Dir +ProgramFilesX64Dir +ProgramsDir +RecentDocumentsDir +SendToDir +StartMenuDir +StartUpDir +SystemDir +SystemX86Dir +Videos +VideosDir +DestinationDir +Destination +DestinationFile +``` diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..d0c808bf1b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/dropboxlink.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/troubleshooting/dropboxlink.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/dropboxlink.md rename to docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/troubleshooting/dropboxlink.md index 78dfcb8bfd..bb626f6b16 100644 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/dropboxlink.md +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/troubleshooting/dropboxlink.md @@ -1,3 +1,9 @@ +--- +title: "My Dropbox link won't verify in Remote Work Delivery Manager" +description: "My Dropbox link won't verify in Remote Work Delivery Manager" +sidebar_position: 10 +--- + # My Dropbox link won't verify in Remote Work Delivery Manager Dropbox has recently made a change to their service and temporarily blocked our ability to verify diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/methodscloudmdmsccme/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/methodscloudmdmsccme/_category_.json new file mode 100644 index 0000000000..40ba6417bd --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/methodscloudmdmsccme/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods Cloud MDM SCCM Etc", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/tipsandtricks/_category_.json new file mode 100644 index 0000000000..ec873edc2f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..a1f7ccc623 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/videolearningcenter/videolearningcenter.md @@ -0,0 +1,27 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Remote Work Delivery Manager. + +## Getting Started + +- [Install software with SMB (standard share)](/docs/endpointpolicymanager/video/remoteworkdelivery/smb.md) +- [Install software using web-based shares](/docs/endpointpolicymanager/video/remoteworkdelivery/webbasedshares.md) +- [Mass copy folders and files (with filters and recursion)](/docs/endpointpolicymanager/video/remoteworkdelivery/masscopy.md) +- [Automatic Patching and Updates](/docs/endpointpolicymanager/video/remoteworkdelivery/patching.md) + +## Methods: Cloud, MDM, SCCM, etc. + +- [Deploy software with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/remoteworkdelivery/cloud.md) +- [Copy files and keep them up to date with your MDM service](/docs/endpointpolicymanager/video/remoteworkdelivery/mdm.md) + +## Tips and Tricks + +- [Endpoint Policy Manager: Remote Work Delivery Manager Local File Copy Magic](/docs/endpointpolicymanager/video/remoteworkdelivery/localfilecopy.md) +- [Endpoint Policy Manager: Use Azure Blob Storage to Deploy and Patch your software](/docs/endpointpolicymanager/video/remoteworkdelivery/azureblobstorage.md) +- [Using Remote Work Delivery Manager to Update the Endpoint Policy Manager Client Side Extension](/docs/endpointpolicymanager/video/remoteworkdelivery/updateclientsideextension.md) diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/_category_.json new file mode 100644 index 0000000000..416ef88a13 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Scripts And Triggers Manager", + "position": 150, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..4fc4da2b11 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/knowledgebase.md @@ -0,0 +1,42 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Scripts and Triggers Manager. + +## Troubleshooting + +- [What must I do in Cylance such that it will run Powershell scripts via Endpoint Policy Scripts Manager?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/cylance.md) +- [What is the expected behavior after an Endpoint Policy Manager Script "ON/APPLY" script is modified?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/onapplyscript.md) +- [Where do scripts run? How are they protected from unauthorized access? How can I change the location of where scripts are stored?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/scriptlocation.md) +- [Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpnsolutions.md) +- [How do Endpoint Policy Scripts Manager PowerShell Scripts behave when PowerShell is blocked or disabled using the following methods?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/powershellscripts.md) +- [Why don't Batch and PowerShell scripts get blocked when SYSTEM processes are blocked](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/systemprocesses.md) +- [How do I update Windows 7 machines to TLS 1.2 such that they work with Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/windows7tls.md) +- [Upgrading MS Teams to latest version displays prompts for Admin Approval](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/adminapproval.md) + +## Tip and Tricks + +- [How to import a WLAN / 802.11 / Wireless profile from a Network Share using Endpoint Policy Scripts Manager?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlannetwork.md) +- [How to import a WLAN / 802.11 / Wireless profile from Dropbox using Endpoint Policy Scripts Manager](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlandropbox.md) +- [How to silently install Firefox ESR, Chrome and WinZip 14.5 using Endpoint Policy Scripts Manager](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/silentbrowserinstall.md) +- [How to create a shortcut under the Public Desktop using Endpoint Policy Scripts Manager](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/shortcutpublicdesktop.md) +- [How to deliver network drive mappings with PowerShell using Scripts Manager](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/powershell.md) +- [How do I use Scripts Manager to update the Registry on end-user workstations](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/updateregistry.md) +- [How to Reset Secure Channel for computers that have fallen out of sync with domain while working remotely by using Scripts Manager in Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/resetsecurechannel.md) +- [How-to change Temperature Unit from Fahrenheit to Celsius in Microsoft Outlook Calendar via Group Policy?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/temperatureunit.md) +- [How do I automate BitLocker deployment for my enterprise with Group Policy and Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/bitlockerdeployment.md) +- [What is the expected behavior on Windows 10 when you MODIFY an existing Endpoint Policy Manager Scripts script?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/windows10modifyscript.md) +- [How to run Microsoft Teams minimized to systray using PPScripts and PPAM](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/teamsminimized.md) +- [How does Endpoint Policy Manager Scripts & Triggers know when the VPN connection is made or lost?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/vpnconnection.md) +- [How to use Scripts Manager Event Log Triggers to Map Network Drives when a VPN is Connected](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/eventlogtriggers.md) +- [How to Set the Password for a Local Account using Scripts Manager](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localaccountpassword.md) +- [How to use Scripts Manager Triggers to Map Network Drives when a VPN is Connected](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpn.md) +- [How do I user Endpoint Policy Manager to set the screensaver to a custom slideshow?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/screensavers.md) +- [Can I get more details on how Endpoint Policy Scripts Manager processes run?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/processesdetails.md) +- [How to Run Microsoft Edge Once at a User's 1st Logon using Scripts and Triggers Manager](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/edgefirstlogon.md) +- [How to Create a Local Scheduled Task to Reboot a PC every day at 9 AM](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localscheduledtask.md) diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/_category_.json new file mode 100644 index 0000000000..495ac0efb4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tip And Tricks", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/scriptstriggers/bitlockerdeployment.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/bitlockerdeployment.md similarity index 95% rename from docs/endpointpolicymanager/scriptstriggers/bitlockerdeployment.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/bitlockerdeployment.md index fd6b307105..2b4e11cd9f 100644 --- a/docs/endpointpolicymanager/scriptstriggers/bitlockerdeployment.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/bitlockerdeployment.md @@ -1,3 +1,9 @@ +--- +title: "How do I automate BitLocker deployment for my enterprise with Group Policy and Endpoint Policy Manager?" +description: "How do I automate BitLocker deployment for my enterprise with Group Policy and Endpoint Policy Manager?" +sidebar_position: 90 +--- + # How do I automate BitLocker deployment for my enterprise with Group Policy and Endpoint Policy Manager? Many organizations want to protect the data on the end-user's computers from prying eyes. Especially diff --git a/docs/endpointpolicymanager/scriptstriggers/edgefirstlogon.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/edgefirstlogon.md similarity index 89% rename from docs/endpointpolicymanager/scriptstriggers/edgefirstlogon.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/edgefirstlogon.md index 6a2a127760..3fc82560ee 100644 --- a/docs/endpointpolicymanager/scriptstriggers/edgefirstlogon.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/edgefirstlogon.md @@ -1,3 +1,9 @@ +--- +title: "How to Run Microsoft Edge Once at a User's 1st Logon using Scripts and Triggers Manager" +description: "How to Run Microsoft Edge Once at a User's 1st Logon using Scripts and Triggers Manager" +sidebar_position: 180 +--- + # How to Run Microsoft Edge Once at a User's 1st Logon using Scripts and Triggers Manager **Step 1 –** Create a new Scripts and Triggers Policy on the Computer side that runs in Switched diff --git a/docs/endpointpolicymanager/scriptstriggers/mappeddrives/eventlogtriggers.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/eventlogtriggers.md similarity index 96% rename from docs/endpointpolicymanager/scriptstriggers/mappeddrives/eventlogtriggers.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/eventlogtriggers.md index 2b80c0973c..21f768deb4 100644 --- a/docs/endpointpolicymanager/scriptstriggers/mappeddrives/eventlogtriggers.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/eventlogtriggers.md @@ -1,3 +1,9 @@ +--- +title: "How to use Scripts Manager Event Log Triggers to Map Network Drives when a VPN is Connected" +description: "How to use Scripts Manager Event Log Triggers to Map Network Drives when a VPN is Connected" +sidebar_position: 150 +--- + # How to use Scripts Manager Event Log Triggers to Map Network Drives when a VPN is Connected **_RECOMMENDED:_** Netwrix Endpoint Policy Manager (formerly PolicyPak) version 2791 or higher must diff --git a/docs/endpointpolicymanager/scriptstriggers/localaccountpassword.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localaccountpassword.md similarity index 95% rename from docs/endpointpolicymanager/scriptstriggers/localaccountpassword.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localaccountpassword.md index e089656334..b3ce38b7fe 100644 --- a/docs/endpointpolicymanager/scriptstriggers/localaccountpassword.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localaccountpassword.md @@ -1,3 +1,9 @@ +--- +title: "How to Set the Password for a Local Account using Scripts Manager" +description: "How to Set the Password for a Local Account using Scripts Manager" +sidebar_position: 140 +--- + # How to Set the Password for a Local Account using Scripts Manager As of diff --git a/docs/endpointpolicymanager/scriptstriggers/localscheduledtask.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localscheduledtask.md similarity index 92% rename from docs/endpointpolicymanager/scriptstriggers/localscheduledtask.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localscheduledtask.md index 1e56706752..bedaee7c5d 100644 --- a/docs/endpointpolicymanager/scriptstriggers/localscheduledtask.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/localscheduledtask.md @@ -1,3 +1,9 @@ +--- +title: "How to Create a Local Scheduled Task to Reboot a PC every day at 9 AM" +description: "How to Create a Local Scheduled Task to Reboot a PC every day at 9 AM" +sidebar_position: 190 +--- + # How to Create a Local Scheduled Task to Reboot a PC every day at 9 AM **Step 1 –** Create a Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts policy on the diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/powershell.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/powershell.md new file mode 100644 index 0000000000..ffc95cfbb6 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/powershell.md @@ -0,0 +1,63 @@ +--- +title: "How to deliver network drive mappings with PowerShell using Scripts Manager" +description: "How to deliver network drive mappings with PowerShell using Scripts Manager" +sidebar_position: 50 +--- + +# How to deliver network drive mappings with PowerShell using Scripts Manager + +**Step 1 –** Create a new GPO and link it to the User OU or Domain that contains the users that will +need to receive the drive mapping. + +**Step 2 –** Edit the GPO and expand the User Configuration > Netwrix Endpoint Policy Manager +(formerly PolicyPak) > Scripts Manager Section. + +![216_1_image-20200220185019-1](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_1_image-20200220185019-1.webp) + +**Step 3 –** With the Scripts Manager section selected click "ADD NEW COLLECTION" then give the +collection a descriptive name, and click OK. + +**Step 4 –** Next either select the collection name under the left side of the screen or +double-click on the collection name to open the collection. + +**Step 5 –** With the collection name selected click "ADD NEW POLICY". + +![216_3_image-20200220185019-2](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_3_image-20200220185019-2.webp) + +**Step 6 –** Click Next to get to the "On apply action" screen, then choose "PowerShell script" from +the dropdown menu. + +**Step 7 –** Next, paste in the script below to the text window, and ensure that "Run script as +user" is the only option checked. + +``` +if (-not(get-psdrive -name "Z" -ErrorAction SilentlyContinue)) {    New-PSDrive -name "Z" -PSProvider FileSystem -Root \\server\share -Persist    } +``` + +Remember to edit the script to match what is needed for your environment, replacing "Z" with the +drive letter you wish to map, for example if you want to map H: then replace "Z" with "H". Also, +replace \\server\share with the UNC path of the share you wish to map. + +The "On apply action" screen should look similar to below: + +![216_5_image-20200220185019-3](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_5_image-20200220185019-3.webp) + +**Step 8 –** Then click Next, then Next again (skipping the "On revert action"screen) until you get +to the "Specify process mode" screen. Ensure that the "Always" radio button is selected then click +Next, give the policy a descriptive name, then click Finish. + +**Step 9 –** Test the policy by logging into a domain-joined computer with a domain user account +from the (User) OU or Domain where this GPO is linked then run `"gpupdate"`, afterward open File +Explorer and verify that you see the new drive mapping. + +![216_7_image-20200220185019-9](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_7_image-20200220185019-9.webp) + +**NOTE:** If using Endpoint Policy Manager Scripts Manager VPN Triggers to map drives on VPN connect +you may need to add a delay to allow DNS to be updated before the drives are mapped, (i.e. to wait +15 seconds use "Start-Sleep -s 15" for PowerShell, or "Timeout /T 15 >nul" for Batch files. + +If you do not see the drive mapping in File Explorer but can see the drive mapping when running "Net +Use" from the CMD prompt try enabling the "Launch folder windows in a separate process" option (see +image below) to see if that resolves the issue. + +![216_9_image-20210204105234-1](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_9_image-20210204105234-1.webp) diff --git a/docs/endpointpolicymanager/scriptstriggers/processesdetails.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/processesdetails.md similarity index 92% rename from docs/endpointpolicymanager/scriptstriggers/processesdetails.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/processesdetails.md index 3c68881449..937371d5e8 100644 --- a/docs/endpointpolicymanager/scriptstriggers/processesdetails.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/processesdetails.md @@ -1,3 +1,9 @@ +--- +title: "Can I get more details on how Endpoint Policy Scripts Manager processes run?" +description: "Can I get more details on how Endpoint Policy Scripts Manager processes run?" +sidebar_position: 170 +--- + # Can I get more details on how Endpoint Policy Scripts Manager processes run? Q: Is there a way of knowing on the local machine if a script policy returns an error during the diff --git a/docs/endpointpolicymanager/scriptstriggers/resetsecurechannel.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/resetsecurechannel.md similarity index 91% rename from docs/endpointpolicymanager/scriptstriggers/resetsecurechannel.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/resetsecurechannel.md index 95f591036d..557fcb6129 100644 --- a/docs/endpointpolicymanager/scriptstriggers/resetsecurechannel.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/resetsecurechannel.md @@ -1,3 +1,9 @@ +--- +title: "How to Reset Secure Channel for computers that have fallen out of sync with domain while working remotely by using Scripts Manager in Endpoint Policy Manager Cloud" +description: "How to Reset Secure Channel for computers that have fallen out of sync with domain while working remotely by using Scripts Manager in Endpoint Policy Manager Cloud" +sidebar_position: 70 +--- + # How to Reset Secure Channel for computers that have fallen out of sync with domain while working remotely by using Scripts Manager in Endpoint Policy Manager Cloud Symptoms: diff --git a/docs/endpointpolicymanager/scriptstriggers/screensavers.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/screensavers.md similarity index 97% rename from docs/endpointpolicymanager/scriptstriggers/screensavers.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/screensavers.md index 93699baf30..91f916d416 100644 --- a/docs/endpointpolicymanager/scriptstriggers/screensavers.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/screensavers.md @@ -1,3 +1,9 @@ +--- +title: "How do I user Endpoint Policy Manager to set the screensaver to a custom slideshow?" +description: "How do I user Endpoint Policy Manager to set the screensaver to a custom slideshow?" +sidebar_position: 160 +--- + # How do I user Endpoint Policy Manager to set the screensaver to a custom slideshow? Group policy can be used to assign screensaver configurations where desired. However, if you want to diff --git a/docs/endpointpolicymanager/scriptstriggers/shortcutpublicdesktop.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/shortcutpublicdesktop.md similarity index 91% rename from docs/endpointpolicymanager/scriptstriggers/shortcutpublicdesktop.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/shortcutpublicdesktop.md index 723e2a5bd7..3db73118d5 100644 --- a/docs/endpointpolicymanager/scriptstriggers/shortcutpublicdesktop.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/shortcutpublicdesktop.md @@ -1,3 +1,9 @@ +--- +title: "How to create a shortcut under the Public Desktop using Endpoint Policy Scripts Manager" +description: "How to create a shortcut under the Public Desktop using Endpoint Policy Scripts Manager" +sidebar_position: 40 +--- + # How to create a shortcut under the Public Desktop using Endpoint Policy Scripts Manager The steps below are performed using WinZip as an example. diff --git a/docs/endpointpolicymanager/scriptstriggers/silentbrowserinstall.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/silentbrowserinstall.md similarity index 96% rename from docs/endpointpolicymanager/scriptstriggers/silentbrowserinstall.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/silentbrowserinstall.md index b8dcc6b716..a1ecdd54ac 100644 --- a/docs/endpointpolicymanager/scriptstriggers/silentbrowserinstall.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/silentbrowserinstall.md @@ -1,3 +1,9 @@ +--- +title: "How to silently install Firefox ESR, Chrome and WinZip 14.5 using Endpoint Policy Scripts Manager" +description: "How to silently install Firefox ESR, Chrome and WinZip 14.5 using Endpoint Policy Scripts Manager" +sidebar_position: 30 +--- + # How to silently install Firefox ESR, Chrome and WinZip 14.5 using Endpoint Policy Scripts Manager Below are examples on how to use PP Scripts Manager to silently install some commonly used diff --git a/docs/endpointpolicymanager/scriptstriggers/teamsminimized.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/teamsminimized.md similarity index 95% rename from docs/endpointpolicymanager/scriptstriggers/teamsminimized.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/teamsminimized.md index b312feb63f..02f8447fe1 100644 --- a/docs/endpointpolicymanager/scriptstriggers/teamsminimized.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/teamsminimized.md @@ -1,3 +1,9 @@ +--- +title: "How to run Microsoft Teams minimized to systray using PPScripts and PPAM" +description: "How to run Microsoft Teams minimized to systray using PPScripts and PPAM" +sidebar_position: 110 +--- + # How to run Microsoft Teams minimized to systray using PPScripts and PPAM Prerequisites: diff --git a/docs/endpointpolicymanager/scriptstriggers/temperatureunit.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/temperatureunit.md similarity index 90% rename from docs/endpointpolicymanager/scriptstriggers/temperatureunit.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/temperatureunit.md index 77904b7604..a44ee145f0 100644 --- a/docs/endpointpolicymanager/scriptstriggers/temperatureunit.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/temperatureunit.md @@ -1,3 +1,9 @@ +--- +title: "How-to change Temperature Unit from Fahrenheit to Celsius in Microsoft Outlook Calendar via Group Policy?" +description: "How-to change Temperature Unit from Fahrenheit to Celsius in Microsoft Outlook Calendar via Group Policy?" +sidebar_position: 80 +--- + # How-to change Temperature Unit from Fahrenheit to Celsius in Microsoft Outlook Calendar via Group Policy? Pre-requisites (USER ACTION REQUIRE): diff --git a/docs/endpointpolicymanager/scriptstriggers/updateregistry.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/updateregistry.md similarity index 91% rename from docs/endpointpolicymanager/scriptstriggers/updateregistry.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/updateregistry.md index 59c06677fa..7f3f249a84 100644 --- a/docs/endpointpolicymanager/scriptstriggers/updateregistry.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/updateregistry.md @@ -1,3 +1,9 @@ +--- +title: "How do I use Scripts Manager to update the Registry on end-user workstations" +description: "How do I use Scripts Manager to update the Registry on end-user workstations" +sidebar_position: 60 +--- + # How do I use Scripts Manager to update the Registry on end-user workstations If an end-user does not have administrative rights to their PC, they are unable to modify the diff --git a/docs/endpointpolicymanager/scriptstriggers/vpnconnection.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/vpnconnection.md similarity index 87% rename from docs/endpointpolicymanager/scriptstriggers/vpnconnection.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/vpnconnection.md index 33cf957283..74cd9e408a 100644 --- a/docs/endpointpolicymanager/scriptstriggers/vpnconnection.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/vpnconnection.md @@ -1,3 +1,9 @@ +--- +title: "How does Endpoint Policy Manager Scripts & Triggers know when the VPN connection is made or lost?" +description: "How does Endpoint Policy Manager Scripts & Triggers know when the VPN connection is made or lost?" +sidebar_position: 120 +--- + # How does Endpoint Policy Manager Scripts & Triggers know when the VPN connection is made or lost? Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts & Triggers VPN connection supports the diff --git a/docs/endpointpolicymanager/scriptstriggers/windows10modifyscript.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/windows10modifyscript.md similarity index 77% rename from docs/endpointpolicymanager/scriptstriggers/windows10modifyscript.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/windows10modifyscript.md index d88902ec8f..6852f6bb82 100644 --- a/docs/endpointpolicymanager/scriptstriggers/windows10modifyscript.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/windows10modifyscript.md @@ -1,3 +1,9 @@ +--- +title: "What is the expected behavior on Windows 10 when you MODIFY an existing Endpoint Policy Manager Scripts script?" +description: "What is the expected behavior on Windows 10 when you MODIFY an existing Endpoint Policy Manager Scripts script?" +sidebar_position: 100 +--- + # What is the expected behavior on Windows 10 when you MODIFY an existing Endpoint Policy Manager Scripts script? If you modify a script using the MMC or in-cloud editor, then the compute re-processes the new diff --git a/docs/endpointpolicymanager/scriptstriggers/wlandropbox.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlandropbox.md similarity index 92% rename from docs/endpointpolicymanager/scriptstriggers/wlandropbox.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlandropbox.md index 680186f421..3da6d7f239 100644 --- a/docs/endpointpolicymanager/scriptstriggers/wlandropbox.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlandropbox.md @@ -1,3 +1,9 @@ +--- +title: "How to import a WLAN / 802.11 / Wireless profile from Dropbox using Endpoint Policy Scripts Manager" +description: "How to import a WLAN / 802.11 / Wireless profile from Dropbox using Endpoint Policy Scripts Manager" +sidebar_position: 20 +--- + # How to import a WLAN / 802.11 / Wireless profile from Dropbox using Endpoint Policy Scripts Manager **Step 1 –** From an elevated PowerShell prompt on a machine where the WiFi profile is setup and diff --git a/docs/endpointpolicymanager/scriptstriggers/wlannetwork.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlannetwork.md similarity index 87% rename from docs/endpointpolicymanager/scriptstriggers/wlannetwork.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlannetwork.md index 7283dc9af3..a95f6b394d 100644 --- a/docs/endpointpolicymanager/scriptstriggers/wlannetwork.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/tipandtricks/wlannetwork.md @@ -1,3 +1,9 @@ +--- +title: "How to import a WLAN / 802.11 / Wireless profile from a Network Share using Endpoint Policy Scripts Manager?" +description: "How to import a WLAN / 802.11 / Wireless profile from a Network Share using Endpoint Policy Scripts Manager?" +sidebar_position: 10 +--- + # How to import a WLAN / 802.11 / Wireless profile from a Network Share using Endpoint Policy Scripts Manager? From an elevated PowerShell prompt on a machine where the WiFi profile is setup and working run the diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..51f22c0d00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/scriptstriggers/adminapproval.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/adminapproval.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/scriptstriggers/adminapproval.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/adminapproval.md index 6ffa60d559..ed407c0f27 100644 --- a/docs/endpointpolicymanager/troubleshooting/scriptstriggers/adminapproval.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/adminapproval.md @@ -1,3 +1,9 @@ +--- +title: "Upgrading MS Teams to latest version displays prompts for Admin Approval" +description: "Upgrading MS Teams to latest version displays prompts for Admin Approval" +sidebar_position: 90 +--- + # Upgrading MS Teams to latest version displays prompts for Admin Approval PROBLEM: diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/cylance.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/cylance.md new file mode 100644 index 0000000000..36e9431d62 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/cylance.md @@ -0,0 +1,17 @@ +--- +title: "What must I do in Cylance such that it will run Powershell scripts via Endpoint Policy Scripts Manager?" +description: "What must I do in Cylance such that it will run Powershell scripts via Endpoint Policy Scripts Manager?" +sidebar_position: 10 +--- + +# What must I do in Cylance such that it will run Powershell scripts via Endpoint Policy Scripts Manager? + +If you want to use Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts AND Cylance together +to run Powershell scripts.. then.. + +Log into the Cylance console. Select Protection from the menu, then click Script control. + +Select one or more scripts from the list. Click SAFE. These scripts are added to the Global +Safelist, and Endpoint Policy Manager Scripts will run PowerShell scripts as expected. + +**NOTE:** This note came from Cylance and is not validated by Endpoint Policy Manager. diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/onapplyscript.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/onapplyscript.md new file mode 100644 index 0000000000..a595bd7e7b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/onapplyscript.md @@ -0,0 +1,26 @@ +--- +title: "What is the expected behavior after an Endpoint Policy Manager Script \"ON/APPLY\" script is modified?" +description: "What is the expected behavior after an Endpoint Policy Manager Script \"ON/APPLY\" script is modified?" +sidebar_position: 20 +--- + +# What is the expected behavior after an Endpoint Policy Manager Script "ON/APPLY" script is modified? + +Here is the expected behavior when you modify a script: + +- If a REVERT script is present, it is run. +- Then, the newly changed ON/APPLY script is run. + +These two actions will occur in the same (next) Group Policy, MDM or Netwrix Endpoint Policy Manager +(formerly PolicyPak) Cloud  process. + +As an example: + +- You have an ON/APPLY script which deploys 7zip from `\\server\share` and +- You have an OFF/REVERT script which UNINSTALLS 7Zip .. THEN +- You change ON/APPLY script to change the location to `\\server123\share123` + +Then the expected behavior we should see is: + +- 7zip uninstall (REVERT script is run.) +- 7zip reinstall (Changed on script is run.) diff --git a/docs/endpointpolicymanager/scriptstriggers/powershellscripts.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/powershellscripts.md similarity index 92% rename from docs/endpointpolicymanager/scriptstriggers/powershellscripts.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/powershellscripts.md index 5dfa621c05..21bdce67d3 100644 --- a/docs/endpointpolicymanager/scriptstriggers/powershellscripts.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/powershellscripts.md @@ -1,3 +1,9 @@ +--- +title: "How do Endpoint Policy Scripts Manager PowerShell Scripts behave when PowerShell is blocked or disabled using the following methods?" +description: "How do Endpoint Policy Scripts Manager PowerShell Scripts behave when PowerShell is blocked or disabled using the following methods?" +sidebar_position: 60 +--- + # How do Endpoint Policy Scripts Manager PowerShell Scripts behave when PowerShell is blocked or disabled using the following methods? ## Scenario 1: Blocking / Denying PowerShell with Least Privilege Manager diff --git a/docs/endpointpolicymanager/scriptstriggers/scriptlocation.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/scriptlocation.md similarity index 80% rename from docs/endpointpolicymanager/scriptstriggers/scriptlocation.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/scriptlocation.md index b9a596bc1d..c5f73a00c6 100644 --- a/docs/endpointpolicymanager/scriptstriggers/scriptlocation.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/scriptlocation.md @@ -1,3 +1,9 @@ +--- +title: "Where do scripts run? How are they protected from unauthorized access? How can I change the location of where scripts are stored?" +description: "Where do scripts run? How are they protected from unauthorized access? How can I change the location of where scripts are stored?" +sidebar_position: 30 +--- + # Where do scripts run? How are they protected from unauthorized access? How can I change the location of where scripts are stored? Scripts from Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts Manager are pre-stored diff --git a/docs/endpointpolicymanager/troubleshooting/scriptstriggers/systemprocesses.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/systemprocesses.md similarity index 83% rename from docs/endpointpolicymanager/troubleshooting/scriptstriggers/systemprocesses.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/systemprocesses.md index 955faac849..fd028a1f28 100644 --- a/docs/endpointpolicymanager/troubleshooting/scriptstriggers/systemprocesses.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/systemprocesses.md @@ -1,3 +1,9 @@ +--- +title: "Why don't Batch and PowerShell scripts get blocked when SYSTEM processes are blocked" +description: "Why don't Batch and PowerShell scripts get blocked when SYSTEM processes are blocked" +sidebar_position: 70 +--- + # Why don't Batch and PowerShell scripts get blocked when SYSTEM processes are blocked When implementing SecureRun to block both User and System processes (as demonstrated in diff --git a/docs/endpointpolicymanager/scriptstriggers/mappeddrives/vpn.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpn.md similarity index 93% rename from docs/endpointpolicymanager/scriptstriggers/mappeddrives/vpn.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpn.md index d25a2a4f11..6163a6d890 100644 --- a/docs/endpointpolicymanager/scriptstriggers/mappeddrives/vpn.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpn.md @@ -1,10 +1,16 @@ +--- +title: "How to use Scripts Manager Triggers to Map Network Drives when a VPN is Connected" +description: "How to use Scripts Manager Triggers to Map Network Drives when a VPN is Connected" +sidebar_position: 50 +--- + # How to use Scripts Manager Triggers to Map Network Drives when a VPN is Connected ## Prerequisites: - VPN used must be in the list of supported VPNs in the article below. - [Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers?](/docs/endpointpolicymanager/requirements/support/scriptstriggers/vpnsolutions.md) + [Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers?](/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpnsolutions.md) **Step 1 –** Create a new policy (Set Launch Folder Windows in a Separate Process to Enabled) using Scripts & Triggers on the computer side, choose switched-mode like in the screenshot below. diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpnsolutions.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpnsolutions.md new file mode 100644 index 0000000000..96ca28150d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/vpnsolutions.md @@ -0,0 +1,15 @@ +--- +title: "Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers?" +description: "Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers?" +sidebar_position: 40 +--- + +# Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers? + +The following VPNs are currently supported for use in Scripts Manager VPN Triggers: + +1. Anything in the box from Microsoft +2. Cisco AnyConnect +3. Fortinet +4. OpenVPN (GUI) +5. OpenVPN (Connect) diff --git a/docs/endpointpolicymanager/scriptstriggers/windows7tls.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/windows7tls.md similarity index 93% rename from docs/endpointpolicymanager/scriptstriggers/windows7tls.md rename to docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/windows7tls.md index 02092905ab..f7b32cc1ad 100644 --- a/docs/endpointpolicymanager/scriptstriggers/windows7tls.md +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/knowledgebase/troubleshooting/windows7tls.md @@ -1,3 +1,9 @@ +--- +title: "How do I update Windows 7 machines to TLS 1.2 such that they work with Endpoint Policy Manager Cloud?" +description: "How do I update Windows 7 machines to TLS 1.2 such that they work with Endpoint Policy Manager Cloud?" +sidebar_position: 80 +--- + # How do I update Windows 7 machines to TLS 1.2 such that they work with Endpoint Policy Manager Cloud? First know that Windows 7 is not officially supported by Netwrix Endpoint Policy Manager (formerly @@ -5,7 +11,7 @@ PolicyPak) and may or may not work for all functions. Pre-read the following to know what is known to NOT work in Windows 7 before continuing: -[How does Endpoint Policy Manager support (and not support) Windows 11?](/docs/endpointpolicymanager/requirements/support/windows11.md) +[How does Endpoint Policy Manager support (and not support) Windows 11?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/windows11.md) Then after that, if you still wish to use Endpoint Policy Manager with Windows 7 and Endpoint Policy Manager Cloud, you must update Windows 7 to be TLS 1.2 complaint. diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/methodsmdmpdqetc/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/methodsmdmpdqetc/_category_.json new file mode 100644 index 0000000000..d46b7ee374 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/methodsmdmpdqetc/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods MDM PDQ Etc", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/scriptsandtriggerswi/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/scriptsandtriggerswi/_category_.json new file mode 100644 index 0000000000..b6a004e65d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/scriptsandtriggerswi/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Scripts And Triggers With Cloud", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/tipsandtricks/_category_.json new file mode 100644 index 0000000000..a6d7d9b805 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/triggersspecificexam/_category_.json b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/triggersspecificexam/_category_.json new file mode 100644 index 0000000000..56c5cd4d47 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/triggersspecificexam/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Triggers Specific Examples", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..37a7b51d15 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/scriptsandtriggersma/videolearningcenter/videolearningcenter.md @@ -0,0 +1,45 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Scripts and Triggers Manager. + +## Getting Started + +- [Use with on-prem Group Policy](/docs/endpointpolicymanager/video/scriptstriggers/gettingstarted/onpremise.md) +- [Deploy any script via the Cloud to domain joined and non-domain joined machines](/docs/endpointpolicymanager/video/scriptstriggers/gettingstarted/cloud.md) + +## Tips and Tricks + +- [Endpoint Policy Manager Scripts: Automate Software deployments with PP Scripts and Chocolaty.org](/docs/endpointpolicymanager/video/scriptstriggers/integration/chocolaty.md) +- [Replace the Windows 10 PRO Professional Lock screen](/docs/endpointpolicymanager/video/scriptstriggers/windows10prolockscreen.md) +- [Policy Scripts Manager: Set Custom Default File Associations in Windows 10](/docs/endpointpolicymanager/video/scriptstriggers/customdefaultfileassociations.md) +- [Removing Unwanted Windows Apps Using Endpoint Policy Manager Scripts & Triggers Manager](/docs/endpointpolicymanager/video/scriptstriggers/unwantedapps.md) +- [Shared Printers without Loopback: Use Endpoint Policy Manager Scripts and PowerShell to deploy and remove printers](/docs/endpointpolicymanager/video/scriptstriggers/printers.md) +- [Implementing BitLocker through Group Policy Using Endpoint Policy Scripts Manager and Administrative Templates Manager](/docs/endpointpolicymanager/video/scriptstriggers/bitlocker.md) + +## Scripts & Triggers with Cloud + +- [Endpoint Policy Manager Cloud Scripts Manager: Distribute and Import X.509 certificates](/docs/endpointpolicymanager/video/scriptstriggers/x509certificates.md) +- [Endpoint Policy ManagerScripts .. Deploy Software via VPN or with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/scriptstriggers/cloud.md) +- [Endpoint Policy Manager Cloud TCP/IP Printer setup using Scripts Manager](/docs/endpointpolicymanager/video/scriptstriggers/printersetup.md) +- [Using Endpoint Policy Manager Cloud and Auditpol.exe to enable Advanced Auditing on non-domain joined computers](/docs/endpointpolicymanager/video/scriptstriggers/integration/auditpol.md) + +## Triggers Specific Examples + +- [Endpoint Policy Manager Scripts and Triggers: Get to understand login script trigger with GP and MDM systems !](/docs/endpointpolicymanager/video/scriptstriggers/scripttriggers.md) +- [Endpoint Policy Manager Scripts + Triggers: Map a printer or drive when a process runs and un-map it when closed.](/docs/endpointpolicymanager/video/scriptstriggers/mapdrivetriggers.md) +- [Endpoint Policy Manager Scripts + Triggers: Perform actions at LOCK and UNLOCK of session](/docs/endpointpolicymanager/video/scriptstriggers/lockunlocksession.md) +- [Endpoint Policy Manager Scripts + Triggers: Shutdown scripts on computer side](/docs/endpointpolicymanager/video/scriptstriggers/shutdownscripts.md) +- [Endpoint Policy Manager Scripts & Triggers: Perform Scripts on VPN Connect and VPN Disconnect](/docs/endpointpolicymanager/video/scriptstriggers/vpnconnect.md) +- [Endpoint Policy Manager Scripts and AnyConnect: Run a script after you connect via VPN](/docs/endpointpolicymanager/video/scriptstriggers/integration/anyconnect.md) +- [Endpoint Policy Manager Scripts & Triggers: Events !](/docs/endpointpolicymanager/video/scriptstriggers/events.md) + +## Methods: MDM, PDQ, etc. + +- [Endpoint Policy Manager Scripts and YOUR MDM service: Un-real power](/docs/endpointpolicymanager/video/scriptstriggers/mdm.md) +- [Removing Unwanted Windows Apps Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/scriptstriggers/integration/pdqdeploy.md) diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/_category_.json new file mode 100644 index 0000000000..9d62c2028d --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Software Package Manager", + "position": 190, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/softwarepackage/winget.md b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/gettingstarted/winget.md similarity index 90% rename from docs/endpointpolicymanager/softwarepackage/winget.md rename to docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/gettingstarted/winget.md index 77507ea991..444d8362a3 100644 --- a/docs/endpointpolicymanager/softwarepackage/winget.md +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/gettingstarted/winget.md @@ -1,3 +1,9 @@ +--- +title: "How to install WinGet on a server that you are using as a management station (unsupported)?" +description: "How to install WinGet on a server that you are using as a management station (unsupported)?" +sidebar_position: 10 +--- + # How to install WinGet on a server that you are using as a management station (unsupported)? The Software Package Manager MMC snap-in requires that your management station has Winget installed diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..eeff649b16 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/knowledgebase.md @@ -0,0 +1,13 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base article for Software Package Manager. + +## Getting Started + +- [How to install WinGet on a server that you are using as a management station (unsupported)?](/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/knowledgebase/gettingstarted/winget.md) diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/_category_.json new file mode 100644 index 0000000000..b36adba822 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "AppX Policies Items For AppX", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/video/softwarepackage/appxmanager.md b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/appxmanager.md similarity index 97% rename from docs/endpointpolicymanager/video/softwarepackage/appxmanager.md rename to docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/appxmanager.md index 391fadcd7e..1faf7fefa7 100644 --- a/docs/endpointpolicymanager/video/softwarepackage/appxmanager.md +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/appxmanager.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Software Package Manager: AppX Manager" +description: "Endpoint Policy Manager Software Package Manager: AppX Manager" +sidebar_position: 10 +--- + # Endpoint Policy Manager Software Package Manager: AppX Manager Want to nuke Candy Crush and other pre-installed Windows 10 apps? And would you like to nicely diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/tipsandtricks/_category_.json new file mode 100644 index 0000000000..ec873edc2f --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/usingwithothermethod/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/usingwithothermethod/_category_.json new file mode 100644 index 0000000000..07ec597e12 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/usingwithothermethod/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Using With Other METHODS Cloud MDM Etc", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..c533ced68c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/videolearningcenter.md @@ -0,0 +1,28 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Software Package Manager. + +## AppX policies Items for AppX + +- [Endpoint Policy Manager Software Package Manager: AppX Manager](/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/appxmanager.md) +- [Endpoint Policy Manager: Remove built-in Windows 10 / 11 apps (including those in-the-box) included with Windows!](/docs/endpointpolicymanager/video/softwarepackage/removeapps.md) +- [Endpoint Policy Manager Software Package Manager PLUS Least Privilege Manager: Block any unwanted store apps !](/docs/endpointpolicymanager/video/softwarepackage/blockapps.md) + +## WinGet policies + +- [Software Package Manager + Deploying Applications via WinGet](/docs/endpointpolicymanager/video/softwarepackage/winget/deployapplications.md) +- [Endpoint Policy Manager and WinGet-Run](/docs/endpointpolicymanager/video/softwarepackage/winget/run.md) + +## Tips and Tricks + +- [Software Package Manager - Extras Tool](/docs/endpointpolicymanager/video/softwarepackage/extrastool.md) + +## Using with other METHODS (Cloud, MDM, etc.) + +- [Endpoint Policy Package Manager (AppX Policies): Add or Remove Microsoft Store using your MDM service.](/docs/endpointpolicymanager/video/softwarepackage/mdm.md) diff --git a/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/wingetpolicies/_category_.json b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/wingetpolicies/_category_.json new file mode 100644 index 0000000000..042e9bfeaa --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/wingetpolicies/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "WinGet Policies", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/_category_.json new file mode 100644 index 0000000000..5e8aa82459 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Start Screen And Task Bar Manager", + "position": 140, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/_category_.json new file mode 100644 index 0000000000..78bc685400 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Knowledge Base", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "knowledgebase" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/knowledgebase.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/knowledgebase.md new file mode 100644 index 0000000000..f1ce5213f4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/knowledgebase.md @@ -0,0 +1,37 @@ +--- +title: "Knowledge Base" +description: "Knowledge Base" +sidebar_position: 10 +--- + +# Knowledge Base + +See the following Knowledge Base articles for Start Screen and Task Bar Manager. + +## Troubleshooting + +- [Why aren't Taskbar manager policies working as expected on my Windows 10 machine?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10.md) +- [When does Endpoint Policy Manager Start Screen & Taskbar Manager work on Server 2019, 2016, 2012 R2?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowserver.md) +- [I use Partial/Merge mode, and expected existing icons to be maintained, but instead they were wiped out. What happened?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/existingicons.md) +- [How can I revert / rollback the Windows 10 Start Screen after I make an error (using Partial or Replace mode)?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/rollback.md) +- [Endpoint Policy Manager Start Screen & Taskbar Manager crashes, hangs or is slow when running Group Policy update. Why?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/crash.md) +- [Why do I see a group named ">Endpoint Policy ManagerStart Screen manager" on the left side in Endpoint Policy Manager Start Screen & Taskbar Manager ?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/pinnedcollection.md) +- [Why do I get the error "This app can't run on your PC" ?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/appcantrun.md) +- [Why am I seeing an Endpoint Policy Manager "advertisement" tile on my Start Screen (when I only use the TaskBar manager and NOT the Start Screen Manager?)](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/linked.md) +- [Windows default applications are not showing in Start Menu](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowsdefault.md) +- [Endpoint Policy Manager Task Bar Manager differences between MERGE and REPLACE modes](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/modes.md) +- [Custom icons for Endpoint Policy Manager Start Screen & Taskbar Manager aren't working as expected. What can I do?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/customicons.md) +- [How to Disable the "How do you want to open this? Keep using this app" Notification in Windows 10](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10disablenotification.md) +- [Why would it sometimes takes two logoffs and logons to see Start Screen or Taskbar changes?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/logons.md) +- [Does Endpoint Policy Manager Start Screen Manager support pinning application icons in Windows Start Screen or Taskbar from a network location, i.e. Mapped Drives or UNC Paths?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/mappeddrives.md) +- [Why don't I see Office 2016, Office 2019, or Office 365 icons or tiles using Start Screen Manager?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/office365.md) + +## Tips and Tricks + +- [How do I add Explorer.exe to the taskbar using Endpoint Policy Manager Start Screen & Taskbar Manager ?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/explorer.md) +- [How do I add the SCCM Software Center to the Start Screen or Taskbar?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/sccmsoftwarecenter.md) +- [Can Microsoft App-V applications work with Endpoint Policy Manager Starts Screen and Taskbar Manager?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/appv.md) +- [How do I add the Least Privilege Manager Helper tools to the Left and Right side of the Start Menu?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/helpertools.md) +- [How-To create a folder shortcut in Windows 10 Start Menu using Endpoint Policy Manager Starts Screen Manager?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/foldershortcut.md) +- [How can I add a link to the Control Panel to the Start Screen or Taskbar using Endpoint Policy Manager Start Screen Manager?](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/addlink.md) +- [How to automatically kill explorer at 1st Logon to Bypass needing to logout and back in for Start Screen Manager to apply](/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/logonworkaround.md) diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/_category_.json new file mode 100644 index 0000000000..a6d7d9b805 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tips And Tricks", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/addlink.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/addlink.md new file mode 100644 index 0000000000..48f46285f1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/addlink.md @@ -0,0 +1,14 @@ +--- +title: "How can I add a link to the Control Panel to the Start Screen or Taskbar using Endpoint Policy Manager Start Screen Manager?" +description: "How can I add a link to the Control Panel to the Start Screen or Taskbar using Endpoint Policy Manager Start Screen Manager?" +sidebar_position: 60 +--- + +# How can I add a link to the Control Panel to the Start Screen or Taskbar using Endpoint Policy Manager Start Screen Manager? + +The answer is to make a custom application. Use the values as seen here for Target Application, then +we recommend you choose a Shortcut Icon from Shell32.DLL. + +The other fields may be left blank. + +![914_1_image001](/img/product_docs/endpointpolicymanager/startscreentaskbar/914_1_image001.webp) diff --git a/docs/endpointpolicymanager/integration/appv.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/appv.md similarity index 87% rename from docs/endpointpolicymanager/integration/appv.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/appv.md index d6a73d265a..bb8927e8bf 100644 --- a/docs/endpointpolicymanager/integration/appv.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/appv.md @@ -1,3 +1,9 @@ +--- +title: "Can Microsoft App-V applications work with Endpoint Policy Manager Starts Screen and Taskbar Manager?" +description: "Can Microsoft App-V applications work with Endpoint Policy Manager Starts Screen and Taskbar Manager?" +sidebar_position: 30 +--- + # Can Microsoft App-V applications work with Endpoint Policy Manager Starts Screen and Taskbar Manager? Yes. It is tested and should work just like any other registered application. The pre-requisites are diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/explorer.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/explorer.md new file mode 100644 index 0000000000..7cf9e43807 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/explorer.md @@ -0,0 +1,9 @@ +--- +title: "How do I add Explorer.exe to the taskbar using Endpoint Policy Manager Start Screen & Taskbar Manager ?" +description: "How do I add Explorer.exe to the taskbar using Endpoint Policy Manager Start Screen & Taskbar Manager ?" +sidebar_position: 10 +--- + +# How do I add Explorer.exe to the taskbar using Endpoint Policy Manager Start Screen & Taskbar Manager ? + +![731_1_sss](/img/product_docs/endpointpolicymanager/startscreentaskbar/731_1_sss.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/foldershortcut.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/foldershortcut.md new file mode 100644 index 0000000000..d86cbe181c --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/foldershortcut.md @@ -0,0 +1,14 @@ +--- +title: "How-To create a folder shortcut in Windows 10 Start Menu using Endpoint Policy Manager Starts Screen Manager?" +description: "How-To create a folder shortcut in Windows 10 Start Menu using Endpoint Policy Manager Starts Screen Manager?" +sidebar_position: 50 +--- + +# How-To create a folder shortcut in Windows 10 Start Menu using Endpoint Policy Manager Starts Screen Manager? + +Create the Tile as shown below screenshot. The string to make the Folder shortcut work is here. +Replace the command-line argument (RED text-color) as per your requirement. + +`%systemroot%\explorer.exe "%userprofile%\Desktop\New Folder"` + +![824_1_image-20210304053215-1](/img/product_docs/endpointpolicymanager/startscreentaskbar/824_1_image-20210304053215-1.webp) diff --git a/docs/endpointpolicymanager/startscreentaskbar/helpertools.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/helpertools.md similarity index 96% rename from docs/endpointpolicymanager/startscreentaskbar/helpertools.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/helpertools.md index 089ff91852..3fdb8ad607 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/helpertools.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/helpertools.md @@ -1,3 +1,9 @@ +--- +title: "How do I add the Least Privilege Manager Helper tools to the Left and Right side of the Start Menu?" +description: "How do I add the Least Privilege Manager Helper tools to the Left and Right side of the Start Menu?" +sidebar_position: 40 +--- + # How do I add the Least Privilege Manager Helper tools to the Left and Right side of the Start Menu? To give your users a little more control over their computer, The LPM Helper Tools allow the diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logonworkaround.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/logonworkaround.md similarity index 90% rename from docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logonworkaround.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/logonworkaround.md index a68d7aeadc..e3594e4417 100644 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logonworkaround.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/logonworkaround.md @@ -1,3 +1,9 @@ +--- +title: "How to automatically kill explorer at 1st Logon to Bypass needing to logout and back in for Start Screen Manager to apply" +description: "How to automatically kill explorer at 1st Logon to Bypass needing to logout and back in for Start Screen Manager to apply" +sidebar_position: 70 +--- + # How to automatically kill explorer at 1st Logon to Bypass needing to logout and back in for Start Screen Manager to apply This KB assumes that you already have a working Netwrix Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/startscreentaskbar/sccmsoftwarecenter.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/sccmsoftwarecenter.md similarity index 89% rename from docs/endpointpolicymanager/startscreentaskbar/sccmsoftwarecenter.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/sccmsoftwarecenter.md index 32822ba5f0..9758132e7f 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/sccmsoftwarecenter.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/tipsandtricks/sccmsoftwarecenter.md @@ -1,3 +1,9 @@ +--- +title: "How do I add the SCCM Software Center to the Start Screen or Taskbar?" +description: "How do I add the SCCM Software Center to the Start Screen or Taskbar?" +sidebar_position: 20 +--- + # How do I add the SCCM Software Center to the Start Screen or Taskbar? ![724_1_hf-936-img-01](/img/product_docs/endpointpolicymanager/startscreentaskbar/724_1_hf-936-img-01.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/_category_.json new file mode 100644 index 0000000000..51f22c0d00 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/error/startscreentaskbar/appcantrun.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/appcantrun.md similarity index 82% rename from docs/endpointpolicymanager/troubleshooting/error/startscreentaskbar/appcantrun.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/appcantrun.md index a0029c6d4b..fb5e12b5b8 100644 --- a/docs/endpointpolicymanager/troubleshooting/error/startscreentaskbar/appcantrun.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/appcantrun.md @@ -1,3 +1,9 @@ +--- +title: "Why do I get the error \"This app can't run on your PC\" ?" +description: "Why do I get the error \"This app can't run on your PC\" ?" +sidebar_position: 70 +--- + # Why do I get the error "This app can't run on your PC" ? There are two reasons why you might get this when using Netwrix Endpoint Policy Manager (formerly diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/crash.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/crash.md new file mode 100644 index 0000000000..5712b32b60 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/crash.md @@ -0,0 +1,14 @@ +--- +title: "Endpoint Policy Manager Start Screen & Taskbar Manager crashes, hangs or is slow when running Group Policy update. Why?" +description: "Endpoint Policy Manager Start Screen & Taskbar Manager crashes, hangs or is slow when running Group Policy update. Why?" +sidebar_position: 50 +--- + +# Endpoint Policy Manager Start Screen & Taskbar Manager crashes, hangs or is slow when running Group Policy update. Why? + +The WAP Push Message Routing Service must be enabled on the machine as Manual (Trigger Start) or +Running for Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager to +function. +Do not disable this dmwappushservice service. + +![537_1_asdfghkyhj](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/537_1_asdfghkyhj.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/customicons.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/customicons.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/startscreentaskbar/customicons.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/customicons.md index 8784a33f5d..a8ad8d3cc9 100644 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/customicons.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/customicons.md @@ -1,3 +1,9 @@ +--- +title: "Custom icons for Endpoint Policy Manager Start Screen & Taskbar Manager aren't working as expected. What can I do?" +description: "Custom icons for Endpoint Policy Manager Start Screen & Taskbar Manager aren't working as expected. What can I do?" +sidebar_position: 110 +--- + # Custom icons for Endpoint Policy Manager Start Screen & Taskbar Manager aren't working as expected. What can I do? There are a few reasons that custom icons might not work in Netwrix Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/existingicons.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/existingicons.md new file mode 100644 index 0000000000..7c55ed2247 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/existingicons.md @@ -0,0 +1,19 @@ +--- +title: "I use Partial/Merge mode, and expected existing icons to be maintained, but instead they were wiped out. What happened?" +description: "I use Partial/Merge mode, and expected existing icons to be maintained, but instead they were wiped out. What happened?" +sidebar_position: 30 +--- + +# I use Partial/Merge mode, and expected existing icons to be maintained, but instead they were wiped out. What happened? + +This can occur if you're doing something else to manage the Start Layout \*\*BEFORE\*\* Netwrix +Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager is involved. + +In short, there are two categories of Start Screen items: + +- Default Windows groups and applications, or groups and applications pinned by user; +- Applications pinned by Enterprise (regardless of the method they were added: MDM, Group Policy, + import-startlayout script during OSD, etc); + +Items that fall into the second category "Applications pinned by Enterprise" are wiped out when new +layout is applied by Endpoint Policy Manager Start Screen & Taskbar Manager. diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/linked.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/linked.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/startscreentaskbar/linked.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/linked.md index d0daf30065..6e63045c83 100644 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/linked.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/linked.md @@ -1,3 +1,9 @@ +--- +title: "Why am I seeing an Endpoint Policy Manager \"advertisement\" tile on my Start Screen (when I only use the TaskBar manager and NOT the Start Screen Manager?)" +description: "Why am I seeing an Endpoint Policy Manager \"advertisement\" tile on my Start Screen (when I only use the TaskBar manager and NOT the Start Screen Manager?)" +sidebar_position: 80 +--- + # Why am I seeing an Endpoint Policy Manager "advertisement" tile on my Start Screen (when I only use the TaskBar manager and NOT the Start Screen Manager?) You might have noticed when you try to deliver NOTHING (aka. a blank start screen with or without diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/logons.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/logons.md new file mode 100644 index 0000000000..3354f9fce0 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/logons.md @@ -0,0 +1,25 @@ +--- +title: "Why would it sometimes takes two logoffs and logons to see Start Screen or Taskbar changes?" +description: "Why would it sometimes takes two logoffs and logons to see Start Screen or Taskbar changes?" +sidebar_position: 130 +--- + +# Why would it sometimes takes two logoffs and logons to see Start Screen or Taskbar changes? + +To answer this, there are two scenarios. + +Scenario 1: + +- The user has no profile at all. +- GPOs apply SYNCHRONOUSLY but Explorer doesn't get the signal about Netwrix Endpoint Policy Manager + (formerly PolicyPak) Start Screen & Taskbar. +- This means you typically need another log off and back on to see the "now written, but not yet + seen" Start Screen & Taskbar. + +Scenario 2: + +- The user has a profile, but he is logged off. +- Then the Admin makes some change to Start Menu. +- When the User logs on, because policies are applied asynchronously, the end-user missed the chance + to apply those to Explorer. So, you see the result at the next logon because the Start Screen & + Taskbar policies are "now written, but not yet seen." diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/mappeddrives.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/mappeddrives.md new file mode 100644 index 0000000000..4ed8ba343b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/mappeddrives.md @@ -0,0 +1,16 @@ +--- +title: "Does Endpoint Policy Manager Start Screen Manager support pinning application icons in Windows Start Screen or Taskbar from a network location, i.e. Mapped Drives or UNC Paths?" +description: "Does Endpoint Policy Manager Start Screen Manager support pinning application icons in Windows Start Screen or Taskbar from a network location, i.e. Mapped Drives or UNC Paths?" +sidebar_position: 140 +--- + +# Does Endpoint Policy Manager Start Screen Manager support pinning application icons in Windows Start Screen or Taskbar from a network location, i.e. Mapped Drives or UNC Paths? + +Yes, Endpoint Policy Manager Start Screen Manager fully supports pinning applications from a network +location, however, the network location must be a UNC path. + +If you receive a text message similar to the one below when clicking on the application icon from +the Start Screen, then it means that either the Application is not present at the physical path, or +it is configured with a Mapped Drive instead of the UNC Path. + +![841_1_image-20201201090844-1](/img/product_docs/endpointpolicymanager/requirements/support/startscreentaskbar/841_1_image-20201201090844-1.webp) diff --git a/docs/endpointpolicymanager/startscreentaskbar/modes.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/modes.md similarity index 95% rename from docs/endpointpolicymanager/startscreentaskbar/modes.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/modes.md index dff0830ef6..098eec8354 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/modes.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/modes.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Task Bar Manager differences between MERGE and REPLACE modes" +description: "Endpoint Policy Manager Task Bar Manager differences between MERGE and REPLACE modes" +sidebar_position: 100 +--- + # Endpoint Policy Manager Task Bar Manager differences between MERGE and REPLACE modes ## Why do I see duplicate icons on the Taskbar? diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/office365.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/office365.md new file mode 100644 index 0000000000..cb2ef11a87 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/office365.md @@ -0,0 +1,40 @@ +--- +title: "Why don't I see Office 2016, Office 2019, or Office 365 icons or tiles using Start Screen Manager?" +description: "Why don't I see Office 2016, Office 2019, or Office 365 icons or tiles using Start Screen Manager?" +sidebar_position: 150 +--- + +# Why don't I see Office 2016, Office 2019, or Office 365 icons or tiles using Start Screen Manager? + +If you attempt to deliver Microsoft Office tiles using Netwrix Endpoint Policy Manager (formerly +PolicyPak) Start Screen Manager, you might find blank tiles like what is experienced here. + +On LTSC machines, you won't see any tiles at all, because there is no Microsoft Edge installed. + +![910_1_image001_950x879](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_1_image001_950x879.webp) + +When you click on a tile, you should see some indication of the issue like what's seen here. + +![910_2_image002_950x308](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_2_image002_950x308.webp) + +Upon inspection of one of the tiles, you might see the target application shown like this: + +![910_3_image003_950x697](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_3_image003_950x697.webp) + +However, the correct details should be entered as follows: + +![910_4_image004_950x690](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_4_image004_950x690.webp) + +To get this to work, you should use the Endpoint Policy Manager Start Screen Helper Tool on a +machine with the version of Office 2016, 2019, or Office 365 you want to add icons for. + +Here's the video on this +tool:[Endpoint Policy Manager Start Screen and Taskbar Manager Helper Utility](/docs/endpointpolicymanager/video/startscreentaskbar/helperutility.md)/ + +Summary to get Office icons to appear on endpoints: + +**Step 1 –** Get the apps installed on an endpoint. + +**Step 2 –** Use the Helper tool. + +**Step 3 –** Then create the icons from the export the helper tool made. diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/pinnedcollection.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/pinnedcollection.md new file mode 100644 index 0000000000..682019e770 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/pinnedcollection.md @@ -0,0 +1,19 @@ +--- +title: "Why do I see a group named \">Endpoint Policy ManagerStart Screen manager\" on the left side in Endpoint Policy Manager Start Screen & Taskbar Manager ?" +description: "Why do I see a group named \">Endpoint Policy ManagerStart Screen manager\" on the left side in Endpoint Policy Manager Start Screen & Taskbar Manager ?" +sidebar_position: 60 +--- + +# Why do I see a group named ">Endpoint Policy ManagerStart Screen manager" on the left side in Endpoint Policy Manager Start Screen & Taskbar Manager ? + +You will see a group named Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & +Taskbar Manager on the left when you have icons on the right which do NOT have their own LEFT SIDE +shortcut. This is automatically created for you and is not configurable. + +Items which are delivered to the TASK BAR must also have items that exist on the LEFT SIDE. If these +items do not exist, we will create a group JUST for the Task Bar. That is configurable, and you can +see how to do it in the second screenshot. + +![623_1_faq-07-img-01](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/623_1_faq-07-img-01.webp) + +![623_2_faq-07-img-02](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/623_2_faq-07-img-02.webp) diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/rollback.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/rollback.md new file mode 100644 index 0000000000..aceba2ead1 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/rollback.md @@ -0,0 +1,13 @@ +--- +title: "How can I revert / rollback the Windows 10 Start Screen after I make an error (using Partial or Replace mode)?" +description: "How can I revert / rollback the Windows 10 Start Screen after I make an error (using Partial or Replace mode)?" +sidebar_position: 40 +--- + +# How can I revert / rollback the Windows 10 Start Screen after I make an error (using Partial or Replace mode)? + +Use Netwrix Endpoint Policy Manager (formerly PolicyPak) Script manager to run a simple script to +re-trigger the initial start menu layout. Note you may not get an EXACT revert; but it's pretty +close. + +[Endpoint Policy ManagerStart Screen and Endpoint Policy Manager Scripts: Specify exact Start Menu experience one time](/docs/endpointpolicymanager/video/startscreentaskbar/onetime.md) diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10.md new file mode 100644 index 0000000000..99717feb02 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10.md @@ -0,0 +1,13 @@ +--- +title: "Why aren't Taskbar manager policies working as expected on my Windows 10 machine?" +description: "Why aren't Taskbar manager policies working as expected on my Windows 10 machine?" +sidebar_position: 10 +--- + +# Why aren't Taskbar manager policies working as expected on my Windows 10 machine? + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager policies will +fully work with Windows 10 build 1703. +With build 1607 only Start Screen policies are expected to work. +To get both Start Screen and Taskbar Manager policies to work, you will need to have the endpoint(s) +be 1703 or later. diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10disablenotification.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10disablenotification.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10disablenotification.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10disablenotification.md index 51d995f060..5f95ccefad 100644 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10disablenotification.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windows10disablenotification.md @@ -1,3 +1,9 @@ +--- +title: "How to Disable the \"How do you want to open this? Keep using this app\" Notification in Windows 10" +description: "How to Disable the \"How do you want to open this? Keep using this app\" Notification in Windows 10" +sidebar_position: 120 +--- + # How to Disable the "How do you want to open this? Keep using this app" Notification in Windows 10 When you install a new app in Windows 10 you may see a notification letting you know that you have a diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windowsdefault.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowsdefault.md similarity index 86% rename from docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windowsdefault.md rename to docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowsdefault.md index 2a3a8ae786..01d39a79a6 100644 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windowsdefault.md +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowsdefault.md @@ -1,3 +1,9 @@ +--- +title: "Windows default applications are not showing in Start Menu" +description: "Windows default applications are not showing in Start Menu" +sidebar_position: 90 +--- + # Windows default applications are not showing in Start Menu Some Windows default applications are not showing in Start Menu when setting it via Netwrix Endpoint diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowserver.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowserver.md new file mode 100644 index 0000000000..79fb862615 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/knowledgebase/troubleshooting/windowserver.md @@ -0,0 +1,17 @@ +--- +title: "When does Endpoint Policy Manager Start Screen & Taskbar Manager work on Server 2019, 2016, 2012 R2?" +description: "When does Endpoint Policy Manager Start Screen & Taskbar Manager work on Server 2019, 2016, 2012 R2?" +sidebar_position: 20 +--- + +# When does Endpoint Policy Manager Start Screen & Taskbar Manager work on Server 2019, 2016, 2012 R2? + +There are two parts of Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar +Manager: + +- Endpoint Policy Manager Start Screen Manager — Works on Server 2016 with (Desktop Experience) and + later (as it does with Windows 1703 and later). +- Endpoint Policy Manager Taskbar Manager — Will not work on Server 2016; but will work on Server + 2019 and later. + +Neither component will work on Server 2012 R2 (with Desktop Experience). diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/_category_.json new file mode 100644 index 0000000000..5e102a37bc --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Video Learning Center", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "videolearningcenter" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/extras/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/extras/_category_.json new file mode 100644 index 0000000000..d401662532 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/extras/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Extras", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/gettingstarted/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/gettingstarted/_category_.json new file mode 100644 index 0000000000..ee7419d8c4 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/methodssccmxmlmdmclo/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/methodssccmxmlmdmclo/_category_.json new file mode 100644 index 0000000000..e8e8fa6286 --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/methodssccmxmlmdmclo/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Methods SCCM XML MDM Cloud PDQ Citrix Etc", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/troubleshooting/_category_.json b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/troubleshooting/_category_.json new file mode 100644 index 0000000000..d0c808bf1b --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/videolearningcenter.md b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/videolearningcenter.md new file mode 100644 index 0000000000..6c856e51eb --- /dev/null +++ b/docs/endpointpolicymanager/knowledgebase/startscreenandtaskba/videolearningcenter/videolearningcenter.md @@ -0,0 +1,34 @@ +--- +title: "Video Learning Center" +description: "Video Learning Center" +sidebar_position: 20 +--- + +# Video Learning Center + +See the following Video topics for Start Screen and Task Bar Manager. + +## Getting Started + +- [Endpoint Policy Manager Start Screen and Taskbar Manager Helper Utility](/docs/endpointpolicymanager/video/startscreentaskbar/helperutility.md) +- [Endpoint Policy Manager Start Screen Manager: Own the Win10 Start Menu](/docs/endpointpolicymanager/video/startscreentaskbar/windows10startmenu.md) +- [Endpoint Policy Taskbar Manager: Quick Demo](/docs/endpointpolicymanager/video/startscreentaskbar/demotaskbar.md) +- [Endpoint Policy Manager Start Screen Manager: Using Item Level Targeting](/docs/endpointpolicymanager/video/startscreentaskbar/itemleveltargeting.md) +- [Endpoint Policy Manager Start Screen Manager: Add IE links](/docs/endpointpolicymanager/video/startscreentaskbar/linksie.md) + +## Troubleshooting + +- [Endpoint Policy Manager Start Screen Manager and Special Custom Icons](/docs/endpointpolicymanager/video/startscreentaskbar/customicons.md) +- [Using PP SCRIPTS to Revert Start Menu](/docs/endpointpolicymanager/video/troubleshooting/startscreentaskbar/revertstartmenu.md) + +## Methods: SCCM, XML, MDM, Cloud, PDQ, Citrix, etc. + +- [Endpoint Policy ManagerStart Screen & Taskbar Manager: Manage non-domain joined machines using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/startscreentaskbar/nondomainjoined.md) +- [Endpoint Policy Manager Start Screen & Taskbar Manager: Manage Windows 10 Start Screen & Taskbar with your MDM service (Basics with MDM)](/docs/endpointpolicymanager/video/startscreentaskbar/mdm.md) +- [Endpoint Policy Manager Start Screen Manager: Manage Windows 10 Start Screen & Taskbar with your MDM (Advanced scenarios with ILT)](/docs/endpointpolicymanager/video/startscreentaskbar/mdmitemleveltargeting.md) +- [PP Start Screen and Taskbar manager with Citrix XenApp and XenDesktop](/docs/endpointpolicymanager/video/startscreentaskbar/integration/citrix.md) +- [Taking Control of Your Taskbar and Start Menu with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/startscreentaskbar/integration/pdqdeploy.md) + +## Extras + +- [Endpoint Policy ManagerStart Screen and Endpoint Policy Manager Scripts: Specify exact Start Menu experience one time](/docs/endpointpolicymanager/video/startscreentaskbar/onetime.md) diff --git a/docs/endpointpolicymanager/leastprivilege/adminapproval/gettingstarted.md b/docs/endpointpolicymanager/leastprivilege/adminapproval/gettingstarted.md deleted file mode 100644 index 258360c27f..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/adminapproval/gettingstarted.md +++ /dev/null @@ -1,58 +0,0 @@ -# Getting Started with Admin Approval - -If there’s no Endpoint Policy ManagerLeast Privilege Manager rule to automatically elevate an -application (or allow it to bypass SecureRun™), the user is prompted with a special dialog to -request access. - -**NOTE:** See the [Admin Approval demo](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/demo.md) video for -Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager Admin Approval mode setup and -in action. - -Endpoint Policy Manager (formerly PolicyPak) Least Privilege Managerr’s Admin Approval works as if -the person with the Admin Approval Tool has a shared secret, which is a secret key that is deployed -to the computer. - -There are three parts to Admin Approval: - -- The Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager policies, which establish - Admin Approval and its secret key -- Securing the secret key (if using Group Policy method) -- The Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager Admin Approval Tool - -**NOTE:** The secret key must be delivered to the computer. You cannot deploy the key to the user. -You could have one secret key for all computers and all admins, or you could have a secret key for -only some computers and some admins. - -Admin Approval will show the user the Endpoint Policy Manager Admin Approval prompt instead of the -Windows UAC prompt when any of the following conditions are true: - -- The app is marked as requiring elevation by its developer (in the app manifest). You can see these - applications easily because they typically show a Windows shield graphic in the application’s - icon. -- The app is a legacy installer. This is defined by both Windows and Endpoint Policy Manager as a - 32-bit app without an app manifest and with one of special "setup" keywords (such as install, - setup, and so on) in its file info. -- The app is any installer and Endpoint Policy Manager ’s Admin Approval **Enforce Admin Approval - for all installers** option is enabled (explained later). -- Endpoint Policy Manager SecureRun™ is enabled, and the executable is run by someone not on the - SecureRun™ list. -- The user right-clicks a file and selects **Run with Endpoint Policy Manager**. - -For complete clarity, there are times when the user will still see a standard Windows UAC prompt and -not a PolicyPak Admin Approval prompt. These instances include: - -- When a COM interface used by the app requires elevation (for instance, the network settings - dialog). -- When one process creates another process and forces Windows to show the UAC prompt, as in one of - the following instances: - - - When a user is running Acrobat Reader as a Standard User and tries to change the upgrade - behavior. In this case, a standard Windows UAC prompt will show. - - If a user attempts to run an application like Procmon; this is because it’s attempting to load - a device driver, the standard Windows UAC prompt will show. - -- When an installer shows the standard UAC prompt. For instance, the Chrome installer doesn't - require admin rights (as it can install Chrome per user into %localappdata%). Regardless, the - Chrome installer shows a UAC prompt to see if a user can or wants to install Chrome for all users. - To help work around this issue, we provide the **Enforce Admin Approval for all installers** - option, which is explained later. diff --git a/docs/endpointpolicymanager/leastprivilege/adminapproval/overview.md b/docs/endpointpolicymanager/leastprivilege/adminapproval/overview.md deleted file mode 100644 index 14c46b2ef9..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/adminapproval/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Admin Approval - -Endpoint Policy Manager Admin Approval is a method that allows users to continue working if they are -offline or don’t have any predefined rules for bypassing a UAC prompt. In this way, users can -request to bypass UAC prompts from admins, allowing them to keep working. diff --git a/docs/endpointpolicymanager/leastprivilege/adminapproval/test.md b/docs/endpointpolicymanager/leastprivilege/adminapproval/test.md deleted file mode 100644 index 109e694139..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/adminapproval/test.md +++ /dev/null @@ -1,87 +0,0 @@ -# Testing Admin Approval - -Now log on as a Standard User and try to run an application that requires admin rights, like -PowerPointViewer installer, provided there is not a rule in place that will elevate this -application. The user is presented with a **Request Code** (also called a Challenge Code) as shown -here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval.webp) - -The user needs to present this **Request Code**, typically over the phone, to an Admin who can -create a **Response Code**. - -**NOTE:** If you (the admin) are on the machine, you may use your credentials by clicking the -**Approve with alternate Admin Credentials**. - -The Admin Approval Tool can be run in three ways: - -- As a standalone tool in the Extras folder from the Endpoint Policy Manager download (seen below) -- Directly from a machine where the Endpoint Policy Manager MMC Admin console is installed -- Directly from within a GPO - -Here, you can see the Endpoint Policy Manager Least Privilege Manager Admin Approval Tool being run -from the Endpoint Policy Manager Extras folder. Running it for the first time on any Admin’s machine -requires you to enter in the same secret key from the GPO you used earlier. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_1.webp) - -You can save the secret key in the Registry of this Admin’s machine, secured with his own encrypted -password. You could also require that the key cannot be viewed ever again when this tool is run by -choosing **Forbidden to view secret key from previous session**. - -**NOTE:** If you ever need to fully reset and start the Endpoint Policy Manager Admin Approval Tool -from scratch, simply open the Admin machine from which the tool was run and use regedit.exe to -remove the two keys located at `HKEY_CURRENT_USER\SOFTWARE\PolicyPak` named `GlobalSecurityKey` and -`GlobalSecurityKeyChecksum`. - -Once you click **OK**, you’ll be in the main Admin Approval Tool, seen here. Here is where you can -accept the Request (Challenge) Code from the user and return a **Response Code** back. Simply type -in the **Request Code**, then pick the option that makes sense. The items you can specify are: - -- Reason - Select the reason code (of which several are hardcoded into PolicyPak). -- Uses - Decide if you want the code to be used once, 5 times, 10 times, or an unlimited number of - times. -- Apply to child processes - Decide if you want the application to be able to launch child processes - as Admin. -- Expires - Choose if this code will expire in 10 minutes, 1 hour, 12 hours, or never. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_2.webp) - -**NOTE:** The Admin Approval Tool may be branded. See the section **Branding and Customization** in -this guide. - -After filling in these options, assign a value to the **Response Code** and the application will -launch. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_3.webp) - -In our example, we specified that the code could be used one time, so if the user tries to rerun the -same application, they are prompted again. - -Remember that an admin can run the Admin Approval Tool if the Endpoint Policy Manager MMC snap-in is -installed. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval.webp) - -You can also see and launch the Admin Approval Tool from within a GPO, provided you have the secret -key inside the GPO, as seen here. - -![A computer screen shot of a computer screen - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_4.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/overview.md b/docs/endpointpolicymanager/leastprivilege/bestpractices/overview.md deleted file mode 100644 index ac9fa2dfbc..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/overview.md +++ /dev/null @@ -1,15 +0,0 @@ -# Best Practices - -**NOTE:** See the -[Best Practices for Elevating User-Based Installs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevatinguserbasedinstalls.md) -video for an overview of Endpoint Policy Manager Least Privilege Manager best practices. - -Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager’s job is to overcome UAC -prompts which normally stop users from being productive. However, you always want to make sure you -are putting Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager to work in the -ideal way, and not over-permission an application, which could be a security concern. - -When possible use the Best Practice Signature Condition alongside and File Info condition as a Combo -rule. This is because both of these items have digital signatures. - -With that in mind, let’s go over some “What not to dos” before we continue on with Best Practices. diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/rules/commandline.md b/docs/endpointpolicymanager/leastprivilege/bestpractices/rules/commandline.md deleted file mode 100644 index d1ba542092..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/rules/commandline.md +++ /dev/null @@ -1,76 +0,0 @@ -# Creating and Using Command Line Rules - -From time to time, you may encounter a situation in which an application only runs from the command -line, or there is an application that you want to run with specific command-line arguments. This -could occur in day-to-day use or with items that must run from a logon script and perform the task -with elevated rights. - -**NOTE:** See the -[Prevent Users Running some commands with command lines](/docs/endpointpolicymanager/video/leastprivilege/preventusercommands.md) -video for an overview of using Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager -and command-line arguments. - -A good example would be enabling standard users to start and stop services with a command line, or -to run the Performance Monitor’s Resource Monitor. Both must be executed from the command line. - -A Combo rule addresses this issue, by using Path and Command-line argument rules. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command.webp) - -The first step, as shown here, is to specify the Path Condition, such as -`%SYSTEMROOT%\System32\sc.exe`. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_1.webp) - -For the command-line arguments in this example, the argument **stop wsearch**, which stops the -Windows Search Service, is specified. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_2.webp) - -For **Check Mode**, there are four choices: - -- Strict empty - Command must have no arguments. -- Strict equality - This means the Command and Rule will be elevated (or otherwise run) when the - arguments are exactly as you specify in the same order, with no variance. -- Ignore arguments order - This means the Command and Rule will be elevated (or otherwise run) when - all the arguments are in place, regardless of the order. -- Any argument from the list - This means that any argument in the Arguments box (separated by - spaces) is allowed in the command. - -**NOTE:** Ignore arguments order and **Any argument from the list** only work when the command has -slash-based switches. If the command line doesn’t have slashes, then use the **Strict equality** -method. - -On the next screen, for **Action**, select **Run with elevated privileges**. - -The net result is that **standard users** can now stop the `wsearch` service without needing -elevated rights. - -![A computer screen with a black and white text - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_3.webp) - -Another example would be to enable Standard Users to perform their own Registry merge. To do this, -make a Combo rule, which starts with the Path Condition running `%SYSTEMROOT%\System32\reg.exe` (not -shown). - -For the Command-line Arguments, select **Strict equality**, and then specify the location of the -.REG file, perhaps on a secure file server, as demonstrated here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_4.webp) - -Since the arguments are being specified, a user cannot add their own .REG files; they can only add -those specified by the admin (e.g., on a server where they could only read and not modify it). diff --git a/docs/endpointpolicymanager/leastprivilege/deny/overview.md b/docs/endpointpolicymanager/leastprivilege/deny/overview.md deleted file mode 100644 index 9c60bee99d..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/deny/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Denying Applications (Standard, UWP, and DLLs) - -You might have a scenario where you want to block specific EXE files, UWP applications, scripts, JAR -files, or MSIs from launching. Sometimes this is called "Application Control" or "Blacklisting." In -this section you will learn how to perform this operation for Standard and UWP applications. diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/mmcsnapin.md b/docs/endpointpolicymanager/leastprivilege/elevate/mmcsnapin.md deleted file mode 100644 index cf80b1121d..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/elevate/mmcsnapin.md +++ /dev/null @@ -1,80 +0,0 @@ -# How do I elevate MMC snap ins without granting administrative rights? - -A standard user may not be able to run an MMC console without elevated rights. For instance, a -standard user does not have the ability to start, stop, or change the configuration within any -service. This article takes you through the process to create a policy to allow this and other items -similar to this. - -**Step 1 –** Create a new GPO or edit an existing one. - -**Step 2 –** Expand the Endpoint Policy Manager node and select **Least Privilege Manager**. - -**NOTE:** User or Computer policies may be used, but general recommendation is to target to users. - -**Step 3 –** Create a new **New Executable Policy**. - -![203_1_image-20200229095829-1](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_1_image-20200229095829-1.webp) - -**Step 4 –** Select **Use combo rule (advanced)** and click **NEXT**. - -![203_3_image-20200229095829-2](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_3_image-20200229095829-2.webp) - -**Step 5 –** Select **Apply command-line arguments**, leaving everything else as-is and click -**NEXT**. - -![203_5_image-20200229095829-3](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_5_image-20200229095829-3.webp) - -**Step 6 –** Under **Path Condition**, click **Add** > **Add file** **...** - -![203_7_image-20200229095829-4](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_7_image-20200229095829-4.webp) - -**Step 7 –** In the Path field, type in `*\mmc.exe"` and click **OK**. - -![203_9_image-20200229095829-5](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_9_image-20200229095829-5.webp) - -**Step 8 –** Click on **Command-line Arguments**, select **Strict equality**, and under -**Arguments** type in the exact path to `services.msc` ("`C:\Windows\system32\services.msc`") and -click **NEXT**. - -![203_11_image-20210521112229-2](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_11_image-20210521112229-2.webp) - -**Step 9 –** Ensure "**Run with elevated privileges**" is selected and click **NEXT**. - -![203_12_image-20200229095829-7](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_12_image-20200229095829-7.webp) - -**Step 10 –** Name it according to your conventions (e.g. "`Elevate Services.msc`") and click -**FINISH**. - -**NOTE:** Users will not acquire this new GPO until Group Policy is refreshed on the user's computer -either through automatic or manual means. - -## TESTING - -To test this out, you can use the RUN command.Be sure to type in the exact command you've specified -in step 8. Only then will elevation occur. - -![203_14_image001_950x730](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_14_image001_950x730.webp) - -Additionally, you can test with a command prompt. Again, the command has to match exactly. - -![203_15_image002_950x541](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_15_image002_950x541.webp) - -**NOTE:** If you attempt other avenues, like from the Start menu or alternate command lines, they -will not work. In the example below it does not work because it is notthe exact same command line. - -![203_16_image003_950x496](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_16_image003_950x496.webp) - -In order to make this work, you need to specify a second policy with alternate approved command -lines. For instance, you could do this, which removes the requirement for -`c:\windows\system32\services.msc` - -![203_17_image004_950x475](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_17_image004_950x475.webp) - -The result would be that the shorter command line:` mmc services.msc` is accepted and runs elevated. - -![203_18_image005_950x579](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_18_image005_950x579.webp) - -However, at no time would the shortest expression, of only "`services.msc`" work. The required MMC -must appear before the command line. - -![203_19_image006_950x612](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/203_19_image006_950x612.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/registry.md b/docs/endpointpolicymanager/leastprivilege/elevate/registry.md deleted file mode 100644 index c9a6adfd40..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/elevate/registry.md +++ /dev/null @@ -1,109 +0,0 @@ -# How do I use Least Privilege Manager to Elevate .reg files to allow import by standard users - -The registry requires elevated rights to be updated. Least Privilege Manager can be used to elevate -the rights of a standard user to allow specific .reg files be imported without an administrator. - -**NOTE:** We recommend you put the .REG file on a server so the file itself is under permissions -which cannot be tampered with. It could be a risk to put the .REG file locally on the hard drive -where anyone could edit the raw contents. - -## Method 1: New Executable Policy - -**Step 1 –** Create new GPO where required. - -**Step 2 –** Expand Netwrix Endpoint Policy Manager (formerly PolicyPak) node on either Computer, or -User Configuration side, and click ,**Least Privilege Manager**. - -**Step 3 –** Add new EXE Policy (a or b). - -![621_1_image-20200510100624-1](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_1_image-20200510100624-1.webp) - -**Step 4 –** Select **Use Combo Rule …** and click **NEXT**. - -![621_3_image-20200510100625-2](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_3_image-20200510100625-2.webp) - -**Step 5 –** Under **Conditions** check **Path**, and under Settings check **Command-line -arguments** and **Apply to child processes** . Click **Next**. - -![621_5_image-20200510100625-3](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_5_image-20200510100625-3.webp) - -**Step 6 –** Under **Path Condition** click the **Add** drop-down and select **Add file ...**. - -![621_7_image-20200510100625-4](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_7_image-20200510100625-4.webp) - -**Step 7 –** Either browse for `regedit.exe`, or type in "`%SYSTEMROOT%\regedit.exe`" and click -**OK**. - -![621_9_po_950x46](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_9_po_950x46.webp) - -**Step 8 –** Click on **Command-line Arguments** - -1. Under **Check Mode** select **Strict equality** -2. In the **Arguments** box type in text entered in Path Condition (step7) and path to `.reg` file - to elevate -3. Check **Ignore arguments case** -4. Click **Next**. - - ![621_11_image-20200510100625-6](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_11_image-20200510100625-6.webp) - -**Step 9 –** Select **Run with elevated privileges** and Click **Next**. - -![621_13_image-20200510100625-7](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_13_image-20200510100625-7.webp) - -**Step 10 –** Rename and set Item Level Targeting if required and click **Finish**. - -## Method 2: New Script Policy - -Before you create the policy, place your script on a server or secure, shared location (e.g. -`\\server\share\PSscript.ps1`). The following is a sample script that can be used with either -PowerShell or as a batch file to import a `.REG` file: - -``` -Regedit.exe /s \\server\share\NewRegValue.reg -``` - -**Step 1 –** Create new GPO where required. - -**Step 2 –** Expand PolicyPak node on either Computer or User Configuration side and click on -.**Least Privilege Manager**. - -**Step 3 –** Create new SCRIPT Policy (a or b). - -![621_15_image-20200510100625-8](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_15_image-20200510100625-8.webp) - -**Step 4 –** Select **Use Combo Rule …** and click **Next**. - -**NOTE:** Although you can use a simple rule and simply use path as the qualifying factor, for -security purposes it is recommended you have multiple qualifying factors. - -![621_17_image-20200510100625-9](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_3_image-20200510100625-2.webp) - -**Step 5 –** Under Conditions check **Path** and **Hash** and click **Next**. - -![621_19_image-20200510100625-10](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_19_image-20200510100625-10.webp) - -**NOTE:** If you make changes to the script, the Hash value will need to be updated for the policy -to remain valid. Alternatively, if you digitally sign your script, Signature can be used instead of -Hash as the second method of validation. - -**Step 6 –** Under Path Condition click the **Add** drop-down and select .**Add file ...**. - -![621_21_image-20200510100625-11](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_21_image-20200510100625-11.webp) - -**Step 7 –** Browse to the location of the` PowerShell script -> When Prompted`, allow to -automatically fill in Hash value, - -![621_23_image-20200510100625-12](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_23_image-20200510100625-12.webp) - -![621_25_image-20200510100625-13](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_25_image-20200510100625-13.webp) - -**Step 8 –** Click on **Hash Condition** to confirm Value has been `set -> If desired`, and change -algorithm to setting of . - -![621_27_image-20200510100625-14](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_27_image-20200510100625-14.webp) - -**Step 9 –** Select "**Run with elevated privileges**and click **Next**. - -![621_29_image-20200510100625-15](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/621_13_image-20200510100625-7.webp) - -**Step 10 –** Rename and set Item Level Targeting if required and click **Finish**. diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/scripts.md b/docs/endpointpolicymanager/leastprivilege/elevate/scripts.md deleted file mode 100644 index 0dd431ad4d..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/elevate/scripts.md +++ /dev/null @@ -1,33 +0,0 @@ -# Elevating Scripts - -**NOTE:** For an overview on elevating scripts and preventing scripts from running, which could need -admin rights, see the -[Elevate (or smack down) scripts and Java JAR files](/docs/endpointpolicymanager/video/leastprivilege/elevate/scripts.md) -video. - -You might need to elevate a script that has contents that would perform admin-only functions, like -editing the Registry, turning on or off Services, and so on. You might also want to block scripts -from running to prevent attacks that originate over email or on USB flash drives. In these cases, -you can use Endpoint Policy Manager Least Privilege Manager to elevate or block scripts from -running. - -Kick off the process to create a policy for scripts by going to **Add** > **New Script Policy**. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/elevating_scripts.webp) - -The script types that are supported for elevation and for blocking are: - -- BAT -- CMD -- PS1 -- JS -- JSE -- VBS -- VBE -- JAR - -These script types can also be blocked automatically and universally by using the Endpoint Policy -Manager Least Privilege Manager SecureRun™ feature, as described in later topics. diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/singlelinecommands.md b/docs/endpointpolicymanager/leastprivilege/elevate/singlelinecommands.md deleted file mode 100644 index 8c80909015..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/elevate/singlelinecommands.md +++ /dev/null @@ -1,15 +0,0 @@ -# Endpoint Privilege Manager: How do I elevate single line commands (second batch file method)? - -Here is the way to elevate commands which are single line, like this one: - -``` -Abc.exe /switch1 parameter=XYZ /switch2 -``` - -An example of elevating the SCCM computer setup can be seen below: - -![479_1_pplpm-faq2-image001](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/479_1_pplpm-faq2-image001.webp) - -![479_2_pplpm-faq2-image002](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/479_2_pplpm-faq2-image002.webp) - -![479_3_pplpm-faq2-image003](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/479_3_pplpm-faq2-image003.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/overview.md b/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/overview.md deleted file mode 100644 index ab2a6ff229..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/overview.md +++ /dev/null @@ -1,58 +0,0 @@ -# Auditing Settings - -Using Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager to remove admin rights or -turn on SecureRun™ is going to make your machines more secure. However, that also means that some -users might not be able to perform some actions with these two security measures in place. To -mitigate this, you may need to do some research to find out just what privileges your users require. -Endpoint Policy Manager Global Settings Policy lets you set up auditing to find out what -applications require extra privileges from standard users. There are four choices: - -- Audit applications requiring elevation - Help you learn, in advance of a transition, which items - require rules and what items will need rules to overcome UAC prompts. -- Audit elevated applications - Help you learn, after a transition, which items still need rules to - overcome UAC prompts. -- Audit untrusted applications - Help you learn, in advance or after a transition, which items that - would be automatically blocked by SecureRun™ are, in fact, blocked by SecureRun™ and will need - rules to overcome. -- Audit unsigned applications - Help you learn, in advance or after a transition, which items that - would be automatically blocked by SecureRun™ if trapping for unsigned applications. - -To begin the discovery process you will add a New Global Settings Policy, which can be done on -either user or computer side. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/auditingsettings/auditing_settings.webp) - -When you create a Global Settings Policy, you can choose to turn on the settings shown here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/auditingsettings/auditing_settings_1.webp) - -Enabling these settings will write special events to the event logs. - -- Audit applications requiring elevation - Makes an audit log entry when a process is not elevated, - but Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager sees that it requires - elevation. We can detect Applications that specify "require elevation" in the manifest and if the - application is a Legacy Installer (that is, a 32-bit app without a manifest and with a - keyword—e.g. Install, Setup, etc.—in the file info). It should be noted that Endpoint Policy - Manager (formerly PolicyPak) Least Privilege Manager does not support detection of dynamically - elevated processes. -- Audit elevated applications - Makes audit log entries for processes that runelevated (i.e., - successful runs after applications are elevated). This creates an event, regardless of the reason - why the application runs elevated. Examples scenarios for this case could include apps that always - require elevation, apps that require elevation only when run by an admin (e.g. regedit), or - situations in which a user selected to run a file as an administrator. It should be noted that the - only time this setting will not write an event to the event log (as an AUDIT event) is when there - is a Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager rule in place to perform - the elevation, in which case it would get its own event ID type. -- Audit untrusted applications - Discovers rules needed when SecureRun™ is turned on. If an - application is attempted, but the item’s file owner is not in the SecureRun™ list, then the - application will be blocked when SecureRun is turned on. -- Audit unsigned applications - Discovers rules needed when SecureRun™ is turned on and the “Block - all unsigned” option would block unsigned applications. - -We'll discuss each of these auditing events in the next sections. diff --git a/docs/endpointpolicymanager/leastprivilege/events/client.md b/docs/endpointpolicymanager/leastprivilege/events/client.md deleted file mode 100644 index b3cca33611..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/events/client.md +++ /dev/null @@ -1,10 +0,0 @@ -# Client Events - -There is only one event ID for Endpoint Policy Manager Least Privilege Manager Client events. That -is Event 100, which describes when a User or Computer picks up new Endpoint Policy Manager Least -Privilege Manager policies. An example of this kind of event can be seen here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/client_events.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/events/createpolicy/cloud.md b/docs/endpointpolicymanager/leastprivilege/events/createpolicy/cloud.md deleted file mode 100644 index b4020394cb..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/events/createpolicy/cloud.md +++ /dev/null @@ -1,38 +0,0 @@ -# Creating Policy from Endpoint Policy Manager Cloud Events - -In order to receive Endpoint Policy Manager reports for events via Endpoint Policy Manager Cloud -Event Collector, you will need to complete the following steps: - -- Submit a support ticket to activate the Cloud Event Log Collector -- Trialers/Customers will only have a one-day event collection offered at no cost -- 7 Day, 14 Day, or 30 Day storage intervals for retained events - -**Step 1 –** Select the Company Group you want to push events to Endpoint Policy Manager Cloud and -select **Edit Group**. - -![creating_policy_from_policypak](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager.webp) - -**Step 2 –** Select the **Event Collector**,Refresh interval for computers time setting. - -![creating_policy_from_policypak_1](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_1.webp) - -**Step 3 –** Select the Event IDs you want to collect. - -![creating_policy_from_policypak_2](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_2.webp) - -**NOTE:** You can select the drop-down option to select the Event IDs. See the -[List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/tips/eventcategories.md) topic -for a list of Endpoint Policy Manager Event IDs. - -**Step 4 –** Go to the Reports section to see the events that have been generated. - -![creating_policy_from_policypak_3](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_3.webp) - -**Step 5 –** Use the Generate Rule(s) wizard to create policies from forwarded events. - -![creating_policy_from_policypak_4](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_4.webp) - -**Step 6 –** Final Result: a Rule is created and you can edit the policy name and/or change the -conditions if needed. - -![creating_policy_from_policypak_5](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_5.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/events/operational.md b/docs/endpointpolicymanager/leastprivilege/events/operational.md deleted file mode 100644 index cf375c95ee..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/events/operational.md +++ /dev/null @@ -1,60 +0,0 @@ -# Operational Events - -Events in section are divided into the following categories: - -- User Action Allowed events (Event ID 1000+) -- User Action Blocked events (Event ID 2000+) -- Audit/Discovery events (Event ID 6200+) -- Admin Approval events (Event ID 6300+) - -See the [List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/tips/eventcategories.md) -topic for all event IDs. - -Each event ID will have the following fields: - -- Path -- Command line -- Process Id -- Parent Id -- Policy Object -- Collection -- Policy - -Here is an example of Event 6310, which shows that a response code was accepted by user and an -application was given the OK to run: - -``` -Short response code verified -Dialog Guide: {68FCD989-4966-F9D4-BB1F-20630E9D5116}  -User Sid: S-1-5-21-934088035-149717768-3671783038-1116 -User Name: FABRIKAM\EastSalesUser1 Process Id: 5100 -Process Path: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe -Command Line: "C:\Users\eastsalesuser1\Desktop\Silverlight install.exe" -Task Kind: Application Installer  -Executable File: -C:\Users\eastsalesuser1\Desktop\Silverlight install.exe  -Executable File Sha256: -742F7911C4711F500867754F2D5F84A80A1B93DDC9ED07359455549E7032 C217 -File Owner Sid: S-1-5-21-934088035-149717768-3671783038- 1116 -File Owner Name: No Trusted:  No Signed: Yes -Reason: Software Installation Forced Elevation: No -Code Uses: 1/1 Expiration: Never -Apply to Child Processes: Yes - -``` - -The reason code that is written to Event 6310 is from a fixed list in the Endpoint Policy Manager -Least Privilege Manager code generator tool and is not admin- or user-definable. When the admin -chooses a reason code, as seen here, that is what is recorded within the event on the client. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/operational_events.webp) - -An example of Event 613 can be seen here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/operational_events_1.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/events/overview.md b/docs/endpointpolicymanager/leastprivilege/events/overview.md deleted file mode 100644 index 549e01a0b1..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/events/overview.md +++ /dev/null @@ -1,49 +0,0 @@ -# Discovery, Auditing, and Events - -Endpoint Policy ManagerLeast Privilege Manager uses Windows event logs to generate interesting -events that you can audit. You can use these events to audit what has occurred. - -**NOTE:** See the [Events](/docs/endpointpolicymanager/video/leastprivilege/events.md) video for a demo of the Endpoint -Policy Manager Least Privilege Manager Events in action. - -You can also use these events, before you fully roll out Endpoint Policy Manager Least Privilege -Manager, to discover what rules you would need to make when you transition from local admin rights -to SecureRun™. - -**NOTE:** See the -[Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) -video for a demo of Endpoint Policy Manager Least Privilege Manager Discovery in action. - -Events are logged on each endpoint machine and only when the interesting event occurs. You can find -Endpoint Policy Manager Least Privilege Manager events inside Event Viewer in the Application and -Services folder and under the Endpoint Policy Manager node. Once you get an understanding of -Endpoint Policy Manager Least Privilege Manager and events, you might want to set up event -forwarding to capture and forward events from multiple machines. In this way you can see what -multiple users are doing and look through the events for interesting ideas to convert into rules. - -- See the - [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md) - topic to learn more about event forwarding. -- You can also use Netwrix Auditor to capture events from endpoints to bring them to a centralized - source for investigation. See the - [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/integration/auditor/reports.md) - topic for additional information. -- You can use Azure Log Analytics to store Endpoint Policy Manager Least Privilege Manager events. - See the - [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/tips/eventlogs.md) - topic for additional information. -- You can use Endpoint Policy Manager Cloud to store Endpoint Policy ManagerLeast Privilege Manager - events and make rules from stored events. See the - [Endpoint Policy Manager Cloud + PPLPM + Events: Collect Events in the Cloud](/docs/endpointpolicymanager/video/leastprivilege/cloudevents.md)video - for additional information. - -Endpoint Policy Manager Least Privilege Manager has two event sources, which can be seen in Event -Viewer. - -- Endpoint Policy Manager Least Privilege Manager Client -- Endpoint Policy Manager Least Privilege Manager Client—Operational - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/discovery_auditing_and_events.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/export.md b/docs/endpointpolicymanager/leastprivilege/export.md deleted file mode 100644 index 3f61d1be52..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/export.md +++ /dev/null @@ -1,21 +0,0 @@ -# Exporting Policies and Collections - -The [MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md) topics explain how to use the Endpoint Policy Manager -Exporter to wrap up any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint -Manager (SCCM and Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. To export a -policy for later use using Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud, -right-click the collection or the policy and select **Export to XML**. This will enable you to save -an XML file, which you can use later. - -**NOTE:** For more information on how to use Endpoint Policy Manager Least Privilege Manager and -Endpoint Policy Manager Cloud, please see the -[Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) -and the [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) -videos, - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/exporting_policies_and_collections.webp) - -**NOTE:** Exported collections or policies maintain any Item-Level Targeting set within them. diff --git a/docs/endpointpolicymanager/leastprivilege/itemleveltargeting.md b/docs/endpointpolicymanager/leastprivilege/itemleveltargeting.md deleted file mode 100644 index aea721d464..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/itemleveltargeting.md +++ /dev/null @@ -1,86 +0,0 @@ -# Item-Level Targeting with Collections and Policies - -**NOTE:** For more information on Endpoint Policy Manager Least Privilege Manager and Item Level -Targeting, please see the -[Endpoint Privilege Manager: Use Item Level Targeting to hone in when rules apply.](/docs/endpointpolicymanager/video/leastprivilege/itemleveltargeting.md) -video. - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint -Policy Manager to target or filter where specific items will apply. With Endpoint Policy -ManagerLeast Privilege Manager, Item-Level Targeting can be placed on collections as well as -Endpoint Policy Manager Least Privilege Manager policies within collections. - -A collection enables you to group together Endpoint Policy Manager Least Privilege Manager policies -so they can act together. For instance, you might create a collection for only East Sales Users and -another for West Sales Users. . - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with.webp) - -Below you can see two created collections that can hold other collections or policies. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_1.webp) - -Right-click any Endpoint Policy Manager Least Privilege Manager Collection or Policy and select -**Change Item-Level Targeting**, to set filtering conditions on when the policy will apply. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_2.webp) - -The **Change Item Level Targeting** menu item brings up the Targeting Editor. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_3.webp) - -You can select any combination of characteristics you want to test for. Administrators familiar with -Group Policy Preferences’ Item-Level Targeting will be at home in this interface as it is -functionally equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically. You can also add targeting collections, which group together targeting items in much the -same way parentheses are used in an equation. In this way, you can create a complex determination -about where a policy will be applied. Collections may be set to **And**, **Or**, **Is**, or **Is -Not**. - -**NOTE:** Additionally, Endpoint Policy Manager Least Privilege Manager allows you to target users -or user groups, even if the policy is on the computer side. See the -[Link to Computer, Filter by User](/docs/endpointpolicymanager/video/leastprivilege/userfilter.md) video for details on this -superpower. - -Below are some real-world examples of how you can use Item-Level Targeting. - -- Software prerequisites. If you want to configure an application’s settings, first make sure the - application is installed on the user’s computer before configuring it. You can use File Match or - Registry Match targeting items (or both) to verify a specific version of a file, or a registry - entry is present. For an example of this, look in the Uninstall registry key. -- Mobile computers. If you want to deploy settings exclusively for users on mobile PCs, filter the - rule to apply only to mobile PCs by using the Portable Computer targeting item. -- Operating system version. You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system and then filter - each rule using the Operating System targeting item. -- Group membership. You can link the Group Policy Object (GPO) to the whole domain or organizational - unit (OU), but only members within a specific group will pick up and process the rule settings. -- IP range. You can specify different settings for various IP ranges, like different settings for - the home office and each field office. - -After editing is completed, close the editor. The policy's icon, or the collection’s icon, has now -changed to orange, which shows that it has Item-Level Targeting, as well as the Column labeled Item -Level Targeting, as seen below. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_4.webp) - -When Item-Level Targeting is on, the policy won’t apply unless the conditions are true. If -Item-Level Targeting is applied to a collection, then none of the items in the collection will apply -unless the Item-Level Targeting on the collection evaluates to true. diff --git a/docs/endpointpolicymanager/leastprivilege/mac/logs.md b/docs/endpointpolicymanager/leastprivilege/mac/logs.md deleted file mode 100644 index 4c3094cf18..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/mac/logs.md +++ /dev/null @@ -1,147 +0,0 @@ -# Logging guide for Endpoint Privilege Manager for Mac Clients - -This guide will help you understand local Mac logging and also how to send those logs to Netwrix -Endpoint Policy Manager (formerly PolicyPak) Cloud if desired. - -## Understanding log files on the client - -The Endpoint Policy Manager logs are located in /Library/Application Support/PolicyPak/Logs. If -requested by Support, zip up these three logs. As the customer, you can find useful information -within endpointpolicymanagerd.log and cloud.log (details below). - -![1329_1_6e10551394ec326177434ffc228df475](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_1_6e10551394ec326177434ffc228df475.webp) - -### Understanding Endpoint Policy ManagerD.Log - -This log shows every process that ran on the computer. When installed, Endpoint Policy Manager needs -to monitor all processes on the endpoint to determine if there is a policy against that process and -then acts upon it if necessary. This log shows those processes and the policy information, if there -is a policy. - -No Existing Policy - -![1329_2_d6a33d883a790b8367004838c34e770f](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_2_d6a33d883a790b8367004838c34e770f.webp) - -Policy Exists - -![1329_3_4b3667fda4b8ee8bc6b9d9a09ef88ee8](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_3_4b3667fda4b8ee8bc6b9d9a09ef88ee8.webp) - -### Understanding Cloud.log - -Cloud.log contains actioned items from the endpointpolicymanagerd.log file, processes that ran by the user and -were either Allowed, Elevated or Blocked by Endpoint Policy Manager policies. - -**NOTE:** To get a better understanding of how you policies are working, or not working, -endpointpolicymanagerd.log will tell not only what processes were affected by policies, but also what processes -weren’t – and maybe should have been. - -![1329_4_30c21b2015b47e5d92143f82a31997eb](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_4_30c21b2015b47e5d92143f82a31997eb.webp) - -## Setting up Endpoint Policy Manager Cloud Groups for Event Collection - -Having these logs locally is all well and good, but we also have the ability to centrally store -these logs and present the data in a more readable format. - -Our Event Collector in the cloud can take these events, upload them to your Endpoint Policy Manager -cloud instance, and allow you to pull reports based on this data. - -**NOTE:** This is a paid, extra service that is not enabled by default. - -Event collection is part of the Group configuration. There are two types of groups that your -endpoints can be a part of: Built-in and Company. - -Built-in - -Without going into too many details here (there are KB articles where you can get more information -on this topic), the main Built-in Group is the Allgroup. Every endpoint that has an account will -automatically be a member of Windows or, in this case, MacOSs All group. If this group is configured -with Event Collection, all endpoints will send their cloud.log data up to the cloud. - -Computer - -Computer groups are created and configured by you, the Endpoint Policy Manager cloud instance -administrator. You specify what computer accounts are members here, and thereby only those endpoints -will upload the data you specify in that group Event Collection configuration. - -There are a few ways to add a computer to a group, but the most common way is directly through the -group. - -**Step 1 –** Highlight the group you want to add the computer(s) to. - -**Step 2 –** Click on **Add/Remove Computer from Group** (under Actions). - -![1329_5_cd439679970dd94379dc97da3de13756](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_5_cd439679970dd94379dc97da3de13756.webp) - -**Step 3 –** Click **Available Computers**. - -![1329_6_89a9d67a0c348b5ab03d304ea9392884](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_6_89a9d67a0c348b5ab03d304ea9392884.webp) - -**Step 4 –** Check the ones to add and click **Add**. - -Event Collection Configuration - -To configure Event Collection, highlight the group and click **Edit Group** under Actions. On the -resulting pop-up window, click on the **Event Collector** tab. - -![1329_7_44a2bef19cdb90973520bb3702397eb4](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_7_44a2bef19cdb90973520bb3702397eb4.webp) - -The **Event submission interval** dictates how often the logs get uploaded to the cloud. This is -separate and distinct from the **Refresh interval for computers** on the previous tab, which -dictates how often the endpoint synchronizes the policies with the cloud. - -You can also choose which events are collected and stored in the cloud. On large networks, this will -save you from a lot of noise when looking for specific things. We generally recommend starting will -All events until you figure out what it is you want to see, and then just select the ones you want. - -When **Selected Events** is selected, clicking on the Info icon brings up a list of Event IDs that -can be selected. In the image below are highlighted the two Event types that shown in the cloud.log -example above. - -![1329_8_464e110a1254c22ecac8a612b13ffc76](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_8_464e110a1254c22ecac8a612b13ffc76.webp) - -Notes on Collection configuration: - -- When the Allgroup is configured, all endpoints will receive the configuration. -- When a Parent group is configured, all child groups will, by default, inherit the configuration as - well. This behavior, however, can be altered to block inheritance. -- If a computer is a member of multiple groups, the behavior is essentially accumulative. That is, - all selected IDs will be included and uploaded in the shortest interval set. - -See the -[How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?](/docs/endpointpolicymanager/cloud/eventcollection/childgroups.md) -topic for additional information. - -Forcing Event submission - -If you are testing, or just want to upload the data immediately, you can force the upload of the -cloud.log file with the following command: - -`policypak cloud-push-logs` - -![1329_9_e5dddf2ba28a115aa5782c49a21fbac6](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_9_e5dddf2ba28a115aa5782c49a21fbac6.webp) - -**NOTE:** This command can be run by a standard user. It does not require elevated or administrative -rights to perform. - -## Reporting on Collected Events - -All the collected events can be accessed through the **Computers (Collected Events)** report on the -Reports tab and selecting **Endpoint Policy Manager Least Privilege Manager for macOS**. - -![1329_10_2ab64dc549729d2f51cdf61ab7d88108](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_10_2ab64dc549729d2f51cdf61ab7d88108.webp) - -Next, configure the time period you want to report on. The default is the beginning of the day, but -this can be altered to the desired start and stop time and date. Click **Show** to see the results. - -![1329_11_7135ed6ab54692983796dd995a2517e4](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_11_7135ed6ab54692983796dd995a2517e4.webp) - -The results can be filtered to show only the desired information. For example, show only specific -computers or only Elevation events. Every column can be filtered by clicking on the ellipsis within -the column header. - -![1329_12_3996f6bea2016ba07eaf96f5c05b43c0](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_12_3996f6bea2016ba07eaf96f5c05b43c0.webp) - -For offline analysis, the report can be exported to either Excel or, if very large, CSV format. This -can be done before or after filtering. - -![1329_13_50b225886bba8747a9460411f4662cc9](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_13_50b225886bba8747a9460411f4662cc9.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/overview.md b/docs/endpointpolicymanager/leastprivilege/overview.md deleted file mode 100644 index d08ffc6942..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/overview.md +++ /dev/null @@ -1,115 +0,0 @@ -# Least Privilege Manager (Windows) - -About Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager - -Before reading this section, please ensure you have read the -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md) topics, which will help -you learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial or Licensed mode -- Set up a common OU structure - -Optionally, this manual demonstrates how to use on-prem Active Directory and Group Policy to deploy -Endpoint Policy Manager Least Privilege Manager directives. If you don't want to use Group Policy, -read the [MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md) topics for additional information on how to deploy -your directives. - -Endpoint Policy Manager Least Privilege Manager enables you to do the following: - -- Get out of the risky business of giving users local admin rights. -- Shut the door on malware, crypto-malware, and zero-day exploits. -- Let non-admins safely install software they need, on-demand. -- Elevate specific scripts to run as needed (without insecurely embedding the script password inside - the script file). -- Elevate specific Java JAR files to run in this way, as needed. - -For instance, you don’t want to block your Standard Users from running applications that throw a UAC -prompt. A Standard User doesn’t have the right permissions, and that’s where Endpoint Policy Manager -Least Privilege Manager can come in. - -**NOTE:** For more information on this issue, watch the -[Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) -video. - -The basic way to use Endpoint Policy Manager Least Privilege Manager is as follows: - -- Remove local admin rights from all users. -- Create a rule to specify which applications, Control Panel applets, or other areas a user would - need admin rights to. -- Create a Endpoint Policy Manager SecureRun™ rule to prevent all unknown applications from running - (optional, but recommended). -- Use On-Prem Group Policy to accept the Endpoint Policy Manager Least Privilege Manager policies - created. (This is what this guide will demonstrate.) -- Alternatively, export the Endpoint Policy Manager Least Privilege Manager rules and deliver them - in one of these ways: - - - Microsoft SCCM (See theDeploy Endpoint Policy Manager Settings Using SCCM or Other Management - System! video overview for additional information.) - - Microsoft Intune (See the - [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) video - overview for additional information.) - - Your own systems management software (PDQ Deploy or similar) (See the - [Deploying Apps that Require Admin Rights Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeploy.md) - video overview for additional information.) - - Endpoint Policy Manager Cloud service (See the - [Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) - video overview for additional information.) - -Then allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to -receive the directives and perform the work. - -**NOTE:** If you use an MDM service or Endpoint Policy Manager cloud service, you can deliver -Endpoint Policy Manager Least Privilege Manager settings even to non-domain-joined machines over the -Internet. - -## Endpoint Privilege Manager Moving Parts - -First thing is to understand the moving parts. - -- A management station. The Endpoint Policy Manager Admin Console MSI must be installed on the - management station where you create GPOs. Once it’s installed, you’ll see the Endpoint Policy - Manager | Endpoint Policy Manager Least Privilege Manager node, as shown below. -- The Endpoint Policy Manager CSE. This runs on the client (target) machine and is the same CSE for - all Endpoint Policy Manager components (such as Endpoint Policy Manager Least Privilege Manager, - Endpoint Policy Manager Device Manager, Endpoint Policy Manager Application Settings Manager, - etc.). -- Windows Endpoints. In order to use these, they must be licensed for Endpoint Policy Manager Least - Privilege Manager using one of the licensing methods. -- Mac Endpoints (optional). Mac endpoints must use Endpoint Policy Manager Cloud to get Endpoint - Policy Manager Least Privilege Manager directives. See more in the Endpoint Policy Manager Cloud - for MacOS Client manual. - -Also available is Endpoint Policy Manager Cloud when you purchase Endpoint Policy Manager Enterprise -or Endpoint Policy Manager SaaS. - -Endpoint Policy Manager Cloud enables you to create Endpoint Policy ManagerLeast Privilege Manager -directives using the in-cloud editors and connect endpoints (Windows and Mac) to get Endpoint Policy -Manager Least Privilege Manager directives. - -![overview1](/img/product_docs/endpointpolicymanager/leastprivilege/overview1.webp) - -While this manual mostly demonstrates concepts using the Group Policy editor, nearly everything can -be done using the in-Endpoint Policy Manager-Cloud editors. Additionally, you can take on-prem MMC -directives and upload them to Endpoint Policy Manager Cloud, and take in-cloud directives and -download them back as MMC directives. - -Additionally, you may use Endpoint Policy Manager Least Privilege Manager with any management system -you like such as SCCM, Intune, PDQ deploy or anything else. This is because Endpoint Policy Manager -Least Privilege Manager directives may be exported as XML and wrapped up using the Endpoint Policy -Manager Exporter tool. This is a free utility that lets you take Endpoint Policy Manager Admin -Templates Manager and our other products’ XML files and wrap them into a portable MSI file for -deployment using Microsoft Endpoint Manager (SCCM and Intune), or your own systems management -software. - -The [MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md) topics explain how to use the Endpoint Policy Manager -Exporter to wrap up any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint -Manager (SCCM and Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. - -In other words, you are free to use any delivery methodof your choice with Endpoint Policy Manager -Least Privilege Manager. - -This manual is designed to give you the basic concepts and operational scenarios you may encounter, -but once you get those down, you are free to use whatever delivery method is best for your -organization. diff --git a/docs/endpointpolicymanager/leastprivilege/overview/knowledgebase.md b/docs/endpointpolicymanager/leastprivilege/overview/knowledgebase.md deleted file mode 100644 index 2b74ef854f..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/overview/knowledgebase.md +++ /dev/null @@ -1,88 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Least Privilege Manager. - -## Licensing - -- [What is the difference between Endpoint Privilege Manager Standard and Complete licenses?](/docs/endpointpolicymanager/leastprivilege/license.md) - -## Tips (How does PPLPM work?) - -- [Which account does an elevated process run within?](/docs/endpointpolicymanager/leastprivilege/accountelevatedprocess.md) -- [Does Endpoint Privilege Manager block Macro attacks?](/docs/endpointpolicymanager/leastprivilege/macroattacks.md) -- [How secure is it just to use the digital signature? Can someone spoof a digital signature?](/docs/endpointpolicymanager/leastprivilege/digitalsignature.md) -- [Is Endpoint Privilege Manager compatible alongside an existing installation of Microsoft Applocker?](/docs/endpointpolicymanager/integration/applocker.md) -- [How can I change the behavior of "Run as Admin" with Endpoint Privilege Manager and how has it changed from previous versions?](/docs/endpointpolicymanager/leastprivilege/runasadmin.md) - -## Tips (Specific Workaround for Apps and Scenarios) - -- [How to create an LPM Policy for (SynTPEnh.exe) Synaptics Pointing Device Driver](/docs/endpointpolicymanager/leastprivilege/synapticspointingdevicedriver.md) -- [Install Windows Fonts for users or Elevate end-users to install fonts themselves](/docs/endpointpolicymanager/leastprivilege/elevate/installfonts.md) -- [How do I elevate MMC snap ins without granting administrative rights?](/docs/endpointpolicymanager/leastprivilege/elevate/mmcsnapin.md) -- [How do I use Least Privilege Manager to Elevate .reg files to allow import by standard users](/docs/endpointpolicymanager/leastprivilege/elevate/registry.md) -- [How-to elevate Windows Defender Firewall in Endpoint Privilege Manager?](/docs/endpointpolicymanager/leastprivilege/elevate/windowsdefender.md) -- [How do I elevate installers that are classified as Installers but not Applications? Like Ninite, 7z, or Self-Extract?](/docs/endpointpolicymanager/leastprivilege/elevate/installers.md) -- [Allowing access/edit rights to specific files for standard users](/docs/endpointpolicymanager/leastprivilege/editrights.md) -- [How to Elevate applications with a .application extension using Least Privilege Manager](/docs/endpointpolicymanager/leastprivilege/elevate/applicationextension.md) -- [How do I elevate .MSP files such as Adobe Acrobat updates?](/docs/endpointpolicymanager/leastprivilege/elevate/mspfiles.md) -- [FTK Imager crashes with 'Server Busy' dialog box when "Image Mounting" while running elevated](/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/serverbusy.md) - -## Tips (Files, Folders and Dialogs) - -- [How can I make all files in a folder, or all files in all recursive folders Elevated, Blocked, or Allow & Log?](/docs/endpointpolicymanager/leastprivilege/elevate/allfiles.md) - -## Tips and SecureRun (TM) - -- [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md) -- [How do I setup SecureRun when there are so many variables and still ensure my rules work no matter what version of the software I have I installed?](/docs/endpointpolicymanager/leastprivilege/securerun/setup.md) -- [When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this?](/docs/endpointpolicymanager/leastprivilege/securerun/enablepowershell.md) -- [What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ?](/docs/endpointpolicymanager/leastprivilege/securerun/blockedscripttypes.md) -- [How to run WebEx Meeting as regular user when SecureRun is enabled](/docs/endpointpolicymanager/leastprivilege/securerun/webex.md) -- [How to install and run MYKI Password Manager as regular user when SecureRun is enabled](/docs/endpointpolicymanager/leastprivilege/securerun/mykipasswordmanager.md) -- [How do I allow a Chrome extension blocked by SecureRun to be installed?](/docs/endpointpolicymanager/leastprivilege/securerun/chromeextension.md) -- [Least Privilege Manager and SecureRun Implementation Best Practices](/docs/endpointpolicymanager/leastprivilege/securerun/bestpractices.md) -- [How does the option "Show Admin Approval dialog for untrusted application" in Admin Approval work?](/docs/endpointpolicymanager/leastprivilege/securerun/adminapprovalwork.md) - -## Tips for Admin Approval, Self Elevate, Apply on Demand, SecureCopy and UI Branding - -- [Can I use Endpoint Privilege Manager to LOWER / remove admin rights from Administrators from an application or process, like Internet Explorer?](/docs/endpointpolicymanager/leastprivilege/reduceadminrights.md) -- [I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?](/docs/endpointpolicymanager/leastprivilege/elevate/dragdrop.md) -- [How do I use the Filter section in Endpoint Privilege Manager ?](/docs/endpointpolicymanager/leastprivilege/policyeditor/scope.md) -- [How do I install an Active X control if it is not digitally signed?](/docs/endpointpolicymanager/leastprivilege/policyeditor/activexcontrol.md) -- [How to Defend against malicious PowerShell attacks (DLLs)?](/docs/endpointpolicymanager/leastprivilege/powershell/maliciousattacks.md) -- [How can I integrate Endpoint Privilege Manager and Servicenow (or any other help desk) via email?](/docs/endpointpolicymanager/integration/servicenow.md) -- [Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers](/docs/endpointpolicymanager/leastprivilege/policyeditor/selfelevation.md) -- [How does the "Show Pop-Up" message checkbox work along side "Force user re-authenticate" and "Justification text required" checkboxes?](/docs/endpointpolicymanager/leastprivilege/policyeditor/optionsshowpopupmessage.md) -- [How does custom menu item text work after builds 23.8 and later?](/docs/endpointpolicymanager/leastprivilege/custommenuitemtext.md) - -## Tips (Old, use only if asked) - -- [Endpoint Privilege Manager: How do I elevate single line commands (second batch file method)?](/docs/endpointpolicymanager/leastprivilege/elevate/singlelinecommands.md) -- [How to elevate Print driver installation using Endpoint Privilege Manager? (alternate method)](/docs/endpointpolicymanager/leastprivilege/elevate/printerdriverinstall.md) - -## Troubleshooting - -- [What log can help me determine why an application (MSI, etc.) was ALLOWED, ELEVATED or BLOCKED?](/docs/endpointpolicymanager/troubleshooting/log/leastprivilege/determinewhy.md) -- [Why doesn't Endpoint Privilege Manager work Windows 7 + SHA256 signed.JS and .VBS files ?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/supportedenvironments.md) -- [I want all the files in a folder to be ALLOWED when SecureRun is used. What is the correct syntax?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/correctsyntax.md) -- [If multiple Endpoint Privilege Manager rules would apply, which rule takes precedence?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/ruleprecedence.md) -- [How are DRIVE MAPS and UNC paths supported in Endpoint Privilege Manager?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/drivemaps.md) -- [Why does Endpoint Policy Manager SecureRun block "inline commands" and what can I do to overcome or revert the behavior ?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/inlinecommands.md) -- [How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/wildcards.md) -- [How do I overcome OneDrive block prompts when SecureRun is on?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/onedrive.md) -- [Why is my File Info Deny rule for SQL MGMT Studio version 14.x and lower not working?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/ssms.md) -- [Why is my File Info Deny rule for WinSCP Setup 17.x and lower not working?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/fileinfodeny/winscp.md) -- [How-to Fix EXPLORER.EXE crash when right-clicking document files, pdf, docx, xlsx, etc.?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/explorercrash.md) -- [Error message The element 'emailSettings' in namespace "…AdminApproval" has incomplete content encountered when editing Admin Approval policy](/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/emailsettings.md) -- [How-to troubleshoot LPM rules for Kaseya Agent Service?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/kaseyaagentservice.md) - -## Eventing - -- [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md) -- [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/integration/auditor/reports.md) - -## Netwrix Privilege Secure for Access Management Integration - -- [How to Resolve Could not establish trust relationship for the SSL or TLS Secure Channel error message](/docs/endpointpolicymanager/troubleshooting/error/leastprivilege/establishtrust.md) -- [How does the Netwrix Privilege Secure MMC UI relate to the Endpoint Policy Manager MMC UI?](/docs/endpointpolicymanager/integration/privilegesecure/mmc.md) -- [How can I create Endpoint Policy ManagerLeast Privilege Manager policies with Netwrix Privilege Secure (even when the Endpoint Policy Manager Client Side Extension is unlicensed?)](/docs/endpointpolicymanager/integration/createpolicies.md) diff --git a/docs/endpointpolicymanager/leastprivilege/overview/videolearningcenter.md b/docs/endpointpolicymanager/leastprivilege/overview/videolearningcenter.md deleted file mode 100644 index f561a8aa37..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/overview/videolearningcenter.md +++ /dev/null @@ -1,115 +0,0 @@ -# Video Learning Center - -See the following Video topics for more information on Least Privilege Manager. - -## Basics and Getting Started - -- [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) -- [Use Group Policy to remove local admin rights (then Endpoint Policy Manager to enable Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/removelocaladmin.md) -- [Link to Computer, Filter by User](/docs/endpointpolicymanager/video/leastprivilege/userfilter.md) -- [Installing applications-and-Preconfigured-Rules](/docs/endpointpolicymanager/video/leastprivilege/installapplications.md) -- [Auto Rules Generator Tool (with SecureRun)](/docs/endpointpolicymanager/video/leastprivilege/autorulesgeneratortool.md) -- [Endpoint Policy Manager Application Control with PP Least Privilege Manager](/docs/endpointpolicymanager/video/leastprivilege/applicationcontrol.md) -- [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) -- [COM Support](/docs/endpointpolicymanager/video/leastprivilege/comsupport.md) -- [Overcome UAC prompts for Active X controls](/docs/endpointpolicymanager/video/leastprivilege/uacpromptsactivex.md) - -## How-To & Tech Support - -- [Elevate (or smack down) scripts and Java JAR files](/docs/endpointpolicymanager/video/leastprivilege/elevate/scripts.md) -- [Enable end-users to install their own fonts](/docs/endpointpolicymanager/video/leastprivilege/elevate/installfonts.md) -- [Manage, block and allow Windows Universal (UWP) applications](/docs/endpointpolicymanager/video/leastprivilege/windowsuniversalapplications.md) -- [More security with Combo Rules](/docs/endpointpolicymanager/video/leastprivilege/securitycomborules.md) -- [Least Privilege Manager: Deny Messages](/docs/endpointpolicymanager/video/leastprivilege/denymessages.md) -- [Prevent Edge from Launching](/docs/endpointpolicymanager/video/leastprivilege/preventedge.md) -- [Stop Ransomware and other unknown zero day attacks with Endpoint Policy Manager SecureRun(TM)](/docs/endpointpolicymanager/video/leastprivilege/securerun/stopransomware.md) -- [Least Privilege Manager: Block All Unsigned with SecureRun](/docs/endpointpolicymanager/video/leastprivilege/securerun/preventunsigned.md) -- [Endpoint Privilege Manager: Use Item Level Targeting to hone in when rules apply.](/docs/endpointpolicymanager/video/leastprivilege/itemleveltargeting.md) - -## Methods: Cloud, MDM, SCCM, PDQ - -- [Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) -- [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) -- [Deploying Apps that Require Admin Rights Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeploy.md) -- [Blocking Malware with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeployblockmalware.md) - -## Best Practices - -- [Best Practices for Elevating User-Based Installs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevatinguserbasedinstalls.md) -- [PPLPM Elevating UWP Applications](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevateuwp.md) -- [Best Practices of MSI installations from the Windows Store (UWP Applications) ](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/msi.md) -- [Security and Child Processes](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securitychildprocesses.md) -- [Increase security by reducing rights on Open/Save dialogs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/opensavedialogs.md) -- [Endpoint Privilege Manager and Wildcards](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/wildcards.md) -- [Reduce or specify Service Account Rights](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/serviceaccountrights.md) -- [Block PowerShell in General, Open up for specific items](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/powershellblock.md) -- [SecureRun to block User AND System executables](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securerun/usersystemexecutables.md) -- [Elevate apps as standard user, BLOCK other Admins](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/appblock.md) -- [Endpoint Policy Manager Least Priv Manager: Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/selfelevatemode.md) - -## ACL Traverse: NTFS and Registry - -- [Endpoint Policy Manager: ACL Traverse to enable users to delete icons on desktop](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/deleteicons.md) -- [Endpoint Policy Manager and ACL Traverse: How to give rights to modify HOSTS files and similar](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/modifyhosts.md) -- [Endpoint Policy Manager ACL and File Traverse: Let any application in Programfiles overcome NTFS permissions](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/ntfspermissions.md) -- [Endpoint Policy Manager: Overcome ACLs in Registry even as Standard User](/docs/endpointpolicymanager/video/leastprivilege/acltraverse/registry.md) - -## Admin Approval, Self Elevate, Apply on Demand, SecureCopy(TM), and UI Branding - -- [Admin Approval demo](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/demo.md) -- [Using Email / Long Codes](/docs/endpointpolicymanager/video/leastprivilege/longcodes.md) -- [Understand "Enforce Admin Approval for all installers" behavior](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/enforce.md) -- [Endpoint Privilege Manager: Admin Approval Email method (with Notepad instead)](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/email.md) -- [Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/demo.md) -- [Endpoint Privilege: Re-Authenticate with Self Elevate](/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/reauthenticate.md) -- [Least Privilege Manager: Apply On Demand](/docs/endpointpolicymanager/video/leastprivilege/applyondemand.md) -- [SecureCopy(TM). Empower users to copy then elevate items](/docs/endpointpolicymanager/video/leastprivilege/securecopy.md) -- [Branding the UI and Dialogs](/docs/endpointpolicymanager/video/leastprivilege/branding.md) -- [Endpoint Privilege Manager Automatic Rules Creation from Admin Approval Requests](/docs/endpointpolicymanager/video/leastprivilege/autorulesfromadmin.md) - -## Helpers Tools & Tips and Tricks - -- [Overcome Network Card, Printer, and Remove Programs UAC prompts](/docs/endpointpolicymanager/video/leastprivilege/uacprompts.md) -- [Endpoint Policy Manager Least Priv Manager Tools Setup](/docs/endpointpolicymanager/video/leastprivilege/toolssetup.md) -- [Getting the helper tools as desktop shortcuts](/docs/endpointpolicymanager/video/leastprivilege/helperdesktopshortcut.md) -- [Endpoint Privilege Manager: Install Printers via Native NTPRINT Dialog](/docs/endpointpolicymanager/video/leastprivilege/ntprintdialog.md) -- [Endpoint Privilege Manager: Edit IP SETTINGS EDIT VIA WIN GUI](/docs/endpointpolicymanager/video/leastprivilege/wingui.md) - -## Eventing - -- [Events](/docs/endpointpolicymanager/video/leastprivilege/events.md) -- [Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) -- [Endpoint Policy Manager Cloud + PPLPM + Events: Collect Events in the Cloud](/docs/endpointpolicymanager/video/leastprivilege/cloudevents.md) -- [Using Windows Event Forwarding to search for interesting events](/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md) -- [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md) - -## Business Solutions - -- [Endpoint Policy Manager and WinGet: Overcome UAC prompts when standard users use Windows Package Manager](/docs/endpointpolicymanager/video/leastprivilege/winget.md) -- [Overcome Print Nightmare Standard User UAC Prompts](/docs/endpointpolicymanager/video/leastprivilege/printeruacprompts.md) -- [Microsoft WDAC recommended block rules Guidance](/docs/endpointpolicymanager/video/leastprivilege/microsoftrecommendations.md) -- [PPLPM: Deny Wins Over Self Elevate (using Java installation as example)](/docs/endpointpolicymanager/video/leastprivilege/denyselfelevate.md) - -## Netwrix Privilege Secure for Access Management Integration - -- [Netwrix Privilege Secure Client - Getting Started with MMC with/without Endpoint Policy Manager ](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecure.md) -- [Netwrix Privilege Secure and the NPS/Endpoint Policy Manager Client](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecureclient.md) -- [Endpoint Privilege Manager: NPS Self Elevate Mode (Paid Feature)](/docs/endpointpolicymanager/video/leastprivilege/integration/selfelevatemode.md) -- [Netwrix Privilege Secure and LICENSING](/docs/endpointpolicymanager/video/leastprivilege/integration/license.md) - -## Mac Integration - -- [Endpoint Policy Managerfor MacOS Installation (using Endpoint Policy Manager Cloud)](/docs/endpointpolicymanager/video/leastprivilege/mac/cloudinstall.md) -- [Mac and Jointoken](/docs/endpointpolicymanager/video/leastprivilege/mac/macjointoken.md) -- [Endpoint Policy Manager Least Priv Manager for Macs Application Package Support](/docs/endpointpolicymanager/video/leastprivilege/mac/applicationpackage.md) -- [Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy](/docs/endpointpolicymanager/video/leastprivilege/mac/systemsettings.md) -- [Endpoint Policy Manager Cloud and SUDO support](/docs/endpointpolicymanager/video/leastprivilege/mac/sudosupport.md) -- [Endpoint Policy Manager Cloud Mac + SUDO Using Wildcard Example](/docs/endpointpolicymanager/video/leastprivilege/mac/wildcards.md) -- [Application Launch Approval](/docs/endpointpolicymanager/video/leastprivilege/mac/applicationlaunch.md) -- [Endpoint Policy Manager Cloud +Least Privilege Manager for Mac Events collector](/docs/endpointpolicymanager/video/leastprivilege/mac/eventscollector.md) -- [Endpoint Policy Manager for Mac and Admin Approval](/docs/endpointpolicymanager/video/leastprivilege/mac/adminapproval.md) -- [Endpoint Privilege Manager for Mac: Mount / Unmount Part I](/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmountpart1.md) -- [Endpoint Privilege Manager for Mac: Mount / Unmount Part II](/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmounpart2.md) -- [Endpoint Policy Manager MacOS: Mac Finder Policies](/docs/endpointpolicymanager/video/leastprivilege/mac/finder.md) -- [Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps)](/docs/endpointpolicymanager/video/leastprivilege/mac/privilege.md) -- [Collect Diagnostics](/docs/endpointpolicymanager/video/leastprivilege/mac/collectdiagnostics.md) diff --git a/docs/endpointpolicymanager/leastprivilege/policyeditor/scope.md b/docs/endpointpolicymanager/leastprivilege/policyeditor/scope.md deleted file mode 100644 index 1dc763155b..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/policyeditor/scope.md +++ /dev/null @@ -1,169 +0,0 @@ -# How do I use the Filter section in Endpoint Privilege Manager ? - -The Scope filter section can be found in various rule types in Netwrix Endpoint Policy Manager -(formerly PolicyPak) Least Privilege Manager. For instance, it exists in every explicit rule, like -this: - -![319_1_faq-img-01_950x578](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_1_faq-img-01_950x578.webp) - -And also in SecureRun™ rules like this: - -![319_2_faq-img-02_950x537](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_2_faq-img-02_950x537.webp) - -**NOTE:** At this time, Policy Scope rules are not yet available for: - -- Global Settings Policy (to perform Discovery audits.) -- Admin Approval Policy - -These are coming soon. - -**NOTE:** The Policy Scope option is only available when used on the Computer side; on the User side -it is greyed out because this setting is only meant to express to the COMPUTER (system) how to work -with User, and User and System Processes. On the User side, the processes are always in the context -of the User. - -![319_3_faq-img-03_950x571](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_3_faq-img-03_950x571.webp) - -In this topic, we are going over various use cases when you might use the Policy Scope option (which -again, will only be un-gray / valid on the Computer side.) - -## Scenario 1: Enhanced SecureRun / Prevent untrusted executables and scripts from running even by LOCAL SYSTEM. - -When you apply SecureRun on the user or computer side, you're saying "Block all untrusted -executables started by users." But this does not, by default, block the attack vector of the System -performing the attack. You can see the example below where the Standard User is blocked from an -executable attempt, but System is still allowed. - -![319_4_faq-img-04_950x647](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_4_faq-img-04_950x647.webp) - -However, you can switch SecureRun on the computer side to now say "Block all untrusted executables -started by users or LOCAL SYSTEM." You would do this on the Computer side, and specify User and -System Processes, as shown below. - -![319_5_faq-img-05_950x547](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_5_faq-img-05_950x547.webp) - -The result is that both User and System attempts to run un-trusted executables will be prevented. - -When could this occur? - -- If a normal (user-level) process exploits a security vulnerability to escalate his own privileges - and run some arbitrary code with higherprivileges (like LOCAL SYSTEM in this case). -- If malware launched software on a machine that runs as Local System and existed at - `c:\anything\Program.exe` (like PSEXEC, other ransomware, etc.). In this case, it would be owned - by the user (who is not on the SecureRun list.) However, if the malware executed - the` c:\anything\Program.exe` as SYSTEM, this attack would be prevented, because the owner of the - `c:\anything\Program.exe` is the User (as the attacker) but would not on the SecureRun list (even - though the process is being run AS SYSTEM.) - -This would strengthen security if a malware ended up using an elevated process to attempt to perform -its work as LOCAL SYSTEM and tries to run an un-trusted file. Therefore, when the application -(`.EXE`) or script, etc., was attempted to fire off, because the user isn't on the SecureRun trusted -list, the attack attempt will fail. - -For a video demo of this scenario, -see [SecureRun to block User AND System executables](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securerun/usersystemexecutables.md) - -## Scenario 2: Specific rule to block an app from being run, even as local System. - -You might want to explicitly block attack vectors such as PSEXEC (which was used in WannaCry), or -entirely block PowerShell.  If you specify to do this only on the User side (or set Computer side -scope to User processed only), then only user processes will be affected: - -![319_6_faq-img-06_950x195](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_6_faq-img-06_950x195.webp) - -You can shore up this attack vector by making the explicit deny rule on the Computer side: - -![319_7_faq-img-07_950x381](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_7_faq-img-07_950x381.webp) - -When you do,  this happens: - -![319_8_faq-img-08_950x183](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_8_faq-img-08_950x183.webp) - -### Scenario 2B: Block Powershell.exe completely, but allow Local System to run a specific .PS1 script - -In the previous example, we blocked Powershell (or PSEXEC, etc.) from all user and system processes. - -However, you might need to run some Powershell scripts as SYSTEM to perform some maintenance tasks.  -Since PowerShell is now being blocked for all Computer side processes, you cannot run a specific -script with PowerShel: - -![319_9_faq-img-09_950x271](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_9_faq-img-09_950x271.webp) - -To enable this, simply add another rule to ALLOW AND LOG, for example, `C:\SCRIPTS\ITSCRIPT1.ps1`, -and set the scope to User and System processes, but use the scope Filter to SYSTEM. - -![319_10_faq-img-10_950x453](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_10_faq-img-10_950x453.webp) - -Result: - -![319_11_faq-img-11_950x375](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_11_faq-img-11_950x375.webp) - -For more information on this issue, see - [Block PowerShell in General, Open up for specific items](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/powershellblock.md) - -## Scenario 3: Running or Elevating applications or installers, but blocking other admins from running them. - -In this scenario you want to do work with Endpoint Policy Manager Least Privilege Manager (Elevate, -Allow, or Block) but prevent other admins (local admins or domain admins) from overcoming your rule. - -To perform this, you'll need to apply these two rules: - -1. First one BLOCKS `ABC.EXE` or `ABC.CMD` or `ABC.MSI`. This must be done on the COMPUTER side with - SCOPE = USER AND SYSTEM. Then, filter the scope by group (more on this in a second.) - -2. Second rule ALLOWS or ELEVATES `ABC.EXE` or `ABC.CMD` or `ABC.MSI`. The scope doesn't matter. You - can do this on the COMPUTER or USER side. (leaving the default filters in place.) - -If you want toblock only LOCAL admins (but not domain admins) then Rule #1 needs to look like this. -(Note that this group is not available when editing a GPO from a DC, and only available when -creating the GPO from a Windows 10 computer): - -![319_12_faq-img-12_950x482](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_12_faq-img-12_950x482.webp) - -If you want toblock both local admins and domain administrators, then Rule #1 needs to look like -this. - -![319_13_faq-img-13_950x534](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_13_faq-img-13_950x534.webp) - -_Remember,_ rule 2, the rule that does the ELEVATE or ALLOW, is just a standard rule, and can be -done on the user or computer side, like this: - -![319_14_faq-img-14_950x458](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_14_faq-img-14_950x458.webp) - -video -3: [Elevate apps as standard user, BLOCK other Admins](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/appblock.md) - -## Scenario 4:  Elevating a Service account - -You might have a service which requires specific privileges. Maybe your service, by default, uses -Local System, and you want to give it less rights. - -With Endpoint Policy Manager Least Privilege Manager, you can remove the powerful privileges of the -service account and strip out LOCAL SYSTEM and grant a specific user the permissions required. - -If you want a process to be run via special user account, follow these steps you would need to do -the following: - -**Step 1 –** Make a rule for an `.exe` from which the service runs. - -We recommend to make a File Info + Signature rule, but PATH rules would work as well. - -e.g. `C:\Program Files\AppABC \AppService.exe` - -**Step 2 –** On the Actions page select "Run with custom token" and configure the TOKEN and/or exact -PRIVILEGES the process needs like Load Driver Privilege (SeLoadDriverPrivilege), Bypass Traverse -Checking (SeChangeNotify). - -**Step 3 –** On the final page select Scope = User and System Processes - -AND - -Scope Filter should be trimmed to the specific account you specified to run the service runs as. - -**NOTE:** It's also possible to use Scope Filter = SERVICES to make the rule apply to all services -that run from the specified `.exe `regardless of the user. - -![319_15_faq-img-15_950x467](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/319_15_faq-img-15_950x467.webp) - -video: -[Reduce or specify Service Account Rights](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/serviceaccountrights.md) diff --git a/docs/endpointpolicymanager/leastprivilege/policyeditor/selfelevation.md b/docs/endpointpolicymanager/leastprivilege/policyeditor/selfelevation.md deleted file mode 100644 index 7edcf5d399..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/policyeditor/selfelevation.md +++ /dev/null @@ -1,33 +0,0 @@ -# Least Privilege Manager - How to create a Self-Elevation policy for local groups of Standalone computers - -**Step 1 –** When creating the Self Elevation Policy in LPM, create the rule as you would normally -and choose whichever Executable types you wish the members of the local group to be able to execute, -and also whether or not the policy should apply to child processes. - -![959_1_image-20230522075042-1](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_1_image-20230522075042-1.jpeg) - -**Step 2 –** When you get to the **Allowed Users** section be sure to use the **Add custom -user/group by SID as member** option. - -![959_2_image-20230522075042-2](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_2_image-20230522075042-2.webp) - -**Step 3 –** At this point you will need to look up the SID for the local group you wish to have the -Self Elevation policy apply to. This can be done by running the command "whoami /groups" on the -computer where the local group exists. - -![959_3_image-20230522075042-3](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_3_image-20230522075042-3.webp) - -**Step 4 –** In this example, I will be using the SID for the BUILTIN\Users group "S-1-5-32-545" - -![959_4_image-20230522075042-4](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_4_image-20230522075042-4.webp) - -**Step 5 –** Your policy should look similar to the example below. - -![959_5_image-20230522075042-5](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_5_image-20230522075042-5.webp) - -**Step 6 –** Lastly, deploy the policy and test if Self Elevation works. If the LPM Self Elevation -policy applies successfully to the local group then when you right click on any of the Executable -types you selected in the policy, you should see the **Run Self Elevated with PolicyPak** option -available. - -![959_6_image-20230522075042-6](/img/product_docs/endpointpolicymanager/leastprivilege/policyeditor/959_6_image-20230522075042-6.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/powershell/block.md b/docs/endpointpolicymanager/leastprivilege/powershell/block.md deleted file mode 100644 index aeff11b6dd..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/powershell/block.md +++ /dev/null @@ -1,116 +0,0 @@ -# How to Block running PowerShell 2.0 using Least Privilege Manager - -Issue: - -Blocking PowerShell Version 2 using a traditional command line rule in Endpoint Policy Manager Least -Privilege Manager results in multiple block events being generated every second in the Endpoint -Policy Manager event log. - -![1319_1_61042bd4123a78ef7686b114b9eea335](/img/product_docs/endpointpolicymanager/leastprivilege/powershell/1319_1_61042bd4123a78ef7686b114b9eea335.webp) - -Cause: - -When you try to run PowerShell -v 2 (or an equivalent) from the PowerShell prompt the following is -happening: - -First, the parent (PowerShell) creates a child with the following command line: - -`C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe` -version 2 - -When it fails (due to the fact the PP LPM Client Side Extensions (CSE) blocks it), the parent (the -initial PowerShell process) creates a temporary child process with another command line: - -`C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe` - -`C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe` -version 2. - -The child process then creates another child process with the initial command line and Endpoint -Policy Manager (formerly PolicyPak) Least Privilege Managerblocks it. - -Then it repeats, in an endless loop. - -Workaround: - -Since we cannot alter the internal PowerShell logic that attempts to restart the child process to -overcome the failure, we have to use the two scripts below to work around the issue. The two -policies below are also attached as XML for your convenience. - -![1319_2_d3a2208d260469bdbfdfc7edaf6848ba](/img/product_docs/endpointpolicymanager/leastprivilege/powershell/1319_2_d3a2208d260469bdbfdfc7edaf6848ba.webp) - -![1319_3_5745adb2d8b01ee9555aa6db772eae6a](/img/product_docs/endpointpolicymanager/leastprivilege/powershell/1319_3_5745adb2d8b01ee9555aa6db772eae6a.webp) - -Lastly, test using the command directly below to ensure that PowerShell Version 2.0 is now -successfully blocked and that there are no longer multiple block events being created in the -Endpoint Policy Manager event log. - -PowerShell -version 2.0 - -[Copy]() - -PowerShell V2 Workaround - -``` - - -   -     -       -         -           -             -              CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US -             -             -              Microsoft® Windows® Operating System -              10.0.14393.206 -              *powersh* -              10.0.14393.206 -             -             -              -v* 2* -              false -             -           -           -            false -           -           -             -              false -             -           -         -       -     -     -       -         -           -             -              CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US -             -             -              Microsoft® Windows® Operating System -              10.0.14393.206 -              *powersh* -              10.0.14393.206 -             -             -              * -v* 2* -              false -             -           -           -            false -           -           -             -              false -             -           -         -       -     -   - -``` diff --git a/docs/endpointpolicymanager/leastprivilege/preferences.md b/docs/endpointpolicymanager/leastprivilege/preferences.md deleted file mode 100644 index 5de079775b..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/preferences.md +++ /dev/null @@ -1,41 +0,0 @@ -# Using Group Policy Preferences to Manage Local Admin Groups - -**NOTE:** See the -[Use Group Policy to remove local admin rights (then Endpoint Policy Manager to enable Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/removelocaladmin.md) -video for an overview of using Group Policy preference with Endpoint Policy Manager Least Privilege -Manager. - -Endpoint Policy ManagerLeast Privilege Manager is built on the principle of stripping local admin -rights for standard users and then giving them the exact privileges they need to do their jobs. To -fully utilize this strategy, you may need to start with a clean slate concerning the membership of -your Windows local admin groups. Before we do that, you should first confirm who the members of your -Domain Admins group are and make sure that no one is listed there who shouldn't be there. If so, -remove those accounts immediately. - -**NOTE:** Doing this will create the need to do some cleanup in the local admins group on each -computer. - -Now let's move on to local admin groups. You can easily do this by creating a GPO, going to -**Computer Configuration** > **Preferences** > **Control Panel Settings** > **Local Users and -Groups** and select **Local Group** . - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_group_policy_preferences.webp) - -Next, you’ll use the **Update** action which has been selected by default along with the check box -to **Delete all member users**.  You may also want to select **Delete all member groups** as well.  -The first check box setting will delete any existing user members, including those remnant accounts -that were left after cleaning up the domain admins group in the prior step. This cleans out -everyone, which means you have to add back the accounts you want. Remember that you don't want to -allocate local admin groups to standard users, so only the domain admins group and the local admin -user account should be members. This is achieved by clicking the **Add** button and selecting them. - -![A screenshot of a group - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_group_policy_preferences_1.webp) - -Once the policy is deployed, you will have removed all non-privileged users from the local admins -group of all targeted desktops. diff --git a/docs/endpointpolicymanager/leastprivilege/processorderprecedence.md b/docs/endpointpolicymanager/leastprivilege/processorderprecedence.md deleted file mode 100644 index 1bf492469d..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/processorderprecedence.md +++ /dev/null @@ -1,30 +0,0 @@ -# Processing Order and Precedence within a GPO - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So lower-numbered collections attempt to process first, and higher-numbered collections attempt to -process last. Then, within any collection, each policy is processed in numerical order from lowest -to highest. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/processing_order_and_precedence.webp) - -Within any collection, each policy is processed in numerical order from lowest to highest. - -Policies can be delivered by Group Policy and non-Group Policy methods, such as Microsoft Endpoint -Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As -such, the Endpoint Policy Manager engine needs to make a final determination whether there is any -overlap of policies. Here is how the precedence works: - -- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. -- Policies delivered through Endpoint Policy Manager files have the next highest precedence. -- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest - precedence. - -After that, user-side policy has precedence over computer-side (Switched) policy. This occurs in -order to specify a baseline setting for various computers. Then, specific (overriding) policies can -be used when specific users log on. If SecureRun™ is enabled and performs work (i.e., blocking -processes), then user-created processes aren’t created unless expressly allowed with the Allow and -log rule. At this point, each rule is applied one by one to perform elevation (or Block or Allow and -log). diff --git a/docs/endpointpolicymanager/leastprivilege/rules/apply/overview.md b/docs/endpointpolicymanager/leastprivilege/rules/apply/overview.md deleted file mode 100644 index 26664b1bab..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/rules/apply/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Apply on Demand Rules and Self-Elevation Rules - -Not all of your users need to have the same privileges. You may want to give advanced users, such as -developers or first level support personnel, the ability to perform elevation whenever they need it. -In this section we will explore Apply on Demand rules, and also Self-Elevation rules. diff --git a/docs/endpointpolicymanager/leastprivilege/rules/apply/selfelevation.md b/docs/endpointpolicymanager/leastprivilege/rules/apply/selfelevation.md deleted file mode 100644 index ec78d03a28..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/rules/apply/selfelevation.md +++ /dev/null @@ -1,103 +0,0 @@ -# Self-Elevation Rules - -**NOTE:** See the -[Endpoint Policy Manager Least Priv Manager: Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/selfelevatemode.md) -video for information on Endpoint Policy Manager Least Privilege Manager self-elevation rules. - -There is a self-elevation mode for special situations as well. Although this mode is normally not -recommended, as it makes your systems more vulnerable, there may be a special circumstance in which -you want to grant a designated user local admin-like rights, without making them an admin. - -You may have particular users which need to run EXE or MSI applications at will, but to whom you -don't want to give local admin rights. For instance: - -- Your IT personnel need the ability to install MSIs elevated and to access privileged applications - such as Process Monitor. -- Your developers constantly create and test new scripts so they need to run them elevated when - needed. -- Your HR personnel need the ability to run Java elevated in order to run the applications they - depend on. - -Self-Elevation mode can be used for these types of special circumstances. By creating targeted -policies, you can ensure that designated users receive elevation rights for what they need, when -they need them. Let's look at how self-elevation works. - -Start by creating a new self-elevation policy as seen here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules.webp) - -You can then select which types of executables you will allow for self-elevation. Here, we have -chosen EXE and MSI applications. - -![A screenshot of a computer screen - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_1.webp) - -You must specify at least one group or user for the policy, even if the policy is targeted at the -organizational unit (OU) level. Unless you choose someone to direct the policy to, the policy will -not apply to anyone. In this example, the EastSalesUsers has been chosen. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_2.webp) - -In order for a user to self-elevate an application, they have to right-click the application and -choose the self-elevation command from the context menu. You can choose to create a custom name for -this command if you wish or you can choose to use the default. You may also customize a message to -remind users that all self-elevated actions are audited, as is seen here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_3.webp) - -The final screen requires you to name the policy. You can also require justification text and/or -re-authentication to Windows (which works with Windows Hello, etc.) - -Users must then input an explanation as to why they want to run the given application and/or -re-authenticate before the application is launched. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_4.webp) - -So in this scenario, let us say that EastSalesUser1 operating as a standard user wants to run -Procmon, which requires local admin rights. While they cannot run the application normally, they can -right-click on the application and select **Run Self Elevated with Endpoint Policy Manager**. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_5.webp) - -Here you can see the Endpoint Policy Manager Self Elevation prompt that the user will see. The -customized message created earlier appears here. Because justification text was required, the user -must type a reason for why they wish to access this application. Once the user clicks **OK** the -application will open. - -![A screenshot of a computer error - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_6.webp) - -If Force Reauthentication is selected, the behavior is like what is seen here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_7.webp) - -Self-elevated application requests are audited in Windows Event Viewer. There are two Event IDs -associated with Endpoint Policy Manager Self Elevation. Note that the username and application are -included in the log information. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_8.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/rules/overview.md b/docs/endpointpolicymanager/leastprivilege/rules/overview.md deleted file mode 100644 index 3e748a9072..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/rules/overview.md +++ /dev/null @@ -1,130 +0,0 @@ -# Rules - -Endpoint Policy ManagerLeast Privilege Manager is located within the Netwrix Privilege Secure node. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_1.webp) - -**NOTE:** You will only see all components of Endpoint Policy Manager if you download the Endpoint -Policy Manager Admin Console from Portal.endpointpolicymanager.com, but not if you are using only the Netwrix -Privilege Secure console. - -Endpoint Policy ManagerLeast Privilege Manager is within the Netwrix Privilege Secure node and not -within the Netwrix Endpoint Policy Manager (formerly PolicyPak) node to demonstrate the relationship -between Endpoint Policy Manager and Netwrix Privilege Secure. That is, you can use all of Endpoint -Policy Manager (all Endpoint Policy Manager components) or you may wish to use Endpoint Policy -Manager alongside Netwrix Privilege Secure. For more information, see the -[Endpoint Policy Manager & Netwrix Privilege Secure](/docs/endpointpolicymanager/integration/privilegesecure/overview.md) -topic. - -Endpoint Policy Manager MMC snap-in enables you to create new Endpoint Policy Manager Least -Privilege Manager policies or collections. - -Collections are groupings of policies, and policies are the rules that perform the work. You can -create collections, and policies within collections, on the User side, the Computer side, or both. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_2.webp) - -Endpoint Policy ManagerLeast Privilege Manager can elevate (or block) the following: - -- Executable policies -- Control Panel applets -- Windows installers (MSIs) -- Scripts (BAT, CMD, PS1, JS, JSE, VBS, VBE) -- Java JAR (archive) files -- UWP applications -- COM Class Policies -- ActiveX Policies - -To test some of these scenarios, we recommend that you download some applications on your Windows -endpoint to follow along. Perform these downloads as a Standard User, such as EastSalesUser1, but -notas a local admin. - -For example, as EastSalesUser1, download an application that, when run by a Standard User, requires -UAC prompts. To view a UAC prompt on the Microsoft side as an example, try to -[download](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) the Microsoft Process -Monitor application. - -Running the Process Monitor application as a Standard User, such as EastSalesUser1, is not -permitted. The application requires local admin rights, resulting in a prompt for UAC. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_3.webp) - -To participate in the Quick Start exercises, [download](http://go.skype.com/msi-download) Skype MSI -for Windows via their website. - -**CAUTION:** You may get a warning when downloading in Edge, but it is perfectly safe. - -When a Standard User attempts to install Skype MSI installer, they are not allowed. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_4.webp) - -The final example is downloading a portable app. A portable app is an application that can be -downloaded anytime by a user. Sometimes it requires no installation; other times, it must be -unpacked before you can run it. Here are a few examples of these apps: - -- [VLC Media Player Portable](https://portableapps.com/apps/music_video/vlc_portable) -- [Sudoku Portable](https://portableapps.com/apps/games/sudoku_portable) -- [Notepad2 Portable](https://portableapps.com/apps/development/notepad2_portable)[https://portableapps.com/apps/games/sudoku_portable](https://portableapps.com/apps/games/sudoku_portable) - -In this example, Notepad2 has been downloaded and unpacked to the user’s desktop in a folder called -Notepad2. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_5.webp) - -The Standard User can now open the folder and immediately run the EXE file and use the app. Despite -the fact that this application could be a virus or crypto-malware, the user with standard rights can -still run it. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_6.webp) - -In the Quick Start examples with Endpoint Policy Manager Least Privilege Manager, the goals are as -follows: - -- Allow Standard Users to run Process Monitor elevated but maintain Standard User rights everywhere - else. -- Allow Standard Users to install Skype Setup MSI elevated but maintain Standard User rights - everywhere else. -- Prevent the system from running unknown software, such as Notepad2, if it was not installed by the - original admin until it is determined to be safe. -- Allow Notepad2 to run normally once its safety has been determined. -- Prevent users from downloading all other unknown applications. - -The examples we will look at are: - -- Applications on the endpoint that are properly installed by the admin (leftmost column of - applications in this example). -- Applications that require elevation to run (Procmon in this example). -- Applications that are downloaded by the user, which may be unknown or harmful (Notepad2 in this - example). - -![A computer screen shot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_7.webp) - -For these examples, keep copies of Process Monitor and NotePad2 Portable handy to serve as a -reference from your management station. These are not installed apps; you will be attempting to run -them before and during the Quick Start to see how they are affected by PolicyPak Least Privilege -Manager. - -When you download these applications, it is ideal to store them in two places. The first copy should -be sitting on your endpoint. The second copy should be sitting on your Group Policy management -station, as these will also be required to help create the rules for these examples. diff --git a/docs/endpointpolicymanager/leastprivilege/scopefilters/overview.md b/docs/endpointpolicymanager/leastprivilege/scopefilters/overview.md deleted file mode 100644 index 3095acbdb7..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/scopefilters/overview.md +++ /dev/null @@ -1,30 +0,0 @@ -# Understanding Process Scoping & Filters - -The **Scope** filter section can be found in various rule types in Endpoint Policy Manager Least -Privilege Manager. For instance, it exists in every explicit rule, like this: - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/scopefilters/understanding_process_scoping.webp) - -And also in SecureRun™ rules: - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/scopefilters/understanding_process_scoping_1.webp) - -**NOTE:** The Policy Scope option for Processes is only available when used on the Computer side; on -the User side it is greyed out because this setting is only meant to express to the COMPUTER -(system) how to work with User and User and System Processes. On the User side, the processes are -always in the context of the User. However, the Scope filter for Users & Groups is available on the -User side. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/scopefilters/understanding_process_scoping_2.webp) - -In this topic, we will explore various use cases when you might use the Policy Scope option (which -again, will only be un-gray / valid on the Computer side.) diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/blockedscripttypes.md b/docs/endpointpolicymanager/leastprivilege/securerun/blockedscripttypes.md deleted file mode 100644 index 6443c3bb3d..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/securerun/blockedscripttypes.md +++ /dev/null @@ -1,16 +0,0 @@ -# What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ? - -The official list is as follows and might increase without notice. - -- BAT -- CMD -- JS -- JSE -- VBS -- VBE -- .PS1 -- .JAR (not technically a script; but also blocked) - -**NOTE:** For .PS1, in order to enable Powershell at all, you need to make an express (ALLOW rule -for powershell.exe). That rule can be found in -[When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this?](/docs/endpointpolicymanager/leastprivilege/securerun/enablepowershell.md) diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/chromeextension.md b/docs/endpointpolicymanager/leastprivilege/securerun/chromeextension.md deleted file mode 100644 index fa992f6b40..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/securerun/chromeextension.md +++ /dev/null @@ -1,54 +0,0 @@ -# How do I allow a Chrome extension blocked by SecureRun to be installed? - -When SecureRun is enabled, it may block some Chrome Extensions from installing. Two examples of this -are Adobe Acrobat and Power Automate Desktop. - -The commands that are run to install these extensions are as follows: - -``` -C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://njjljiblognghfjfpcdpdbpbfcmhgafg/ --parent-window=0 < \\.\pipe\LOCAL\edge.nativeMessaging.in.8c9048e3136bfe0b > \\.\pipe\LOCAL\edge.nativeMessaging.out.8c9048e3136bfe0b -``` - -``` -C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.602ecca2de172262 > \\.\pipe\chrome.nativeMessaging.out.602ecca2de172262 -``` - -To allow the extensions to be installed, create a New Executable Policy for each extension that is -being blocked. This can be done on either the Computer or User side, depending on who is a member of -the OU. - -![700_1_image-20211111230736-1](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_1_image-20211111230736-1.webp) - -**Step 1 –** Create a Combo Rule. - -![700_2_image-20211111230736-2](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_2_image-20211111230736-2.webp) - -**Step 2 –** Select **Path**, **Command-line arguments** and **Apply to child processes**. - -![700_3_image-20211111230736-3](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_3_image-20211111230736-3.webp) - -**Step 3 –** Under Path Condition, add file `%SYSTEMROOT%\System32\cmd.exe`. - -![700_4_image-20211111230736-4](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_4_image-20211111230736-4.webp) - -**Step 4 –** Under Command-line Arguments, select **Strict equality**; check **Ignore arguments -case**; under Arguments, we are going to take the first part of the installation command, after -`cmd.exe`, and replace the last part with asterisks. - -![700_5_image-20211111230736-5](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_5_image-20211111230736-5.webp) - -``` -/d /c "C:\Program Files (x86)\Power Automate Desktop\PAD.EdgeMessageHost.exe" chrome-extension://*/* -``` - -``` -/d /c "C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe" chrome-extension://*/* -``` - -**Step 5 –** Set action as .Allow and Log. - -![700_6_image-20211111230736-6](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_6_image-20211111230736-6.webp) - -**Step 6 –** Rename, set ILT if required and click **Finish**. - -![700_7_image-20211111230736-7](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/700_7_image-20211111230736-7.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/enablepowershell.md b/docs/endpointpolicymanager/leastprivilege/securerun/enablepowershell.md deleted file mode 100644 index 04b2489db3..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/securerun/enablepowershell.md +++ /dev/null @@ -1,5 +0,0 @@ -# When Endpoint Policy Manager SecureRun(TM) is turned on, PowerShell won't run. How can I re-enable this? - -You need to use EXE Policy with rule Allow and log for -Powershell.[ Go to https://www.endpointpolicymanager.com/pp-files/allow-powershell.php](https://www.endpointpolicymanager.com/pp-files/allow-powershell.php) -and import it to enable PowerShell to run with SecureRun enabled. diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/inlinecommands.md b/docs/endpointpolicymanager/leastprivilege/securerun/inlinecommands.md deleted file mode 100644 index 2def6aee36..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/securerun/inlinecommands.md +++ /dev/null @@ -1,24 +0,0 @@ -# SecureRun and Inline Commands - -By default PolicyPak SecureRun will also block “inline commands.” - -For example, one can run something like this from the Run dialog (or in many other ways.) - -``` -cmd /c "mkdir C:\TEST & copy c:\Windows\notepad.exe C:\TEST" -``` - -![A screenshot of a computer error - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/securerun_and_inline_commands.webp) - -Normally, users don’t do this. But it could be valid during an application installation or program -setup. You can see an example of this used in the Microsoft -[Latest Astaroth living-off-the-land attacks are even more invisible but not less observable](https://www.microsoft.com/en-us/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/) -article. - -SecureRun will automatically try to block such attempts. For more information on how to deal wit -this issue, please see -[Why does Endpoint Policy Manager SecureRun block "inline commands" and what can I do to overcome or revert the behavior ?](/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/inlinecommands.md) -for guidance and details. diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/overview.md b/docs/endpointpolicymanager/leastprivilege/securerun/overview.md deleted file mode 100644 index 3ecfc1f8f3..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/securerun/overview.md +++ /dev/null @@ -1,148 +0,0 @@ -# Quick Start - Using SecureRun™ to Block Threats and Unknown Software - -**NOTE:** For an overview of how to block threats and unknown software like malware and similar -applicates, see the -[Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) -video. - -In the previous section, we established that users with Standard rights and admin rights can end up -downloading both safe portable applications or unsafe malware applications. In addition, both Admins -and Standard Users can download MSI applications, even if they wish to install them later. To avoid -having unsafe applications being downloaded and used, Endpoint Policy Manager can ensure that -applications that were not properly installed by the admin, or in-house software deployment tool -will not run without the admin's approval. In this Quick Start example, all unknown applications and -MSI applications will be blocked, while one specific application will be allowed to run (with -standard, not elevated, rights). - -## Understanding SecureRun - -Endpoint Policy ManagerLeast Privilege Manager can block all items that are not properly installed -by the admin with the Endpoint Policy Manager SecureRun™ policy. To see how this works, let's first -create a new SecureRun™ policy in the GPO. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun.webp) - -This will result in a new SecureRun™ policy editor, as displayed here. To turn on SecureRun click -**Enable** and then, if desired, , change the messaging from Default to Customized (or Silently.) - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_1.webp) - -In the SecureRun™ Members list, you can review who and what has been added, including the defaults -members: - -- Local computer administrator -- NT SERVICE\TrustedInstaller -- NT AUTHORITY\SYSTEM -- BUILTIN\Administrators - -The members on this list are the people and system processes that usually install software. For that -reason, no regular users or groups are listed here because they do not normally install software. - -**NOTE:** Add system processes or accounts to the SecureRun Members list that properly install -software, such as Microsoft Endpoint Manager (SCCM and Intune), etc., to enable the software to -deliver applications without being prevented. - -When SecureRun™ is on, Endpoint Policy ManagerLeast Privilege Manager checks to see who owns the -file executable, MSI file, script, or Java JAR file. When users download files off the Internet or -copy them from a USB flash drive, they own the file, and since they aren't on the SecureRun™ -Members list, Endpoint Policy Manager Least Privilege Manager will block all applications that they -have installed. - -In the SecureRun™ policy editor, click **Ok**. You can then see that the SecureRun™ policy is -enabled and is checking for file ownership (aka “Trusted”), as shown here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_2.webp) - -At the endpoint, run GPupdate or log on as a user who will receive the policy. The result is that -all unknown applications are blocked (like previously downloaded Notepad2), and all properly -installed applications are allowed. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_3.webp) - -Additionally, MSI files that attempt to launch are also subjected to Endpoint Policy Manager -SecureRun™. If an application already has an Allow rule in place (similar to what we saw earlier -when we enabled SkypeSetup.MSI to run via a Hash rule), then it will continue to launch. But MSI -installers that don't have an Allow rule in place will be prevented from running, as show here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_4.webp) - -This works because Endpoint Policy Manager Least Privilege Manager is enforcing the SecureRun™ -Members list. If we look at who owns the file for the properly installed application, we can see the -owner is SYSTEM. If we look at who owns the file for the unknown application downloaded from the -Internet, we can see the owner is EastSalesUser1. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_5.webp) - -If you review the list of users allowed to run applications, you will notice that EastSalesUser1 is -not on the list and, therefore, is not permitted to run Untrusted applications. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_6.webp) - -If you decide you want to enable an application, such as Notepad2, to run, create a new Executable -rule (Path, Hash, Signature, or File) as shown in the previous section. This time, select **Allow -and log**. This will run the application with Standard User rights. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_7.webp) - -The result can be seen in the MMC list view. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_8.webp) - -As a test, run GPupdate on the endpoint, and then run Notepad2, which will run with Standard User -rights and bypass SecureRun™ as seen here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_9.webp) - -To recap, Endpoint Policy ManagerLeast Privilege Manager SecureRun™ operates under the following -criteria: - -- The Endpoint Policy Manager Least Privilege Manager SecureRun™ policy checks every executable and - MSI that the user attempts to run. -- If the user isn’t on the SecureRun™ Members list, they are not permitted to run it. -- Only executable applications, scripts, Java JAR files, and MSI files that have file owners on the - SecureRun™ Members list are allowed to run. -- If an application (or other type) has an **Allow and Log** rule enabling its use, it is permitted. - -The result is that Endpoint Policy Manager SecureRun™ blocks any executable or MSI that the user -downloads and tries to run but continues to let properly installed applications run. - -**NOTE:** An additional way to use Endpoint Policy Manager SecureRum™ is to also trap for anything -that is unsigned. See the -[Least Privilege Manager: Block All Unsigned with SecureRun](/docs/endpointpolicymanager/video/leastprivilege/securerun/preventunsigned.md) -video for a demonstration. - -**NOTE:** Remember, all Endpoint Policy Manager Least Privilege Manager rules, including SecureRun, -may be used with an MDM service, or your own management system like PDQ deploy For more information -on this topic, please see the -[Blocking Malware with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeployblockmalware.md) -video demonstration. diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/setup.md b/docs/endpointpolicymanager/leastprivilege/securerun/setup.md deleted file mode 100644 index 54e8bad686..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/securerun/setup.md +++ /dev/null @@ -1,49 +0,0 @@ -# How do I setup SecureRun when there are so many variables and still ensure my rules work no matter what version of the software I have I installed? - -### Using Secure Run – Best Practices - -#### Getting Started - -Watch this quick video for tips on setting up Secure Run: -[Stop Ransomware and other unknown zero day attacks with Endpoint Policy Manager SecureRun(TM)](/docs/endpointpolicymanager/video/leastprivilege/securerun/stopransomware.md). - -In addition we have a tool called Auto Rules Generator for generating rules from a machine that has -all your apps. It is in the Extras folder of the main Netwrix Endpoint Policy Manager (formerly -PolicyPak) download. For more information on this issue, please see -[Auto Rules Generator Tool (with SecureRun)](/docs/endpointpolicymanager/video/leastprivilege/autorulesgeneratortool.md). - -#### How do we setup SecureRun when each version of the software references more than one .exe to start the program? - -- There is the option to **Apply to Child Processes**. In most cases this will elevate any other - processes needed. -- If you do not use this option, you have to create rules for each process. But you can use the Auto - Rules Generator to find all those .exe's and generate rules for all quickly. - -![315_1_lpm-faq-03-img-01](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_1_lpm-faq-03-img-01.webp) - -#### How do we setup SecureRun when there are so many variables and make them work no matter what version of the software was installed? - -- Start with the AutoRules Generator to try to mass generate the rules you need. -- In You can do a Single rule or a Combo - -![315_2_lpm-faq-03-img-02](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_2_lpm-faq-03-img-02.webp) - -- For a Single many customers will use Hashto ensure only that specific file is elevated. However - this doesn't allow for future versions to be allowed. -- For future proof situations, a Combo of a **Signature**, along with **File Info**, is often used. - That way you ensure that it is always that Vendor with the Signature, and with File Info you can - specify to allow Higher or Equals, thereby allowing future versions to be elevated. - -![315_3_lpm-faq-03-img-03](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_3_lpm-faq-03-img-03.webp) - -![315_4_lpm-faq-03-img-04](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/315_4_lpm-faq-03-img-04.webp) - -### Summary - -There are various ways to slice and dice to create the rules you want, but most common is to use -**Signature** with **File Info** set to Higher or Equals and, optionally Path with just filename -entered (though if the app changes names often you might omit using the Path). - -The more rule types you use the more secure it becomes, but keeping it usable is always the goal. -Generally only use Hash by itself because its pretty secure, and then some combination of the others -as noted above. diff --git a/docs/endpointpolicymanager/leastprivilege/subprocesses.md b/docs/endpointpolicymanager/leastprivilege/subprocesses.md deleted file mode 100644 index 75f8830267..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/subprocesses.md +++ /dev/null @@ -1,11 +0,0 @@ -# Does Endpoint Policy Manager log sub-processes when launched from within CMD or Powershell? - -Yes. In the example below, an elevated command prompt (perhaps elevated by Self Elevate), you can -see the command net stop spooler logged in the event log. - -![1335_1_3cd9340de297397c581bc79215cfae2d](/img/product_docs/endpointpolicymanager/leastprivilege/1335_1_3cd9340de297397c581bc79215cfae2d.webp) - -**NOTE:** If you are not seeing this be sure to upgrade to latest CSE. - -_Remember,_ internal commands like: DIR or SET won't be logged; the command must be an external -command. diff --git a/docs/endpointpolicymanager/leastprivilege/tool/helper/admx.md b/docs/endpointpolicymanager/leastprivilege/tool/helper/admx.md deleted file mode 100644 index e8ef8625da..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/tool/helper/admx.md +++ /dev/null @@ -1,76 +0,0 @@ -# Using the Endpoint Privilege Manager ADMX Settings - -There are two reasons you might want to configure the Endpoint Policy Manager Least Privilege -Manager Helper Tools via the included ADMX files: - -- Use it to trim what the user sees in the Printer tool. -- Use it to trim what the user sees in the Remove Programs too seen here. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least.webp) - -## ADMX Settings with the Printer Tool - -The ADMX setting prevents users from configuring Print Server Properties using the Endpoint Policy -Manager Printers tool, and will block access to the button and window highlighted here. - -![using_the_policypak_least](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least.webp) - -## ADMX Settings with the Remove Programs Tool - -By default, the Remove Programs tool (once elevated) will enable a user to remove any application -installed on the computer, except for the Endpoint Policy Manager client-side extension or other -Netwrix or Endpoint Policy Manager-signed installed applications or components. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_1.webp) - -However, using the Endpoint Policy Manager Least Privilege Manager ADMX settings you can hide or -reveal which applications are available for users to uninstall. This is possible by using one the -following policies: - -- Configure program names to include or exclude from the Endpoint Policy Manager Programs Manager - tool -- Configure publisher names to include or exclude from the Endpoint Policy Manager Programs Manager - tool - -These two settings act similarly, but when they are used together, you can do the following: - -- Hide all applications, except those from the publisher Microsoft which also contain the name - Skype. -- Show only applications published by Adobe. -- Show only one application named Java 8 update 171. - -In this example, we will show only applications published by Oracle where the name contains Java, -except Java 8 Update 171. To do this, we need to use both of the ADMX settings. - -Start out by showing only the items which are published by Oracle by using the Configure publisher -names to include or exclude from the Endpoint Policy Manager: Programs Manager tool settings that -are shown here. Specify a value name of "\*oracle\*" and a value of 1. This will pick up publishers -named Oracle and Oracle Corporation. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_1.webp) - -Next, using the same tool, you specify a value name of "\*Java\*" as the program name and a value -of 1. Since we also want to hide programs with 171 in the name, you’ll need to specify a value name -of \*171\* with a value of 0 to specifically hide programs with this value in the name. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_2.webp) - -The result of these settings can be seen here, where only a limited number of programs are available -for removal. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_2.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/wildcards.md b/docs/endpointpolicymanager/leastprivilege/wildcards.md deleted file mode 100644 index 201ec31855..0000000000 --- a/docs/endpointpolicymanager/leastprivilege/wildcards.md +++ /dev/null @@ -1,32 +0,0 @@ -# Using Wildcards with Endpoint Privilege Manager and Certificates - -**NOTE:** See the -[Endpoint Privilege Manager and Wildcards](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/wildcards.md) video -on how to use Endpoint Policy Manager Least Privilege Manager and Certificate Wildcards. - -Applications like Zoom, GotoMeeting, Webex and others often have certificates which change from time -to time. So even if you’ve set up the best practice of Certificate + File Info rules (like we -discussed in the [Best Practices](/docs/endpointpolicymanager/leastprivilege/bestpractices/overview.md) section), those automatic rules can go -out of date quickly. - -To allow Endpoint Policy Manager Least Privilege Manager to permit Wildcards in Certificate -matching, select Advanced Mode and then **Allow wildcards in Common Name**. This will flip the -certificate to be permitted to Wildcard mode. - -Now you can address the fields you need as Wildcards; in this example, we’ve specified L=\*. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_wildcards_with_endpointpolicymanager.webp) - -Endpoint Policy Manager Least Privilege Manager will continue to check all the intermediary -certificates along the way before it gets to the one you modified. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_wildcards_with_endpointpolicymanager_1.webp) - -**CAUTION:** You want to try to be as restrictive as possible when using Wildcards; the more you -open up, the less secure you will be. diff --git a/docs/endpointpolicymanager/license/activedirectory/disabledcomputer.md b/docs/endpointpolicymanager/license/activedirectory/disabledcomputer.md deleted file mode 100644 index 9c29423f1a..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/disabledcomputer.md +++ /dev/null @@ -1,5 +0,0 @@ -# Does the Licensing Tool (LT.exe) count disabled Active Directory computer accounts ? - -No, the Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing tool automatically excludes -any disabled computer accounts, as well as computers that have the word computer included within -their name (which is our trial mode.). diff --git a/docs/endpointpolicymanager/license/activedirectory/domain.md b/docs/endpointpolicymanager/license/activedirectory/domain.md deleted file mode 100644 index fdbe19dece..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/domain.md +++ /dev/null @@ -1,17 +0,0 @@ -# I want to license the whole domain (or main OU), but I don't want to pay for every computer in that domain (or main OU) - -If you select the whole domain (or main level OU) to license, the licensing tool will count any -enabled Windows based systemit finds on that domain. To reduce your count and what you have to pay -for, you can do two things: - -- Option 1 — You can select the whole domain, and manually subtract / declare how many servers you - have. We're reasonable people, enabling you to subtract up to about 10-15% of your overall count. -- Option 2 — You can cherry pick specific OUs which contain just client computers. - -What happens then if you add OUs mid-year? - -- If you pick option 1, you wouldn't need to re-run the tool mid-year if you update OUs. Since the - whole domain is licensed, all child OUs are automatically licensed. -- If you pick option 2, you would need to re-run the tool mid-year if you update OUs. But it doesn't - cost you anything, unless you increase a lot of machines mid-year (20% of your current count). We - would call that a mid-year true up. diff --git a/docs/endpointpolicymanager/license/activedirectory/domainmultiple.md b/docs/endpointpolicymanager/license/activedirectory/domainmultiple.md deleted file mode 100644 index c51718fa4e..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/domainmultiple.md +++ /dev/null @@ -1,13 +0,0 @@ -# I have multiple domains. How is that licensed? - -Here is the general process: - -- You run the Licensing Tool once per domain and perform your count. -- Then, you add those numbers together. -- You then send us your License Request Keys (one for each domain). -- You pay for the computers you want to license per domain. - -We then create licensing keys, one for each domain. - -See -[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) diff --git a/docs/endpointpolicymanager/license/activedirectory/domainou.md b/docs/endpointpolicymanager/license/activedirectory/domainou.md deleted file mode 100644 index 9856d59fa1..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/domainou.md +++ /dev/null @@ -1,15 +0,0 @@ -# I'm an OU admin and not a domain administrator. Can I use Endpoint Policy Manager in my OU and not the whole domain? - -Yes. You don't need to be a domain administrator to use Netwrix Endpoint Policy Manager (formerly -PolicyPak). The only requirement is the ability to create and link GPOs. - -If you have that ability, then you're ready to get started with Endpoint Policy Manager. - -Endpoint Policy Manager can be licensed per OU and sub-OU. So, if you manage a portion of your -company's Active Directory, you can easily license Endpoint Policy Manager. - -You don not need approval of domain or enterprise admins; you can get started right away. - -**NOTE:** See -[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) -how PP Application Manager Paks can be stored in a share. diff --git a/docs/endpointpolicymanager/license/activedirectory/ou.md b/docs/endpointpolicymanager/license/activedirectory/ou.md deleted file mode 100644 index 401352c69f..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/ou.md +++ /dev/null @@ -1,4 +0,0 @@ -# What if we license one OU, say, Sales Computers OU, then during the year we also want to license a peer OU, like Marketing Computers OU? - -If Sales Comptuers OU is licensed, and you want to also license Marketing Computers OU, that's fine. -Re-Run your licensing tool, and perform a mid-year True Up. You only need to pay for overage. diff --git a/docs/endpointpolicymanager/license/activedirectory/ousub.md b/docs/endpointpolicymanager/license/activedirectory/ousub.md deleted file mode 100644 index 45a70c1e5a..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/ousub.md +++ /dev/null @@ -1,8 +0,0 @@ -# We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing? - -Whether you purchase Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing for a domain or -a single OU, the issued license is for allcomputer accounts that reside there, and any child OUs — -automatically. This means you can create and/or delete as many OUs within your licensed scope as you -wish. This makes our licensing structure highly flexible and worry-free. At the time of your -Endpoint Policy Manager license renewal date you will have the opportunity to true up, but, again, -this would only be for additional computer accounts within your AD structure. diff --git a/docs/endpointpolicymanager/license/activedirectory/scope.md b/docs/endpointpolicymanager/license/activedirectory/scope.md deleted file mode 100644 index ad47bb2ea1..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/scope.md +++ /dev/null @@ -1,138 +0,0 @@ -# Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager? - -Let us jump to the end of the story and take a look at what the License Tool (LT) generates when you -are making a license request. - -There are always two items: Scope and SOM_name (Scope of Management). There is always just one scope -but here could be several SOM_Names. - -Scope is where you might ever possibly use Netwrix Endpoint Policy Manager (formerly PolicyPak). -Typically, this is (and should be) the whole domain. This doesn't mean you will be using Endpoint -Policy Manager anywhere/everywhere in the whole domain. You select the Scope in this window: - -![317_1_licfaq1](/img/product_docs/endpointpolicymanager/license/activedirectory/317_1_licfaq1.webp) - -SOM_Name is the specific places you will be licensing Endpoint Policy Manager. This is what you are -selecting here: - -![317_2_licfaq2](/img/product_docs/endpointpolicymanager/license/activedirectory/317_2_licfaq2.webp) - -So, here are some examples from some License Request Key files. - -## Example 1: You are the domain admin and you wish to license the whole domain for Endpoint Policy Manager. - -``` -DC=fabrikam,DC=comDC=fabrikam,DC=com -``` - -- You can see that the Scope is the whole domain (fabrikam.com). This is where we could use Endpoint - Policy Manager. -- You can see that the SOM is also the whole domain (fabrikam.com). This is where you will be - licensing Endpoint Policy Manager. - -This means you are the domain admin and you want to license the whole domain. This is the easiest -case. - -## Example 2: You are the domain admin and you wish to license specific OUs for Endpoint Policy Manager. - -``` -DC=fabrikam,DC=comOU=Sales,DC=fabrikam,DC=com -``` - -- You can see that the Scope is the whole domain (fabrikam.com). This is where we could use Endpoint - Policy Manager. -- You can see that the SOM is one specific OU (which implies all sub-OUs.) This is where you will be - licensing Endpoint Policy Manager. - -## Example 3: You are an OU admin and you wish to license specific OUs for Endpoint Policy Manager. - -``` -OU=Sales,DC=fabrikam,DC=comOU=East Sales,OU=Sales,DC=fabrikam,DC=com | OU=West Sales,OU=Sales,DC=fabrikam,DC=com -``` - -- You can see that the Scope is the Sales OU. This is where we could use Endpoint Policy Manager. -- You can see that the SOM is two specific OUs (and their children.) Specifically East Sales OU and - West Sales OU. This is where you will be licensing Endpoint Policy Manager. - -So, why do we have Scope and Scope of Management? Because sometimes companies have, for example, one -domain, with multiple OU administrators, where neither has any overlap of duties and they both want -to use Endpoint Policy Manager (and pay for it separately). - -So: - -- Joe is the OU Admin for OU=Machines,OU=WEST,DC=fabrikam,DC=com ,and -- Fred is the OU Admin for OU=Machines,OU=EAST,DC=fabrikam,DC=com - -In this case neither is the domain admin. They can each have their own Scope (where they can -possiblyuse it) and Scope of Management, where they'll actually use it and not overlap. - -When LT goes to install the license you receive from Endpoint Policy Manager, it will create a new -GPO and link it the ScopeE. - -Occasionally, we are asked, "What can I do if I already selected the whole domain (‘I am a domain -admin') in the first screen and I don't want to link the GPO to the whole domain?" First, here are -some facts: - -- Nothing happens in Endpoint Policy Manager until the CSE is installed on client systems. Nothing - automatically deploys the client side piece. The CSE is an MSI you deploy using whatever you want - (SCCM, hand-install, LanDesk, Group Policy Software Installation, etc. -- The GPO that LT creates only has Endpoint Policy Manager Licensing Data(see image below). -- Having the license GPO linked won't affect servers or other clients. They'll get the data - contained within the licensing GPO (which is nothing but licensing data). But then nothing special - happens after that, especially since they're out of Scope of Management. - -![317_3_licfaq3](/img/product_docs/endpointpolicymanager/license/activedirectory/317_3_licfaq3.webp) - -That being said, there are two ways to proceed if your license file's Scope is the whole domain, but -you don't want to link it over to the whole domain : - -### Plan A: Go ahead and let the LT create the GPO and link it to the domain. - -- This is recommended in case you later wish to expand you scope to include future OUs (which you - have not selected today but might select in the future). - -- For instance, today you want to license OU=Desktops,OU=WEST,DC=fabrikam,DC=com but then during the - next year (or future years) you want to license OU=Laptops,OU=East,DC=fabrikam,DC=com. We just - issue you a new license, and it's within the same overall umbrella scope. -- Here is the thing to remember: only computers in OU=Machines,OU=WEST,DC=fabrikam,DC=com are ever - going to get licensed (today), because that's what you've selected in step 2 (Scope of - Management). - -- So again, even though the GPO is linked to the domain level, only the computers in the Scope of - Management will activate as Paid, because that's what you paid for. - -- If you think you might ever want to license computers to use Endpoint Policy Manager in another OU - besides OU=Machines, OU=WEST, DC=fabrikam, DC=com, then we recommend you stick with Plan A. - -### Plan B: Generate another request for the License Request Key (LRK) using the LT tool and send it to your sales person. - -- This time, when you are asked the 'Who are you' question, do not select the whole domain. - -- Simply pretend you're the OU admin of OU=Machines,OU=WEST,DC=fabrikam,DC=com. This sets the Scope. - -- Select it againin the second step. This sets the Scope of Management. - -- Now, your LRK will make the Scope OU=Machines,OU=WEST,DC=fabrikam,DC=com and the Scope of - Management the same thing (OU=Machines,OU=WEST,DC=fabrikam,DC=com) - -- We'll cut you another license key. - -- Next time you go to install the new key, LT will ask you if it can create the GPO and link it over - to OU=Machines, OU=WEST, DC=fabrikam, DC=com, because that's the new Scope. (It also will happen - to be the Scope of Management.) - -- Again, this is only recommended if you really never ever plan (ever) to use Endpoint Policy - Manager outside of OU=Machines, OU=WEST, DC=fabrikam, DC=com. - -### Plan C: Delete the GPO's link. Then relink the GPO to the OU you want - -- You can, if you like, simply delete the GPO's link to the domain. -- Then, re-link the GPO to the places you want to manage/test using Endpoint Policy Manager. -- This will work because the Scope is (technically) the domain level, and you're simply linking it - (correctly) to places within the Scope. - -Last thought: Remember that all client computers must have the Endpoint Policy Manager CSE -installed. Without the CSE installed, Endpoint Policy Manager directives are ignored. So, just -because there's a GPO linked to the domain doesn't mean that computers will be able to do anything. -They have to be in scope of management and also have the CSE installed to pick up Endpoint Policy -Manager directives. diff --git a/docs/endpointpolicymanager/license/activedirectory/server.md b/docs/endpointpolicymanager/license/activedirectory/server.md deleted file mode 100644 index 98514d7320..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/server.md +++ /dev/null @@ -1,5 +0,0 @@ -# Will I need a license server to manage my Endpoint Policy Manager licenses? - -There are absolutely no servers involved in the licensing process for Netwrix Endpoint Policy -Manager (formerly PolicyPak), so you will not need a license server. Licenses are contained within a -Group Policy Object and are typically linked to the domain, but can be linked to a specific OU. diff --git a/docs/endpointpolicymanager/license/activedirectory/users.md b/docs/endpointpolicymanager/license/activedirectory/users.md deleted file mode 100644 index f08139399b..0000000000 --- a/docs/endpointpolicymanager/license/activedirectory/users.md +++ /dev/null @@ -1,7 +0,0 @@ -# Does LT count users? - -This is what makes Netwrix Endpoint Policy Manager (formerly PolicyPak) licensing so easy.As long as -a computer is licensed for Endpoint Policy Manager, all/any users logged on that computer will -receive all computer and user GPOs involving Endpoint Policy Manager. This means that the users and -computers can reside in separate OUs within your Active Directory structure. Only the computer needs -to be licensed. diff --git a/docs/endpointpolicymanager/license/cloud/billing.md b/docs/endpointpolicymanager/license/cloud/billing.md deleted file mode 100644 index e5bfdc67e3..0000000000 --- a/docs/endpointpolicymanager/license/cloud/billing.md +++ /dev/null @@ -1,52 +0,0 @@ -# How exactly does monthly billing work with Endpoint Policy Manager SaaS Edition? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) SaaS Monthly billing enables you to only be -charged for exactly what you use, per month.  Therefore, you may install the Endpoint Policy Manager -Cloud client on as many computers as you wish and you are charged accordingly.  All customers are -billed on the last day of the month. - -During the month, each day we automatically count the number of computers consumed (that is, where -you've installed the Endpoint Policy Manager Cloud client). Then at the end of the month, we charge -on the highest number of computers used within the month instead, automatically.  This is billed to -your credit card. - -**NOTE:** You are required to have two credit cards on file to ensure uninterrupted service. - -For new costumers — Note that the first month for new customers is a little unusual because you will -be billed twice in that first month. After that you will be billed once a month on the last day of -the month. - -For existing legacy customers who transitioned to SaaS Monthly billing— Please skip month 1 in the -example and head straight to Month 2, as you will be billed for your usage at the end of the month. - -This is a three month period example starting, with Month 1 as April mid month as the new service -start date: - -April: - -- You start with Endpoint Policy Manager SaaS Edition on April 15th. -- On April 15 you are billed immediately for the minimum use of Endpoint Policy Manager SaaS, which - is 50 computers. However, since this is mid-month, you are billed a prorated amount for the - initial 50 computers from April 15 to April 30. -- On April 20th, you install the Endpoint Policy Manager Cloud Client MSI on 10 more computers, - making your consumption 60. -- On April 29th, you manually retire 1 computer, making your consumption 59. -- On April 30th (the last day of April) the highest number of computers used in the month is 60. -- Your Monthly Highest number for April is 60. -- We will automatically bill you for April for the 10 extra licenses you used beyond your - pro-rated 50. - -May: - -- In May you make no changes, maintaining 59 licenses in use. -- Your Monthly Highest number for May is 59. -- We will automatically bill you May 31st for the 59 licenses you used in May. - -June: - -- On June 10th you install the Endpoint Policy Manager Cloud Client MSI on 141 computers, bringing - your consumption to 200 computers. -- On June 11th you retire 50 computers, lowering your consumption to 150. -- On June 30th you install the Endpoint Policy Manager Cloud Client on 100 computers, bringing your - consumption to 250. -- We will automatically bill you June 30th for the 250 licenses you used in June. diff --git a/docs/endpointpolicymanager/license/cloud/licensestatus.md b/docs/endpointpolicymanager/license/cloud/licensestatus.md deleted file mode 100644 index 1a1e5f910e..0000000000 --- a/docs/endpointpolicymanager/license/cloud/licensestatus.md +++ /dev/null @@ -1,42 +0,0 @@ -# How do I understand my cloud licenses? - -How many Cloud licenses am I using, and how can I tell which machines are on the waiting list? - -When you log into your Cloud account, you land on the License Status tab. This tab tells you several -things: how many license you bought, how many you are using, and how many machines are on the -waiting list. - -![547_1_license_status](/img/product_docs/endpointpolicymanager/license/cloud/547_1_license_status.webp) - -The number in the Total Purchased column tells you how many licenses you purchased from us here at -Netwrix Endpoint Policy Manager (formerly PolicyPak). That is the maximum number of computers you -can have synched with the cloud at any given time. - -The number in the Consumed column tells you how many licenses have been consumed, that is, how many -of your machines are correctly connected and synched with your cloud instance. - -The number in the Waiting column tells you how many computers are on the waiting list, that is, how -many machines tried to check in when all of the available licenses were consumed, and therefore -couldn't sync with the cloud and receive directives. - -Another reason a machine might be Waiting is because the computer has been offline for more than the -required refresh period (usually 7 days). Computers which have been offline more than 7 days go into -Waiting status. If there are available licenses when they come back online, they will claim an -available license. - -If a licensed computer goes offline, or does not communicate with the Endpoint Policy Manager Cloud -service for 7 days or more, then it will relinquish its license and that license will return to the -pool, where a computer on the waiting list could consume it. - -To find out which of your machines have consumed a license, and which ones are on the waiting list, -go to the Reports tab, located next to the License Status tab. - -![547_2_reports_tab](/img/product_docs/endpointpolicymanager/license/cloud/547_2_reports_tab.webp) - -The chart displays in graphic form the information from the License Status tab. - -However, above that, you'll find a list of machines that either have consumed a license, or are on -the waiting list. You will see the computer name, OS, last known IP address, last check in date, and -the status of the machine. Under Status you'll see either Active, indicating that the computer has -correctly consumed a license, or Waiting List (Check in overdue)\], which indicates that the -computer attempted to consume a license, but there were none available. diff --git a/docs/endpointpolicymanager/license/cloud/notifications.md b/docs/endpointpolicymanager/license/cloud/notifications.md deleted file mode 100644 index 631cad98f2..0000000000 --- a/docs/endpointpolicymanager/license/cloud/notifications.md +++ /dev/null @@ -1,11 +0,0 @@ -# How do I stop getting emails which say : "You have less than X% of your Endpoint Policy Manager licenses available for your company" - -The Notifications admin may make this change. Go to Company Details > Edit Notifications -Configuration. - -![613_1_hfkb-1089-img-01_950x242](/img/product_docs/endpointpolicymanager/license/cloud/613_1_hfkb-1089-img-01_950x242.webp) - -Uncheck **Send a weekly report of inactive computers to all company admins**. Alternatively, you can -also change the Threshold. - -![613_2_hfkb-1089-img-02_950x609](/img/product_docs/endpointpolicymanager/license/cloud/613_2_hfkb-1089-img-02_950x609.webp) diff --git a/docs/endpointpolicymanager/license/cloud/usage.md b/docs/endpointpolicymanager/license/cloud/usage.md deleted file mode 100644 index 1c6e1f9ba6..0000000000 --- a/docs/endpointpolicymanager/license/cloud/usage.md +++ /dev/null @@ -1,73 +0,0 @@ -# How is Endpoint Policy Manager Cloud usage counted and calculated toward my True-Up? - -If you chose the Netwrix Endpoint Policy Manager (formerly PolicyPak) Enterprise or Endpoint Policy -Manager Enterprise editions, which comes with entitlement to use Endpoint Policy Manager Cloud, then -Endpoint Policy Manager Cloud entitles you to Yearly Post-Pay Licensing. This allows you to install -the Endpoint Policy Manager Cloud client on as many computers as you wish. - -During every month, each day we count number of computers consumed and produce an average across -that billing cycle. - -Every month will have a highest number of computers used on any specific day. The highest number is -used as the monthly highest number. - -For each month in your year, all the Monthly highest numbers are added together, then averaged over -12 months. You will then True up your usage for Endpoint Policy Manager Cloud. - -You will also True up your usage (if any) for any Endpoint Policy Manager use with Active Directory, -SCCM, or MDM. - -Here is an example showing only three months: - -You start with Endpoint Policy Manager Cloud Enterprise Edition on April 15th. - -April: - -- On April 15 you install the Endpoint Policy Manager Cloud Client MSI on 100 computers, and have - thus consumed 100 licenses on Day 1. -- On April 20 you install the Endpoint Policy Manager Cloud Client MSI on 200 more computers and - have consumed 300 licenses total. -- On April 25 you install the Endpoint Policy Manager Cloud Client MSI on 500 more computers and - have consumed 800 licenses total. -- On April 30 you un-install the Endpoint Policy Manager Cloud Client MSI on 100 computers, making - your consumption 700 licenses total. - -Your Monthly Highest number for April is 800. - -May: - -- On May 1 you install the Endpoint Policy Manager Cloud Client MSI on 300 more computers, and have - thus consumed 1000 licenses total. -- On May 20 you install the Endpoint Policy Manager Cloud Client MSI on 200 more computers and have - consumed 1200 licenses total. -- On May 25 you install the Endpoint Policy Manager Cloud Client MSI on 500 more computers and have - consumed 1700 licenses total. -- On May 30 you UN-install the Endpoint Policy Manager Cloud Client MSI on 300 computers, making - your consumption 1500 licenses total. - -Your Monthly Highest number for May is 1700. - -June: - -- On June 1 you UN-install the Endpoint Policy Manager Cloud Client MSI on 1000 computers, reducing - your license count to 700. -- In the remainder of June you neither consumed nor reduced your license usage. - -Your Monthly Highest number for June is 700. - -Then, assuming the Monthly Highest Numbers for each month was something like: - -- April: 800 -- May: 1700 -- June: 700 -- July: 1000 -- August: 1200 -- September: 900 -- October: 1000 -- November: 1500 -- December: 1500 -- January: 1000 -- February: 800 -- March: 900 - -Your average among the Monthly Highest Number would be 1083. diff --git a/docs/endpointpolicymanager/license/components.md b/docs/endpointpolicymanager/license/components.md deleted file mode 100644 index 9749306be8..0000000000 --- a/docs/endpointpolicymanager/license/components.md +++ /dev/null @@ -1,68 +0,0 @@ -# What items and components are licensed, and what components are free? - -You need a license for each of the following parts: - -For Netwrix Endpoint Policy Manager (formerly PolicyPak): All Components need a license to be -downloaded on endpoints in order to process Endpoint Policy Manager components / instructions from -components such as: - -- Endpoint Policy Manager Application Manager -- Endpoint Policy Manager Admin Templates Manager -- Endpoint Policy Manager Preferences Manager and -- Endpoint Policy Manager Security Settings Manager data. -- Endpoint Policy Manager File Associations Manager -- Endpoint Policy Manager Browser Router -- Endpoint Policy Manager - [Least Privilege Manager ](https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html) -- Endpoint Policy Manager Java Rules Manager -- Endpoint Policy Manager Start Screen & Taskbar Manager -- Endpoint Policy Manager Scripts Manager - -Those license files look like this: - -![172_1_image001](/img/product_docs/endpointpolicymanager/license/172_1_image001.webp) - -For PP Group Policy Compliance Reporter: - -- Reports for free: All Endpoint Policy Manager Components like: - - - PP Application Settings Manager, - - Endpoint Policy Manager Admin Templates Manager, and - - Endpoint Policy Manager Browser Router). - -- Reports which are required for be PAID: - - Microsoft Group Policy Admin Templates - - Microsoft Group Policy Preferences - - Microsoft Group Policy Security - -To enable PPGPCR Endpoints for Microsoft items, this is the right license: - -![172_2_image002](/img/product_docs/endpointpolicymanager/license/172_2_image002.webp) - -Also note what is not required to be licensed: - -**Step 1 –** Admin Stations - -- You do not need a license for anywhere the GPMC is running / editing / creating GPOS. -- You do not need a license for anywhere the Endpoint Policy Manager Group Policy Compliance - Reporter Admin Station (Client) is running. - -**Step 2 –** Again: You don't need a license for endpoints to use GP Compliance Reporter to report -on Endpoint Policy Manager -delivered specific component items. This is automatically licensed. - -Remember, you do need a PP Compliance Reporter Endpoint license if you want to report on Microsoft -Group Policy item types like Group Policy Security Settings. - -**Step 3 –** PP Compliance Reporter server is no longer licensed. Only PP Compliance Reporter -endpoints are licensed. - -**Step 4 –** None of the PP Support tools like the Endpoint Policy Manager Application Manager -Design Studio, Powershell add-ins, or GPOTouch utility need to be licensed. - -To generate license request keys for Endpoint Policy Manager On-Prem suite endpoints see the -[Knowledge Base](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/License/Overview/KnowledgeBase.htm) -fort additional information. - -Once you acquire licenses from our sales team, you can implement them in two ways. -[See PolicyPak Solution Methods: Group Policy, MDM, UEM Tools, and PolicyPak Cloud compared. for additional information on ](https://kb.endpointpolicymanager.com/kb/article/489-policypak-licensing-onpremise-licensing-methods-compared) -how to import the licenses. diff --git a/docs/endpointpolicymanager/license/filemultiple.md b/docs/endpointpolicymanager/license/filemultiple.md deleted file mode 100644 index 8b18185527..0000000000 --- a/docs/endpointpolicymanager/license/filemultiple.md +++ /dev/null @@ -1,5 +0,0 @@ -# I received multiple license files back from the Sales team (one for each Endpoint Policy Manager component.) Should I install all of them? - -Yes. Netwrix Endpoint Policy Manager (formerly PolicyPak) is licensed as a suite, and as such you -have paid for multiple components. Use LT to install each received license file, which will fully -enable the client's Client Side Extension on your endpoints. diff --git a/docs/endpointpolicymanager/license/mdm/domainmultiple.md b/docs/endpointpolicymanager/license/mdm/domainmultiple.md deleted file mode 100644 index 97f6f4067f..0000000000 --- a/docs/endpointpolicymanager/license/mdm/domainmultiple.md +++ /dev/null @@ -1,17 +0,0 @@ -# What if I have multiple domain names within the MDM I want to license? - -Typically, we license a single email domain suffix, like \*@abc.com for any Netwrix Endpoint Policy -Manager (formerly PolicyPak) MDM customer. - -That being said, if you are using Intune, and have the need for many domain tenant names, it is -possible for you to provide the Name of account details (also called Company information) and we can -use that information to cut you an overall license for any domain name within your Intune account. - -The screenshot below shows you what to provide to Endpoint Policy Manager Sales or Support when -asked. - -**NOTE:** This optional licensing method is only available with Microsoft Intune, and is not -available on VMware Workspace One (Airwatch). It may or may not be available with other MDM -services. - -![356_1_image_950x402](/img/product_docs/endpointpolicymanager/license/mdm/356_1_image_950x402.webp) diff --git a/docs/endpointpolicymanager/license/mdm/entraid.md b/docs/endpointpolicymanager/license/mdm/entraid.md deleted file mode 100644 index cd6366e710..0000000000 --- a/docs/endpointpolicymanager/license/mdm/entraid.md +++ /dev/null @@ -1,168 +0,0 @@ -# If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need? - -First of all, we here at Netwrix Endpoint Policy Manager (formerly PolicyPak) do not want to charge -you twice. If a machine is joined to On-Prem AD and also joined to Azure AD (called Hybrid Azure AD -joined), then you should only have to pay for the machine one time. Here is a Microsoft's diagram -below (borrowed from -[https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid](https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join-hybrid) -). - -![200_1_image-20200723102952-1](/img/product_docs/endpointpolicymanager/license/mdm/200_1_image-20200723102952-1.webp) - -In this case, if you had exactly one machine like this ,you would need to: - -- Pay for one license (remember, you only need to pay once.) But… -- Engage both PolicyPak licensing mechanisms for this computer: Endpoint Policy Manager Group Policy - and Endpoint Policy Manager MDM. - -We recommend you do not deliver the same Endpoint Policy Manager settings from both Group Policy or -MDM. But you might want to enable the ability to get those licenses from both sources, then -transition away from Group Policy to MDM over time. - -Knowing you will have some machines: - -- Joined to on-prem AD & GPO (but not in Azure) -- Joined to Azure AD (but not on-prem AD) and -- Hybrid Azure AD Joined (dual enrolled to both) - -How do you dial in exactly how many computers to license? We will go over this same math again at -the end, but here is the gist. Let us pretend you had the following numbers (which we will explain -more below): - -- Part 1 (On-Prem AD & GPO machines): 1000 -- Part 2 (Azure AD joined only): 250 -- Part 3 (Hybrid AD joined): 150 - -To correctly pay for each computer one time you would pay for: - -- Azure AD joined only: 250 -- Hybrid AD joined: 150 -- AD & GPO machines : 1000 -- SUBTRACT the number of Hybrid AD joined: MINUS 150 - -Final number for purchase, where each machine is licensed once: - -- 250 + -- 150 + -- 1000 MINUS -- 150 - -Grand total: 1,250 computers - -There is no easy button for this, but it is a straightforward procedure. - -## Step 1: Counting your on-prem AD & GPO machines - -Typically, you do this with the Endpoint Policy Manager on-prem licensing tool (preferred), or if -you need to, you can use PowerShell. -See[My organization doesn't permit me to run the LT (Endpoint Policy Manager Licensing Tool) or provide the XML information it produces. What are my other options?](/docs/endpointpolicymanager/license/unlicense/options.md) - -![200_3_image-20200723102952-2](/img/product_docs/endpointpolicymanager/license/mdm/200_3_image-20200723102952-2.webp) - -### Preparing for Steps 2 and 3: Before we count the Azure only, machines and before we count the Hybrid Azure AD joined machines - -In Azure you can go to Devices > All Devices, then look at the Join Type. You should see four -possible fields: - -- Azure AD registered —This is not required for aEndpoint Policy Manager license, as this is not - Azure or MDM enrolled. -- Azure AD joined — This means the machine is joined directly to Azure AD and is not Hybrid (that - is, it is not also joined to on-prem AD). -- Hybrid Azure AD Joined — This means the machine is joined both to Azure AD and to on-prem AD. -- Blank: Unknown. - -![200_5_image-20200723102952-3](/img/product_docs/endpointpolicymanager/license/mdm/200_5_image-20200723102952-3.webp) - -The problem is that you cannot count each type with this interface unless you have just a few -machines. Instead you need to use Powershell and have it do the counting for you. - -## Next: Using PowerShell to connect to Azure AD - -Start out by installing the Azure AD module. See the Microsoft article on -[How to install Azure PowerShell](https://learn.microsoft.com/en-us/powershell/azure/install-azure-powershell?view=azps-13.1.0&viewFallbackFrom=azps-4.4.0) -for additional information. - -Here is a copy of the command: - -``` -if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -                -Name AzureRM -ListAvailable)) {   Write-Warning -Message -                ('Az module not installed. Having both the AzureRM and ' + -                'Az modules installed at the same time is not supported.')} -        else {   Install-Module -Name Az -AllowClobber -Scope CurrentUser} -``` - -Here is the result. - -![200_7_image-20200723102952-4](/img/product_docs/endpointpolicymanager/license/mdm/200_7_image-20200723102952-4.webp) - -Start out with the Connect-AZAccount cmdlet (not shown). You will get prompted for credentials the -first time. - -![200_9_image-20200724004807-5](/img/product_docs/endpointpolicymanager/license/mdm/200_9_image-20200724004807-5.webp) - -The command should finish and return you with a result like this: - -![200_11_image-20200724004807-6](/img/product_docs/endpointpolicymanager/license/mdm/200_11_image-20200724004807-6.webp) - -Then use the connect-azuread command and provide credentials again, for a second time. - -![200_13_image-20200723102952-5](/img/product_docs/endpointpolicymanager/license/mdm/200_13_image-20200723102952-5.webp) - -Results of connection are then seen here: - -![200_15_image-20200723102952-6](/img/product_docs/endpointpolicymanager/license/mdm/200_15_image-20200723102952-6.webp) - -You can then list all Windows 10 devices with the following command: - -``` -Get-AzureADDevice -all $true | select displayname, DeviceOSType, DeviceTrustType -``` - -![200_17_image-20200723102952-7](/img/product_docs/endpointpolicymanager/license/mdm/200_17_image-20200723102952-7.webp) - -## Step 2: Count your Joined to Azure AD only (but not on-prem domain joined machines) - -To count Azure AD joined machines, run the first command: - -``` -Get-AzureADDevice -All $true | Where-Object {$_.DeviceTrustType -eq "AzureAd"} | measure  -``` - -## Step 3: Count Hybrid Azure AD joined machines (those joined to on-prem AD and also Azure AD) - -To count your Hybrid Azure AD joined machines, run this command. - -``` -Get-AzureADDevice -All $true | Where-Object {$_.DeviceTrustType -eq "ServerAd"} | measure -``` - -# Results of your counting: - -Results examples are seen here: - -![200_19_image-20200723102952-8](/img/product_docs/endpointpolicymanager/license/mdm/200_19_image-20200723102952-8.webp) - -## A final example with Math - -Let's pretend you got the following numbers: - -- Part 1 (On-Prem AD & GPO machines): 1000 -- Part 2 (Azure AD joined only): 250 -- Part 3 (Hybrid AD joined): 150 - -To correctly pay for each computer one time you would pay for: - -- Azure AD joined only: 250 -- Hybrid AD joined: 150 -- AD & GPO machines : 1000 -- SUBTRACT the number of Hybrid AD joined: MINUS 150 - -Final number for purchase, where each machine is licensed once: - -- 250 + -- 150 + -- 1000 MINUS -- 150 - -Grand total: 1,250 computers diff --git a/docs/endpointpolicymanager/license/mdm/setup.md b/docs/endpointpolicymanager/license/mdm/setup.md deleted file mode 100644 index 551f57f6f4..0000000000 --- a/docs/endpointpolicymanager/license/mdm/setup.md +++ /dev/null @@ -1,96 +0,0 @@ -# When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) can work with and be licensed with nearly any -MDM service. Use this table below to determine how to get licensed: - -- Intune (Automatic) — Use the Endpoint Policy Manager Portal and download the BITS. Then run the - Licensing Tool (LT) to acquire the information and save it to your License Request Key. See - [How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) -- Intune (Alternate) — Only if asked, follow the directions on this page. -- VMware Workspace One — Follow the directions on this page. -- Citrix CEM — Follow the directions on this page. -- MobileIron — Follow the directions on this page. -- Other MDMs may or may not be supported, but we'll try. Follow the directions on this page. - -To accurately create license keys for you,Endpoint Policy Manager needs three pieces of information: - -- Your Universal Principal Name (UPN) -- How many licenses are required and -- Proof of ownership of that MDM / domain. - -## Your UPN name (all MDM services) - -When you enroll machines into your MDM, you do so with a UPN name. Start out by noting which UPN -name you use, @fabrikam.com in our example. We recommend you take a screenshot of this page from an -enrolled Windows 10 machine, then continue. - -![44_1_sdfg](/img/product_docs/endpointpolicymanager/license/812_4_sdfg.webp) - -## License count - -To accurately license your MDM installation, Endpoint Policy Manager needs the following -information: - -- How many machines are actively enrolled in your MDM service -- Screenshots demonstrating the screen shots are of an MDM account your own or control - -If you have a mix of on-prem AD machines, Azure joined machines and Hybrid Azure AD machines please -see - [If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?](/docs/endpointpolicymanager/license/mdm/entraid.md) -for additional information on how to express your count. - -## The Billing Process - -**Step 1 –** Send screenshots of your current usage (see steps below for your specific MDM solution) - -**Step 2 –** Express your expected growth for the upcoming year - -**Step 3 –** You are billed for the total expected usage - -### Windows Intune (alternate method — do not use unless the LT tool isn't working or you are otherwise directed to perform these manual steps.) - -If in the Azure portal, ensure you are in the Intune section. - -![44_2_image-20200815220310-23](/img/product_docs/endpointpolicymanager/license/mdm/44_2_image-20200815220310-23.jpeg) - -The device Screenshot will demonstrate the total Windows Devices and Tenant ownership: - -![44_4_image-20200815220310-24](/img/product_docs/endpointpolicymanager/license/mdm/44_4_image-20200815220310-24.jpeg) - -### Workplace One (Airwatch) - -In your Airwatch portal: - -- Click on the **Devices** icon -- In Platforms, locate the Windows Desktops section and take a screenshot of the entire window - -![44_6_image-20200815220310-25](/img/product_docs/endpointpolicymanager/license/mdm/44_6_image-20200815220310-25.jpeg) - -### MobileIron - -Log into your MobileIron Portal. Your dashboard should show you the number of devices you have -enrolled if Device by OS Type is on your dashboard. If the Pie Chart is shown, click the icon in the -lower-left corner of the Device by OS Type window to change to the Bar Chart. - -![44_8_image-20200815220310-26](/img/product_docs/endpointpolicymanager/license/mdm/44_8_image-20200815220310-26.jpeg) - -Take a screen shot of the device count and account ownership as per the screenshots below (it may -take 2 captures) - -![44_10_image-20200815220310-27_950x711](/img/product_docs/endpointpolicymanager/license/mdm/44_10_image-20200815220310-27_950x711.jpeg) - -### Citrix Endpoint Management (CEM – formally XenMobile) - -Option 1: - -On the Analyze page of the CEM Portal, click on the Dashboard. Take a screenshot showing Managed -devices by Platform and the ownership in the top right-hand corner - -![44_12_image-20200815220310-28](/img/product_docs/endpointpolicymanager/license/mdm/44_12_image-20200815220310-28.webp) - -Option 2: - -From the Analyze page, go to Reporting > Devices & Apps and take a screenshot showing the Device -count and Ownership: - -![44_14_image-20200815220310-29](/img/product_docs/endpointpolicymanager/license/mdm/44_14_image-20200815220310-29.webp) diff --git a/docs/endpointpolicymanager/license/mdm/tool.md b/docs/endpointpolicymanager/license/mdm/tool.md deleted file mode 100644 index 01cf4c4c59..0000000000 --- a/docs/endpointpolicymanager/license/mdm/tool.md +++ /dev/null @@ -1,113 +0,0 @@ -# I'm having trouble running the Licensing Tool (LT) and counting computers with Intune. What troubleshooting information can I send Endpoint Policy Manager support? - -Please run the following commands in an elevated powershell and supply the resulting screenshots or -Output.txt file. - -``` -function Get-MgGraphAllPages { -    [CmdletBinding( -        ConfirmImpact = 'Medium', -        DefaultParameterSetName = 'SearchResult' -    )] -    param ( -        [Parameter(Mandatory = $true, ParameterSetName = 'NextLink', ValueFromPipelineByPropertyName = $true)] -        [ValidateNotNullOrEmpty()] -        [Alias('@odata.nextLink')] -        [string]$NextLink -        , -        [Parameter(Mandatory = $true, ParameterSetName = 'SearchResult', ValueFromPipeline = $true)] -        [ValidateNotNull()] -        [PSObject]$SearchResult -        , -        [Parameter(Mandatory = $false)] -        [switch]$ToPSCustomObject -    )  -    begin {}  -    process { -        if ($PSCmdlet.ParameterSetName -eq 'SearchResult') { -            # Set the current page to the search result provided -            $page = $SearchResult  -            # Extract the NextLink -            $currentNextLink = $page.'@odata.nextLink'  -            # We know this is a wrapper object if it has an "@odata.context" property -            #if (Get-Member -InputObject $page -Name '@odata.context' -Membertype Properties) { -            # MgGraph update - MgGraph returns hashtables, and almost always includes .context -            # instead, let's check for nextlinks specifically as a hashtable key -            if ($page.ContainsKey('@odata.count')) { -                Write-Verbose "First page value count: $($Page.'@odata.count')"     -            }  -            if ($page.ContainsKey('@odata.nextLink') -or $page.ContainsKey('value')) { -                $values = $page.value -            } else { # this will probably never fire anymore, but maybe. -                $values = $page -            }  -            # Output the values -            # Default returned objects are hashtables, so this makes for easy pscustomobject conversion on demand -            if ($values) { -                if ($ToPSCustomObject) { -                    $values | ForEach-Object {[pscustomobject]$_}   -                } else { -                    $values | Write-Output -                } -            } -        }  -        while (-Not ([string]::IsNullOrWhiteSpace($currentNextLink) -        { -            # Make the call to get the next page -            try { -                $page = Invoke-MgGraphRequest -Uri $currentNextLink -Method GET -            } catch { -                throw $_ -            }  -            # Extract the NextLink -            $currentNextLink = $page.'@odata.nextLink'  -            # Output the items in the page -            $values = $page.value  -            if ($page.ContainsKey('@odata.count')) { -                Write-Verbose "Current page value count: $($Page.'@odata.count')"     -            }  -            # Default returned objects are hashtables, so this makes for easy pscustomobject conversion on demand -            if ($ToPSCustomObject) { -                $values | ForEach-Object {[pscustomobject]$_}   -            } else { -                $values | Write-Output -            } -        } -    }  -    end {} -} -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -Install-PackageProvider -Name NuGet -Scope CurrentUser -Force -Install-Module -Name Microsoft.Graph.Authentication -Repository PSGallery -Scope CurrentUser -Force -Install-Module -Name Microsoft.Graph.Identity.DirectoryManagement -Repository PSGallery -Scope CurrentUser -Force -Install-Module -Name Microsoft.Graph.DeviceManagement -Repository PSGallery -Scope CurrentUser -Force -Connect-MgGraph -Scopes "DeviceManagementManagedDevices.Read.All", "Organization.Read.All" -NoWelcome -Get-MgOrganization | Select @{N = 'CompanyName'; E = { $_.displayName } } -[array]$devices = Get-MgDeviceManagementManagedDevice | Get-MgGraphAllPages | Where-Object -Property "operatingSystem" -EQ -Value "Windows" | ForEach { [pscustomobject] @{ DeviceName= $_.deviceName; UPN = $_.userPrincipalName; UPNDomain = $_.userPrincipalName.Split("@")[1]}} -[array]$upns = $devices | Where-Object -Property 'UPNDomain' -NE -Value $null | Select-Object -Property 'UPNDomain' -Unique -# Output to both screen and file -$outputFile = "OUTPUT.TXT" -# Function to output to both -function Out-Both { -    param ( -        [Parameter(Mandatory=$true)] -        [string]$message -    ) -    $message | Tee-Object -FilePath $outputFile -Append -} -# Clear the output file if it exists -if (Test-Path $outputFile) { -    Remove-Item $outputFile -} -# Write the results -$upns | Format-Table | Out-Both -$devices | Format-Table -Property 'DeviceName' | Out-Both -Out-Both "" -Out-Both "Total" -Out-Both "-----" -Out-Both @($devices).Count -Disconnect-MgGraph | Out-Null -``` - -See the [MDM Intune company name troubleshooting](/docs/endpointpolicymanager/video/license/mdm.md) video for additional -information. diff --git a/docs/endpointpolicymanager/license/overview/knowledgebase.md b/docs/endpointpolicymanager/license/overview/knowledgebase.md deleted file mode 100644 index 7933736463..0000000000 --- a/docs/endpointpolicymanager/license/overview/knowledgebase.md +++ /dev/null @@ -1,87 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for information regarding Endpoint Policy Manager -licensing. - -## Licenses FAQ for Active Directory (GPO and SCCM) - -- [Will I need a license server to manage my Endpoint Policy Manager licenses?](/docs/endpointpolicymanager/license/activedirectory/server.md) -- [What if we license one OU, say, Sales Computers OU, then during the year we also want to license a peer OU, like Marketing Computers OU?](/docs/endpointpolicymanager/license/activedirectory/ou.md) -- [We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing?](/docs/endpointpolicymanager/license/activedirectory/ousub.md) -- [We purchased our Endpoint Policy Manager license for a parent OU in our Active Directory structure. What happens if we need to add additional sub-OUs inside of the parent one? How will this affect our licensing?](/docs/endpointpolicymanager/license/activedirectory/ousub.md) -- [I'm an OU admin and not a domain administrator. Can I use Endpoint Policy Manager in my OU and not the whole domain?](/docs/endpointpolicymanager/license/activedirectory/domainou.md) -- [I can only EDIT GPOs and not create them. Can I still use Endpoint Policy Manager?](/docs/endpointpolicymanager/license/activedirectory/gpoedit.md) -- [I want to license the whole domain (or main OU), but I don't want to pay for every computer in that domain (or main OU)](/docs/endpointpolicymanager/license/activedirectory/domain.md) -- [I have multiple domains. How is that licensed?](/docs/endpointpolicymanager/license/activedirectory/domainmultiple.md) -- [Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager?](/docs/endpointpolicymanager/license/activedirectory/scope.md) -- [Does the Licensing Tool (LT.exe) count disabled Active Directory computer accounts ?](/docs/endpointpolicymanager/license/activedirectory/disabledcomputer.md) -- [Does LT count users?](/docs/endpointpolicymanager/license/activedirectory/users.md) -- [The License Tool (LT) isn't permitting me to install License Files (or I am using AGPM, GPA, or GPOAdmin.) What should I try?](/docs/endpointpolicymanager/license/activedirectory/wizard.md) -- [Licence Tool recommends I enforce the links on the licensing GPOs. Should I do this, and why is this recommended?](/docs/endpointpolicymanager/license/activedirectory/enforced.md) - -## Licensing FAQ and Troubleshooting: Endpoint Policy Manager Cloud - -- [How do I license machines to work on-premise if I'm an Endpoint Policy Manager Cloud Customer?](/docs/endpointpolicymanager/license/cloud/onpremise.md) -- [How do I stop getting emails which say : "You have less than X% of your Endpoint Policy Manager licenses available for your company"](/docs/endpointpolicymanager/license/cloud/notifications.md) -- [How do I understand my cloud licenses?](/docs/endpointpolicymanager/license/cloud/licensestatus.md) -- [How exactly does monthly billing work with Endpoint Policy Manager SaaS Edition?](/docs/endpointpolicymanager/license/cloud/billing.md) -- [ What happens if PPCloud computers are offline for more than 7 days?](/docs/endpointpolicymanager/license/cloud/reclaimed.md) - -## Requesting Licenses FAQ and Troubleshooting (all Methods) - -- [What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) -- [Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?)](/docs/endpointpolicymanager/license/tool.md) -- [What Logs do I need to send for troubleshooting LT (License Tool) or other MMC / .Net related functions?](/docs/endpointpolicymanager/troubleshooting/license/logs.md) -- [How do I manually count the number of computers in Intune, and manually acquire the Intune "Company Name?"](/docs/endpointpolicymanager/license/mdm/intune.md) -- [What are the most common questions about editing policies using the Endpoint Policy ManagerCloud policy editor (instead of using the MMC to upload to Endpoint Policy Manager Cloud?)](/docs/endpointpolicymanager/cloud/policy/edit.md) - -## Requesting Licenses FAQ and Troubleshooting (Virtualization, Citrix, WVD, etc.) - -- [How are Terminal Services and/or Citrix connections licensed?](/docs/endpointpolicymanager/license/virtualization/terminalservices.md) -- [How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/license/virtualization/multisession.md) -- [Why must I run LT from a Windows Server if I want to properly count Citrix / Terminal Services / RDS connections?](/docs/endpointpolicymanager/license/virtualization/tool.md) -- [What must I show to prove my current RDS and/or Citrix, or other Multi-Session windows concurrent license count for Endpoint Policy Manager Cloud (or if on-prem LT cannot auto-discover them)?](/docs/endpointpolicymanager/license/virtualization/count.md) -- [Are there any special Endpoint Policy Manager licensing issues for virtual desktops?](/docs/endpointpolicymanager/license/virtualization/desktops.md) - -## Licensing: Requesting Licenses: MDM - -- [When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? ](/docs/endpointpolicymanager/license/mdm/setup.md) -- [If I have both Azure joined and Hybrid Azure AD joined machines, how do I count the exact number of licenses I need?](/docs/endpointpolicymanager/license/mdm/entraid.md) -- [What if I have multiple domain names within the MDM I want to license?](/docs/endpointpolicymanager/license/mdm/domainmultiple.md) -- [How do I license Endpoint Policy Manager if I use Azure / Azure Active Directory / Azure Active Directory Domain Services / AD Domain Controllers in Azure?](/docs/endpointpolicymanager/license/mdm/hybrid.md) -- [How are BYOD "Workplace Joined" (aka Intune Registered) counted toward licensing?](/docs/endpointpolicymanager/license/mdm/jointype.md) -- [I'm having trouble running the Licensing Tool (LT) and counting computers with Intune. What troubleshooting information can I send Endpoint Policy Manager support?](/docs/endpointpolicymanager/license/mdm/tool.md) -- [What is the difference if I license my MDM machines' CSE using COMPANY NAME vs. UPN name?](/docs/endpointpolicymanager/license/mdm/name.md) -- [Why does the Endpoint Policy Manager Licensing Tool (LT.EXE) require admin rights to query for Intune / Azure data?](/docs/endpointpolicymanager/license/mdm/adminrights.md) - -## Licensing: Installing Licenses: All Methods - -- [What is the best way to roll out New Universal licenses if I already have Original licenses?](/docs/endpointpolicymanager/license/universal.md) -- [I received multiple license files back from the Sales team (one for each Endpoint Policy Manager component.) Should I install all of them?](/docs/endpointpolicymanager/license/filemultiple.md) - -## Licensing Troubleshooting: All Methods - -- [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/troubleshooting/license/components.md) -- [I have a pop-up saying "License expires soon" or "Licenses expire in X days" when editing a GPO. What do I do?](/docs/endpointpolicymanager/troubleshooting/license/expires.md) -- [How do I turn on MMC Snap in Logs (for troubleshooting MMC Editing or Licensing Import)?](/docs/endpointpolicymanager/troubleshooting/license/mmcsnapinlogs.md) -- [I unlicensed my machine by removing a universal license, my machine still appears licensed. Why is this?](/docs/endpointpolicymanager/troubleshooting/license/universal.md) -- [Action Required for Endpoint Policy Manager Customers using Legacy Licenses](/docs/endpointpolicymanager/troubleshooting/license/legacy.md) -- [How do I make the Grace Period licensing pop-up go away?](/docs/endpointpolicymanager/troubleshooting/license/graceperiod.md) -- [Action Recommended Endpoint Policy Manager Customers to transition from "Enterprise" Licenses to "Enterprise Full" licenses.](/docs/endpointpolicymanager/troubleshooting/license/enterprisefull.md) -- [Gathering License Tool logs (LT.exe)](/docs/endpointpolicymanager/troubleshooting/license/toollogs.md) - -## Licensing Troubleshooting and Un-Licensing: Active Directory (GPO and SCCM) - -- [What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/license/unlicense/components.md) -- [My organization doesn't permit me to run the LT (Endpoint Policy Manager Licensing Tool) or provide the XML information it produces. What are my other options?](/docs/endpointpolicymanager/license/unlicense/options.md) -- [What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/license/unlicense/componentscloud.md) -- [I just installed new license files / new GPOs. Should I keep or delete the old license files / GPOs?](/docs/endpointpolicymanager/license/unlicense/fileold.md) -- [How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/license/unlicense/componentsexclude.md) -- [How can I verify, test and/or reset my Domain Join (aka SecureChannel) from the endpoint to domain controller?](/docs/endpointpolicymanager/license/unlicense/reset.md) -- [Why is Endpoint Policy Manager Preferences (original version) "forced disabled" by default?](/docs/endpointpolicymanager/license/unlicense/forceddisabled.md) - -## Misc Licensing Questions - -- [When and why would I license Endpoint Policy Manager on servers?](/docs/endpointpolicymanager/license/whenwhy.md) -- [What items and components are licensed, and what components are free?](/docs/endpointpolicymanager/license/components.md) -- [Why must I transition from Legacy to Universal licenses (and what are the differences?)](/docs/endpointpolicymanager/license/transition.md) diff --git a/docs/endpointpolicymanager/license/overview/videolearningcenter.md b/docs/endpointpolicymanager/license/overview/videolearningcenter.md deleted file mode 100644 index 9230dc5285..0000000000 --- a/docs/endpointpolicymanager/license/overview/videolearningcenter.md +++ /dev/null @@ -1,22 +0,0 @@ -# Video Learning Center - -See the following Video topics for more information on Endpoint Policy Manager licensing. - -## Licensing Request: All Methods - -- [How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) - -## Licensing Install: All Methods (Universal Licenses for customers after 2021) - -- [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - -## Licensing Install: All Methods (Universal Licenses for customers before 2021) - -- [Endpoint Policy Manager: Universal and Original Licensing Installation and Upgrades for Existing Customers](/docs/endpointpolicymanager/video/license/upgrades.md) - -## Troubleshooting and Un-Licensing - -- [Legacy License Retirement Guidance (for Feb 28, 2023)](/docs/endpointpolicymanager/video/license/legacy.md) -- [How to Un-License any Endpoint Policy ManagerComponent via ADMX or Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/license/unlicense.md) -- [Using LT for license cleanup](/docs/endpointpolicymanager/video/license/cleanup.md) -- [MDM Intune company name troubleshooting](/docs/endpointpolicymanager/video/license/mdm.md) diff --git a/docs/endpointpolicymanager/license/tool.md b/docs/endpointpolicymanager/license/tool.md deleted file mode 100644 index 2265abe27f..0000000000 --- a/docs/endpointpolicymanager/license/tool.md +++ /dev/null @@ -1,41 +0,0 @@ -# Why do I have to run the licensing tool / what information is gathered and sent to Endpoint Policy Manager for my trial (or becoming a customer?) - -When you run the Netwrix Endpoint Policy Manager (formerly PolicyPak) Licensing tool, we only -acquire the following information: - -- Name of domain. -- OUs you want to use it in. -- Number of users in there. Which we don't actually use, this is from our old licensing technique. -- Number of computers in there. This is what we actually use. -- Number of Terminal Services sessions. This is also used. - -Here's an example file you would send to us: - -![197_1_licensing_faq_pic](/img/product_docs/endpointpolicymanager/license/197_1_licensing_faq_pic.webp) - -Without this file, we cannot know what your computer and Terminal Services count is, and hence, how -much to quote you or where to license you. - -To be clear, we are not getting the following from your domain: - -- Your whole OU structure. We only get the names of the OUs you want to license. -- Any user names or passwords. -- Any computer names. -- Any IP information. - -Or anything else. - -If during your testing / trialing, you don't want to send us a License Request Key, that's fine,but… - -- We cannot make you a real quote without it. -- We cannot generate a real license key for you if you become a purchaser. - -That being said, if you rename a target / endpoint computer to have the word Computer in the name, -the Endpoint Policy Manager client side extension acts as if its fully licensed. - -You are welcome to rename a handful of machines for your tests to test out Endpoint Policy Manager -but eventually you will need to run the Licensing Utility so we can know your count and create your -real keys. - -Email your Endpoint Policy Manager Sales team member for more information if you have licensing -questions. diff --git a/docs/endpointpolicymanager/license/transition.md b/docs/endpointpolicymanager/license/transition.md deleted file mode 100644 index 8cd649fd16..0000000000 --- a/docs/endpointpolicymanager/license/transition.md +++ /dev/null @@ -1,65 +0,0 @@ -# Why must I transition from Legacy to Universal licenses (and what are the differences?) - -Starting in January 2021, Netwrix Endpoint Policy Manager (formerly PolicyPak) transitioned the -licensing model from Legacy to Universal licenses. -In 2022, the Endpoint Policy Manager CSE (any version) stopped honoring legacy licenses -Additionally, to take advantage of some features, like Capabilities (explained below) you must have -the latest CSEs and a Universal license. - -## Understanding Legacy Licenses - -Legacy licenses take the form of multiple keys, one for each component. - -Whenever we have a new component, we would issue your company a new legacy license for that -component. - -![861_1_hfkb-1130-img-01](/img/product_docs/endpointpolicymanager/license/861_1_hfkb-1130-img-01.webp) - -An individual legacy license XML looks like this and contains the product (component) and the scope -of where it is licensed to: - -![861_2_hfkb-1130-img-02_950x238](/img/product_docs/endpointpolicymanager/license/861_2_hfkb-1130-img-02_950x238.webp) - -You then use the Group Policy editor to consume the license and the result would look something like -this. - -![861_3_hfkb-1130-img-03_950x447](/img/product_docs/endpointpolicymanager/license/861_3_hfkb-1130-img-03_950x447.webp) - -Additionally, if you wanted to use Endpoint Policy Manager with an MDM service, we needed to cut a -second set of keys just for that scenario. That second set of licenses is an .MSI which also contain -the XMLs which enable Endpoint Policy Manager to work with an MDM service. - -Tip: You can use 7zip to open an MSI and see the licenses, like this.: - -![861_4_hfkb-1130-img-04_950x320](/img/product_docs/endpointpolicymanager/license/861_4_hfkb-1130-img-04_950x320.webp) - -## Understanding Universal Licenses - -Universal licenses solve a lot of problems around key generation: - -- Instead of having one set for Active Directory (GPO / SCCM or other on-prem and another for MDM, - we can generate one key which can be used in both places. -- Administrators may select which types of policies are honored (Group Policy-based, XML-files - based, or coming from MDM). -- All components purchased can be in one XML file -- Some components which have capabilities may be specified with those capabilities. This is not - available in Legacy license type. -- For MDM customers, we can specify EITHER Intune Company name or UPN name. - [What is the difference if I license my MDM machines' CSE using COMPANY NAME vs. UPN name?](/docs/endpointpolicymanager/license/mdm/name.md) - This is not available for Legacy license type. -- Administrators may disable a specifically licensed component, without having to request Endpoint - Policy Manager support to re-cut the license. - [How do I specifically exclude or prevent a component from performing processing by modifying the license file?](/docs/endpointpolicymanager/license/unlicense/componentsexclude.md) -- The license may be wrapped up by the admin as a .MSI and re-deployed without contacting Endpoint - Policy Manager support to make a .MSI. - [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - -![861_5_hfkb-1130-img-05_950x431](/img/product_docs/endpointpolicymanager/license/861_5_hfkb-1130-img-05_950x431.webp) - -In the Group Policy editor you can consume the Universal license and it will look like this. - -![861_6_hfkb-1130-img-06_950x670](/img/product_docs/endpointpolicymanager/license/861_6_hfkb-1130-img-06_950x670.webp) - -And finally using` PPUPDATE` command on the endpoint, you can see how you are licensed : - -![861_7_hfkb-1130-img-07_950x984](/img/product_docs/endpointpolicymanager/license/861_7_hfkb-1130-img-07_950x984.webp) diff --git a/docs/endpointpolicymanager/license/trial.md b/docs/endpointpolicymanager/license/trial.md deleted file mode 100644 index 5884248eed..0000000000 --- a/docs/endpointpolicymanager/license/trial.md +++ /dev/null @@ -1,131 +0,0 @@ -# What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool? - -We know you want to get started with a Netwrix Endpoint Policy Manager (formerly PolicyPak) trial -fast. - -Good news, we only need a few pieces of information to get started. Typically we can get started -with only: - -- Your domain name (for GPO/AD Method) -- Your Intune company name (for Intune method) -- Or, nothing at all, which works for all methods:Just rename a computer. - -**CAUTION:** The details in this article get you started without having to count the number of -computers, which means we cannot get you a formal quote. Only when you count the computers are we -able to provide you a formal quote. This process is slower and optional, but does mean we can get -you a formal quote. -See [How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) -for additional information. Then send your License Request Key XML to your sales person to get a -formal quote generated. - -So, here's the rundown of how you can get a trial license quickly.. You need to pick just one: - -- Option 1 — On-Prem or MDM: No license at all, by renaming a computer to have Computer in the - name(recommended). -- Option 2 — Licenses coming automatically from Endpoint Policy Manager Cloud. -- Option 3 — On-Prem / GPO Method: You give us your domain name, we give you back a Trial License - File. -- Option 4 — Intune-specific method: You give us your INTUNE company name,, and we give you back a - Trial License File. -- Option 5 — Non-Intune/Other-MDM Method: You give us your UPN name, and we give you back a Trial - License File. - -## Option 1: On-Prem or MDM: No license at all, by renaming a computer to have Computer in the name(recommended) - -With Endpoint Policy Manager, you don't even need a license file from us to get started. - -**NOTE:** This is the recommended  way to get going quickly with Endpoint Policy Manager. - -Simply rename a computer to have Computer in the name, and that's it. You're done. Here are the two -methods of how to do that in Windows. - -Here's a video showing what happens when you rename a computer and how Endpoint Policy Manager -reacts:[Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/cloud/testlab/renameendpoint.md) - -![812_1_image001](/img/product_docs/endpointpolicymanager/license/812_1_image001.webp) - -After you rename your computer to have Computer in the name, then: - -- Follow these directions to get started with on-Prem Active Directory/ Group Policy: Getting - Started with Group Policy > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) and/or -- Follow these directions to get started with Endpoint Policy Manager and Intune or another MDM - (making sure to follow the "Walk Before You Run" video): Getting Started with MDM > - [Video Learning Center](/docs/endpointpolicymanager/video/index.md) - -## Option 2: Licenses coming automatically from PolicyPak Cloud - -If you're trying our Endpoint Policy Manager Enterprise, Endpoint Policy Manager Professional or -Endpoint Policy Manager SaaS, they all come with an included Endpoint Policy Manager Cloud license.  -Your trial should automatically generate credentials -to [cloud.endpointpolicymanager.com](http://cloud.endpointpolicymanager.com/) (aka the Endpoint Policy Manager Cloud -Service.) - -When you install the Endpoint Policy Manager Cloud client, a license is automatically taken from -Endpoint Policy Manager Cloud (and also the Endpoint Policy Manager Client Side Extension is -installed.) You install a new machine into Endpoint Policy Manager cloud by installing the Endpoint -Policy Manager Cloud Client, as shown below. - -![812_2_image002](/img/product_docs/endpointpolicymanager/license/812_2_image002.webp) - -To get started immediately with Endpoint Policy Manager Cloud, check out the Getting Started with -Cloud > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). - -## Option 3: On-Prem / GPO Method: You give us your domain name, we give you back a Trial License File. - -If you want to use Active Directory / GPO method to deliver Endpoint Policy Manager settings, we -need your domain name. And if you have multiple domains, that's fine. We can make you one key which -contains all your domain names. - -The best way to get the domain name would be to run this simple Powershell command: - -``` -$env:userdnsdomain -``` - -It will then produce the output of the domain name, which is the minimum requirement to make you a -license key. - -![812_3_get-fqdn-with-powershell](/img/product_docs/endpointpolicymanager/license/812_3_get-fqdn-with-powershell.webp) - -Once we generate the key, it will be in the Endpoint Policy Manager -Portal.[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md)Then -follow these directions to get started with on-Prem Active Directory/ Group Policy: Group -Policy > [Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) - -## Option 4: Intune-specific method: You give us your INTUNE company name, and we give you back a Trial License File. - -If you're using Intune specifically, we can turn on Endpoint Policy Manager for your Intune -instance. We need the Intune Company name. Run this PowerShell script, which will return -`INTUNECOMPANYNAME.TXT`, and send it to your sales person. - -``` -[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -Install-PackageProvider -Name NuGet -Scope CurrentUser -Force -Install-Module -Name Microsoft.Graph.Intune -Repository PSGallery -Scope CurrentUser -Force -Connect-MSGraph -AdminConsent -Get-Organization | Select @{N = 'CompanyName'; E = { $_.displayName } } | out-file INTUNECOMPANYNAME.TXT -``` - -Once we generate the key, it will be in the Endpoint Policy Manager Portal. Download the key and -install it using theinstructions found -here: [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - -Then follow these directions to get started with Endpoint Policy Manager and Intune (making sure to -follow the "Walk Before You Run" video): Getting Started with MDM > -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) - -## Option 5: Non-Intune/Other-MDM Method: You give us your UPN name, and we give you back a Trial License File. - -When you enroll machines into your MDM, you do so with a UPN name. Start out by noting which UPN -name you use, such as [\*@fabrikam.com,](mailto:*@fabrikam.com) or whatever yours is. We recommend -you take a screenshot of this page from an enrolled Windows 10 machine, and then continue. - -![812_4_sdfg](/img/product_docs/endpointpolicymanager/license/812_4_sdfg.webp) - -Once we generate the key, it will be in the Endpoint Policy Manager Portal. Download the key and -install it using these -instructions: [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - -Then follow these directions to get started with Endpoint Policy Manager and your MDM service, -making sure to follow the "Walk Before You Run" video: Getting Started with MDM > -[Video Learning Center](/docs/endpointpolicymanager/video/index.md) diff --git a/docs/endpointpolicymanager/license/universal.md b/docs/endpointpolicymanager/license/universal.md deleted file mode 100644 index bcb63cd3ac..0000000000 --- a/docs/endpointpolicymanager/license/universal.md +++ /dev/null @@ -1,22 +0,0 @@ -# What is the best way to roll out New Universal licenses if I already have Original licenses? - -The ideal way to transition between new Universal licenses and Original licenses is the following: - -**Step 1 –** Create two GPOs. - -1. One GPO to contain the original licenses and -2. One GPO to contain the new / Universal licenses. - -**Step 2 –** Deploy these GPOs everywhere, such that the machines embrace both policies. - -Then, as you transition from old CSE (before year 2021) to new CSE (year 2021 and later) your -machines with the PolicyPak CSE will: - -1. Get old license GPO. -2. Get new license GPO. -3. Get both GPOs applied to the same machine. -4. If machine has old CSE: The CSE is licensed. -5. If machine has new CSE: The CSE is licensed. - -**CAUTION:** Only remove the old Licensing GPO when you are sure you have rolled out a CSE 2687 and -later (anything from year 2021 and later). diff --git a/docs/endpointpolicymanager/license/unlicense/components.md b/docs/endpointpolicymanager/license/unlicense/components.md deleted file mode 100644 index d813800cb0..0000000000 --- a/docs/endpointpolicymanager/license/unlicense/components.md +++ /dev/null @@ -1,232 +0,0 @@ -# What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies? - -This KB explains what happens when Endpoint Policy Manager gets unlicensed or the GPO no longer -applies. - -An endpoint can become unlicensed due to a variety of reasons. Examples include: - -- On-Prem, MDM or Cloud License expires -- Computer moves to unlicensed / never licensed location -- Using Endpoint Policy Manager Cloud, you specifically unlicense a component -- Using Endpoint Policy Manager Cloud, you specifically revoke the CSE -- You hand-uninstall or use SCCM or similar to un-intsall the Endpoint Policy Manager CSE -- You remove the computer from a licensed domain - -**NOTE:** You may encounter a pop-up like this if you are using pre-CSE 24.4. Note the pop-up is -opt-in only from 24.4. You won't see any pop up if you're using 24.4 or later. - -![29_1_2202cm3yx](/img/product_docs/endpointpolicymanager/license/unlicense/29_1_2202cm3yx.webp) - -See -[How do I make the Grace Period licensing pop-up go away?](/docs/endpointpolicymanager/troubleshooting/license/graceperiod.md) -for additional information on Pop-Up behavior. - -**NOTE:** The actual behavior may be somewhat different than what is described here. An endpoint can -have its directives removed because of a variety of reasons. Examples include: - -- Deleting / unlinking a GPO. -- Removing an XML file placed with SCCM or by hand. -- Removing an XML directive from Endpoint Policy Manager Cloud. -- ILT evaluates to FALSE. -- WMI evaluates to FALSE. - -Different components react somewhat differently when their licenses are removed, the policy which -affects them is removed, or when the Client Side Extension is forcefully removed. In any of those -cases, the Endpoint Policy Manager Client Side Extension component(s) will react to that. In -general: - -- What happens when the component is unlicensed is that the endpoint simply doesn't pick up new - directives for that component -- What happens when the policy is removed is that the setting will revert or be maintained (depends - on the component) - -You might want to get a better grasp on the unlicensed / revert behavior for each component. Each -component is listed here (current as of January 2018). - -## Application Settings Manager - -**NOTE:** Will not honor new Endpoint Policy Manager Application Manager requests. - -Unlicensed or Policy Reverts - -![29_2_faq-01-04-pp-01](/img/product_docs/endpointpolicymanager/license/unlicense/29_2_faq-01-04-pp-01.webp) - -A setting may be set to **Do Nothing at Revert**, which is the default policy, or - -![29_3_faq-01-04-pp-02](/img/product_docs/endpointpolicymanager/license/unlicense/29_3_faq-01-04-pp-02.webp) - -If the setting is set to **Revert**, the policy setting is reverted. The value displayed will be -performed at revert time. - -![29_4_faq-01-04-pp-03](/img/product_docs/endpointpolicymanager/license/unlicense/29_4_faq-01-04-pp-03.webp) - -For Win32 apps where AppLock (UI restrictions) are used, like in this example, the UI becomes -unrestricted. - -![29_5_faq-01-04-pp-04](/img/product_docs/endpointpolicymanager/license/unlicense/29_5_faq-01-04-pp-04.webp) - -When NTFS / ACL Lockdown is used, the end-user will be free to change these settings inside the -(previously restricted) registry. - -![29_6_faq-01-04-pp-05](/img/product_docs/endpointpolicymanager/license/unlicense/29_6_faq-01-04-pp-05.webp) - -**NOTE:** Some Paks may be set to System Wide Lockdown, like Java and Firefox, as seen above. In -those cases, all users on the system are free to make changes after the GPO no longer applies. - -## Least Privilege Manager - -When unlicensed: - -- PPLPM will stop honoring new policies when unlicensed - -Additionally, and/or when the GPO / XML no longer applies: - -- Applications / MSIs / Scripts, etc. with elevated tokens will not elevate -- SecureRun(TM) will stop preventing users from self-installing items - -## Browser Router - -When Endpoint Policy Manager Browser Router is uninstalled or becomes unlicensed: - -- The original default browser (as the user had it set before Endpoint Policy Manager Browser Router - was installed) will be placed back as default - -Additionally, and/or when the GPO / XML no longer applies, any Endpoint Policy Manager Browser -Router "routes" are no longer honored. See -[Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10?](/docs/endpointpolicymanager/troubleshooting/browserrouter/install/twologons.md) - -## Endpoint Policy Manager Admin Templates Manager - -When Endpoint Policy Manager Admin Templates Manager becomes unlicensed Endpoint Policy Manager -Admin Templates Manager will no longer apply new PPATM policies: - -- Within GPOs -- XML Based files or -- Via Endpoint Policy Manager Cloud - -Additionally, and/or when the GPO / XML no longer applies, policy setting items work and revert -exactly like Microsoft's Admin Templates Policy settings. So when Endpoint Policy Manager Admin -Templates Manager policy settings no longer apply, they revert back to their Not Configured value. - -## Endpoint Policy Preferences Manager - -When licensed: Endpoint Policy Manager Preferences manager becomes the intermediary which calls -Microsoft's Group Policy Preferences CSEs. By default, we do not give our Endpoint Policy Manager -Preferences Manager licenses unless specifically requested by the customer (and this must be done -each year). - -When Endpoint Policy Manager Preferences manager becomes unlicensed: - -- In-box Group Policy Preferences is called directly; no more Endpoint Policy Manager involvement -- Endpoint Policy Manager will not process file-based XML directives -- Endpoint Policy Manager will not process Endpoint Policy Manager Cloud XML directives - -When the GPO no longer applies, or Policy XML no longer applies: - -- Endpoint Policy Manager will leave the Microsoft GPPrefs item intact / alone on revert when the - item's **Common**> **Options** tab is set like this: - - ![29_7_faq-01-04-pp-06](/img/product_docs/endpointpolicymanager/license/unlicense/29_7_faq-01-04-pp-06.webp) - - ![29_8_faq-01-04-pp-07-1](/img/product_docs/endpointpolicymanager/license/unlicense/29_8_faq-01-04-pp-07-1.webp) - -- Or Endpoint Policy Manager will delete the Microsoft GPPRefs item when the item's **Option** tab - is set like this: - - ![29_9_faq-01-04-pp-08](/img/product_docs/endpointpolicymanager/license/unlicense/29_9_faq-01-04-pp-08.webp) - -## Java Rules Manager - -When Endpoint Policy Manager Java Rules Manager becomes unlicensed, PPJRM will not honor new PPJRM -policies. Additionally, and/or when the GPO / XML no longer applies Endpoint Policy Manager will -stop existing mappings of websites to Java. - -## File Associations Manager - -When Endpoint Policy Manager File Associations Manager becomes unlicensed, Endpoint Policy Manager -File Associations Manager will no longer honor new directives. Additionally, and/or when the GPO / -XML no longer applies: - -- The system will maintain the last settings placed by Endpoint Policy Manager File Associations - Manager -- The system will permit users to make their own changes going forward -- Other users on the system may make changes such that they will affect other users - -## Start Screen & Taskbar Manager - -When Endpoint Policy Manager Start Screen & Taskbar Manager becomes unlicensed: - -- Endpoint Policy Manager Start Screen & Taskbar Manager will not honor new directives - -Additionally, and/or when the GPO / XML no longer applies: - -- The system will permit users to make their own Start Menu and taskbar changes -- New users with new profiles on the system will get system default Start Menu groups - -## Security Settings Manager - -When Endpoint Policy Manager Security Settings Manager becomes unlicensed: - -- PPSEC will no longer process directives from Endpoint Policy Manager Cloud and -- PPSEC will no longer process XML based directives - -Additionally, and/or when the GPO / XML no longer applies: - -- PPSEC items work exactly like Microsoft's Security Settings Policy settings when the GPO is - removed, or the policy is no longer applied or PPSEC becomes unlicensed -- Like built-in Microsoft Security policy settings, when these settings no longer apply, they are - maintained; and not reverted back - -Local admins can then make changes to these settings if desired. - -## Feature Manager for Windows - -When Feature Manager for Windows becomes unlicensed: - -- The last set of Features and Optional Features on the machine will be maintained and will not - revert -- PPFMW will no longer process directives from Endpoint Policy Manager Group Policy -- PPFMW will no longer process directives from Endpoint Policy Manager Cloud and -- PPFMW will no longer process XML based directives - -## Endpoint Policy VPN Manager - -When Endpoint Policy Manager VPN Manager becomes unlicensed it will remove any managed VPN -connection on the client endpoint. It will not honor new Endpoint Policy Manager VPN Manager -policies. - -## Scripts & Triggers Manager - -When Scripts & Triggers Manager becomes unlicensed: - -- `PPSCRIPTS `will not honor new `PPSCRIPTS `policies -- `PPSCRIPTS `will process the `REVERT `Script -- `PPSCRIPTS `will not process triggers - -## Endpoint Policy Manager RDP Files Manager - -When Endpoint Policy Manager RDP Files Manager becomes unlicensed it will maintain any delivered -.RDP files on the client endpoint. It will not honor new Endpoint Policy Manager RDP Files Manager -policies. - -## Endpoint Policy Manager Software Package Manager - -When Endpoint Policy Manager Software Package Manager (AppX Delivery) becomes unlicensed, it will -maintain any delivered UWP (Windows Store) apps on the endpoint. It will not honor new Endpoint -Policy Manager Software Package Manager (AppX Deliver) policies. - -## Endpoint Policy Manager Remote Work Delivery Manager - -When Endpoint Policy Manager Remote Work Delivery Manager becomes unlicensed, it will: - -- Not honor new Endpoint Policy Manager RWDM policies -- RWDM will process the actions on the REVERT actions pane (including running the script and - optionally deleting the copied files or folders as specified) - -## Endpoint Policy Device Manager - -When Endpoint Policy Manager Device Manager becomes unlicensed, it will: - -- Not honor new Endpoint Policy Manager Device Manager policies -- Any removable drive protections are stopped and existing rules will be unenforced, basically - reverting it back to normal Windows' in-box behavior diff --git a/docs/endpointpolicymanager/license/virtualization/tool.md b/docs/endpointpolicymanager/license/virtualization/tool.md deleted file mode 100644 index a41deaafda..0000000000 --- a/docs/endpointpolicymanager/license/virtualization/tool.md +++ /dev/null @@ -1,25 +0,0 @@ -# Why must I run LT from a Windows Server if I want to properly count Citrix / Terminal Services / RDS connections? - -When you license Citrix / Terminal Services / RDS, you purchase keypak licenses in blocks of 50 from -Microsoft and Citrix, and apply them to your servers. - -Netwrix Endpoint Policy Manager (formerly PolicyPak) LT attempts to read these keypak files and -report on your maximum inbound connections. In short, LT can only look for these Keypack licenses -when running on a Windows server and not a Windows client machine. That is what this message is -about. - -![352_2_image001]() - -**NOTE:** Sometimes LT can acquired the correct number of RDS connections, and sometimes it cannot. - -![352_2_image002](/img/product_docs/endpointpolicymanager/license/virtualization/352_2_image002.webp) - -To be compliant with our EULA, if the count returned by LT shows zero, or otherwise fails to acquire -the number of Citrix / Terminal Services / RDS licenses, you must manually declare them to your -sales representative. - -There are also multiple ways the Endpoint Policy Manager On-Prem suite can be licensed for Citrix. -For understanding all the scenarios, please see the following additional technotes: - -- [How are Terminal Services and/or Citrix connections licensed?](/docs/endpointpolicymanager/license/virtualization/terminalservices.md) -- [Citrix & WVD Multi-session Windows Licensing Scenarios](https://www.endpointpolicymanager.com/purchasing/vdi-licensing-scenarios/) diff --git a/docs/endpointpolicymanager/licensing.md b/docs/endpointpolicymanager/licensing.md deleted file mode 100644 index a4a991592e..0000000000 --- a/docs/endpointpolicymanager/licensing.md +++ /dev/null @@ -1,276 +0,0 @@ -# Licensing - -Licensing Netwrix Endpoint Policy Manager (formerly PolicyPak) is easy. We have one tool to request -information about Active Directory and Intune. - -**NOTE:** For a video overview of the process, watch this tutorial: -[How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) - -Here are the basics: - -- Endpoint Policy Manager is licensed on a per-client-computer basis. All client computers (desktop, - laptop, and virtual desktop infrastructure [VDI]) must be licensed if you want Endpoint Policy - Manager policies to apply and enforce settings. -- Endpoint Policy Manager is also licensed per concurrent-session-connection for your Terminal - Services (RDS) or Citrix servers. All inbound Terminal Services (RDS) or Citrix XenApp connections - must be licensed if you want Endpoint Policy Manager to apply and enforce settings. -- Endpoint Policy Manager can also be licensed in conjunction with an MDM service such as Intune, - Workspace ONE, or MobileIron. This scenario is covered later in this guide and in detail in - Appendix A: Using Endpoint Policy Manager with MDM and UEM Tools. - -**NOTE:** To be in compliance with Endpoint Policy Manager licensing, you must license inbound -Terminal Services (RDS) or Citrix connections. These are simply added to the count of your Endpoint -Policy Manager licenses. For instance, if you want to use Endpoint Policy Manager with 500 desktops, -200 laptops, and 100 concurrent Terminal Services or Citrix session connections, then you will need -800 Endpoint Policy Manager licenses. Full details of how Endpoint Policy Manager licenses Terminal -Services (RDS) or Citrix inbound connections can be found at the following link: -[http://www.endpointpolicymanager.com/purchasing/citrix-licensing-scenarios.html](http://www.endpointpolicymanager.com/purchasing/citrix-licensing-scenarios.html). - -In other words, to be fully compliant, you must license the number of computers in Active Directory -plus the inbound Terminal Services (RDS) and/or Citrix connections. If you don't wish to run -Endpoint Policy Manager on your Terminal Services (RDS) or Citrix machines, then these inbound -connections do not need to be declared at purchase time. - -Once a computer is licensed, the trial mode restrictions are lifted. (The computer can be named -anything.) Virtual desktops (any VDI, including Windows Virtual Desktops) are licensed the same way -that real desktops and laptops are licensed. In short, we count the number of computer account -records in Active Directory. For most customers, all areas of Endpoint Policy Manager licensing are -handled by the Endpoint Policy Manager licensing tool (named LT.exe), which is included in the -Licensing for All On-Prem Products folder inside the ISO download. - -Endpoint Policy Manager licenses themselves can be deployed within Group Policy Objects (GPOs), or -delivered via MSI. Client computers download the GPO with the license file or the MSI with the -license file, and automatically determine if they are licensed. Be aware that the Endpoint Policy -Manager licensing tool (LT) is used with the Active Directory solution method and Intune, and not -other MDM services like VMware Workspace ONE. In those cases, you'll work with your sales team to -demonstrate how many machines are MDM-enrolled. - -**NOTE:** To be in compliance with Endpoint Policy Manager licensing on Citrix and Terminal Services -(RDS), you must run LT on a server. When LT is run on a server, it is usually able to count Terminal -Services and Citrix connections and report them. Even if LT does not properly count the Citrix and -Terminal Services licenses, you are still bound by the End User License Agreement to report them for -licensing purposes. - -Endpoint Policy Manager's LT utility can also help you minimize costs by finding and disabling -unused computers. For instance, many organizations have dozens or hundreds of computers that have -not been logged onto for months. Since you pay on a per-computer basis with Endpoint Policy Manager -in Active Directory, we don't want you paying for computers you're not actually using. If you'd like -to find and disable unused computers, LT can help you do that before you make your initial license -request. If you want more information on this, jump to the section "Finding and Disabling Unused -Computers." - -Licensing occurs in two phases: - -- Phase I: Get a License Request Key.In this phase, LT will ask several questions—such as where you - want to license it—and will then help you generate your license request. This license is usually - good for one year, depending on your contract with Endpoint Policy Manager. -- Phase II: Re-run and get another License Request Key. Once the initial license year is up, you - simply re-run the Endpoint Policy Manager LT utility each following year. LT will review existing - installed licenses and do a count of computers. You need to perform this step every year - (according to your Endpoint Policy Manager license agreement) to continue to use Endpoint Policy - Manager. Otherwise, Endpoint Policy Manager will stop functioning on your anniversary date. You - pay for any overage from the previous year. - -## Finding and Disabling Unused Computers - -We only want you to pay for the computers you're actually going to use with the Endpoint Policy -Manager. Endpoint Policy Manager's LT has an option, "Find and Disable unused computers," as seen in -Figure 12. - -![licensing_policypak](/img/product_docs/endpointpolicymanager/licensing_endpointpolicymanager.webp) - -Figure 12. The option to disable unused computers. - -When you select this option, you are led through an wizard that finds any computers that have not -been logged into for 90 days (or any other number of days you select). You can then select the -computers you want to disable and click "Next," as shown in Figure 13. - -![licensing_policypak_1](/img/product_docs/endpointpolicymanager/licensing_endpointpolicymanager_1.webp) - -Figure 13. Selecting the unused computers. - -Note that you can also choose to include computers that no users have ever logged onto. All -computers that you select will be disabled when you click "Next." By doing so, you will have fewer -computers in your count and thus fewer to pay for. - -**NOTE:** Endpoint Policy Manager's LT utility cannot re-enable accounts once they've been disabled. -Also, Endpoint Policy Manager's LT utility cannot move computer accounts after they are disabled. - -## Licensing Modes - -Licensing with Endpoint Policy Manager involves the following items: - -- A license for a component -- The component's capability if applicable (for instance, Least Privilege Manager has Standard and - Complete capabilities) -- A scope -- For Active Directory: a whole Active Directory Domain or specific organizational units (OUs) -- For MDM: a specific UPN or company name -- For Endpoint Policy Manager Cloud: licensed by Endpoint Policy Manager Cloud -- An enablement method -- Group Policy -- MDM (used with your MDM provider) -- Endpoint Policy Manager Cloud -- XML Method (used alongside a UEM tool, like SCCM) - -You can purchase some (or all) Paks, and then choose the enablement methods and dictate the licensed -scopes. In the XML example license file below, the customer has selected the following: - -- Specific Paks which entitle them to specific policies and specific capabilities if applicable (for - instance, Least Privilege Manager and Software Package Manager have specific capabilities) -- A whole domain for the scope (Fabrikam.com) -- Enablement methods "GP-POLICIES" and "XML-POLICIES" - - ``` - -                                  - Example (Customertest)                 - 2021-03-09                 - 2021-03-31                 - false                 -                  -                  -                  -                  - gp-policies                 - xml-policies                 -                  -                  -                  -                  -                  -                  -                  - complete                 -                  -                  -                  -                  - appx                 -                  -                  -                  -                  -                  -                  -                  -                  - ABCDEF==                 -                  - - ``` - -The licensing modes are: - -- Licensed Mode (temporary). When a computer is licensed (temporarily for 30 days or licensed for - one year), it is permitted to process all directives intended for it. In Licensed Mode, there is - no limit to the number of Endpoint Policy Manager directives a client machine will process and - keep compliant. -- Trial Mode. Trial Mode functions similarly to Licensed Mode. Trial Mode enables you to try - Endpoint Policy Manager very quickly in your test lab or real Active Directory. Trial Mode is - enabled when your test computers' names have the word "computer" in them. For instance, a computer - named "COMPUTER1" would automatically be in Trial Mode and act as if fully licensed. To see an - example of how and why this works, see this video: - [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/cloud/testlab/renameendpoint.md) - -We want you to use this Endpoint Policy Manager in your testing similarly to how you would use it in -the real world. So in Trial Mode, we allow you to do the following: - -- Deploy the client-side extension (CSE) to all the test machines you want to manage -- Install the GPMC admin console on a management station -- Fully test the software with any number of users and computers (provided the computer name has the - word "computer" in it) - -These restrictions allow you to use your own test lab or Active Directory OU to try the Endpoint -Policy Manager components. You'll be able to see what happens when you make central changes and -watch your clients react. - -## Licensing Endpoint Policy Manager with Your Own MDM Service - -Endpoint Policy Manager can be used in conjunction with your own MDM service, such as Workspace ONE -or MobileIron. However, licensing Endpoint Policy Manager with these utilities is a bit different -than licensing Endpoint Policy Manager with Active Directory or Intune. In short, you need to work -with your sales team to declare the number of Windows 10 machines you want to license. Typically, -you would use the MDM reporting system to express how many Windows 10 machines you have enrolled and -the number you plan add in the current year. All the details on exactly how to perform a count and -what to send back to Endpoint Policy Manager Sales can be found here: -[When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? ](/docs/endpointpolicymanager/license/mdm/setup.md). - -An example of an MDM system account with a very low number of machines can be seen in Figure 14. -Note that the company information is obscured in this demonstration, but you would have to provide -it. - -![licensing_policypak_2](/img/product_docs/endpointpolicymanager/licensing_endpointpolicymanager_2.webp) - -Figure 14. An example of an MDM system account. - -## License Requests - -Once you have ensured that your license request contains all computers that you want to license, -save the file, and then deliver this to your Endpoint Policy Manager sales representative to receive -a license file. - -**NOTE:** The resulting XML file is tamper-proof and will be invalid if the number of elements is -changed after creation. - -## License Files - -You may receive multiple license files for Endpoint Policy Manager: - -To deploy your licenses, you can use the following: - -Use these key installation instructions (which demonstrate Active Directory, SCCM, and MDM methods): -[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - -## Licensing Endpoint Policy Manager Through Endpoint Policy Manager Cloud - -Endpoint Policy Manager Cloud has a licensing mechanism build in. When a computer acquires a -license, it stays licensed unless it becomes unused for an amount of time. (See Appendix E: Endpoint -Policy Manager Cloud Quickstart and User Guide for more details on this.) However, there is one -caveat around a licensing scenario in which an acquired Endpoint Policy Manager Cloud license could -possibly enable the Active Directory method. Below is the breakdown of how this works. - -### Legacy Endpoint Policy Manager Cloud monthly or yearly customers: - -When clients consume licenses from Endpoint Policy Manager Cloud, they automatically pick up Group -Policy as well (for free). So if you're a Endpoint Policy Manager Cloud customer, you don't need to -also license the machine for Group Policy. Being able to use Group Policy as the settings delivery -mechanism is automatic because the client has consumed the Cloud license. In this way, you get a -free on-premise (Group Policy Edition) license automatically when a client has consumed a license -with Endpoint Policy Manager Cloud (and continues to check in within the check-in period). For -information on how to do this, see this video: -[Endpoint Policy ManagerStart Screen & Taskbar Manager: Manage non-domain joined machines using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/startscreentaskbar/nondomainjoined.md). - -### Endpoint Policy Manager Professional and Endpoint Policy Manager Enterprise Edition customers: - -In this case, your Universal License key will have to be enabled for the Group Policy method. You -will not be able to automatically enable the Group Policy method when being licensed via Endpoint -Policy Manager Cloud. - -### Endpoint Policy Manager SaaS/Cloud-only customers: - -In this case, you cannot use Endpoint Policy Manager Cloud to enable the Group Policy method. If you -wish to enable the Group Policy method, you need to transition from Endpoint Policy Manager SaaS to -Endpoint Policy Manager Enterprise Edition or Endpoint Policy Manager Professional Edition. You can -still manage Active Directory joined machines, but you must use the Endpoint Policy Manager Cloud -delivery mechanism to perform the operation, and not Active Directory or a GPO. - -## Final Licensing Thoughts - -Once you've tested Endpoint Policy Manager, you'll be ready to become a part of the licensed -Endpoint Policy Manager family. The following are a few reminders on licensing: - -- Endpoint Policy Manager is licensed on a per-computer basis. -- When Endpoint Policy Manager is fully licensed, the restriction on the computer name is lifted. -- The Endpoint Policy Manager client-side extension (CSE) will not function unless it's in Trial - Mode (the computer name has the word "computer" in it) or the CSE has a time-based licensed where - the scope is correct. - -Note that you only need to install the CSE once on the client machines you want to use. When you are -unlicensed, Endpoint Policy Manager stops working. When you are licensed, it will fully process all -Endpoint Policy Manager directives. - -Volume licenses and domain-wide licenses for Endpoint Policy Manager are available. - -**NOTE:** For an overview and FAQ of the licensing process, please visit: -[http://www.endpointpolicymanager.com/support-sharing/licensing-faq.html](http://www.endpointpolicymanager.com/support-sharing/licensing-faq.html). diff --git a/docs/endpointpolicymanager/mac/overview.md b/docs/endpointpolicymanager/mac/overview.md deleted file mode 100644 index 0d8ae8fd5f..0000000000 --- a/docs/endpointpolicymanager/mac/overview.md +++ /dev/null @@ -1,24 +0,0 @@ -# Endpoint Policy Manager Cloud for MacOS Client - -Getting Started & Installation - -Endpoint Policy Manager Cloud for MacOS may be used when the Mac is connected to Endpoint Policy -Manager Cloud service. - -The Endpoint Policy Manager Cloud for MacOS supports the following functions: - -- Connect to Endpoint Policy Manager Cloud, claim a Endpoint Policy Manager Cloud license and - download new Mac-specific policies -- Remove Local admin rights and overcome admin prompts -- Block / Allow USB and DMG files - -In this section you will learn the supported versions, how to install the client, command line -options, and tips for mass installation. - -## Supported Versions of the MacOS Client - -Supported versions of the MacOS client are: - -Mac OS 13 Ventura - -Mac OS 14 Sonoma diff --git a/docs/endpointpolicymanager/mac/scenarios/overview.md b/docs/endpointpolicymanager/mac/scenarios/overview.md deleted file mode 100644 index d31dbcef4b..0000000000 --- a/docs/endpointpolicymanager/mac/scenarios/overview.md +++ /dev/null @@ -1,16 +0,0 @@ -# Supported Scenarios and Policy Types - -Endpoint Policy Manager for Mac supports a variety of scenarios: - -- Package Installer Policy — Manage (install / block) packages -- System Settings Policy — Manage System Settings rights -- SUDO Policy — Perform command line functions -- Application Launch Approval Policy — Allow / Deny / Challenge application launch -- Mount/Unmount Policy — Allow/ Block USB devices and DMG files -- Finder Policy — Elevate application installs and uninstalls -- Privilege Elevation — Elevate applications which have helper applications - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/mac/scenarios/supported_scenarios_and_policy.webp) diff --git a/docs/endpointpolicymanager/mac/scenarios/packageinstallation.md b/docs/endpointpolicymanager/mac/scenarios/packageinstallation.md deleted file mode 100644 index 6b7593832c..0000000000 --- a/docs/endpointpolicymanager/mac/scenarios/packageinstallation.md +++ /dev/null @@ -1,13 +0,0 @@ -# Package Installation Policy - -**NOTE:** See the -[Endpoint Policy Manager Least Priv Manager for Macs Application Package Support](/docs/endpointpolicymanager/video/leastprivilege/mac/applicationpackage.md) -video for an overview of this section. - -When a standard user attempts to install a .PKG file they are not allowed to do so. In this example, -Skype for Business prompts the user for admin credentials before installing. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/mac/scenarios/package_installation_policy.webp) diff --git a/docs/endpointpolicymanager/mac/scenarios/systemsettings.md b/docs/endpointpolicymanager/mac/scenarios/systemsettings.md deleted file mode 100644 index 811b13b5e2..0000000000 --- a/docs/endpointpolicymanager/mac/scenarios/systemsettings.md +++ /dev/null @@ -1,32 +0,0 @@ -# System Settings Policy - -**NOTE:** See the -[Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy](/docs/endpointpolicymanager/video/leastprivilege/mac/systemsettings.md) -video for an overview of this section. - -Standard Users are prompted when they access System Settings in MacOS. For instance, trying to -modify Date&Time or Wi-Fi settings prompts standard users for admin credentials. - -![Screens screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/mac/scenarios/system_settings_policy.webp) - -System Settings Policy enables you to: - -- Deny Execution — Stop access to a System Settings -- Allow Execution —  Operates in accordance with the system configurations (Endpoint Policy Manager - client logs actions) -- Elevate — Standard user can perform the operation where it would normally not be allowed. - -In this example, we are permitting a Standard User to overcome restricted access to Date&Time and -Wi-Fi System Settings. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/mac/scenarios/system_settings_policy_1.webp) - -Without Endpoint Policy Manager policy, the system asks for administrator confirmation to change -system settings for the standard user. With Endpoint Policy Manager you are able to provide the -ability to change settings without administrator involvement. diff --git a/docs/endpointpolicymanager/manuals.md b/docs/endpointpolicymanager/manuals.md deleted file mode 100644 index b93304c162..0000000000 --- a/docs/endpointpolicymanager/manuals.md +++ /dev/null @@ -1,55 +0,0 @@ -# Netwrix Endpoint Policy Manager (formerly PolicyPak) User Manuals - -The following topics provide information on using Endpoint Policy Manager: - -- Introduction & Quick Start Manuals - - - [Introduction and Basic Concepts](/docs/endpointpolicymanager/basicconcepts.md) - - [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md) - - [Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md) - - [Endpoint Policy Manager Cloud Quick Start](/docs/endpointpolicymanager/cloud/overview.md) - - [MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md) - - [Upgrade Guidance](/docs/endpointpolicymanager/install/upgrade/overview.md) - -- Least Privilege Security Pak - - - [Least Privilege Manager (Windows)](/docs/endpointpolicymanager/leastprivilege/overview.md) - - [Endpoint Privilege Manager Implementation QuickStart Guide](/docs/endpointpolicymanager/leastprivilege/pplpmimplementationguide.md) - - [Endpoint Policy Manager Cloud for MacOS Client](/docs/endpointpolicymanager/mac/overview.md) - -- Device Management Pak - - - [Device Manager](/docs/endpointpolicymanager/device/devicemanager/overview.md) - -- Apps, Browsers, & Java Security Pak - - - [Application Settings Manager ](/docs/endpointpolicymanager/applicationsettings/overview.md) - - [Browser Router](/docs/endpointpolicymanager/browserrouter/overview.md) - - [Java Enterprise Rules Manager](/docs/endpointpolicymanager/javaenterpriserules/overview.md) - - [Security Settings Manager](/docs/endpointpolicymanager/securitysettings/overview.md) - -- GPO Compliance Pak - - - [Group Policy Compliance Reporter](/docs/endpointpolicymanager/grouppolicycompliancereporter/overview.md) - -- Windows 10 & 11 Management Pak - - - [File Associations Manager](/docs/endpointpolicymanager/fileassociations/overview.md) - - [Feature Manager for Windows](/docs/endpointpolicymanager/feature/overview.md) - - [Start Screen & Taskbar Manager](/docs/endpointpolicymanager/startscreentaskbar/overview.md) - -- GPO Reduction and Transitions Pak - - - [Administrative Templates Manager](/docs/endpointpolicymanager/adminstrativetemplates/overview.md) - - [Preferences Manager](/docs/endpointpolicymanager/preferences/overview.md) - -- App Delivery & Patching Pak - - - [Remote Work Delivery Manager](/docs/endpointpolicymanager/remoteworkdelivery/overview.md) - - [Software Package Manager](/docs/endpointpolicymanager/softwarepackage/overview.md) - -- Desktop Automation & Connectivity Pak - - - [Scripts & Triggers Manager](/docs/endpointpolicymanager/scriptstriggers/overview.md) - - [Remote Desktop Protocol Manager](/docs/endpointpolicymanager/remotedesktopprotocol/overview.md) - - [Endpoint Policy Manager Network Security Manager](/docs/endpointpolicymanager/scriptstriggers/networksecuritymanager.md) diff --git a/docs/endpointpolicymanager/manuals/_category_.json b/docs/endpointpolicymanager/manuals/_category_.json new file mode 100644 index 0000000000..e61647c49d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Endpoint Policy Manager (formerly PolicyPak) User Manuals", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "manuals" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/_category_.json new file mode 100644 index 0000000000..edc42e7a73 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "App Delivery And Patching Pak", + "position": 80, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/_category_.json new file mode 100644 index 0000000000..3dced3ef60 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Remote Work Delivery Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/remoteworkdelivery/cloudmdm.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/cloudmdm.md similarity index 93% rename from docs/endpointpolicymanager/remoteworkdelivery/cloudmdm.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/cloudmdm.md index 41effdbde9..f913afa484 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/cloudmdm.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/cloudmdm.md @@ -1,3 +1,9 @@ +--- +title: "Remote Work Delivery Manager with Endpoint Policy Manager Cloud and MDM Services" +description: "Remote Work Delivery Manager with Endpoint Policy Manager Cloud and MDM Services" +sidebar_position: 70 +--- + # Remote Work Delivery Manager with Endpoint Policy Manager Cloud and MDM Services Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager works with diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/exportcollections.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/exportcollections.md new file mode 100644 index 0000000000..be8602c6bf --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/exportcollections.md @@ -0,0 +1,51 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 60 +--- + +# Exporting Collections + +In Appendix A:[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md), you can +learn how to use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Exporter to wrap up +Endpoint Policy Manager directives and deliver them using Endpoint Policy Manager Cloud, an MDM +service, or a non-Group Policy method such as MEMCM, KACE, and so on. + +**NOTE:** For a video demonstrating the use of Endpoint Policy Manager Remote Work Delivery Manager +with Endpoint Policy Manager MDM see +[Copy files and keep them up to date with your MDM service](/docs/endpointpolicymanager/video/remoteworkdelivery/mdm.md). + +Remember that Endpoint Policy Manager Remote Work Delivery Manager policies can be created and +exported on the User side or Computer side. In the example below you can see an export from the User +side. + +![exporting_collections](/img/product_docs/endpointpolicymanager/remoteworkdelivery/exporting_collections.webp) + +Choosing this option from the User side will allow the user to export the policy or collection for +later use with Endpoint Policy Manager Cloud or an MDM service. + +Below you can see an Export of Endpoint Policy Manager Remote Work Delivery Manager XML from the +Computer side. + +![exporting_collections_1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/exporting_collections_1.webp) + +Choosing this option from the Computer side will allow the user to export the Policy or collection +for later use with Endpoint Policy Manager Cloud or an MDM service. + +Here are some helpful tips to decide which side to use: + +- When you export a user-side policy and deploy it using Endpoint Policy Manager Cloud or MDM, it + will apply to every user on the machine (like switched mode). +- When you export a computer-side policy (which affects the system) and deploy it using Endpoint + Policy Manager Cloud or MDM, it will apply to the computer as System. +- When you export a computer-side policy (which affects all users on the machine), and deploy it + using Endpoint Policy Manager Cloud or MDM, it will apply to every user on the machine (like + switched mode). + +**NOTE:** See +[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md) +for additional information on how to export policies and use Endpoint Policy Manager Exporter + +Note that exported collections or policies maintain any Item-Level Targeting set within them. If +you've used items that represent Group Membership in Active Directory, then those items will only +function when the machine is domain-joined. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/_category_.json new file mode 100644 index 0000000000..62d3c7f949 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting to Know Remote Work Delivery Manager", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "gettoknow" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/collections.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/collections.md new file mode 100644 index 0000000000..1dad7cbcf5 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/collections.md @@ -0,0 +1,27 @@ +--- +title: "Using Collections for Groupings and Advanced Configuration" +description: "Using Collections for Groupings and Advanced Configuration" +sidebar_position: 50 +--- + +# Using Collections for Groupings and Advanced Configuration + +When you make a Endpoint Policy Manager Remote Work Delivery Manager collection, it enables you to +group together policy settings for the sake of organization, perform Item-Level Targeting (discussed +next), and specify advanced options. + +![getting_to_know_policypak_35](/img/product_docs/endpointpolicymanager/remoteworkdelivery/getting_to_know_endpointpolicymanager_35.webp) + +By default, Endpoint Policy Manager Remote Work Delivery Manager will attempt to process policies at +the root node, or within any collection, at the same time, without letting one job finish before +another job starts. In some situations, this is undesired. For instance, you might want to ensure +one file copy is definitely finished and its script running before starting another file copy and +letting that script run. + +As such, you can use a collection to: + +- Process policies sequentially – This will ensure that policies are processed in the order shown in + the MMC console, i.e., 1, 2, and so on. When this option is unchecked, policies may process in any + order. +- Process policies synchronously — When checked, this will ensure that each individual policy is + finished processing before the next one starts. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/computerside.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/computerside.md new file mode 100644 index 0000000000..2cb1b7248e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/computerside.md @@ -0,0 +1,43 @@ +--- +title: "Using Remote Work Delivery Manager on the Computer Side" +description: "Using Remote Work Delivery Manager on the Computer Side" +sidebar_position: 40 +--- + +# Using Remote Work Delivery Manager on the Computer Side + +In the Quickstart example, we delivered a file to users, but Endpoint Policy Manager can also +deliver scripts on the Computer side. + +There are two options when you create a script policy from the Computer side. + +![getting_to_know_policypak_34](/img/product_docs/endpointpolicymanager/remoteworkdelivery/getting_to_know_endpointpolicymanager_34.webp) + +The two options to select from are: + +- Apply this policy to computer — This is the default option and will apply the files to the + computer in the System context. This is best used when you're trying to do things that only the + system should do, like deliver files, such as program files, system files, and so on, to protected + Windows folders. The policy only applies when the Computer context is used. +- Apply this policy to all users who log into the computer (switched mode) — This setting will + deliver files either as System (default behavior) or run in the User context. This gives you the + ability to deliver files any time a user logs onto the computer, and specify the context (System + or User). + +**NOTE:** Scripts placed on the Computer side, but run in the User context can be run interactively. +But scripts run in the System context cannot be run interactively. + +The main advantage to delivering files on the Computer side, but running in the User context +(switched mode), is that you do not need loopback in order to deliver files to each user who logs +on. In this way, you can target specific scripts for the collections of computers that you might +find in training rooms, free seating areas, VDI, and similar situations, and ensure that the same +script runs for everyone who sits down at these computers. + +Also, note some subtle differences about when policies are set to Always apply: + +- Switched policies apply to Users (even though they're targeted to Computers). As such, all + Switched policies apply on logon and anytime the Group Policy service updates (in the background + and manually when you run `GPupdate `and `PPupdate`). +- All policies with **Always run** selected will reapply when policy changes are made. +- All policies with **Always run** selected will reapply when the Endpoint Policy Manager service + starts up. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/_category_.json new file mode 100644 index 0000000000..96e3682b66 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Quick Start - Using Remote Work Delivery Manager to Copy and Install a Single File", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/overview.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/overview.md new file mode 100644 index 0000000000..e2ea0900bd --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/overview.md @@ -0,0 +1,11 @@ +--- +title: "Quick Start - Using Remote Work Delivery Manager to Copy and Install a Single File" +description: "Quick Start - Using Remote Work Delivery Manager to Copy and Install a Single File" +sidebar_position: 10 +--- + +# Quick Start - Using Remote Work Delivery Manager to Copy and Install a Single File + +This is a two-part Quickstart example. In Part 1, we're going to copy the installer file for +Notepad++ from an SMB share, and then run it silently after the install. In Part 2, we're going to +copy a file from an HTTP(S) webserver like Dropbox. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/policiesstandard.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/policiesstandard.md similarity index 97% rename from docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/policiesstandard.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/policiesstandard.md index b7adfdce35..c9e8bebb22 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/policiesstandard.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/policiesstandard.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started with Standard Policies" +description: "Getting Started with Standard Policies" +sidebar_position: 10 +--- + # Getting Started with Standard Policies In the following examples, we'll copy and install Notepad++ using Endpoint Policy Manager Remote diff --git a/docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/policiesweb.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/policiesweb.md similarity index 97% rename from docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/policiesweb.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/policiesweb.md index 3ec9958deb..2fe60028e6 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/policiesweb.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettingstarted/policiesweb.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started with Web Policies" +description: "Getting Started with Web Policies" +sidebar_position: 20 +--- + # Getting Started with Web Policies Web policies enable you to copy a file from an HTTP source, like Dropbox or Amazon S3. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettoknow.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettoknow.md new file mode 100644 index 0000000000..b739a961cc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/gettoknow.md @@ -0,0 +1,25 @@ +--- +title: "Getting to Know Remote Work Delivery Manager" +description: "Getting to Know Remote Work Delivery Manager" +sidebar_position: 30 +--- + +# Getting to Know Remote Work Delivery Manager + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager is contained +within the Endpoint Policy Manager node. Endpoint Policy Manager Remote Work Delivery Manager MMC +snap-in enables you to create a new Endpoint Policy Manager Remote Work Delivery Manager standard +policy, web policy, or collection. + +**NOTE:** You will only see the Endpoint Policy Manager Remote Work Delivery Manager node when the +latest Admin Console MSI is installed on the management station. + +![getting_to_know_policypak](/img/product_docs/endpointpolicymanager/remoteworkdelivery/getting_to_know_endpointpolicymanager.webp) + +The functions of collections and policies are as follows: + +- Collections are groupings of policies +- Policies are the rules that perform the work. + +Both collections and policies may have Item-Level Targeting (explained in more detail later), which +enables you to target policies based on criteria that you specify. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/advanced/standard/multiplefiles.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/multiplefiles.md similarity index 93% rename from docs/endpointpolicymanager/remoteworkdelivery/advanced/standard/multiplefiles.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/multiplefiles.md index 0dbb0d0ba7..735d86a701 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/advanced/standard/multiplefiles.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/multiplefiles.md @@ -1,3 +1,9 @@ +--- +title: "Advanced Standard Policies: Copying Multiple Files Wizard" +description: "Advanced Standard Policies: Copying Multiple Files Wizard" +sidebar_position: 20 +--- + # Advanced Standard Policies: Copying Multiple Files Wizard The second type of standard policy you can create is called Copy multiple files from same directory. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/advanced/standard/recursion.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/recursion.md similarity index 92% rename from docs/endpointpolicymanager/remoteworkdelivery/advanced/standard/recursion.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/recursion.md index f489804017..852731c775 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/advanced/standard/recursion.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/gettoknow/recursion.md @@ -1,3 +1,9 @@ +--- +title: "Advanced Standard Policies: Copying Multiple Files with Recursion and Advanced Criteria" +description: "Advanced Standard Policies: Copying Multiple Files with Recursion and Advanced Criteria" +sidebar_position: 30 +--- + # Advanced Standard Policies: Copying Multiple Files with Recursion and Advanced Criteria The final standard policy type is Copy multiple files based on criteria (Recursive and Advanced). diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/insouts.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/insouts.md new file mode 100644 index 0000000000..a7ed3b65d4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/insouts.md @@ -0,0 +1,44 @@ +--- +title: "Ins and Outs of Remote Work Delivery Manager" +description: "Ins and Outs of Remote Work Delivery Manager" +sidebar_position: 10 +--- + +# Ins and Outs of Remote Work Delivery Manager + +Endpoint Policy Manager Remote Work Delivery Manager (PPRWDM) solves several huge Windows 10 issues. +Its basic goal is to deliver files and folders from either SMB shares or HTTP(S) sources, and if the +connection is unstable or breaks and comes back, the file(s) will continue to be downloaded. You can +think of PPRWDM as Robocopy on steroids for Group Policy and the web. And as a bonus, after the file +is copied, you can run a script to perform an action, such as install an application you just +copied. + +## Managing File Copies with Group Policy without Endpoint Policy Manager + +There is an in-box method of copying files with Group Policy Preferences but it does have some +limitations. + +The File Copy settings are found in the Group Policy Editor under User Configuration > Preferences > +Files node and Computer Configuration > Preferences > Files node. + +![about_policypak_remote_work](/img/product_docs/endpointpolicymanager/remoteworkdelivery/about_endpointpolicymanager_remote_work.webp) + +Using Group Policy Preferences will copy exactly one file and place it where you want it. You can +also add an asterisk (\*) in the source file entry, which changes the Destination File field to a +Destination folder field. + +![about_policypak_remote_work_1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/about_endpointpolicymanager_remote_work_1.webp) + +When you add the asterisk (\*), Group Policy Preferences will attempt to copy all the files from +that source folder down to the client. Note that this file copy is not recursive, making it a common +problem that administrators would like to overcome. There's also no way to copy only changed files, +or to make other exceptions. + +## Delivering Files with an MDM Service without Endpoint Policy Manager + +On any MDM service, there is no way to easily push files. The only current way to do this is to wrap +up your files into an MSI with a third party MSI tool (like AdvancedInstaller or similar) and then +use the MDM service's MSI file deployment ability. Even though it works, and would copy the file one +time, this is not a great system when you need to update one or more files on a regular basis, +because the process becomes tedious and error-prone. With Endpoint Policy Manager, you'll see how to +quickly copy files to endpoints and keep them updated on a regular basis. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/itemleveltargeting.md new file mode 100644 index 0000000000..8c4bb0fb9e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/itemleveltargeting.md @@ -0,0 +1,65 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 40 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix +Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. +With Endpoint Policy Manager Remote Work Delivery Manager, Item-Level Targeting can be used with +collections as well as Endpoint Policy Manager Remote Work Delivery Manager policies within +collections. A collection enables you to group together Endpoint Policy Manager Remote Work Delivery +Manager policies so they can act together. For instance, you might create a collection for only East +Sales computers and another for West Sales computers. + +![using_item_level_targeting](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting.webp) + +You can also right-click any Endpoint Policy Manager Remote Work Delivery Manager policy, and select +**Edit Item Level Targeting**. + +![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_1.webp) + +You can also select Item-Level Targeting when a policy is created using the wizard. + +The Edit Item Level Targeting function brings up the Targeting Editor. In the Targeting Editor, +select any combination of characteristics to test for. Administrators familiar with Group Policy +Preferences' Item-Level Targeting will be at home in this interface, since it is functionally +equivalent. + +Apply one or more targeting items to a policy. This enables a logical joining together of targeting +items. Adding targeting collections equates to enclosing equations in parentheses. In other words, +it allows you to group together targeting items. In this way, a fairly complex determination can be +created for the computers the policy applies to. Collections may be set to And or Or, as well as Is +or Is Not. + +![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_2.webp) + +Here are some real-world examples of Item-Level Targeting used with Endpoint Policy Manager Remote +Work Delivery Manager: + +- Software prerequisites — To configure an application's settings, make sure the application is + first installed on the user's computer before configuring it. Use either File Match, MSI Match, or + Registry Match targeting items to verify if a specific version of a file or a Registry entry is + present. For instance, you can look in the Uninstall Registry key. +- Mobile computers — To deploy settings exclusively for users on mobile PCs, filter the rule by + using the Portable Computer targeting item. +- Operating system version — You might want to specify different settings for applications based on + the operating system. for example, you might want different settings for those running Windows 10. + In this case, simply create one rule for each operating system. Then, filter each rule using the + Operating System targeting item. +- Group membership — Group membership can be used to link the GPO to the whole domain or + organizational unit (OU), but only specific computer members within a certain group will pick up + and process the rule settings. +- IP range — IP range can be used to specify different settings for various IP ranges, like, for + example, different browser settings for the home office and field office. + +After editing is completed, close the editor. Note that the policy or collection's icon has changed +to orange, which shows that it now has Item-Level Targeting. + +![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_3.webp) + +**NOTE:** When Item-Level Targeting is on, the policy won't apply unless the conditions are True. If +Item-Level Targeting is applied to a collection, then none of the items in the collection will apply +unless the Item-Level Targeting on the collection evaluates to True. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/overview.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/overview.md new file mode 100644 index 0000000000..559630168e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/overview.md @@ -0,0 +1,67 @@ +--- +title: "Remote Work Delivery Manager" +description: "Remote Work Delivery Manager" +sidebar_position: 10 +--- + +# Remote Work Delivery Manager + +**NOTE:** Before reading this section, please ensure you have read Book 2: +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section in Appendix A: +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) to deploy your +directives. + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager (PPRWDM) enables +you to perform the following operations on Windows: + +- Copy files from a server to a client +- Copy files recursively within SMB (standard file share) folders +- Keep files up to date between an SMB share and a desktop or laptop +- Copy files from an HTTP(S) source, like OneDrive, Dropbox, Amazon S3, and some other services, to + a desktop + +**NOTE:** See [Install software with SMB (standard share)](/docs/endpointpolicymanager/video/remoteworkdelivery/smb.md)for an +overview of PolicyPak Remote Work Delivery Manager. + +Endpoint Policy Manager Remote Work Delivery Manager allows you to do the following: + +- Create a rule to express which files, directory, or patterns, should be copied from which SMB + share to a client. +- Create a rule to express which file should be copied from an HTTP(s) source to a client. +- Instead of using the Group Policy method, you can export the Endpoint Policy Manager Remote Work + Delivery Manager rules and deliver them in one of four ways: + + - MEMCM + - Your own systems management software + - An MDM service + - Endpoint Policy Manager Cloud service + +- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace + the directives and perform the work. + +**NOTE:** If you use theEndpoint Policy Manager Cloud service, you can deliver Group Policy settings +even to non-domain-joined machines over the Internet. + +## Moving Parts + +- A management station — The Endpoint Policy Manager Admin Console MSI must be installed on the + management station where you create GPOs. Once it is installed, you'll see the Endpoint Policy + Manager | Endpoint Policy Manager Remote Work Delivery Manager node. +- The Endpoint Policy Manager CSE — This runs on the client (target) machine and is the same CSE for + all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint + Policy Manager CSE must be present in order to accept Endpoint Policy Manager Remote Work Delivery + Manager directives via Group Policy, or when using MEMCM, KACE, MDM, or similar utilities. +- Endpoints — In order to use these, they must be licensed for Endpoint Policy Manager Remote Work + Delivery Manager using one of the licensing methods, which are described in Book 1: + [Introduction and Basic Concepts](/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/basicconcepts.md). +- PolicyPak Exporter (optional) — A free utility that lets you take Endpoint Policy Manager Admin + Templates Manager and our other products' XML files and wrap them into a portable MSI file for + deployment using MEMCM, an MDM service, or your own systems management software. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/processorderprecedence.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/processorderprecedence.md new file mode 100644 index 0000000000..7f7d9dbfce --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/processorderprecedence.md @@ -0,0 +1,39 @@ +--- +title: "Understanding Processing Order and Precedence within a GPO" +description: "Understanding Processing Order and Precedence within a GPO" +sidebar_position: 50 +--- + +# Understanding Processing Order and Precedence within a GPO + +Within a particular GPO (User side or Computer side), policies and collections process in numerical +order. So, lower-numbered policies attempt to process first, and higher-numbered policies attempt to +process last. Then, lower-numbered collections attempt to process first, and higher-numbered +collections attempt to process last. + +![understanding_processing_order](/img/product_docs/endpointpolicymanager/remoteworkdelivery/understanding_processing_order.webp) + +Within any collection, there may be other collections, as well as policies. As such, each policy and +collection is also processed in numerical order, starting at each level with the lowest-numbered +policies and collections. + +## Understanding Merging and Conflicts + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager will simply merge +all Endpoint Policy Manager Remote Work Delivery Manager policies that come from the Group Policy +method (and policies deployed from the non-Group Policy methods and collections), unless there is a +conflict. If there is a conflict, the last policy wins. + +## Precedence Between Delivery Types + +Endpoint Policy Manager Remote Work Delivery Manager policies can be delivered by Group Policy and +non-Group Policy methods such as MEMCM (via Endpoint Policy Manager Exporter or Endpoint Policy +Manager MDM) or Endpoint Policy Manager Cloud. As such, the Endpoint Policy Manager Remote Work +Delivery Manager engine needs to make a final determination regarding whether there is any conflict +between Endpoint Policy Manager Remote Work Delivery Manager policies (which are essentially rules). +Here is how precedence works: + +- Polices delivered by Endpoint Policy Manager Cloud have the lowest precedence. +- Endpoint Policy Manager file-based policies (including those delivered from an MDM service) have + the next highest precedence. +- Endpoint Policy Manager Group Policy policies have the highest precedence. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/_category_.json new file mode 100644 index 0000000000..304e0d1ae2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Tips, Security, and Troubleshooting", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/events.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/events.md new file mode 100644 index 0000000000..ff1f963b47 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/events.md @@ -0,0 +1,57 @@ +--- +title: "Events" +description: "Events" +sidebar_position: 50 +--- + +# Events + +Endpoint Policy Manager Remote Work Delivery Manager places events (like what is shown in Figure 57) +in the Endpoint Policy Manager log (within Applications and Services Log). All Endpoint Policy +Manager Remote Work Delivery Manager events will have the Endpoint Policy Manager Remote Work +Delivery Manager Client source type. + +![tips_security_and_troubleshooting_8](/img/product_docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips_security_and_troubleshooting_8.webp) + +Figure 57. Endpoint Policy Manager Remote Work Delivery Manager events can be found in the Endpoint +Policy Manager node within Application and Services. + +You might want to trigger or look for certain events to know what's going on. Endpoint Policy +Manager is compatible with Event Forwarding if that's something you wish to do. Here is the list of +events in each category: + +- General + + - EventId = 500: Bits became unavailable. + - EventId = 501: Bits service is stopped. + - EventId = 502: Bits became available. + +- SMB File Copy jobs + + - EventId = 600: SMB job is created. + - EventId = 601: SMB job gets an error. + - EventId = 602: SMB job gets an error. + - EventId = 603: SMB job fails with error. + - EventId = 604: SMB job fails with error. + - EventId = 605: SMB job is completed. + - EventId = 606: SMB revert job is created. + - EventId = 607: SMB revert job gets an error. + - EventId = 608: SMB revert job gets an error. + - EventId = 609: SMB revert job fails with error. + - EventId = 610: SMB revert job fails with error. + - EventId = 611: SMB revert job is completed. + +- HTTP/Web Jobs: + + - EventId = 700: HTTP job is created. + - EventId = 701: HTTP job gets an error. + - EventId = 702: HTTP job gets an error. + - EventId = 703: HTTP job fails with error. + - EventId = 704: HTTP job fails with error. + - EventId = 705: HTTP job is completed. + - EventId = 706: HTTP revert job is created. + - EventId = 707: HTTP revert job gets an error. + - EventId = 708: HTTP revert job gets an error. + - EventId = 709: HTTP revert job fails with error. + - EventId = 710: HTTP revert job fails with error. + - EventId = 711: HTTP revert job is completed. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/logs.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/logs.md new file mode 100644 index 0000000000..04d6d23a75 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/logs.md @@ -0,0 +1,61 @@ +--- +title: "Logging Locations" +description: "Logging Locations" +sidebar_position: 40 +--- + +# Logging Locations + +The most common problem with Endpoint Policy Manager Remote Work Delivery Manager is that files do +not copy as expected. Here are some tips when trying to troubleshoot Endpoint Policy Manager Remote +Work Delivery Manager. + +The log files for Endpoint Policy Manager Remote Work Delivery Manager are found in the following +folder: `%Programdata%\PolicyPak\PolicyPa`k Remote Work Delivery Manager. This is because Endpoint +Policy Manager Remote Work Delivery Manager affects the Computer side (and all users on that +computer). It's also possible there might be some user-side logins in the following folder: +`%appdata%\local\PolicyPak\PolicyPak Remote Work Delivery Manager`. But it will not be useful +because all Endpoint Policy Manager Remote Work Delivery Manager work happens on the Computer side. +Therefore, you will want to check several files in the %Programdata%\PolicyPak\PolicyPak Remote Work +Delivery Manager folder. + +These files are as follows: + +- `ppUser_OnLogon.log`: New data is added to this log when Group Policy applies at the time of logon + (and items are set for the User, not the Computer). +- `ppUser_Switched.log`: New data is added to this log when Group Policy applies at the time of + logon (but items are set for the Computer). +- `ppUser_OnGroupPolicy.log`: New data is added to this log when Group Policy applies in the + background (on GPupdate or when Group Policy applies in the background). +- `ppUser_onPolicyChanged.log`: New data is added to this log when Group Policy applies in the + background or when a non-Group Policy method is used (MEMCM, Endpoint Policy Manager Cloud, and so + on). + +Start troubleshooting by verifying that you are set up with the following scenarios: + +- You have the GPO (or file). +- You have a collection within the GPO. +- You have the policies within the collection. + +Figure 55 is an example of a Endpoint Policy Manager Remote Work Delivery Manager log with some +annotations. + +![tips_security_and_troubleshooting_6](/img/product_docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips_security_and_troubleshooting_6.webp) + +Figure 55. An example of a Endpoint Policy Manager Remote Work Delivery Manager log. + +Then, to see details of what Endpoint Policy Manager Remote Work Delivery Manager is trying to do, +you can open up the PP_Operational.log. There will be two PP_Operational logs for Endpoint Policy +Manager Remote Work Delivery Manager (see Figure 56): + +- One for the User side (and switched mode) in + `\appdata\\PolicyPak\PolicyPak Remote Work Delivery Manager` +- One for the Computer side in `Programdata\PolicyPak\PolicyPak Remote Work Delivery Manager` + +![tips_security_and_troubleshooting_7](/img/product_docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips_security_and_troubleshooting_7.webp) + +Figure 56. Log files showing when a policy applies and when a policy reverts. + +If needed, logs are automatically wrapped up and can be sent to +[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) using the `PPLOGS.EXE` command on any endpoint +where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/overview.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/overview.md new file mode 100644 index 0000000000..1a344b207d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/overview.md @@ -0,0 +1,10 @@ +--- +title: "Tips, Security, and Troubleshooting" +description: "Tips, Security, and Troubleshooting" +sidebar_position: 80 +--- + +# Tips, Security, and Troubleshooting + +In this section, we give you a few tips about Netwrix Endpoint Policy Manager (formerly PolicyPak) +Remote Work Delivery Manager and discuss a security concern with some ways to troubleshoot it. diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/refreshtiming.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/refreshtiming.md similarity index 83% rename from docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/refreshtiming.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/refreshtiming.md index 6b12dce014..12194f9262 100644 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/refreshtiming.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/refreshtiming.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Refresh Timing" +description: "Understanding Refresh Timing" +sidebar_position: 30 +--- + # Understanding Refresh Timing You might wonder when Endpoint Policy Manager Remote Work Delivery Manager will attempt to reprocess diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/securityconcerns.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/securityconcerns.md similarity index 97% rename from docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/securityconcerns.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/securityconcerns.md index 2bf253bd55..615eec2b40 100644 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/securityconcerns.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/securityconcerns.md @@ -1,3 +1,9 @@ +--- +title: "Security Concerns" +description: "Security Concerns" +sidebar_position: 20 +--- + # Security Concerns Using Endpoint Policy Manager Remote Work Delivery Manager does come with one security concern that diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/_category_.json new file mode 100644 index 0000000000..c36dbe2c6e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Tips: Wildcards and Variables", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/overview.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/overview.md new file mode 100644 index 0000000000..992b406e25 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/overview.md @@ -0,0 +1,10 @@ +--- +title: "Tips: Wildcards and Variables" +description: "Tips: Wildcards and Variables" +sidebar_position: 10 +--- + +# Tips: Wildcards and Variables + +In the next sections we discuss some helpful tips for using Endpoint Policy Manager Remote Work +Delivery Manager. diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/specialvariables.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/specialvariables.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/specialvariables.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/specialvariables.md index c80ace8191..872779ed15 100644 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/specialvariables.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/specialvariables.md @@ -1,3 +1,9 @@ +--- +title: "About Special Variables" +description: "About Special Variables" +sidebar_position: 20 +--- + # About Special Variables For running processes after the file is copied (called post copy) or when the policy no longer diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/wildcards.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/wildcards.md new file mode 100644 index 0000000000..8c81730f8a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/remoteworkdelivery/tips/wildcards.md @@ -0,0 +1,30 @@ +--- +title: "About Wildcards" +description: "About Wildcards" +sidebar_position: 10 +--- + +# About Wildcards + +When specifying the source for SMB shares, you can use wildcards. We used these earlier with the +special two-asterisk (\*\*) syntax to signify the start of recursion. + +The supported wildcards are: + +- `*` - matches zero or more characters (except slashes and backslashes) + +- `?` - matches exactly one character (except slashes and backslashes) +- `**` - matches zero or more characters (including slashes and backslashes) + +Examples: + +- `\\server\share\Folder1\*.txt`: This will accept all .txt files from Folder1. +- `\\server\share\Folder*\*.txt`: Note the star after the word "Folder" in addition to the one for + the .txt. This will accept all .txt files from `\\server\share\Folder1` and + `\\server\share\FolderTest` and every other folder with the word "Folder" in its name. +- `\\server\share\folder\??.pdf`: This will match every filename that has two characters and the + extension .pdf. +- `\\server\share\Folder?\??.pdf`: This will match every folder with the word "Folder" plus one + additional character (like Folder1, Folder4, Folder9) and then match every file that has two + characters (like 11.pdf, 12.pdf, 22.pdf) from `\\server\share\Folder1`, `\\server\share\Folder2`, + and so on. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/savetime.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/savetime.md similarity index 86% rename from docs/endpointpolicymanager/remoteworkdelivery/savetime.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/savetime.md index 691cf39cfd..b247a6832d 100644 --- a/docs/endpointpolicymanager/remoteworkdelivery/savetime.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/savetime.md @@ -1,3 +1,9 @@ +--- +title: "Save Time and Effort with Endpoint Policy Manager File Delivery Manager" +description: "Save Time and Effort with Endpoint Policy Manager File Delivery Manager" +sidebar_position: 20 +--- + # Save Time and Effort with Endpoint Policy Manager File Delivery Manager With Endpoint Policy Manager Remote Work Delivery Manager, you get different benefits based on the diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/_category_.json new file mode 100644 index 0000000000..9049a924ef --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Software Package Manager", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/_category_.json b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/_category_.json new file mode 100644 index 0000000000..4874a8618c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "AppX Policies and Settings", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/softwarepackage/appx/addremovepackages.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/addremovepackages.md similarity index 93% rename from docs/endpointpolicymanager/softwarepackage/appx/addremovepackages.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/addremovepackages.md index 54cb8ea6be..b1a1ac7771 100644 --- a/docs/endpointpolicymanager/softwarepackage/appx/addremovepackages.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/addremovepackages.md @@ -1,3 +1,9 @@ +--- +title: "Adding or Removing AppX Packages" +description: "Adding or Removing AppX Packages" +sidebar_position: 10 +--- + # Adding or Removing AppX Packages The Microsoft Store is full of useful applications. However, users do not always select the apps diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/helpertool.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/helpertool.md new file mode 100644 index 0000000000..c71f40f5be --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/helpertool.md @@ -0,0 +1,47 @@ +--- +title: "Helper Tool" +description: "Helper Tool" +sidebar_position: 40 +--- + +# Helper Tool + +It is not possible to remove built-in AppX applications within Windows 10 with Endpoint Policy +Manager, and it can be quite difficult to know which applications are built-in, versus which ones +were added from the Microsoft Store. For this reason, you can use our Software Package Manager +Helper tool to determine which packages on a machine could be removed by Endpoint Policy Manager +Software Package Manager (AppX) policies. The tool is found in the Endpoint Policy Manager Extras +folder within the download. + +![appx_policies_and_settings_11](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_11.webp) + +When you run the Helper tool, you can see all available packages for removal and the publisher +names. + +![appx_policies_and_settings_12](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_12.webp) + +**NOTE:** You can generate this same list via PowerShell by using the following command.: + +Get-AppxPackage | Where-Object -Property 'Publisher' -NE -Value 'CN=Microsoft Windows, O=Microsoft +Corporation, L=Redmond, S=Washington, C=US' | Where-Object -Property 'Publisher' -NE -Value +'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' | Where-Object +-Property 'Publisher' -NE -Value 'CN=PolicyPak Software, Inc.,O=PolicyPak Software, +Inc.,L=Media,S=Pennsylvania,C=US' | Format-Table -Property Name, Publisher -AutoSize + +You can see the list in PowerShell is the same as the list from the Helper tool, as shown below. + +![appx_policies_and_settings_13](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_13.webp) + +You can right-click on the Publisher ID and copy it to the clipboard. Then, you can paste the value +into the publisher field after selecting **Remove Package**. + +![appx_policies_and_settings_14](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_14.webp) + +The Helper tool also enables you to export one or more applications' details to XML. Once you've +done this, you can then use the Import button in the Remove Package Policy Mode. + +![appx_policies_and_settings_15](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_15.webp) + +Next, select an application from the list to be populated into the policy. + +![appx_policies_and_settings_16](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_16.webp) diff --git a/docs/endpointpolicymanager/softwarepackage/appx/installpackage.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/installpackage.md similarity index 95% rename from docs/endpointpolicymanager/softwarepackage/appx/installpackage.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/installpackage.md index 6a2b4bf391..6f9a45bb25 100644 --- a/docs/endpointpolicymanager/softwarepackage/appx/installpackage.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/installpackage.md @@ -1,3 +1,9 @@ +--- +title: "Install Package" +description: "Install Package" +sidebar_position: 20 +--- + # Install Package To install an AppX package from the Microsoft Store, you need to know the store link. In this diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/overview.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/overview.md new file mode 100644 index 0000000000..930a69cbfe --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/overview.md @@ -0,0 +1,32 @@ +--- +title: "AppX Policies and Settings" +description: "AppX Policies and Settings" +sidebar_position: 10 +--- + +# AppX Policies and Settings + +In the example below, we're going to deliver a AppX (Microsoft Store app) to a selection of users. +The shortcut will appear when the policy applies, and it will disappear when the policy no longer +applies (i.e., when it falls out of scope). + +**Step 1 –** Start out on your GPMC management station to create a group policy object (GPO) and +link it to your users. In this example, we have a GPO created and linked it to the East Sales Users +organizational unit (OU). + +**Step 2 –** Next, within the GPO Editor, go to User Configuration > Endpoint Policy Manager > App +Delivery & Patching Pak > Software Package Manager. Right-click on New Windows Store (AppX) Policy. + +![appx_policies_and_settings](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings.webp) + +**Step 3 –** Next, you will need to choose if you want to install a package or remove a package. +These options will be explained further in the "AppX: Install Package" and "AppX: Remove Package" +sections. + +![appx_policies_and_settings_1](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_1.webp) + +Get-AppxPackage | Where-Object -Property 'Publisher' -NE -Value 'CN=Microsoft Windows, O=Microsoft +Corporation, L=Redmond, S=Washington, C=US' | Where-Object -Property 'Publisher' -NE -Value +'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' | Where-Object +-Property 'Publisher' -NE -Value 'CN=PolicyPak Software, Inc.,O=PolicyPak Software, +Inc.,L=Media,S=Pennsylvania,C=US' | Format-Table -Property Name, Publisher -AutoSize diff --git a/docs/endpointpolicymanager/softwarepackage/appx/removepackage.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/removepackage.md similarity index 95% rename from docs/endpointpolicymanager/softwarepackage/appx/removepackage.md rename to docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/removepackage.md index c7e2463edf..d78d2e1b2e 100644 --- a/docs/endpointpolicymanager/softwarepackage/appx/removepackage.md +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/appx/removepackage.md @@ -1,3 +1,9 @@ +--- +title: "Remove Package" +description: "Remove Package" +sidebar_position: 30 +--- + # Remove Package It should be noted that there is a distinction between the applications within Windows that are diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/exportcollections.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/exportcollections.md new file mode 100644 index 0000000000..57f6458b37 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/exportcollections.md @@ -0,0 +1,23 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 40 +--- + +# Exporting Collections + +Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) explains how +to use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Exporter to wrap up any Endpoint +Policy Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, +your own MDM service, or Endpoint Policy Manager Cloud. + +To export a policy for later use using Endpoint Policy Manager Exporter or Endpoint Policy Manager +Cloud, right-click the collection or the policy and select **Export to XML**. This will enable you +to save an XML file, which you can use later. + +![exporting_collections](/img/product_docs/endpointpolicymanager/softwarepackage/exporting_collections.webp) + +Remember that Endpoint Policy Manager RDP policies can be created and exported on the User or +Computer side. For instance, below you can see an item being exported from the Computer side. + +![exporting_collections_1](/img/product_docs/endpointpolicymanager/softwarepackage/exporting_collections_1.webp) diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/itemleveltargeting.md new file mode 100644 index 0000000000..3ba3748c48 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/itemleveltargeting.md @@ -0,0 +1,47 @@ +--- +title: "Using Item-Level Targeting with Policies and Collections" +description: "Using Item-Level Targeting with Policies and Collections" +sidebar_position: 20 +--- + +# Using Item-Level Targeting with Policies and Collections + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix +Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. +With Endpoint Policy Manager Software Package Manager, Item-Level Targeting can be placed on +collections, as well as policies within collections. To do this, select Add > New Collection. + +A collection enables you to group together Endpoint Policy Manager Software Package Manager policies +so they can act together. For instance, you might create a collection for only East Sales users, and +another for HR Users. + +![using_item_level_targeting](/img/product_docs/endpointpolicymanager/softwarepackage/using_item_level_targeting.webp) + +Below you can see the two collections we have created. These collections can hold other collections +or policies. Next we will apply Item-Level Targeting for a collection. + +![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/softwarepackage/using_item_level_targeting_1.webp) + +To change the Item-Level Targeting, right-click any Endpoint Policy Manager Software Package Manager +policy, and select **Edit Item Level Targeting**. + +![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/softwarepackage/using_item_level_targeting_2.webp) + +The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select any +combination of characteristics you want to test for. Administrators familiar with Group Policy +Preferences' Item-Level Targeting will be at home in this interface, as it is functionally +equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically. You can also add targeting collections, which group together targeting items in much the +same way parentheses are used in an equation. In this way, you can create a complex determination +about where a policy will be applied. Collections may be set to And, Or, Is, or Is Not. + +When targeting policies and collections for Endpoint Policy Manager Software Package Manager, it is +a good idea to target portable computers and mobile user security groups. You can also require that +users not be on the corporate LAN. + +![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_3.webp) + +In this example, the Pak would only apply to Windows 10 machines when the machine is portable and +not on the corporate LAN subnet, and the user is in the FABRIKAM\Traveling Sales Users group. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/overview.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/overview.md new file mode 100644 index 0000000000..45f7ab0f8d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/overview.md @@ -0,0 +1,23 @@ +--- +title: "Software Package Manager" +description: "Software Package Manager" +sidebar_position: 20 +--- + +# Software Package Manager + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Software Package Manager enables you to deliver +or remove pre-packaged software. The only type of supported software you can deliver or remove is +Microsoft Store applications, also known as UWP (Universal Windows Platform applications), or AppX +packages. + +For AppX packages, you can do the following with Software Package Manager: + +- Remove unwanted games like Candy Crush Saga or some built-in applications like Skype. +- Deploy applications from the Microsoft Store like Slack, Netflix, or Power BI. +- Work with Endpoint Policy Manager Least Privilege Manager to tighten down specifically which + Windows applications can and cannot run. + +Watch this video for an overview of See Endpoint Policy Manager Software Package Manager: +[Endpoint Policy Manager Software Package Manager: AppX Manager](/docs/endpointpolicymanager/knowledgebase/softwarepackagemanag/videolearningcenter/appxpoliciesitemsfor/appxmanager.md) +for additional information. diff --git a/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/processorderprecedence.md b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/processorderprecedence.md new file mode 100644 index 0000000000..5f09eb2dce --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/processorderprecedence.md @@ -0,0 +1,19 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 30 +--- + +# Understanding Processing Order and Precedence + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +This means that lower-numbered collections attempt to process first, and higher-numbered collections +attempt to process last. Then, within any collection, each policy is processed in numerical order +from lowest to highest. + +![understanding_processing_order](/img/product_docs/endpointpolicymanager/softwarepackage/understanding_processing_order.webp) + +Therefore, you might want to organize your policies such that removal policies come first, since +those operations are faster. Then, order the installation policies by length of installation time, +with the items with the shortest install times first and the items with the longest install times +last. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/_category_.json new file mode 100644 index 0000000000..c28110103a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Apps Browsers And Java Security Pak", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/_category_.json new file mode 100644 index 0000000000..880109dc91 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Application Settings Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/_category_.json new file mode 100644 index 0000000000..98fbf67959 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/advancednotes.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/advancednotes.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/advancednotes.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/advancednotes.md index a1b5e8d2ef..1616c9b740 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/advancednotes.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/advancednotes.md @@ -1,3 +1,9 @@ +--- +title: "Advanced Notes for Policy Processing and Logs" +description: "Advanced Notes for Policy Processing and Logs" +sidebar_position: 80 +--- + # Advanced Notes for Policy Processing and Logs There's a reason why Endpoint Policy Manager Application Settings Manager has a lot of log files: diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/client.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/client.md new file mode 100644 index 0000000000..a6fbb08178 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/client.md @@ -0,0 +1,51 @@ +--- +title: "Logs from the Client" +description: "Logs from the Client" +sidebar_position: 70 +--- + +# Logs from the Client + +Endpoint Policy Manager CSE has several key log files. We mentioned them earlier when describing +what to send technical support. If you are interested in looking through the log files to help +diagnose your own problems, below is the list of Endpoint Policy Manager log files in Table 2. + +Table 2: Endpoint Policy Manager Application Settings Manager log files. + +| Log file | Location | Component | Description | +| -------------------------------------------------------------------- | ------------ | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Commonly used logs: | | | | +| `ppUser.log` | LocalAppData | CSE | Main CSE log for user policies created during logon, background processing, or` gpupdate` calls. | +| `ppUser_manual.log` | LocalAppData | CSE | CSE log for user policies created during` ppupdate` call. | +| `ppUser_onLogon.log` | LocalAppData | CSE | CSE log for user policies created by PPWatcherSvc on logon. | +| `ppUser_onLaunch.log` | LocalAppData | CSE | CSE log for user policies created by automatic reapplication of settings at launch. This log is created for both installed and virtual applications. | +| `ppUser_onSchedule.log` | LocalAppData | CSE | CSE log for user policies created by automatic reapplication of settings using the timer. | +| `ppUser_onXmlData.log` | LocalAppData | CSE | CSE log for user policies created when XML Data settings are changed. | +| `ppSwitched.log` | LocalAppData | CSE | Main CSE log for Switched policies (i.e., Computer-side settings affecting all users on the machine). This log is created during background processing or `gpupdate` calls. | +| `ppSwitched_manual.log` | LocalAppData | CSE | CSE log for Switched policies created during` ppupdate` call. | +| `ppSwitched_onLogon.log` | LocalAppData | CSE | CSE log for Switched policies created by PPWatcherSvc on logon. | +| `ppSwitched_onLaunch.log` | LocalAppData | CSE | CSE log for Switched policies created by automatic reapplication of settings at launch. This log is created for both installed and virtual applications. | +| `ppSwitched_onSchedule.log` | LocalAppData | CSE | CSE log for Switched policies created by automatic reapplication of settings using the timer. | +| `ppSwitched_onXmlData.log` | LocalAppData | CSE | CSE log for Switched policies created when XML Data settings get changed via file-based or cloud-based delivery. | +| Less commonly used logs: | | | | +| `ppComputer.log` | ProgramData | CSE | Main CSE log for Computer-side Paks. Also useful for Switched policies, although Switched policies have their own log. | +| `ppComputer_manual.log ` | ProgramData | CSE | CSE log for Computer policies created during` ppupdate` call. | +| `ppComputer_onLogon.log` | ProgramData | CSE | CSE log for Computer policies created by PPWatcherSvc on logon. See the next section for more information. | +| `ppComputer_onLaunch.log` | ProgramData | CSE | CSE log for Computer policies created by automatic reapplication of settings at launch. This log is created for both installed and virtual applications. | +| `ppComputer_onSchedule.log` | ProgramData | CSE | CSE log for Computer policies created by automatic reapplication of settings using the timer. | +| `ppComputer_onXmlData.log` | ProgramData | CSE | CSE log for computer policies created when XML data settings are changed. | +| `ppUpdatesChecker.log` | ProgramData | CSE | Automatic updates log. Check here to see if the auto-update component is seeing the `updates.config` file with instructions on how to auto-update. | +| `ppWatcherService.log ppWatcherService_x64.log` | ProgramData | CSE | Main CSE service log. This log contains messages related to system-wide functions (reapply on launch, hooking session creation, entry point for inter-process communication, and other system necessities). | +| `ppSessionWatcher.log ppSessionWatcher_x64.log` | LocalAppData | CSE | This log contains messages related to the session: AppLock, high-level part of reapply on launch, timer-based reinforcement, monitoring XML data changes, and other session items. | +| `gpextension.log` | ProgramData | MMC | Main MMC snap-in log. | +| `mmclistshim.log` | ProgramData | MMC | Log for COM+ component used for extension list. | +| `ppDllWrapper.log` | ProgramData | MMC (x64) | Log for wrapper used for running x86 DLLs in x64 systems. | +| `ppLT.log` | ProgramData | LT (old LT) | Licensing tool log. | +| `ppUser_spoon.log` `ppSwtiched_spoon.log`````` ppComputer_spoon.log` | LocalAppData | Spoon .DLL Shim | Logs for Spoon.Net and Novell ZENworks Application Virtualization. | +| `ppTemp.log` | Temp | Any | Emergency log created when all other locations are not accessible. (Log name could be ppTemp or any of the above.) | + +You can see an example of the contents of the logs in Figure 101. + +![troubleshooting_policypak_5](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/troubleshooting_endpointpolicymanager_5.webp) + +Figure 101. An example of the logs. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/support/clientissues.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/clientissues.md similarity index 79% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/support/clientissues.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/clientissues.md index 519bc36d82..f19268ad3e 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/support/clientissues.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/clientissues.md @@ -1,3 +1,9 @@ +--- +title: "What to Send Technical Support if You're Having an Issue with the Client" +description: "What to Send Technical Support if You're Having an Issue with the Client" +sidebar_position: 20 +--- + # What to Send Technical Support if You're Having an Issue with the Client To get you working as quickly as possible, please send us the following items: diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/support/enhancedclientlogging.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/enhancedclientlogging.md similarity index 78% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/support/enhancedclientlogging.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/enhancedclientlogging.md index dca0e404da..cd9a3caa6d 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/support/enhancedclientlogging.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/enhancedclientlogging.md @@ -1,3 +1,9 @@ +--- +title: "Working with Technical Support for Enhanced Client Logging" +description: "Working with Technical Support for Enhanced Client Logging" +sidebar_position: 30 +--- + # Working with Technical Support for Enhanced Client Logging Technical support may ask you to turn on enhanced client logging if the normal logs aren't producing diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/extendedlogs.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/extendedlogs.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/extendedlogs.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/extendedlogs.md index 2900e111f5..6d417f100f 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/extendedlogs.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/extendedlogs.md @@ -1,3 +1,9 @@ +--- +title: "Extended AppLock™ Logs" +description: "Extended AppLock™ Logs" +sidebar_position: 50 +--- + # Extended AppLock™ Logs Technical support may ask you to turn on extended AppLock™ logging if the locking mechanism isn't diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview.md new file mode 100644 index 0000000000..b720e33d6c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview.md @@ -0,0 +1,14 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 80 +--- + +# Troubleshooting + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager is a relatively +simple system with one main part—the client-side extension (CSE)—which is installed on the client. +However, there are several areas that you may want to focus on if you encounter problems. + +Since these are common problems with easy solutions, these steps should be performed before calling +or emailing Endpoint Policy Manager technical support. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview_1.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview_1.md new file mode 100644 index 0000000000..593b825633 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview_1.md @@ -0,0 +1,14 @@ +--- +title: "Problems with Endpoint Policy Manager AppLock™" +description: "Problems with Endpoint Policy Manager AppLock™" +sidebar_position: 40 +--- + +# Problems with Endpoint Policy Manager AppLock™ + +Sometimes the Endpoint Policy Manager AppLock™ features do not show themselves on the client +machine. Not all the preconfigured Paks will lock the user-interface (UI) of applications. When you +captured the application's UI using Endpoint Policy Manager DesignStudio, did you capture it on one +type of machine and then try to deploy it to another? For instance, did you capture WinZip while +running on Windows 7 and then try to deploy it to a Windows 10 machine? This might work, but +sometimes it might not. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/settings.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/settings.md new file mode 100644 index 0000000000..4e9f17149d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/settings.md @@ -0,0 +1,56 @@ +--- +title: "When Settings Aren't Applying to the Client Machine" +description: "When Settings Aren't Applying to the Client Machine" +sidebar_position: 10 +--- + +# When Settings Aren't Applying to the Client Machine + +The most common tech support question we get is, "Why aren't Endpoint Policy Manager Application +Settings Manager settings applying to my client machines?" Below are some items to check regarding +this problem + +- Did you go through the Quickstart guide (see "Endpoint Policy Manager Application Settings Manager + Quickstart with Preconfigured Paks") and work through the suggested example start to end? When + people sit down and patiently work through the installation steps in Book 2: Installation + Quickstart, and the Quickstart examples in this book, most will see what they were doing wrong. +- Did you install the Endpoint Policy Manager CSE on your client machines? +- Did you create the Endpoint Policy Manager Application Settings Manager settings within the group + policy object (GPO) on the correct side? Most of the time, you'll want to edit the User side of + the GPO and affect users within a GPO. +- Did you link the GPO to where you want it to take effect? Remember: If you edit the GPO's User + side, you must link the GPO to a place containing users. The same goes for the Computer side. +- Is your computer getting the Licensing GPO? All computers must be licensed in order for Endpoint + Policy Manager Application Settings Manager to work properly. (See "Licensing PolicyPak" in Book + 1: Introduction and Basic Concepts for more information.) Alternatively, try renaming the computer + to computer1 (or similar) so "computer" is in the name. When you do this, the Endpoint Policy + Manager CSE will act as if it's fully licensed. If Endpoint Policy Manager Application Settings + Manager starts to work, you have a licensing issue. + +Most pre-configured Paks ship with internal Item-Level Targeting, which means the Pak is designed to +only affect a specific version of the application. You can bypass internal Item-Level Targeting in +the Pak. Refer to the video at +[http://www.endpointpolicymanager.com/videos/bypassing-internal-item-level-targeting-filters.html](https://www.endpointpolicymanager.com/integration/endpointpolicymanager-group-policy-change-management-utilities.html) +to see how to bypass internal Item-Level Targeting. + +- Did you use block inheritance to block the licensing GPO or block the GPO that is delivering the + settings? We suggest you always specifically enforce the licensing GPO. +- Are you able to get regular Group Policy settings? To find out, in the same GPO where you're + deploying Endpoint Policy Manager settings, do a quick test of regular policy settings. Enable the + setting at `User Configuration | Policies | Administrative Templates | Control Panel | Prohibit` + access to the Control Panel. Then log off and log back on as an effected user. If you are + correctly prevented from accessing the Control Panel, it could be a Endpoint Policy Manager + Application Settings Manager issue since you are clearly getting Group Policy delivered correctly. + If you are not restricted from the Control Panel, you aren't getting Group Policy correctly, so + Endpoint Policy Manager Application Settings Manager cannot function. +- Can you bring up a new Windows 10 computer and name it computer01 (even if this might take some + time) just for testing? Install the Endpoint Policy Manager CSE and reboot. See if your settings + apply now. If so, try to determine why the settings worked when the computer was in Trial Mode + (i.e., when they had the word "computer" in the computer name) and not in Licensing Mode. +- Are the right Registry values present in the Endpoint Policy Manager Application Settings Manager + project? Reopen the source pXML (XML) file using Endpoint Policy Manager DesignStudio. Check to + make sure the settings for any control objects (buttons, checkboxes, etc.) are managing the + correct Registry target settings. +- Has the target machine received the latest Group Policy updates? If not, simply run + `gpupdate/force` from the Run menu on the client machine and try again. Also, try rebooting the + target machine. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemleveltargeting/tuningbypassing.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/tuningbypassing.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/itemleveltargeting/tuningbypassing.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/tuningbypassing.md index e126df20e2..3f95d0acdb 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemleveltargeting/tuningbypassing.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/tuningbypassing.md @@ -1,3 +1,9 @@ +--- +title: "Tuning and Bypassing Item-Level Targeting" +description: "Tuning and Bypassing Item-Level Targeting" +sidebar_position: 90 +--- + # Tuning and Bypassing Item-Level Targeting Endpoint Policy Manager Application Settings Manager will process both internal Item-Level Targeting diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/versionnumbers.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/versionnumbers.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/versionnumbers.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/versionnumbers.md index 516994d985..010f0a7c63 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/versionnumbers.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/versionnumbers.md @@ -1,3 +1,9 @@ +--- +title: "Version Numbers" +description: "Version Numbers" +sidebar_position: 60 +--- + # Version Numbers Because PolicyPak Application Settings Manager is updated regularly, it's possible you're not using diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/_category_.json new file mode 100644 index 0000000000..7a9be312b3 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "AppSet Files", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/central.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/central.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/central.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/central.md index 9e6047f3fe..f3b703efaf 100644 --- a/docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/central.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/central.md @@ -1,3 +1,9 @@ +--- +title: "Central Storage for Endpoint Policy Manager Extension DLLs" +description: "Central Storage for Endpoint Policy Manager Extension DLLs" +sidebar_position: 20 +--- + # Central Storage for Endpoint Policy Manager Extension DLLs As you've just learned in the previous section, there is no way to edit an existing GPO with diff --git a/docs/endpointpolicymanager/applicationsettings/appsetfiles/findfixgpos.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/findfixgpos.md similarity index 90% rename from docs/endpointpolicymanager/applicationsettings/appsetfiles/findfixgpos.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/findfixgpos.md index 5b75d2b8f0..7c35cd58bb 100644 --- a/docs/endpointpolicymanager/applicationsettings/appsetfiles/findfixgpos.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/findfixgpos.md @@ -1,3 +1,9 @@ +--- +title: "Finding and Fixing GPOs with Endpoint Policy Manager DLL Orphans" +description: "Finding and Fixing GPOs with Endpoint Policy Manager DLL Orphans" +sidebar_position: 60 +--- + # Finding and Fixing GPOs with Endpoint Policy Manager DLL Orphans If someone deletes the DLL for a GPO (either within the Central Storage or Local Store), when you're diff --git a/docs/endpointpolicymanager/applicationsettings/appsetfiles/gpotouchutility.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/gpotouchutility.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/appsetfiles/gpotouchutility.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/gpotouchutility.md index d3b44e6395..99293f2355 100644 --- a/docs/endpointpolicymanager/applicationsettings/appsetfiles/gpotouchutility.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/gpotouchutility.md @@ -1,3 +1,9 @@ +--- +title: "Using GPOTouch Utility to Automatically Update Storage" +description: "Using GPOTouch Utility to Automatically Update Storage" +sidebar_position: 50 +--- + # Using GPOTouch Utility to Automatically Update Storage You can manually update the Local Store or Central Storage with updated Endpoint Policy Manager DLLs diff --git a/docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/local.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/local.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/local.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/local.md index b24e311cc4..874ec43c87 100644 --- a/docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/local.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/local.md @@ -1,3 +1,9 @@ +--- +title: "Local Storage for Endpoint Policy Manager Extension DLLs" +description: "Local Storage for Endpoint Policy Manager Extension DLLs" +sidebar_position: 10 +--- + # Local Storage for Endpoint Policy Manager Extension DLLs When you compiled your AppSet, the output (the extension DLL) was placed in one of three diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/overview.md new file mode 100644 index 0000000000..f1da867bf2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/overview.md @@ -0,0 +1,25 @@ +--- +title: "AppSet Files" +description: "AppSet Files" +sidebar_position: 40 +--- + +# AppSet Files + +When you use AppSets (your own or our pre-created ones) you need two files. + +- Netwrix Endpoint Policy Manager (formerly PolicyPak) XML files or pXML files—the source XML file, + which you can open, edit, or reedit, as needed. +- Extension DLL—the DLL file that you actually use when you're inside the group policy object (GPO) + editor. This DLL is the AppSet. + +**NOTE:** You can create DLLs from your original source pXML files, but you cannot re-create pXML +files from your compiled DLL files. Therefore, the pXML source is very important and should be +safely backed up. + +In this section, we're going to learn how to manage and share extension DLLs and learn how to update +existing Endpoint Policy Manager XMLs when necessary. + +**NOTE:** You can watch an introductory video overview of this section in the tutorial video we +created, which can be found here: +[https://www.endpointpolicymanager.com/video/working-with-others-and-using-the-central-store.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-acl-lockdown-for-registry-based-applications.html). diff --git a/docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/sharebased.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/sharebased.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/sharebased.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/sharebased.md index 1b1938fa4f..9d32b61420 100644 --- a/docs/endpointpolicymanager/applicationsettings/appsetfiles/storage/sharebased.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/sharebased.md @@ -1,3 +1,9 @@ +--- +title: "Share-Based Storage for Endpoint Policy Manager Extension DLLs" +description: "Share-Based Storage for Endpoint Policy Manager Extension DLLs" +sidebar_position: 30 +--- + # Share-Based Storage for Endpoint Policy Manager Extension DLLs **NOTE:** For an overview of Share-Based Storage for Endpoint Policy Manager extension DLLs, see diff --git a/docs/endpointpolicymanager/applicationsettings/appsetfiles/versioncontrol.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/versioncontrol.md similarity index 98% rename from docs/endpointpolicymanager/applicationsettings/appsetfiles/versioncontrol.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/versioncontrol.md index cc1e9f4975..33bd6d7e86 100644 --- a/docs/endpointpolicymanager/applicationsettings/appsetfiles/versioncontrol.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/appsetfiles/versioncontrol.md @@ -1,3 +1,9 @@ +--- +title: "Version Control of Endpoint Policy Manager Extension DLLs" +description: "Version Control of Endpoint Policy Manager Extension DLLs" +sidebar_position: 40 +--- + # Version Control of Endpoint Policy Manager Extension DLLs From time to time, you may wish to update your original source Endpoint Policy Manager XML that you diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/_category_.json new file mode 100644 index 0000000000..2f0913fd90 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "DesignStudio", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/advanced.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/advanced.md new file mode 100644 index 0000000000..8c2f8c15b8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/advanced.md @@ -0,0 +1,94 @@ +--- +title: "Advanced AppSet Design and Manual Editing" +description: "Advanced AppSet Design and Manual Editing" +sidebar_position: 70 +--- + +# Advanced AppSet Design and Manual Editing + +In this section, we round up some tips and tricks for the advanced AppSet designer. The +Configuration Wizard is almost always the best way to configure each element in your AppSet. +However, there are occasions where some manual work and advanced techniques are necessary to finish +your AppSet and have it work the way you intend. You might also want to manually enter in data and +values. Let's explore all these areas. + +## Basic Settings + +By default, all elements show their basic view. You can see at a glance the most important items +that the Configuration Wizard has configured, as shown in Figure 142. + +![advanced_appset_design_and](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and.webp) + +Figure 142. The basic properties of an element. + +The Configuration Wizard should auto-fill in all basic properties for most items. However, one item +that might need attention is the label link. Remember, the label link is the item that describes +elements that have no text, like text boxes, spinboxes, dropdowns, sliders, and radio button groups. +To configure the label link for an item, click on "Label Link" in the properties of the item, select +the "…" (not shown), and then select the text on the page that most closely represents what the text +box, spinbox, etc. is trying to configure. In Figure 143, the radio button group is being described +by the text "Associated image viewer." + +![advanced_appset_design_and_1](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_1.webp) + +Figure 143. Example of an element's label link. + +## Advanced Settings + +You can also click the "Advanced" button within Properties to see more detailed information about an +element, as shown in Figure 144.> + +![advanced_appset_design_and_2](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_2.webp) + +Figure 144. The "Advanced" button in the Properties dialog. + +The Advanced menu contains sections labeled "Control data" and "Actions." The control data specifies +items like dimensions, the display name ("Text"), the default state, the revert state, whether or +not the item is disabled ("Enabled"), and whether or not the item's text will stretch within the +boundaries of the element's handles ("AutoSize"). The Actions area shows what occurs when the +checkbox is checked. In Figure 145, you can see the following: + +- "First Action" performs a registry update. +- "`Reg. key`" is set to `WinZip\Policies`. This field is always relative to the data root, so the + whole key is not usually shown. You will often see only `` there as well, signifying + the value is directly within the project's data root. +- "`Reg. value`" is set to "passwordreqlower," the value in the registry. +- "Data type" is "String" (string registry type) +- "Sub type" (registry elements only) can be "Normal" or "Masked." "Normal" is the usual type, and + "Masked" is automatically chosen when the value is detected as a binary value with a mask, which + specifically flips specific binary bits on or off. +- The On value is 1. When the checkbox is checked, it sets the value to 1 inside "passwordreqlower." +- The Off value is 0. When the checkbox is un-checked (or the Group Policy falls out of scope) the + value inside "passwordreqlower" is deleted. + +It's possible to see (or set) second and third actions when an element changes. You can dictate +values within any of the supported datatypes, as shown in Figure 145. + +![advanced_appset_design_and_3](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_3.webp) + +Figure 145. Examples of second actions. + +You might want to do this if you had to configure both a registry item and also an INI file when a +checkbox is checked. This is a very rare occurrence, but it does happen. + +After selecting the data type (Registry, INI, XML, etc.) you are then prompted for the section and +property (or registry key and registry value), which in Figure 146 are shown as "[MainFrame]" and +"AdvertiseIndex." + +![advanced_appset_design_and_4](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_4.webp) + +Figure 146. Selecting the section and property. + +Once the value is manually selected, you are able to place the value automatically within the On or +Off values (or both or neither), as shown in Figure 147. + +![advanced_appset_design_and_5](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_5.webp) + +Figure 147. Placing the value within the "On" or "Off" fields. + +After placing the items, you can further specify the On and Off values within the action itself, as +shown in Figure 148. Checkboxes are only allowed three actions. + +![advanced_appset_design_and_6](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/advanced_appset_design_and_6.webp) + +Figure 148. Specifying "On" and "Off" values within the action. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/_category_.json new file mode 100644 index 0000000000..94957da1e2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Special Applications and Project Types", + "position": 150, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/controlpanel.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/controlpanel.md similarity index 94% rename from docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/controlpanel.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/controlpanel.md index 1698fa9057..8c66e8a891 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/controlpanel.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/controlpanel.md @@ -1,3 +1,9 @@ +--- +title: "Control Panel Items" +description: "Control Panel Items" +sidebar_position: 20 +--- + # Control Panel Items Control panel items are some of the items you might want to deploy settings to and lock down with diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/hkeylocalmachine.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/hkeylocalmachine.md similarity index 92% rename from docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/hkeylocalmachine.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/hkeylocalmachine.md index 305a9b925b..74b63f6d4f 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/hkeylocalmachine.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/hkeylocalmachine.md @@ -1,3 +1,9 @@ +--- +title: "Items That Use HKEY_Local_Machine" +description: "Items That Use HKEY_Local_Machine" +sidebar_position: 40 +--- + # Items That Use HKEY_Local_Machine Endpoint Policy Manager Application Settings Manager has a facility to deploy registry keys to diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/javabased.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/javabased.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/javabased.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/javabased.md index 0725072356..759c125638 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/javabased.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/javabased.md @@ -1,3 +1,9 @@ +--- +title: "Java-Based User Interfaces" +description: "Java-Based User Interfaces" +sidebar_position: 10 +--- + # Java-Based User Interfaces In the previous section called "Java Tab," we talked about the Java tab and how Endpoint Policy diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/mozillabased.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/mozillabased.md similarity index 98% rename from docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/mozillabased.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/mozillabased.md index 983e7fb3a0..e52b833371 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/mozillabased.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/mozillabased.md @@ -1,3 +1,9 @@ +--- +title: "Mozilla-Based Applications" +description: "Mozilla-Based Applications" +sidebar_position: 30 +--- + # Mozilla-Based Applications Mozilla-based applications are different than all other project types. All Mozilla-based diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/overview.md new file mode 100644 index 0000000000..d2fa27d406 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/overview.md @@ -0,0 +1,11 @@ +--- +title: "Special Applications and Project Types" +description: "Special Applications and Project Types" +sidebar_position: 150 +--- + +# Special Applications and Project Types + +Some Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio projects require special +consideration. In this section, we will share with you some notes about particular types of +applications you might want to make into AppSets. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/virtualized.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/virtualized.md similarity index 85% rename from docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/virtualized.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/virtualized.md index 2b0caf1653..834137f925 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/applicationsprojects/virtualized.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applicationsprojects/virtualized.md @@ -1,3 +1,9 @@ +--- +title: "Virtualized Applications" +description: "Virtualized Applications" +sidebar_position: 50 +--- + # Virtualized Applications Endpoint Policy Manager Application Settings Manager supports five application virtualization diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/applockguids.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applockguids.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/designstudio/applockguids.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applockguids.md index c7fc798507..c5819b0951 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/applockguids.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/applockguids.md @@ -1,3 +1,9 @@ +--- +title: "Removing AppLock™ GUIDs" +description: "Removing AppLock™ GUIDs" +sidebar_position: 80 +--- + # Removing AppLock™ GUIDs Some applications embrace the idea of Netwrix Endpoint Policy Manager (formerly PolicyPak) AppLock™ diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/_category_.json new file mode 100644 index 0000000000..a3a4f499db --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuring Elements Using the Configuration Wizard", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/additionalconfiguration.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/additionalconfiguration.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/additionalconfiguration.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/additionalconfiguration.md index 5b8ccfb018..993c64050d 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/additionalconfiguration.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/additionalconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Additional Configuration Wizard Information" +description: "Additional Configuration Wizard Information" +sidebar_position: 50 +--- + # Additional Configuration Wizard Information The Configuration Wizard is mostly self-explanatory; however, there are two items which require a diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/commonerrors.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/commonerrors.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/commonerrors.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/commonerrors.md index 4fd40befcb..83fed7e3e4 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/commonerrors.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/commonerrors.md @@ -1,3 +1,9 @@ +--- +title: "Common Errors When Using the Wizard" +description: "Common Errors When Using the Wizard" +sidebar_position: 40 +--- + # Common Errors When Using the Wizard Here are three common errors that can occur when using the Configuration Wizard. Let's explore those diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/defaultdataroots.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/defaultdataroots.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/defaultdataroots.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/defaultdataroots.md index e3eea2c199..fcb457c6ae 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/defaultdataroots.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/defaultdataroots.md @@ -1,3 +1,9 @@ +--- +title: "Default Data Roots" +description: "Default Data Roots" +sidebar_position: 10 +--- + # Default Data Roots The Configuration Wizard can only see your application's changes when both of the following are diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/_category_.json new file mode 100644 index 0000000000..e854c30941 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuring Elements", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/comboboxes.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/comboboxes.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/comboboxes.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/comboboxes.md index 877448fc4c..aa45c659e5 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/comboboxes.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/comboboxes.md @@ -1,3 +1,9 @@ +--- +title: "Combo Boxes" +description: "Combo Boxes" +sidebar_position: 40 +--- + # Combo Boxes Combo boxes inside applications allow for you to choose one item in a set of many items. In this diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/filefolderbrowsers.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/filefolderbrowsers.md similarity index 91% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/filefolderbrowsers.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/filefolderbrowsers.md index c0368e71e3..01c8730eff 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/filefolderbrowsers.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/filefolderbrowsers.md @@ -1,3 +1,9 @@ +--- +title: "File and Folder Browsers" +description: "File and Folder Browsers" +sidebar_position: 50 +--- + # File and Folder Browsers The Endpoint Policy Manager Capture Wizard cannot know if a box is a simple text box or is meant to diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/fontbrowsers.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/fontbrowsers.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/fontbrowsers.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/fontbrowsers.md index 06f5569830..9f470116ae 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/fontbrowsers.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/fontbrowsers.md @@ -1,3 +1,9 @@ +--- +title: "Font Browsers" +description: "Font Browsers" +sidebar_position: 60 +--- + # Font Browsers Buttons can also be converted to font browsers, as shown in Figure 139. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/overview.md new file mode 100644 index 0000000000..b546fc346b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/overview.md @@ -0,0 +1,31 @@ +--- +title: "Configuring Elements" +description: "Configuring Elements" +sidebar_position: 60 +--- + +# Configuring Elements + +Endpoint Policy Manager DesignStudio provides a wizard to configure the following element types: + +- Checkboxes (which we performed an example of together in the Quickstart above) +- Radio buttons +- Sliders (horizontal and vertical) +- Spinboxes (up/down boxes) +- Text boxes +- Numeric boxes +- Combo boxes +- Folder browsers +- File browsers +- Font browsers + +Most elements have the following constructs: + +- Min +- Max +- Default state +- Revert state +- Step value (for sliders and spinboxes) +- Linked label (for items that cannot describe themselves) + +We'll explore some of these element types in the following sections. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/radiobuttons.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/radiobuttons.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/radiobuttons.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/radiobuttons.md index 6759f1afbd..5e24185cbc 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/radiobuttons.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/radiobuttons.md @@ -1,3 +1,9 @@ +--- +title: "Radio Buttons" +description: "Radio Buttons" +sidebar_position: 10 +--- + # Radio Buttons Radio buttons can only be configured in a group. If you use the Endpoint Policy Manager Capture diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/slidersspinboxes.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/slidersspinboxes.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/slidersspinboxes.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/slidersspinboxes.md index 49b830c71c..aa981d4c5e 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/slidersspinboxes.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/slidersspinboxes.md @@ -1,3 +1,9 @@ +--- +title: "Sliders and Spinboxes" +description: "Sliders and Spinboxes" +sidebar_position: 20 +--- + # Sliders and Spinboxes Sliders (also known as trackbars) and spinboxes (also known as up/down boxes) are very similar in diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/textnumericboxes.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/textnumericboxes.md similarity index 84% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/textnumericboxes.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/textnumericboxes.md index aec86bb82d..9101744a4d 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/elements/textnumericboxes.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/elements/textnumericboxes.md @@ -1,3 +1,9 @@ +--- +title: "Text Boxes and Numeric Boxes" +description: "Text Boxes and Numeric Boxes" +sidebar_position: 30 +--- + # Text Boxes and Numeric Boxes Text boxes and numeric boxes act very similarly. The goal is to make any change at all that can be diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/knownvalues.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/knownvalues.md similarity index 92% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/knownvalues.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/knownvalues.md index f785f82ab2..19bcdc5caa 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/knownvalues.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/knownvalues.md @@ -1,3 +1,9 @@ +--- +title: "Populating Known Values" +description: "Populating Known Values" +sidebar_position: 20 +--- + # Populating Known Values The Configuration Wizard's job is to quickly learn what registry changes or file changes any diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/overview.md new file mode 100644 index 0000000000..d480022d4e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/overview.md @@ -0,0 +1,18 @@ +--- +title: "Configuring Elements Using the Configuration Wizard" +description: "Configuring Elements Using the Configuration Wizard" +sidebar_position: 60 +--- + +# Configuring Elements Using the Configuration Wizard + +After you've captured and modified your AppSet's user interface (UI), it's time to configure each +element. This section expands on what the Configuration Wizard is capable of and gives you insights +into how it works and what to look out for when creating your own AppSets. The Configuration Wizard +is generally available to help you implement the details of what any element is doing. To start the +Configuration Wizard, you can right-click over most elements and select "Configuration Wizard" or +click on the wand, as shown in Figure 107. + +![configuring_elements_using](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/configuring_elements_using.webp) + +Figure 107. Starting the Configuration Wizard. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/usage.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/usage.md new file mode 100644 index 0000000000..f2f08b4b55 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/configurationwizard/usage.md @@ -0,0 +1,78 @@ +--- +title: "Using the Configuration Wizard" +description: "Using the Configuration Wizard" +sidebar_position: 30 +--- + +# Using the Configuration Wizard + +Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio Configuration Wizard is a lite +capture tool. When the Configuration Wizard runs, it takes a snapshot of all the items in your data +root, asks you to make some changes, and then captures what you've done. Then it sets your element's +settings. To perform these tasks, the Configuration Wizard may ask you some questions about the +current state of the application first. For instance, it may asked if a checkbox is currently +checked or unchecked, as shown in Figure 114. + +![configuring_elements_using_7](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/configuring_elements_using_7.webp) + +Figure 114. Selecting whether a checkbox is checked or unchecked. + +This is to make sure nothing has changed from when the Capture Wizard captured the application's UI +settings. If you look at the actual application and the setting is checked, changed, or otherwise +altered, then change the Configuration Wizard, not the application. + +Once the current state is verified (or changed within the Configuration Wizard), the Configuration +Wizard will ask you to perform a series of steps on the element, such as the following: + +- For checkboxes, you will be asked to check the box, then click "OK" in the application. Next you + will click "Next" in the wizard. Then, you'll be asked to uncheck the box, and click "OK" in the + application. Then you will click "Next" in the wizard. +- For radio buttons, you will be asked to select each radio button and click "OK" in the + application. Then you will click "Next." +- For sliders and spinboxes, you will be asked to select the minimum value, the next least value + (step), and the maximum value. You will click "OK" in the application between each step. + +Other item types will have similar procedures. You must click "Apply" or "OK" inside most +applications in order to write the value back to the computer. Occasionally, some applications' +values are only stored in memory and only get changed to the registry or disk when the application +is fully closed. This means you might have to open and close the application dozens of times. + +If you click "Next" in the wizard but the wizard was unable to detect any changes, it will tell you +that no changes were detected, as shown in Figure 115. + +![configuring_elements_using_8](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationwizard/configuring_elements_using_8.webp) + +Figure 115. The message to indicate no changes were detected. + +To resolve this, you can try doing the following: + +- Click "No" in the dialog box to try again. +- Ensure you've clicked "Apply" or "OK" in the application and then continue onward with the wizard + to see if it detects the change. +- Select "No," then try closing the target application altogether. Sometimes the application's items + are stored in memory and only written to disk when the application is fully closed. After closing + the application, click "Next" in the wizard to see if the change was detected. + +If you've you continued to proceed onward, and there are still no detected changes, then the data is +not stored within the data root selected earlier. Even if 80% of an application's settings are +stored within the same place (such as` HKEY_Current_User\Software\\`), a +fraction of the settings may be stored in a different file or a different part of the registry. The +Capture Wizard cannot detect all changes on your hard drive; it has to be told where to look. So, if +you're still having problems, go back to the previous section of this guide entitled "Setting Up +Application Configuration Data," which uses Microsoft's Process Monitor to discover where settings +are being stored when you change data. + +If the wizard discovers exactly one change, you can continue onward to the next step as this is a +sign of a successful discovery. The wizard will usually ask you to confirm the following: + +- Each state (every radio button, checkbox, slider, etc.). +- Default value and what to do when you turn this setting on. +- Revert value and what to do when you turn this setting off. +- Linked label (for text boxes, numeric boxes, spinboxes, and some others). This helps with GPMC + reporting. Because a text box or numeric box is a box, it has no text of its own to describe + itself. Usually, however, there is something on the page that represents the item. The linked + label is some other text on the page (a label) which describes what the setting does. + +If the wizard discovers one change perfectly, you can easily go through the Configuration Wizard for +the element. If the wizard detects multiple changes during configuration, you are prompted for what +to do. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/deleteelements.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/deleteelements.md similarity index 88% rename from docs/endpointpolicymanager/applicationsettings/designstudio/deleteelements.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/deleteelements.md index d1dbf39269..2ac07ed1f6 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/deleteelements.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/deleteelements.md @@ -1,3 +1,9 @@ +--- +title: "Deleting Stray Elements" +description: "Deleting Stray Elements" +sidebar_position: 100 +--- + # Deleting Stray Elements You might want to use the Hierarchy tab to look within each tab for stray or odd elements. In Figure diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/_category_.json new file mode 100644 index 0000000000..2a86e682ae --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Discovering Configuration Data Locations", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/appdata.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/appdata.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/appdata.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/appdata.md index c4d7ba40f5..4dd546a995 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/appdata.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/appdata.md @@ -1,3 +1,9 @@ +--- +title: "Configuration Data in %appdata%" +description: "Configuration Data in %appdata%" +sidebar_position: 30 +--- + # Configuration Data in %appdata% If an application writes its configuration data to `c:\`, `c:\program files`, or diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/overview.md new file mode 100644 index 0000000000..0fbd06355a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/overview.md @@ -0,0 +1,27 @@ +--- +title: "Discovering Configuration Data Locations" +description: "Discovering Configuration Data Locations" +sidebar_position: 50 +--- + +# Discovering Configuration Data Locations + +Usually, it's quite easy to discover where an application has stored its configuration data. Most +times, applications store their data in` HKEY_Current_User\Software`. In Figure 87, you can see the +data for many popular applications stored in the registry. + +![discovering_configuration_624x429](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_624x429.webp) + +Figure 87. Many applications store their data in the registry. + +Note that although most applications store their information in `HKEY_Current_User\Software`, if +you're trying to do something in Control Panel, those values would be stored in +`HKEY_Current_User\Control Panel`. For this reason, you might need look around to find the right +data store location if the application uses the registry. + +If an application's data isn't found in the registry, we suggest you look for other file types +manually. You can look in the following three common key locations for user configuration data: + +- `C:\program files\\` for 32-bit and 64-bit machines +- `C:\program files(x86)\\` for 64-bit machines +- `%localappdata%` diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/programfiles.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/programfiles.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/programfiles.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/programfiles.md index 41ead6e9d6..e4137e8ed9 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/programfiles.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/programfiles.md @@ -1,3 +1,9 @@ +--- +title: "Configuration Data in Program Files" +description: "Configuration Data in Program Files" +sidebar_position: 10 +--- + # Configuration Data in Program Files Using Windows Explorer, you can look for INI files (expressed as "Configuration settings" in the diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/sysinternalsprocessmonitor.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/sysinternalsprocessmonitor.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/sysinternalsprocessmonitor.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/sysinternalsprocessmonitor.md index e2e030f6fc..c2d190122f 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/sysinternalsprocessmonitor.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/sysinternalsprocessmonitor.md @@ -1,3 +1,9 @@ +--- +title: "Configuration Data Using Sysinternals Process Monitor" +description: "Configuration Data Using Sysinternals Process Monitor" +sidebar_position: 40 +--- + # Configuration Data Using Sysinternals Process Monitor Most applications' data should be easy to find. However, occasionally it is difficult to locate an diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/virtualstore.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/virtualstore.md new file mode 100644 index 0000000000..8ec356da00 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/discover/virtualstore.md @@ -0,0 +1,93 @@ +--- +title: "Configuration Data in VirtualStore" +description: "Configuration Data in VirtualStore" +sidebar_position: 20 +--- + +# Configuration Data in VirtualStore + +Sometimes, programs don't know that they are not allowed to store data in the protected Windows +locations. When a standard user runs the application and tries to change configuration data, the +application's configurations are not written to these protected Windows locations. They are +redirected or virtualized instead. In Figure 91, we can see that when the application tried to write +its data to `c:\Program Files`, it was actually redirected to + +`%LocalAppData%\VirtualStore\Program Files (x86)\Foxit Software\Foxit Reader`. + +![discovering_configuration_4](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_4.webp) + +Figure 91. Application data that has been redirected. + +This is a safety mechanism that Windows uses to allow applications to think that they've written +data to the desired location (`\Program Files`), when in actuality, the application's data was +really written to + +`%appdata%\local\virtualstore\Program Files (x86)\Foxit Software\Foxit Reader`. However, there is +one problem with this: both 32-bit and 64-bit client machines could possibly be our targets. Because +of this, even though we're finding the file in + +`%LocalAppData%\VirtualStore\Program Files (x86)\Foxit Software\Foxit Reader` (as shown in Figure +92), the data file could also be found on 32-bit machines in +`%LocalAppData%\VirtualStore\Program Files\Foxit Software\Foxit Reader` (as shown in Figure 93). + +![discovering_configuration_5](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_5.webp) + +Figure 92. The location for 64-bit machines is `%LocalAppData%\VirtualStore\Program Files (x86).` + +![discovering_configuration_6](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_6.webp) + +Figure 93. The location for 32-bit machiens is `%LocalAppData%\VirtualStore\Program Files.` + +If you select a file within the VirtualStore directory, Endpoint Policy Manager DesignStudio +recognizes this and provides two features to ensure proper delivery to clients. First, as shown in +Figure 94, Endpoint Policy Manager DesignStudio will substitute the correct variable so it will work +on client machines of the same type. + +![discovering_configuration_7](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_7.webp) + +Figure 94. Endpoint Policy Manager DesignStudio substituting the correct variable. + +To account for the possibility that you might have both 32-bit and 64-bit machines as targets, +Endpoint Policy Manager Application Settings Manager, by default, will always try to write to both +locations on the target machine. That way, you're ensured that both 32-bit and 64-bit machines will +get your directives. Note that this behavior is controllable within Endpoint Policy Manager +`DesignStudio in Tools|Options `in the VirtualStore tab, as shown in Figure 95. It is recommended +that you keep this checkbox checked. + +![discovering_configuration_8_624x322](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_8_624x322.webp) + +Figure 95. The VirtualStore tab. + +If you want to see both actions, you can click on the element's "Advanced" button, as shown in +Figure 96, and see the two actions created. + +![discovering_configuration_9_312x592](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_9_312x592.webp) + +Figure 96. The element's "Advanced" button. + +If you were to hover the mouse over each "File" location, you would see that the actions are set +against each possible file location automatically (`\Program Files(x86)` and `\Program Files`), one +for the first action and another for the second action, as shown in Figure 97 and Figure 98. + +![discovering_configuration_10](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_10.webp) + +Figure 97. The file location for the first action. + +![discovering_configuration_11_624x79](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/discover/discovering_configuration_11_624x79.webp) + +Figure 98. The file location for the second action. + +Therefore, there's really no downside in leaving the "Always create additional action when target +files utilize Windows 7 "VirtualStore" directories (recommended)" turned on. It will mean that your +64-bit and 32-bit applications will read the right file and be correctly configured. + +For more information on the idea of how an application uses file virtualization, see the following +resources: + +- Video and example app for testing: + [http://www.msigeek.com/328/video-file-registry-virtualization-in-windows-7](http://www.msigeek.com/328/video-file-registry-virtualization-in-windows-7) +- [http://msdn.microsoft.com/en-us/library/bb756960.aspx](http://msdn.microsoft.com/en-us/library/bb756960.aspx). + Look for "Virtualization" about halfway down the page. +- [http://www.thewindowsclub.com/file-registry-virtualization-in-windows-7](http://www.thewindowsclub.com/file-registry-virtualization-in-windows-7). +- Group Policy: Fundamentals, Security and the Managed Desktop by Jeremy Moskowitz Page 561–562. + Available at [www.GPanswers.com/book](http://www.GPanswers.com/book). diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/grayswizard.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/grayswizard.md similarity index 98% rename from docs/endpointpolicymanager/applicationsettings/designstudio/grayswizard.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/grayswizard.md index b3e775da6e..28d1514754 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/grayswizard.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/grayswizard.md @@ -1,3 +1,9 @@ +--- +title: "Using the Grays Wizard" +description: "Using the Grays Wizard" +sidebar_position: 140 +--- + # Using the Grays Wizard Many applications have configuration options, which will gray out or reveal items depending on diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/_category_.json new file mode 100644 index 0000000000..65de3c1d23 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Around", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/overview.md new file mode 100644 index 0000000000..a8b3b292d9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/overview.md @@ -0,0 +1,12 @@ +--- +title: "Getting Around" +description: "Getting Around" +sidebar_position: 20 +--- + +# Getting Around + +In this section, you'll learn about: + +- Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio vocabulary +- Tabs inside Endpoint Policy Manager DesignStudio diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/_category_.json new file mode 100644 index 0000000000..0ac98cde10 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Tabs", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/compilation.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/compilation.md new file mode 100644 index 0000000000..f2db1e05bb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/compilation.md @@ -0,0 +1,35 @@ +--- +title: "Compilation" +description: "Compilation" +sidebar_position: 40 +--- + +# Compilation + +The Compilation tab enables you to set your project's DLL name, as shown in Figure 55. It also +enables you to save your current work and compile your AppSet to be used in Group Policy, as shown +in Figure 56. + +![getting_around_7](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_7.webp) + +Figure 55. Setting the DLL name. + +![getting_around_8_624x155](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_8_624x155.webp) + +Figure 56. Compiling the AppSet. + +In Figure 55, you can see that you can do the following: + +- Compile to standard location (default): This will compile to what is set in `Tools | Options`. + Usually, this is the Endpoint Policy Manager local store or + + `c:\program files (x86)\PolicyPak\Extensions`. + +- Compile to same location as XML file: This will not copy to the local store, and instead will only + compile directly where the existing AppSet is located. +- Compile to both standard location and location as XML file: This will compile and save in the + local store and also make a copy where the AppSet XML file is located (overwriting any previous + DLL). + +You can also see a test preview of your AppSet after compiling. This can be useful if you want to +tweak, test, and re-tweak your application without having to launch the Group Policy editor. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/errorlist.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/errorlist.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/errorlist.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/errorlist.md index 4564861c7d..b1bb096fcb 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/errorlist.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/errorlist.md @@ -1,3 +1,9 @@ +--- +title: "Error List" +description: "Error List" +sidebar_position: 50 +--- + # Error List The Error List tab is only active after a compile error occurs (see Figure 57). Compile errors are diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/hierarchy.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/hierarchy.md similarity index 88% rename from docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/hierarchy.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/hierarchy.md index 69bbf5260a..e70526b10e 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/hierarchy.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/hierarchy.md @@ -1,3 +1,9 @@ +--- +title: "Hierarchy" +description: "Hierarchy" +sidebar_position: 10 +--- + # Hierarchy The Hierarchy tab is similar to the Tabs tab, except it shows every element in a granular fashion. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/overview.md new file mode 100644 index 0000000000..029d0074b5 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/overview.md @@ -0,0 +1,37 @@ +--- +title: "Tabs" +description: "Tabs" +sidebar_position: 20 +--- + +# Tabs + +Endpoint Policy Manager DesignStudio has six main tabs that help you perform tasks in your project. +You can see the tabs highlighted in Figure 50. + +![getting_around_1](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_1.webp) + +Figure 50. The DesignStudio tabs. + +Those tabs are: + +- Tabs +- Hierarchy +- Properties +- Project Properties +- Compilation +- Error List + +Let's examine each one so we can see what is contained inside each tab. + +## Tabs + +The Tabs tab enables you to see the overall hierarchy of your project. You will see all the tabs +listed in your project and any subdialogs you have within each tab. This is the quickest way to see +the overall structure of your project and how all the major objects (tabs and subdialogs) relate to +each other. When you click on a tab inside the Tabs area, the corresponding tab is automatically +displayed in the main pane for quick navigation (see Figure 51). + +![getting_around_2](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_2.webp) + +Figure 51. Using the Tabs tab for quick navigation. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/properties.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/properties.md new file mode 100644 index 0000000000..af29bdd878 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/properties.md @@ -0,0 +1,14 @@ +--- +title: "Properties" +description: "Properties" +sidebar_position: 20 +--- + +# Properties + +The Properties tab shows how the element is set. It is automatically displayed when you use the main +pane and select an element (see Figure 53). + +![getting_around_4](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/getting_around_4.webp) + +Figure 53. Viewing the properties of an element in the Properties tab. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/propertiesproject.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/propertiesproject.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/propertiesproject.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/propertiesproject.md index a5c647356b..ab947b2ad0 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/tab/propertiesproject.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/tab/propertiesproject.md @@ -1,3 +1,9 @@ +--- +title: "Project Properties" +description: "Project Properties" +sidebar_position: 30 +--- + # Project Properties The Project Properties tab shows overall project properties such as the following (see Figure 54): diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/vocabulary.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/vocabulary.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/navigation/vocabulary.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/vocabulary.md index 150734cf10..dd0df7786c 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/navigation/vocabulary.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/navigation/vocabulary.md @@ -1,3 +1,9 @@ +--- +title: "Vocabulary" +description: "Vocabulary" +sidebar_position: 10 +--- + # Vocabulary Let's continue with a little vocabulary for working with Endpoint Policy Manager DesignStudio. All diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/overview.md new file mode 100644 index 0000000000..365d266916 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/overview.md @@ -0,0 +1,23 @@ +--- +title: "DesignStudio" +description: "DesignStudio" +sidebar_position: 110 +--- + +# DesignStudio + +This document will help you to understand Netwrix Endpoint Policy Manager (formerly PolicyPak) +DesignStudio. However, you should only use this document after you have read and worked through the +DesignStudio example in Book 3: + +Application Settings Manager. We assume in this manual that you have already read that document and +can create simple AppSets. + +This document is a reference guide for the rest of the DesignStudio utility and addresses some +advanced scenarios. We won't be using this guide to build any one specific AppSet. Rather, we will +move from application to application pointing out some tips, tricks, and quirks which might be +applicable to many scenarios while building AppSets. + +Video: You may also wish to watch our DesignStudio videos, which cover some higher level details of +Endpoint Policy Manager: Application Manager > +[DesignStudio How-To](/docs/endpointpolicymanager/video/index.md#designstudio-how-to). diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/_category_.json new file mode 100644 index 0000000000..ec737a5e19 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Quick Start", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/createappset.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/createappset.md similarity index 99% rename from docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/createappset.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/createappset.md index 26a4942511..b332d65795 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/createappset.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/createappset.md @@ -1,3 +1,9 @@ +--- +title: "Creating Your First AppSet" +description: "Creating Your First AppSet" +sidebar_position: 20 +--- + # Creating Your First AppSet Endpoint Policy Manager DesignStudio generally works well with most applications. This includes most @@ -19,7 +25,7 @@ Policy Manager AppLock™ data **Step 3 –** Run `PolicyPak `DesignStudio to tweak, complete, and compile the AppSet If you followed along in -[Troubleshooting](/docs/endpointpolicymanager/troubleshooting/applicationsettings/overview.md), you installed WinZip on +[Troubleshooting](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview.md), you installed WinZip on your target machine, which is the kind of machine that regular users would run WinZip on. We will use WinZip in many of our later examples in this lesson. For these next steps, however, we are going to use PuTTY as our pilot application. We chose PuTTY because the interface has rarely changed over diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/creationstation.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/creationstation.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/creationstation.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/creationstation.md index 6165110414..0c48bd27a1 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/quickstart/creationstation.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/creationstation.md @@ -1,3 +1,9 @@ +--- +title: "Preparing Your Endpoint Policy Manager Creation Station" +description: "Preparing Your Endpoint Policy Manager Creation Station" +sidebar_position: 10 +--- + # Preparing Your Endpoint Policy Manager Creation Station To use Endpoint Policy Manager DesignStudio, you will need the following components installed on diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/overview.md new file mode 100644 index 0000000000..9d925ec429 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/quickstart/overview.md @@ -0,0 +1,35 @@ +--- +title: "Quick Start" +description: "Quick Start" +sidebar_position: 10 +--- + +# Quick Start + +Netwrix Endpoint Policy Manager (formerly PolicyPak) DesignStudio is where you can create your own +AppSets or edit AppSets that we provide to you. PolicyPak DesignStudio can scrape the interfaces +from your existing applications, such as WinZip, and bring them into the Endpoint Policy Manager +format for later use inside Group Policy Objects (GPOs). + +Video: To see an overview of how to use Endpoint Policy Manager DesignStudio, watch this video: +[Creating Your First Pak using Endpoint Policy Manager Design Studio](/docs/endpointpolicymanager/video/applicationsettings/designstudio/firstpak.md). + +**NOTE:** The Endpoint Policy Manager format is properly called "pXML" format. You most likely will +never need to edit any pXML files by hand, but you're welcome to open up and explore the files that +are produced by the wizard. + +In this guide, you will be creating an AppSet for PuTTY, and open source SSH and telnet client. +You'll be doing the work on your Endpoint Policy Manager creation station. You'll also be using the +pre-configured AppSet for WinZip as a demonstration for other examples throughout this guide. + +Tip: We recommend that your Endpoint Policy Manager creation station have the same operating system +(and version) that your target machine does, if possible. Having a Endpoint Policy Manager creation +station that is a Server 2016 machine and a target machine that is a Windows 10 machine, for +example, may work fine. However, for ideal application compatibility, it's best if your Endpoint +Policy Manager creation station is as close as possible to your target machine. + +To keep things simple, we'll assume you'll be creating your AppSets from the same machine you used +to create GPOs. However, note that it is common to separate out these two roles, and Endpoint Policy +Manager makes it easy to do so. In this discussion, we'll assume you're using a Windows 10 machine +with the RSAT tools and the GPMC enabled. This will now be your Group Policy management station and +your Endpoint Policy Manager creation station. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/regimporteruitility.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/regimporteruitility.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/regimporteruitility.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/regimporteruitility.md index 35c855225a..c10e592ab7 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/regimporteruitility.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/regimporteruitility.md @@ -1,3 +1,9 @@ +--- +title: "Using the .reg Importer Utility" +description: "Using the .reg Importer Utility" +sidebar_position: 120 +--- + # Using the .reg Importer Utility **NOTE:** For an overview of this section, see this video: diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/registrykeys.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/registrykeys.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/registrykeys.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/registrykeys.md index 963b71908f..ad862d835c 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/registrykeys.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/registrykeys.md @@ -1,3 +1,9 @@ +--- +title: "Applying Settings within Multiple Registry Keys" +description: "Applying Settings within Multiple Registry Keys" +sidebar_position: 110 +--- + # Applying Settings within Multiple Registry Keys The Configuration Wizard will discover where settings are stored when you perform a before and after diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/scrollablepanels.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/scrollablepanels.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/scrollablepanels.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/scrollablepanels.md index 9ed2496fad..37dd419db2 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/scrollablepanels.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/scrollablepanels.md @@ -1,3 +1,9 @@ +--- +title: "Adding Space to Scrollable Panels" +description: "Adding Space to Scrollable Panels" +sidebar_position: 90 +--- + # Adding Space to Scrollable Panels While editing your AppSets, you might want to put elements in a scrollable panel, or Netwrix diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/setup.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/setup.md new file mode 100644 index 0000000000..afa83ae6cc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/setup.md @@ -0,0 +1,63 @@ +--- +title: "Setting Up Application Configuration Data" +description: "Setting Up Application Configuration Data" +sidebar_position: 40 +--- + +# Setting Up Application Configuration Data + +When you create a new project (see Book 3: Application Settings Manager), you'll find that in the +initial wizard windows, you can choose how the capture process occurs, as shown in Figure 85. + +![setting_up_application_configuration](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/setting_up_application_configuration.webp) + +Figure 85. Choosing how to capture the application. + +Choose to start a new project using the Capture Wizard. Then, select your project type, as shown in +Figure 86. + +![setting_up_application_configuration_1](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/configurationdata/setting_up_application_configuration_1.webp) + +Figure 86. Selecting your project type. + +The following project types are currently supported, and more project types may be available in the +future. + +- Registry: This is the most common project type. Most applications store their configuration data + inside the registry. Most applications (like WinZip, Acrobat Reader, etc.) store their data per + user somewhere inside `HKEY_Local_User\Software`. +- Registry (service): Some applications store their information in `HKEY_Local_Machine`. This is not + very common, but it can happen. If in doubt, use "Registry" instead. You can learn more about this + project type in the section called "Special Applications and Project Types." +- `.INI` file: Many files store their configuration data in INI files. This is an older Windows + format, but is still widely supported. +- `.XML` file: A wide variety of applications use XML for their configurations. Not all XML types + are supported, and the wizard will indicate if the XML file you've selected is not supported. +- Mozilla-specific config file: The Mozilla Corporation has a variety of applications which all work + similarly, including Firefox, Thunderbird, and SeaMonkey. These applications from the Mozilla + Corporation all use this file type. There's no need to use Netwrix Endpoint Policy Manager + (formerly PolicyPak) DesignStudio to create your own Firefox or Thunderbird AppSets; we've already + done that for you. This Mozilla-specific file format is captured and handled somewhat differently + than the others, and is specifically discussed in the section called "Special Applications and + Project Types." +- `.js` file (Firefox-style config file): This is a JavaScript style file, in the common + Firefox-style format. +- .properties file (`Java-style config` file): This is a less common file format; however, some + applications do use .properties files to configure their data. Usually these are Java + applications, but could be other kinds of applications as well. +- OpenOffice and LibreOffice config file (\*`.xcu`): This file type is used to configure OpenOffice + and LibreOffice. +- Remote Desktop Settings file (\*`.rdp config `file): Configured Microsoft Remote Desktop Services + files. +- JSON: This is a common file format for many applications. +- Firefox Plugin Registry: This is for Firefox plugins that support a specific standard. + +**NOTE:** Endpoint Policy Manager DesignStudio will create new data files for all file types if they +don't already exist on the client computer. This is true for every file type Endpoint Policy Manager + +DesignStudio supports, except RDP files. RDP files are not created on the client machine, and they +must already be present to be modified by Endpoint Policy Manager + +DesignStudio. Additionally, it is now recommended that if you wish to deliver and maintain `.rdp` +files, you do so with Endpoint Policy Manager Remote Desktop Protocol Manager +([https://www.endpointpolicymanager.com/policies/remote-desktop-protocol-manager/](https://www.endpointpolicymanager.com/policies/remote-desktop-protocol-manager/)). diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/_category_.json new file mode 100644 index 0000000000..2bbb5559fe --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using DesignStudio Tools", + "position": 130, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/batchcompile.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/batchcompile.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/tools/batchcompile.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/batchcompile.md index 454789ea79..f38082a1cb 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/batchcompile.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/batchcompile.md @@ -1,3 +1,9 @@ +--- +title: "Batch Compile" +description: "Batch Compile" +sidebar_position: 50 +--- + # Batch Compile You may want to work on several AppSets before you begin the compiling process for each one.  You diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/globalsearchreplace.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/globalsearchreplace.md similarity index 87% rename from docs/endpointpolicymanager/applicationsettings/designstudio/tools/globalsearchreplace.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/globalsearchreplace.md index b6b09c5b54..2646f84044 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/globalsearchreplace.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/globalsearchreplace.md @@ -1,3 +1,9 @@ +--- +title: "Global Search and Replace" +description: "Global Search and Replace" +sidebar_position: 30 +--- + # Global Search and Replace Endpoint Policy Manager DesignStudio has a global search and replace function that can be accessed diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/_category_.json new file mode 100644 index 0000000000..8317fe670c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Options", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/compilation.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/compilation.md new file mode 100644 index 0000000000..6abbd86e1b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/compilation.md @@ -0,0 +1,30 @@ +--- +title: "Compilation Tab" +description: "Compilation Tab" +sidebar_position: 10 +--- + +# Compilation Tab + +The Compilation tab controls where your Endpoint Policy Manager source files (pXML) are saved and +where they are compiled. You can see the Compilation tab in Figure 166. The default path for saved +pXML files is`\Documents\PolicyPak Design Studio\Projects.` You can change this to any location you +like. Additionally, the path for compiled DLLs is `C:\Program Files\PolicyPak\Extensions`. This is +the location where the Endpoint Policy Manager Application Settings Manager Group Policy Editor will +look for compiled extensions, so it's best to leave this as it is. + +![using_designstudio_tools_2](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_2.webp) + +Figure 166. The Compilation tab. + +**NOTE:** that only administrators can compile AppSets directly to this location. If you are running +Endpoint Policy Manager DesignStudio as a standard user (non-administrator) you are prompted for an +alternate (writable) location. After compiling, you can use an administrator account to copy the +AppSet DLL file to `c:\Program Files\PolicyPak\Extensions` to use it within the Group Policy Editor. + +Additionally, you can see the "Preferred C++ Compiler" in the Compilation tab. Endpoint Policy +Manager Application Settings Manager is actually compatible with two compilers: Microsoft Visual C++ +2008 (Express and Full Editions) and MinGW compiler. However, it is recommended that you use the +Microsoft Visual C++ 2008 compiler. Lastly, you can also see the Endpoint Policy Manager compiler +location, which should always point toward the file named PXmlParser. This should not be changed +unless specified by technical support. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/java.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/java.md new file mode 100644 index 0000000000..50ed8f066e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/java.md @@ -0,0 +1,23 @@ +--- +title: "Java Tab" +description: "Java Tab" +sidebar_position: 40 +--- + +# Java Tab + +Endpoint Policy Manager DesignStudio currently has experimental support for capturing Java-based +applications. In order to capture Java-based applications, you will need to do the following: + +**Step 1 –** Install the Java Access Bridge (free software from Java/Oracle). + +**Step 2 –** Fully turn off user account control (during the user interface [UI] capture). + +Without the Java Access Bridge installed, the Java tab will look like what's shown in Figure 169. + +![using_designstudio_tools_5_624x224](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_5_624x224.webp) + +Figure 169. The Java tab. + +To learn more about how to use Endpoint Policy Manager DesignStudio to capture Java-based +applications, check out the "Special Applications and Project Types" section of this document. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/misc.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/misc.md similarity index 86% rename from docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/misc.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/misc.md index 97ba8a9333..6960267972 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/misc.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/misc.md @@ -1,3 +1,9 @@ +--- +title: "Misc Tab" +description: "Misc Tab" +sidebar_position: 50 +--- + # Misc Tab By default Endpoint Policy Manager DesignStudio doesn't run more than one copy of itself at a time. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/overview.md new file mode 100644 index 0000000000..6c15945c47 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/overview.md @@ -0,0 +1,18 @@ +--- +title: "Options" +description: "Options" +sidebar_position: 10 +--- + +# Options + +Endpoint Policy Manager DesignStudio has a variety of options you can configure. You can access +these options using Tools|Options, as shown in Figure 165. There are six tabs within Options: +Compilation, UI Capture, AppV (older versions of DesignStudio only), VirtualStore, Java, and Misc. + +![using_designstudio_tools_1_624x111](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_1_624x111.webp) + +Figure 165. DesignStudio Options. + +**NOTE:** The AppV tab has not been used since build 605. Only older versions of DesignStudio +require the AppV tab. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/uicapture.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/uicapture.md similarity index 86% rename from docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/uicapture.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/uicapture.md index 7582a64b8d..5dc2934367 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/uicapture.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/uicapture.md @@ -1,3 +1,9 @@ +--- +title: "UI Capture Tab" +description: "UI Capture Tab" +sidebar_position: 20 +--- + # UI Capture Tab The UI Capture tab has one checkbox, which is on by default (see Figure 167). When checked, captured diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/virtualstore.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/virtualstore.md new file mode 100644 index 0000000000..19106d9707 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/options/virtualstore.md @@ -0,0 +1,15 @@ +--- +title: "VirtualStore Tab" +description: "VirtualStore Tab" +sidebar_position: 30 +--- + +# VirtualStore Tab + +The VirtualStore tab has one setting, as shown in Figure 168. This setting is automatically checked +on and is used when applications running as standard users try to write to locations that are not +allowed. This setting was discussed in the section called "Configuration Data in VirtualStore." + +![using_designstudio_tools_4_624x174](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/options/using_designstudio_tools_4_624x174.webp) + +Figure 168. The VirtualStore tab. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/overview.md new file mode 100644 index 0000000000..8054165481 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/overview.md @@ -0,0 +1,25 @@ +--- +title: "Using DesignStudio Tools" +description: "Using DesignStudio Tools" +sidebar_position: 130 +--- + +# Using DesignStudio Tools + +In this section, you'll learn how to do the following with Netwrix Endpoint Policy Manager (formerly +PolicyPak) DesignStudio: + +- Set up and configure Endpoint Policy Manager DesignStudio options (`Tools|Options`) +- Find unconfigured elements in our AppSet (`Tools|Show Elements List`) +- Perform a global search and replace for elements and text within our AppSet + (`Tools|Global Search and Replace`) +- Merge AppSets (`Tools|PXML Merge Wizard`) +- Compile multiple AppSets at once (`Tools|Batch Compile`) +- Preview an existing AppSet (`Tools|Pak Preview`) + +You can see the list of items from the Endpoint Policy Manager DesignStudio Tools menu in +Figure 164. + +![using_designstudio_tools](/img/product_docs/endpointpolicymanager/applicationsettings/designstudio/tools/using_designstudio_tools.webp) + +Figure 164. DesignStudio Tools menu. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/pakpreview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/pakpreview.md similarity index 91% rename from docs/endpointpolicymanager/applicationsettings/designstudio/tools/pakpreview.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/pakpreview.md index 061f47564c..648bc91e8f 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/pakpreview.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/pakpreview.md @@ -1,3 +1,9 @@ +--- +title: "Pak Preview" +description: "Pak Preview" +sidebar_position: 60 +--- + # Pak Preview You can use Pak Preview to edit any compiled AppSet in Endpoint Policy Manager DesignStudio or diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/pxmlmergewizard.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/pxmlmergewizard.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/designstudio/tools/pxmlmergewizard.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/pxmlmergewizard.md index 58d6bc020a..5fde48e425 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/pxmlmergewizard.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/pxmlmergewizard.md @@ -1,3 +1,9 @@ +--- +title: "PXML Merge Wizard" +description: "PXML Merge Wizard" +sidebar_position: 40 +--- + # PXML Merge Wizard As described in Book 3: Application Settings Manager and reiterated in this guide, you will get the @@ -43,7 +49,7 @@ application and you have the pXML file handy. These two ways to perform the task equivalent. So, in this example, we have Endpoint Policy Manager DesignStudio running on Windows XP and capturing all the same items as the original project. -**NOTE:** [Troubleshooting](/docs/endpointpolicymanager/troubleshooting/applicationsettings/overview.md), it was +**NOTE:** [Troubleshooting](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/applicationsettings/overview.md), it was suggested that you should capture only three tabs for the first project. When you're merging pXML files, capture the same tabs you have in your original project. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/showelementslist.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/showelementslist.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/designstudio/tools/showelementslist.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/showelementslist.md index 2cbd6ea7a2..a99e9f9166 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/tools/showelementslist.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/tools/showelementslist.md @@ -1,3 +1,9 @@ +--- +title: "Show Elements List" +description: "Show Elements List" +sidebar_position: 20 +--- + # Show Elements List If your project gets to be sufficiently large with multiple tabs and elements, you might want to be diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/_category_.json new file mode 100644 index 0000000000..9802dcd8d7 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Crafting the User Interface of Your AppSet", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/capturewizard.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/capturewizard.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/capturewizard.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/capturewizard.md index 27c4f60086..750f09fe3c 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/capturewizard.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/capturewizard.md @@ -1,3 +1,9 @@ +--- +title: "capturewizard" +description: "capturewizard" +sidebar_position: 10 +--- + ## Using the Capture Wizard The process for using the Capture Wizard to capture UI elements was already covered in the section diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualadd.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualadd.md similarity index 91% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualadd.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualadd.md index b25cf1fc9f..8a2682bab6 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualadd.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualadd.md @@ -1,3 +1,9 @@ +--- +title: "Manually Adding New Items" +description: "Manually Adding New Items" +sidebar_position: 30 +--- + # Manually Adding New Items Although you will likely use the captured UI elements as they are, you might choose to manually add diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/_category_.json new file mode 100644 index 0000000000..2fdb8960dd --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manual Edits", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/elementmodifications.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/elementmodifications.md similarity index 87% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/elementmodifications.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/elementmodifications.md index 5d18768e31..dece8a1398 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/elementmodifications.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/elementmodifications.md @@ -1,3 +1,9 @@ +--- +title: "Modifications to Existing Elements" +description: "Modifications to Existing Elements" +sidebar_position: 50 +--- + # Modifications to Existing Elements We've already seen how to move handles around so that all text in a dialog box is shown. However, diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/elementtransformations.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/elementtransformations.md similarity index 94% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/elementtransformations.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/elementtransformations.md index 64a7502cf4..50aa0d573f 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/elementtransformations.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/elementtransformations.md @@ -1,3 +1,9 @@ +--- +title: "Element Transformations" +description: "Element Transformations" +sidebar_position: 30 +--- + # Element Transformations In this example, the application we want to manage is using a spinbox (also called an up/down box) diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/hiddentext.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/hiddentext.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/hiddentext.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/hiddentext.md index 4badf46f9f..526c5cf04b 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/hiddentext.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/hiddentext.md @@ -1,3 +1,9 @@ +--- +title: "Hidden Text" +description: "Hidden Text" +sidebar_position: 20 +--- + # Hidden Text In Figure 69 the settings were captured, but the text was not fully shown. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/nonstandard.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/nonstandard.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/nonstandard.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/nonstandard.md index b1725d05a9..7bdd36fa1f 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/nonstandard.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/nonstandard.md @@ -1,3 +1,9 @@ +--- +title: "Non-Standard Captures" +description: "Non-Standard Captures" +sidebar_position: 10 +--- + # Non-Standard Captures Some applications have a non-standard interface. The interface can still be captured, but the diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/notmanaged.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/notmanaged.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/notmanaged.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/notmanaged.md index bd7ac00678..a89f3ec23c 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/manualedits/notmanaged.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/notmanaged.md @@ -1,3 +1,9 @@ +--- +title: "Items That Cannot Be Managed" +description: "Items That Cannot Be Managed" +sidebar_position: 40 +--- + # Items That Cannot Be Managed Endpoint Policy Manager Application Settings Manager can control a lot of items; however, there are diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/overview.md new file mode 100644 index 0000000000..3628d64070 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/manualedits/overview.md @@ -0,0 +1,12 @@ +--- +title: "Manual Edits" +description: "Manual Edits" +sidebar_position: 20 +--- + +# Manual Edits + +The Endpoint Policy Manager Capture Wizard usually does a pretty good job of capturing the elements +for most applications. However, sometimes it needs a little manual help to get the applications' +elements to where they need to be. The sections below describe some circumstances that may require +manual editing. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/overview.md new file mode 100644 index 0000000000..3b2f769f02 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/overview.md @@ -0,0 +1,16 @@ +--- +title: "Crafting the User Interface of Your AppSet" +description: "Crafting the User Interface of Your AppSet" +sidebar_position: 30 +--- + +# Crafting the User Interface of Your AppSet + +There are three ways you can craft the user interface (UI) of your target application: + +- Fully automatic with the Capture Wizard +- Automatic first, with manual corrections for non-standard captures +- Fully manual + +In the sections below, we'll explore all three options. We'll also discuss how to capture subdialogs +and how to understand capture results that aren't what you expected. diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/subdialogs.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/subdialogs.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/subdialogs.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/subdialogs.md index 152829562a..5ba63e25e7 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/subdialogs.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/subdialogs.md @@ -1,3 +1,9 @@ +--- +title: "Capturing Subdialogs" +description: "Capturing Subdialogs" +sidebar_position: 40 +--- + # Capturing Subdialogs Some applications have subdialogs you can capture. For instance, in the Control Panel mouse applet, diff --git a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/unexpectedresults.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/unexpectedresults.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/unexpectedresults.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/unexpectedresults.md index 9f65287bc7..6afcd49442 100644 --- a/docs/endpointpolicymanager/applicationsettings/designstudio/userinterface/unexpectedresults.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/designstudio/userinterface/unexpectedresults.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Unexpected Results" +description: "Understanding Unexpected Results" +sidebar_position: 50 +--- + # Understanding Unexpected Results Most applications' UIs are captured correctly by Endpoint Policy Manager DesignStudio; however, not diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/_category_.json new file mode 100644 index 0000000000..b3b83a9e5f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Extras", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/extras/itemleveltargeting/appsetentry.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/appsetentry.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/extras/itemleveltargeting/appsetentry.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/appsetentry.md index 9d04a62ce2..c4ec27856a 100644 --- a/docs/endpointpolicymanager/applicationsettings/extras/itemleveltargeting/appsetentry.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/appsetentry.md @@ -1,3 +1,9 @@ +--- +title: "Item-Level Targeting for an AppSet Entry" +description: "Item-Level Targeting for an AppSet Entry" +sidebar_position: 10 +--- + # Item-Level Targeting for an AppSet Entry **NOTE:** For a demonstration of Item-Level Targeting, please see this video: diff --git a/docs/endpointpolicymanager/applicationsettings/extras/itemleveltargeting/appsetinternal.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/appsetinternal.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/extras/itemleveltargeting/appsetinternal.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/appsetinternal.md index 23ed186501..0d907a41b1 100644 --- a/docs/endpointpolicymanager/applicationsettings/extras/itemleveltargeting/appsetinternal.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/appsetinternal.md @@ -1,3 +1,9 @@ +--- +title: "Internal Item-Level Targeting for the AppSet Itself" +description: "Internal Item-Level Targeting for the AppSet Itself" +sidebar_position: 20 +--- + # Internal Item-Level Targeting for the AppSet Itself **NOTE:** To see an overview of Internal ItemLevel Targeting, including how to bypass the filters, diff --git a/docs/endpointpolicymanager/applicationsettings/extras/managedby.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/managedby.md similarity index 94% rename from docs/endpointpolicymanager/applicationsettings/extras/managedby.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/managedby.md index 2ff15a03b3..9bdbbdcda3 100644 --- a/docs/endpointpolicymanager/applicationsettings/extras/managedby.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/managedby.md @@ -1,3 +1,9 @@ +--- +title: "Managed By Endpoint Policy Manager" +description: "Managed By Endpoint Policy Manager" +sidebar_position: 50 +--- + # Managed By Endpoint Policy Manager Because Endpoint Policy Manager Application Settings Manager can perform user-interface (UI) lockout diff --git a/docs/endpointpolicymanager/applicationsettings/extras/multipleappsetspriority.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/multipleappsetspriority.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/extras/multipleappsetspriority.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/multipleappsetspriority.md index 28189f1e1d..e525761264 100644 --- a/docs/endpointpolicymanager/applicationsettings/extras/multipleappsetspriority.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/multipleappsetspriority.md @@ -1,3 +1,9 @@ +--- +title: "Multiple AppSets and Priority" +description: "Multiple AppSets and Priority" +sidebar_position: 30 +--- + # Multiple AppSets and Priority -Level Targeting (described in the previous section). diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/overview.md new file mode 100644 index 0000000000..b8b3c99d89 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/overview.md @@ -0,0 +1,16 @@ +--- +title: "Extras" +description: "Extras" +sidebar_position: 30 +--- + +# Extras + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager has some extra +management capabilities. In this section, we'll discuss the following features: + +- Item-Level Targeting for an AppSet entry +- Internal Item-Level Targeting for the AppSet itself +- Creating multiple AppSets and changing priority +- Setting a comment or description about an AppSet's settings +- Adding "Managed by Endpoint Policy Manager" to applications under management diff --git a/docs/endpointpolicymanager/applicationsettings/extras/settingdescription.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/settingdescription.md similarity index 85% rename from docs/endpointpolicymanager/applicationsettings/extras/settingdescription.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/settingdescription.md index 1d260e8a72..91656f938b 100644 --- a/docs/endpointpolicymanager/applicationsettings/extras/settingdescription.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/extras/settingdescription.md @@ -1,3 +1,9 @@ +--- +title: "Setting a Description" +description: "Setting a Description" +sidebar_position: 40 +--- + # Setting a Description You can add your own note or description to each AppSet, as shown in Figure 58. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/_category_.json new file mode 100644 index 0000000000..e0c9cd42a0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Firefox AppSet", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/_category_.json new file mode 100644 index 0000000000..480be230d8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Add-Ons", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/discoveringids.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/discoveringids.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/discoveringids.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/discoveringids.md index d08611a061..b4f702f7c9 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/discoveringids.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/discoveringids.md @@ -1,3 +1,9 @@ +--- +title: "Discovering IDs for Firefox Add-Ons" +description: "Discovering IDs for Firefox Add-Ons" +sidebar_position: 40 +--- + # Discovering IDs for Firefox Add-Ons **Step 1 –** Finding add-on IDs requires a little bit of work. To discover them, you need to click diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/enabledisable.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/enabledisable.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/enabledisable.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/enabledisable.md index 8865fefd31..6b1ca458ff 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/enabledisable.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/enabledisable.md @@ -1,3 +1,9 @@ +--- +title: "Using Endpoint Policy Manager to Enable or Disable Add-Ons" +description: "Using Endpoint Policy Manager to Enable or Disable Add-Ons" +sidebar_position: 10 +--- + # Using Endpoint Policy Manager to Enable or Disable Add-Ons Video: To see a video of Endpoint Policy Manager enabling or disabling Firefox's add-ons, go to diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/enabledisableid.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/enabledisableid.md new file mode 100644 index 0000000000..5a6581a3e9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/enabledisableid.md @@ -0,0 +1,16 @@ +--- +title: "Using the ID to Enable or Disable Add-Ons" +description: "Using the ID to Enable or Disable Add-Ons" +sidebar_position: 20 +--- + +# Using the ID to Enable or Disable Add-Ons + +The following snippet will disable all add-ons except extensions, and then will disable the +"Clearly" extension from Evernote by its ID (GUID or friendly name). + +``` +readable@evernote.com, enable +{47c11ff1-bbce-4481-83be-54e0c0adfda7}, disable +In the next section, we will give you some tips on how to find the GUID or friendly name of your extensions. +``` diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/overview.md new file mode 100644 index 0000000000..9988756d31 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/overview.md @@ -0,0 +1,16 @@ +--- +title: "Add-Ons" +description: "Add-Ons" +sidebar_position: 40 +--- + +# Add-Ons + +Netwrix Endpoint Policy Manager (formerly PolicyPak) can manipulate Firefox add-ons by enabling and +disabling add-ons of all types. Endpoint Policy Manager can also force the installation of or force +the removal of specific add-ons. To find Firefox's add-ons, select "Add-ons" within Firefox, as +shown in Figure 15. + +![add_ons](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/add_ons.webp) + +Figure 15. The Add-ons tab. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/tipstricks.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/tipstricks.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/tipstricks.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/tipstricks.md index 4ef2fd595a..74a9c0b252 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/tipstricks.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/tipstricks.md @@ -1,3 +1,9 @@ +--- +title: "Tips and Tricks" +description: "Tips and Tricks" +sidebar_position: 50 +--- + # Tips and Tricks Endpoint Policy Manager has some extra powers to prevent users from managing and installing diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/wildcard.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/wildcard.md similarity index 92% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/wildcard.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/wildcard.md index e2c0515eaa..877cf44004 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/addons/wildcard.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/addons/wildcard.md @@ -1,3 +1,9 @@ +--- +title: "Using a Wildcard" +description: "Using a Wildcard" +sidebar_position: 30 +--- + # Using a Wildcard Instead of IDs you can use the keywords in Table 2. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/applicationhandlers.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/applicationhandlers.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/applicationhandlers.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/applicationhandlers.md index d24f9eeee3..2a15e22ab1 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/applicationhandlers.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/applicationhandlers.md @@ -1,3 +1,9 @@ +--- +title: "Managing Application Handlers" +description: "Managing Application Handlers" +sidebar_position: 70 +--- + # Managing Application Handlers Netwrix Endpoint Policy Manager (formerly PolicyPak) can manage which applications open outside of diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/bookmarks.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/bookmarks.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/bookmarks.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/bookmarks.md index f533a89a8e..66cc320099 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/bookmarks.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/bookmarks.md @@ -1,3 +1,9 @@ +--- +title: "Bookmarks" +description: "Bookmarks" +sidebar_position: 20 +--- + # Bookmarks Firefox has two types of bookmarks: diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/overview.md new file mode 100644 index 0000000000..b67555f63a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/overview.md @@ -0,0 +1,44 @@ +--- +title: "Firefox AppSet" +description: "Firefox AppSet" +sidebar_position: 90 +--- + +# Firefox AppSet + +This document will help you to understand how to use the AppSet named "Mozilla Firefox 23.0". This +AppSet works for Firefox 23 and later but only works with Firefox ESR, and not the regular version. +For more details on this see: +[https://www.endpointpolicymanager.com/pp-blog/policypak-will-soon-only-support-firefox-esr](https://www.endpointpolicymanager.com/pp-blog/endpointpolicymanager-will-soon-only-support-firefox-esr) + +Only use this document after you have read and worked through Book 3: Application Settings Manager +and have successfully tested "Winzip 14," or an example application. Some features are only +available when you have a Netwrix Endpoint Policy Manager (formerly PolicyPak) client-side extension +(CSE) which supports the feature. Inside the AppSet, we've noted when a feature requires a specific +CSE version. + +**NOTE:** The Endpoint Policy Manager "About Config" AppSets are still valid and available and +should be used for settings within Firefox's About:config. + +Additionally, if you were using any of the other main Firefox AppSets created by Endpoint Policy +Manager, those are now deprecated and are no longer to be used. These AppSets include: + +- Mozilla Firefox 21 AppSet +- Mozilla Firefox ESR 24/24.1 AppSet +- Mozilla Firefox ESR 17 AppSet +- Mozilla Firefox Plug-In Example AppSet + +For information on how to migrate from any of these old Firefox AppSets to the Firefox 23 AppSet, +see the section title "Migrating to the Firefox 23 AppSet" in this document. + +This AppSet is no different than other AppSets, in that it can be placed into Local, Shared or +Central storage. (See Book 3: Application Settings Manager for details.) Once placed into the +storage location, it will be available as seen in Figure 1. + +![about_this_document_and_the](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/about_this_document_and_the.webp) + +Figure 1. The Endpoint Policy Manager Mozilla Firefox Pak. + +The AppSet may be used on the User or Computer side just like all other AppSets. However, Firefox +lockdown features are ONLY available on the COMPUTER side, and therefore we recommend using the +Firefox AppSet on the Computer side. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/overview_1.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/overview_1.md new file mode 100644 index 0000000000..a4a0220078 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/overview_1.md @@ -0,0 +1,134 @@ +--- +title: "Certificates" +description: "Certificates" +sidebar_position: 60 +--- + +# Certificates + +Netwrix Endpoint Policy Manager (formerly PolicyPak) can add or remove certificates within Firefox. +These certificates must be in the binary-encoded DER format and cannot be Base64-encoded. If you +need to learn how to convert a certificate, see the section "Exporting Certificates to the +Binary-Encoded DER Format" below. + +Video: To see a video of Endpoint Policy Manager managing Firefox's add-ons, go to +[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-certificates.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-certificates.html) + +You can see Firefox's certificates under` Options | Advanced | Certificates | View Certificates`, as +shown in Figure 42. + +![certificates](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates.webp) + +Figure 42. The Servers tab within the Certificate Manager. + +To manage Firefox's certificates, you need to specify the location of the certificate to import +(source) and the location where you want to deliver it (target). The source location can be local, +on a file server, etc. + +![certificates_1](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_1.webp) + +Figure 43. Specifying the Firefox certificate location. + +Target locations require a keyword to specify the location. The possible values are listed in +Table 3. + +Table 3: Keywords for target locations. + +| Keyword | Location | Note | +| ---------- | ------------- | --------------------------------------------- | +| Root | Authorities | Root and Intermediate Certificate Authorities | +| Trusted | Servers | | +| People | People | | +| Your Certs | Not Supported | | +| Other | Not Supported | | + +You can also specify how often (in days) the source certificate file should be checked for changes +using the following: `\\DC\Share\Fabrikam-CA.cer, 1, ROOT, add`. If the optional parameter is not +specified, it defaults to 0, meaning that the client-side extension (CSE) will re-read the +certificate file every time Firefox starts. Note that if the file is unavailable or the remote +location is offline, the launch of Firefox is not slowed down. Additionally, you might want to +deliver certificates to all these stores, as shown in Figure 44. + +![certificates_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_2.webp) + +Figure 44. Editing the trust settings. + +To do so, use the following syntax: `\\Server\Share\FF.cer,1,C;C;C,add`. Note that the certificate +authority is omitted in this correct syntax. For more information on this advanced syntax, see the +following + +**NOTE:** +[http://www.endpointpolicymanager.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html](http://www.endpointpolicymanager.com/knowledge-base/preconfigured-paks/firefox-how-can-i-deliver-certificates-to-certificate-authority-store-and-select-websites-mail-users-and-software-makers.html). + +**NOTE:** In order to decrease network load, you may want to specify the number of days explicitly. + +To delete a certificate, you must know its SHA 1 fingerprint. You do not need to specify where the +certificate is currently stored; if the fingerprint matches a certificate in any store, it is +removed. + +![certificates_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_3.webp) + +Figure 45. SHA Fingerprint location. + +## Exporting Certificates to the Binary-Encoded DER Format + +Endpoint Policy Manager can only work with binary-encoded DER certificates. If you have a +certificate of another type, you may import it first into Firefox. Then, you can immediately export +it as a DER file, as shown in Figure 46. + +![certificates_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_4.webp) + +Figure 46. Explorting a certificate as a DER. + +You can optionally perform the same type of export by looking at the file itself in the Details tab +of Explorer, and then selecting the "Copy to File" button. Then, select "DER encoded binary X.509 +(CER)," as shown in Figure 47. + +![certificates_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_5.webp) + +Figure 47. Exporting via Explorer. + +## Troubleshooting Certificates + +If you are not seeing the results you expect, you can look in Endpoint Policy Manager's logs (see +Book 3: Application Settings Manager for more information) as well as Firefox's log. An example of +Endpoint Policy Manager's log showing that certificates are correctly being added can be seen in +Figure 48. + +![certificates_6](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_6.webp) + +Figure 48. The Endpoint Policy Manager log with certificate details. + +You can also use Firefox's log by clicking Ctrl+Shift+J on any page. In the log below (Figure 49), +you can see certificates being added to the proper stores. + +![certificates_7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_7.webp) + +Figure 49. The Firefox log with certificate details. + +The most common reasons for certificates not showing up the store you want are the following: + +- The certificate is NOT in binary/DER format. See the preceding section "Exporting Certificates to + the Binary-Encoded DER Format" in order to get certificates into the correct format first. +- The certificate is not designed to work in the store of your choice. For instance, you've selected + an email certificate and tried to use it in the ROOT or CA store. +- You have misspelled the name of the file. For instance, the file is named + +``` +\\server\share\file123.cer but you specified  +\\server\share\file123 or  +\\server\share\file123.x509. +``` + +- When specifying a certificate and the number of days after which Endpoint Policy Manager should + check for updates, you have transposed the values. The correct way to specify a certificate and + have Endpoint Policy Manager check for updates every two days is + +`\\DC\Share\Fabrikam-CA.cer, 2, CA`, add and not + +`\\DC\Share\Fabrikam-CA.cer, CA, 2, add`. In the logs, you would see this transposition error as +shown in Figure 50. + +![certificates_8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_8.webp) + +Figure 50. Log showing a transposition error. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/permissions.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/permissions.md new file mode 100644 index 0000000000..fca9ebf927 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/permissions.md @@ -0,0 +1,111 @@ +--- +title: "Permissions and Pop Ups" +description: "Permissions and Pop Ups" +sidebar_position: 30 +--- + +# Permissions and Pop Ups + +Starting recently in Firefox, you can only see permissions and pop-ups by doing the following: + +**Step 1 –** Go to the website. + +**Step 2 –** Click on the lock icon or another icon in that space. + +**Step 3 –** Click the right arrow as shown in Figure 6. + +**Step 4 –** Click on "More Information," as shown in Figure 7. + +**Step 5 –** After doing this, you will reach the Permissions tab, as shown in Figure 8. + +![permissions_and_pop_ups](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups.webp) + +Figure 6. To see permissions and pop-ups click, one must click on the lock icon and then on the +right arrow. + +![permissions_and_pop_ups_1](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_1.webp) + +Figure 7. The next step to see the permissions and pop-ups is to click on "More Information." + +![permissions_and_pop_ups_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_2.webp) + +Figure 8. The Permissions tab. + +You can see Firefox's pop-up exceptions using Options | Privacy & Security | Exceptions, as shown in +Figure 9 and Figure 10. + +![permissions_and_pop_ups_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_3.webp) + +Figure 9. Firefox's pop-up exceptions. + +![permissions_and_pop_ups_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_4.webp) + +Figure 10. The pop-up exceptions page. + +Netwrix Endpoint Policy Manager (formerly PolicyPak) can manipulate most areas of permissions and +pop-ups. Within the Firefox AppSet, you can use the Permissions tab to enter in the values you wish +for the sites that are allowed to have pop-ups and you can set permissions, as shown in Figure 11. + +![permissions_and_pop_ups_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_5.webp) + +Figure 11. Using Endpoint Policy Manager to configure the Permissions tab. + +To see a video of Endpoint Policy Manager managing permissions and pop-ups, to go +[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-pop-ups-and-permissions-using-group-policy.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-pop-ups-and-permissions-using-group-policy.html). + +In Figure 11, you can see the key word after the website, like "image," "Geo," "cookie," and so on. +Use Table 1 to find the key word for the area on the website you would like to manage. + +Table 1: PolicyPak keywords. + +| Endpoint Policy Manager Keyword (case sensitive) | Possible Verbs | Item in About:Permissions for a website | +| ------------------------------------------------ | -------------- | --------------------------------------- | ------------------- | ------------------------ | +| popup | Allow | Block | Open Pop-Up Windows | +| camera | Allow | Block | Ask | Camera | +| microphone | Allow | Block | Ask | Microphone | +| fullscreen | Allow | Block | Ask | Fullscreen | +| pointerLock | Allow | Block | Ask | Hide Mouse | +| NOT AVAILABLE | Allow | Block | Store Passwords | +| geo | Allow | Block | Ask | Share Location | +| cookie | Allow | Block | Set Cookies | +| indexedDB | Allow | Block | Ask | Maintain Offline Storage | +| Image | Allow | Block | Load images | +| Install | Allow | Block | Install Add-Ons | +| desktop-notification | Allow | Block | Ask | Show Notifications | +| plugin:[name] | Allow | Block | Ask | See below. | + +A special case would be when you want a plugin to be enabled or always allowed for a particular +website. To do this, you need the "short name" of the plugin. + +Video: To see a video of how to discover the short name of a plugin and ensure it always works for a +particular website, go to +[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-plug-ins-per-website.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-firefox-plug-ins-per-website.html). + +For example, if you want to ensure that when end-users go to a specific Citrix website, the Citrix +ICA plugin is always set to ALLOW for that site, you would need to know the Citrix plugin short +name, which is "npican." Then, you would enter http://site.com, plugin:npican, allow. This is +illustrated in Figure 12. + +![permissions_and_pop_ups_6](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_6.webp) + +Figure 12. The plug in short name within the Permissions tab. + +This will ensure on the endpoint that Firefox will perform the ALLOW command on that plugin for that +website, as shown in Figure 13. + +![permissions_and_pop_ups_7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_7.webp) + +Figure 13. The plug in is allowed in Firefox. + +To get plugin short names, you need to use a SQLLite browser, like http://sqlitebrowser.org/. Then, +do the following: + +**Step 1 –** Open the firefox permissions.sqllite database, as shown in Figure 14. + +**Step 2 –** Select the table "moz_perms." + +**Step 3 –** Locate the website and the type, as shown in Figure 14, to discover the short name. + +![permissions_and_pop_ups_8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/permissions_and_pop_ups_8.webp) + +Figure 14. Finding the plug in short name. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/preferences.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/preferences.md new file mode 100644 index 0000000000..4682a25767 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/preferences.md @@ -0,0 +1,99 @@ +--- +title: "Hiding Preferences Pages and Other Special Elements" +description: "Hiding Preferences Pages and Other Special Elements" +sidebar_position: 50 +--- + +# Hiding Preferences Pages and Other Special Elements + +Netwrix Endpoint Policy Manager (formerly PolicyPak) is able to hide many Firefox elements, +sometimes with only one click. + +Video: To see a video of Endpoint Policy Manager disabling various Firefox user interface (UI) pages +see +[Disable the following about:config, about:addons, pages, Developer Menu, and any Preferences in one click](/docs/endpointpolicymanager/video/applicationsettings/firefox/disable.md). + +For instance, you can select "Hide about:config UI" in the About:Config tab, as shown in Figure 32. + +![hiding_preferences_pages_and](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and.webp) + +Figure 32. Hiding the about:config page. + +Endpoint Policy Manager can hide the about:addons page UI with a checkbox in the Add-Ons: +Extensions, Appearance, Plugins, and Service page, as shown in Figure 33. + +![hiding_preferences_pages_and_1](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_1.webp) + +Figure 33. Hiding the about:addons page. + +Endpoint Policy Manager can allow you to hide the Australis menu in FireFox (seen in Figure 34) by +clicking the "Hide Australis button" in the Extras tab, as shown in Figure 35. Endpoint Policy +Manager can also provide you with the ability to disable the web developer menu and many other +special pages, as shown in Figure 35. + +![hiding_preferences_pages_and_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_2.webp) + +Figure 34. The Australis menu. + +![hiding_preferences_pages_and_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_3.webp) + +Figure 35. Disabling the web developer menu and other special pages. + +Note that some of the options specifically require that the settings be right-clicked and locked in +order to work. This means they must be deployed on the Computer side, because only Group Policy +Objects (GPOs) based on the Computer side can be locked with the Firefox AppSet. + +Lastly, Endpoint Policy Manager has another huge array of special things that can be hidden within +the About:Preferences tab, as shown in Figure 36. + +![hiding_preferences_pages_and_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_4.webp) + +Figure 36. Hiding preferences. + +The items on the left only require one click to get the expected response in Firefox. The special +box on the right can remove nearly every element in Firefox, but you need to know the special +element ID. + +Video: To see a video of Endpoint Policy Manager removing elements in about:prefrences, go to +[Firefox Remove Specific Elements from about:preferences panel](/docs/endpointpolicymanager/video/applicationsettings/firefox/removeelements.md). + +For instance, let's imagine you wanted to hide the element "Play DRM-controlled content" in the +Content section, as shown in Figure 37. In this example, we did a search for DRM rather than +navigate to it through the menus. + +![hiding_preferences_pages_and_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_5.webp) + +Figure 37. Hiding DRM-controlled content. + +Start by opening the Firefox web developer tools (press Ctrl + Shift + I) or select Options | +Developer | Toggle Tools, as shown in Figure 38. + +![hiding_preferences_pages_and_6](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_6.webp) + +Figure 38. Web developer menu. + +Then, as shown in Figure 39, click the selector icon all the way on the left side, then click the +"Play DRM content" element. The element will light up with a red dotted box, and in the Inspector +pane, you'll see the element ID. + +![hiding_preferences_pages_and_7](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_7.webp) + +Figure 39. Selecting the "Play DRM content" element. + +In this case, `checkbox id=" playDRMContent"`. Copy its value into the textbox in Firefox 23.0 +AppSet, as shown in Figure 40. You can also see another value, useMasterPassword, there as well to +show how multiple values are separated by commas. + +![hiding_preferences_pages_and_8](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_8.webp) + +Figure 40. Copying the value to the Firefox 23.0 textbox. + +**CAUTION:** All values are comma separated instead of being one per line. + +The result once Group Policy applies and Firefox is restarted is that the element is hidden. + +![hiding_preferences_pages_and_9](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/hiding_preferences_pages_and_9.webp) + +Figure 41. The DRM content setting is now hidden. + +Later, if the element ID is removed from the MMC, it will return back. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/specialfeatures.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/specialfeatures.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/specialfeatures.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/specialfeatures.md index 884ea2ffa3..cb1f8f83b1 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/specialfeatures.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/specialfeatures.md @@ -1,3 +1,9 @@ +--- +title: "Special Features in the Firefox AppSet" +description: "Special Features in the Firefox AppSet" +sidebar_position: 80 +--- + # Special Features in the Firefox AppSet There are some special features you might want to investigate. These are commonly requested features diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/specialsections.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/specialsections.md new file mode 100644 index 0000000000..e1e3bb969d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/specialsections.md @@ -0,0 +1,35 @@ +--- +title: "How to Use Special Sections" +description: "How to Use Special Sections" +sidebar_position: 10 +--- + +# How to Use Special Sections + +There are some special sections within the Firefox AppSet and most have pre-configured example +values listed for how to use that section. Many also let you specify the first line as: + +`MODE=REPLACE` or `MODE=MERGE` + +In Figure 2, you can see Permissions tab has the default example set with `MODE=REPLACE` and shows +some examples on how to use the special section. + +![how_to_use_special_sections](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/how_to_use_special_sections.webp) + +Figure 2. Site to Zone assignment special section. + +**NOTE:** If you leave the MODE line off, the default is MERGE. + +Here's what each mode does: + +`MODE=REPLACE`: This takes the existing settings on the machine, removes them, and replaces them +with these entries. Use `MODE=REPLACE` if you want to ensure your specific settings, regardless of +what the user already has. + +`MODE=MERGE`: This merges the settings a user already has manually placed there, with the entries +you have here. Use` MODE=MERGE` if you want to let users make changes, but also ensure that your +additions make it to their environment. + +Note that with some sections (like Bookmarks), MERGE is the only option and is not changeable. In +the next sections we'll explore each tab and highlight anything noteworthy with examples, tips, +tricks, and exceptions. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/uninstall.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/uninstall.md new file mode 100644 index 0000000000..d9abd48bc7 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/firefox/uninstall.md @@ -0,0 +1,16 @@ +--- +title: "UnInstalling the Endpoint Policy Manager Application Settings Manager Firefox Functionality" +description: "UnInstalling the Endpoint Policy Manager Application Settings Manager Firefox Functionality" +sidebar_position: 90 +--- + +# UnInstalling the Endpoint Policy Manager Application Settings Manager Firefox Functionality + +The Firefox add-on that Netwrix Endpoint Policy Manager (formerly PolicyPak) uses is installed the +first time the Firefox AppSet is used. The best (and only supported) way to uninstall the Firefox +add-on is to uninstall the Endpoint Policy Manager client-side extension (CSE) from within +"Add-Remove Programs." + +**CAUTION:** Simply stopping the use of the AppSet (by deleting the entry or unlinking the Group +Policy Object) isn't enough. The full CSE must be uninstalled to remove all of Endpoint Policy +Manager's Firefox functionality. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/_category_.json new file mode 100644 index 0000000000..1998f21add --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Internet Explorer AppSet", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/normalsections.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/normalsections.md similarity index 88% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/normalsections.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/normalsections.md index da904af286..ac0629be07 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/normalsections.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/normalsections.md @@ -1,3 +1,9 @@ +--- +title: "Normal Sections in the IE AppSet" +description: "Normal Sections in the IE AppSet" +sidebar_position: 10 +--- + # Normal Sections in the IE AppSet In the normal sections of the IE AppSet, you can click on items to select a setting. However, the IE diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/overview.md new file mode 100644 index 0000000000..654f69861b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/overview.md @@ -0,0 +1,39 @@ +--- +title: "Internet Explorer AppSet" +description: "Internet Explorer AppSet" +sidebar_position: 100 +--- + +# Internet Explorer AppSet + +This document will help you to understand how to use the AppSet named "Microsoft Internet Explorer 8 +and Later for Windows 7 and Later" (IE AppSet). + +**NOTE:** There are also some older IE AppSets, which should no longer be used. + +This AppSet has some special super powers that you won't find in other AppSets. These super powers +require that the PolicyPak Application Settings Manager CSE version 707 or later be installed on the +client. Only use this document after you have already read and worked through Book 3: Application +Settings Manager and have successfully tested "Winzip 14" or an example application. The IE AppSet +is not any different, from a supportability perspective, from other AppSets. For more information +about PolicyPak's support for AppSets, see the PolicyPak EULA. + +This AppSet is no different than other AppSets, in that it can be placed into Local, Shared, or +Central storage. (See Book 3: Application Settings Manager for details.) Once placed into the +storage location, it will be available under the Application Settings Manager, as shown in Figure 1. + +![about_this_document_and_the](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/about_this_document_and_the.webp) + +Figure 1. The IE AppSet. + +The AppSet may be used on the User or Computer side just like all other AppSets. However, this +AppSet is unique for several reasons: + +- Its name is "Microsoft Internet Explorer 8 and Later for Windows 7 and Later," which means that it + will work for IE 8, 9, 10, and 11 when the machine is Windows 7, Windows 8, or Windows 8.1. It + will even work on a server. +- This AppSet uses some special data types which can be seen if you open the AppSet using the + PolicyPak DesignStudio (advanced). + +Video: To get started with the IE AppSet, use this video: +[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-internet-explorer-getting-started.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-internet-explorer-getting-started.html) diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/specialsections.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/specialsections.md new file mode 100644 index 0000000000..1a5eaf0443 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/specialsections.md @@ -0,0 +1,35 @@ +--- +title: "How to Use Special Sections" +description: "How to Use Special Sections" +sidebar_position: 20 +--- + +# How to Use Special Sections + +Most special sections have some pre-configured example values listed for you as examples on how to +use that section. Many also let you specify the first line as: + +``` +MODE=REPLACE or MODE=MERGE +``` + +In Figure 3, you can see the Site to Zone Assignment in the Security tab has the default example set +with MODE=REPLACE. The figure also shows some examples on how to use the special section. + +![how_to_use_special_sections](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/how_to_use_special_sections.webp) + +Figure 3. Using the Site to Zone Assignment special section. + +**NOTE:** If you leave the MODE line off, the default is MERGE. + +Here's what each mode does: + +- `MODE=REPLACE`: This takes the existing settings on the machine, removes them, and replaces them + with these entries. Use MODE=REPLACE if you want to ensure your specific settings, regardless of + what the user already has. +- `MODE=MERGE`: This merges the settings a user has already manually placed there, with the entries + you have here. Use MODE=MERGE if you want to let users make changes, but also ensure that your + additions make it to their environment. + +In the next sections, we'll explore each tab and highlight anything noteworthy with examples, tips +and tricks, and exceptions. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/_category_.json new file mode 100644 index 0000000000..6f09f2b1ad --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "IE AppSet Tabs", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/advanced.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/advanced.md new file mode 100644 index 0000000000..168f8b9f82 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/advanced.md @@ -0,0 +1,20 @@ +--- +title: "Advanced Tab" +description: "Advanced Tab" +sidebar_position: 80 +--- + +# Advanced Tab + +The Advanced tab has a lot of settings, and varies from version to version of IE. You can see the +Advanced tab in IE 11 in Figure 27. + +![ie_appset_tab_by_tab_23](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_23.webp) + +Figure 27. The IE Advanced tab. + +Almost all of these settings are configurable in the IE AppSet, as shown in Figure 28. + +![ie_appset_tab_by_tab_24](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_24.webp) + +Figure 28. Configuring IE settings in the Advanced tab. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/compatibilityview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/compatibilityview.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/compatibilityview.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/compatibilityview.md index bce33dbe5c..504234b8b9 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/compatibilityview.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/compatibilityview.md @@ -1,3 +1,9 @@ +--- +title: "Compatibility View Tab" +description: "Compatibility View Tab" +sidebar_position: 100 +--- + # Compatibility View Tab Internet Explorer's Compatibility View tab lets you specify which websites go into a Compatibility diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/connections.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/connections.md similarity index 92% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/connections.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/connections.md index a234eac34a..d293e840b2 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/connections.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/connections.md @@ -1,3 +1,9 @@ +--- +title: "Connections Tab" +description: "Connections Tab" +sidebar_position: 50 +--- + # Connections Tab Video: For a quick overview of how to manage the Connections tab using Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/content.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/content.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/content.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/content.md index dab2449fee..90fa0ec652 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/content.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/content.md @@ -1,3 +1,9 @@ +--- +title: "Content Tab" +description: "Content Tab" +sidebar_position: 40 +--- + # Content Tab Video: For a quick overview of how to manage the Content tab using Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/enterprisemode.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/enterprisemode.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/enterprisemode.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/enterprisemode.md index 19379aa44a..0e77844bc2 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/enterprisemode.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/enterprisemode.md @@ -1,3 +1,9 @@ +--- +title: "Enterprise Mode" +description: "Enterprise Mode" +sidebar_position: 110 +--- + # Enterprise Mode Video: For a quick overview of how to manage IE Enterprise Mode using Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/extras.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/extras.md new file mode 100644 index 0000000000..e2abe54f81 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/extras.md @@ -0,0 +1,127 @@ +--- +title: "Extras Tab" +description: "Extras Tab" +sidebar_position: 90 +--- + +# Extras Tab + +Video: For a quick overview of how to manage certificates in IE using Endpoint Policy Manager +Application Settings Manager see the following video: +[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-certificates.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-certificates.html). + +The Extras tab in the IE AppSet enables you to do the following: + +- Set Menu bar icons +- Set custom support page URL (versions of IE prior to IE 10) +- Set custom title bar (versions of IE prior to IE 10) +- Manage certificates + +**NOTE:** Endpoint Policy Manager can only deploy binary/DER type certificates. If you need to +convert an existing certificate to DER format, please see the section, "Exporting Certificates to +the Binary-Encoded DER Format." + +Examples of IE certificates are shown in Figure 29. + +![ie_appset_tab_by_tab_25](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_25.webp) + +Figure 29. IE Certificates. + +IE has the following locations to specify certificates: + +- Personal +- Other people +- Intermediate certification authorities +- Trusted root certification authorities +- Trusted publishers +- Untrusted publishers + +You can use the IE AppSet to add or remove certificates from those locations using the following +format, as shown in Figure 30: + +``` +File Location, Certificate Store, add +or +Thumbprint, Certificate Store, remove +``` + +![ie_appset_tab_by_tab_26](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_26.webp) + +Figure 30. Adding or removing IE certificates. + +## Adding Certificates using the IE AppSet + +To add a certificate using the IE AppSet, the file must be located at `\\server\share `or a local +location like `c:\Certificates`. Endpoint Policy Manager then accesses the file in that location and +determines which certificate store you want to put it in. The available stores and the corresponding +word to specify within Endpoint Policy Manager can be seen in Table 1. + +Table 1: Certificate stores and corresponding terms. + +| IE Certificate Store | Word to specify in Endpoint Policy Manager AppSet | | +| -------------------------------------- | ------------------------------------------------- | ------------------------ | +| User store | Machine Store | | +| Personal | Personal | Machine\Personal | +| Other People | AddressBook | Machine\AddressBook | +| Intermediate Certification Authorities | CA | Machine\CA | +| Trusted Root Certification Authorities | Root | Machine\Root | +| Trusted Publishers | TrustedPublisher | Machine\TrustedPublisher | +| Untrusted Publishers | Disallowed | Machine\Disallowed | + +**CAUTION:** Not all certificate types will work in all locations for IE certificates. + +The following line would look for a file named certificate.pfx on `\\DC\Share` and add it to the +Personal certificate store: `\\DC\Share\certificate.pfx, personal, add`. + +By default, certificates are added to and removed from the certificate store of the current user. +Prepend any store name with `Machine\` if you want to add or remove a certificate from the machine +store. For example, the following line would would add a certificate to Intermediate Certification +Authorities of the current user: `\\DC\Share\CA.cer, CA, add`, while the next line would add a +certificate to Intermediate Certification Authorities of the machine, meaning that all users on the +machine will get it: `\\DC\Share\CA.cer, Machine\CA, add`. + +**NOTE:** Non-elevated users are not allowed to remove certificates from the machine store, so you +can use `Machine\{Store Name}` to ensure certificates are delivered to everyone and cannot be +removed by users. + +## Removing Certificates using the IE AppSet + +To remove certificates using the IE AppSet, you must know the thumbprint for the certificate you +want to remove. You can find the thumbprint within IE by viewing the details for a certificate and +selecting the thumbprint, as shown in Figure 31. Then, you can copy and paste it into the AppSet. + +![ie_appset_tab_by_tab_27](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_27.webp) + +Figure 31. Details and thumbprints of certificates in IE. + +The format of the text to remove the certificate should include the thumbprint with spaces, a comma, +the certificate store word from the table above, and the word remove: + +``` +da 8f 1a 48 0b 43 93 01 fe 07 40 dc 9d d5 bb 78 9e 00 81 01, CA, remove +``` + +As with adding a certificate, you can prepend the store word with `Machine\` to remove a certificate +from the machine store: + +``` +da 8f 1a 48 0b 43 93 01 fe 07 40 dc 9d d5 bb 78 9e 00 81 01, Machine\CA, remove +``` + +## Exporting Certificates to the Binary-Encoded DER Format + +Endpoint Policy Manager can only work with binary-formatted/DER certificates. If you have a +certificate of another type, you may import it first into Internet Explorer. Then you can +immediately export it as a DER file, as shown in Figure 32. + +![ie_appset_tab_by_tab_28](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_28.webp) + +Figure 32. Exporting a certificate as a DER file. + +You can optionally perform the same type of export by finding the file itself in Explorer, +navigating to the Details tab, and then clicking on the "Copy to File..." button and selecting +"`DER encoded binary X.509 (CER)`," as shown in Figure 33. + +![ie_appset_tab_by_tab_29](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/firefox/certificate/certificates_5.webp) + +Figure 33. Exporting a certificate using the "Copy to File..." button. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/favoriteslinks.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/favoriteslinks.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/favoriteslinks.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/favoriteslinks.md index 70f697ac0e..1f41f0ceee 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/favoriteslinks.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/favoriteslinks.md @@ -1,3 +1,9 @@ +--- +title: "Favorites and Links" +description: "Favorites and Links" +sidebar_position: 70 +--- + # Favorites and Links Video: For a quick overview of how to manage Favorites in IE using Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/general.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/general.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/general.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/general.md index c94a9477c7..f0d1e6ff01 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/general.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/general.md @@ -1,3 +1,9 @@ +--- +title: "General Tab" +description: "General Tab" +sidebar_position: 10 +--- + # General Tab Video: For a quick overview of how to manage the General tab using Netwrix Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/overview.md new file mode 100644 index 0000000000..33e8dd21ca --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/overview.md @@ -0,0 +1,9 @@ +--- +title: "IE AppSet Tabs" +description: "IE AppSet Tabs" +sidebar_position: 30 +--- + +# IE AppSet Tabs + +In this section, we will look at each IE tab and the tab in the IE AppSet that controls it. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/privacy.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/privacy.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/privacy.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/privacy.md index c84e75c852..38163c81be 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/privacy.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/privacy.md @@ -1,3 +1,9 @@ +--- +title: "Privacy Tab" +description: "Privacy Tab" +sidebar_position: 30 +--- + # Privacy Tab Video: For a quick overview of how to manage the Privacy tab using Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/programs.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/programs.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/programs.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/programs.md index 994ca0ee03..8bee3a8092 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/programs.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/programs.md @@ -1,3 +1,9 @@ +--- +title: "Programs Tab" +description: "Programs Tab" +sidebar_position: 60 +--- + # Programs Tab Video: For a quick overview of how to manage the Programs tab using Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/security.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/security.md new file mode 100644 index 0000000000..71f5ef9dcb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/internetexplorer/tab/security.md @@ -0,0 +1,51 @@ +--- +title: "Security Tab" +description: "Security Tab" +sidebar_position: 20 +--- + +# Security Tab + +Video: For a quick overview of how to manage the Security tab using Endpoint Policy Manager +Application Settings Manager, see the following video: +[http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-security.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-manage-ie-security.html). + +The Security tab lets you set levels for all four zone types. The dialog within IE can be seen in +Figure 6. + +![ie_appset_tab_by_tab_2](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_2.webp) + +Figure 6. Custom security settings for all four zone types. + +Using the Endpoint Policy Manager IE AppSet, click on "Set Level" for the corresponding zone and +select your level (or select "Custom"). Do not set any custom settings when you select a standard +option from the drop-down menu, such as Medium, Medium High, etc. + +![ie_appset_tab_by_tab_3](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_3.webp) + +Figure 7. Custom settings for the local intranet zone. + +Internet Explorer has a rich way of adding site to zone assignments, as shown in Figure 8. + +![ie_appset_tab_by_tab_4](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_4.webp) + +Figure 8. Adding site to zone assignments in Internet Explorer. + +The IE AppSet Security tab Site to Zone Assignment is shown in Figure 9. + +![ie_appset_tab_by_tab_5](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/internetexplorer/tab/ie_appset_tab_by_tab_5.webp) + +Figure 9. Setting site to zone assignments in the IE Pak. + +On the first line, you can specify `MODE=REPLACE` or `MODE=MERGE`. If you don't specify, the default +is `MODE=MERGE`. All other lines should take the form of`http://`or` https://` followed by a comma +and one of the following words: + +- intranet +- internet +- trusted +- untrusted +- remove + +This will deliver the web page into the corresponding zone or remove the web page from any zone if +"remove" is specified. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/_category_.json new file mode 100644 index 0000000000..b9c3f8f67d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Modes", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/acllockdown.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/acllockdown.md new file mode 100644 index 0000000000..79b3a41904 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/acllockdown.md @@ -0,0 +1,71 @@ +--- +title: "ACL Lockdown™ Mode" +description: "ACL Lockdown™ Mode" +sidebar_position: 50 +--- + +# ACL Lockdown™ Mode + +**NOTE:** For a demonstration of the ACL Lockdown™ Mode feature, please see this video: +[ACL Lockdown for Registry Based Applications](/docs/endpointpolicymanager/video/applicationsettings/acllockdown.md). + +ACL Lockdown mode can be seen when you right-click a setting within an AppSet (see Figure 34). + +![policypak_application_settings_1_13](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_13.webp) + +Figure 34. Selecting the ACL Lockdown setting. + +This is a very powerful Endpoint Policy Manager Application Settings Manager feature; it increases +your application's security. When it is selected, two things occur: + +- This mode prevents any changes to the application—even while the application is running. Note that + this is true for most (but not all) applications. Exceptions and problems are usually noted in the + AppSet's readme file. +- While the application is not running, clever "power users" cannot work around your settings by + manually changing them in the Registry or files. + +When ACL Lockdown™ mode is selected on a Endpoint Policy Manager Application Settings Manager +element, Endpoint Policy Manager Application Settings Manager will take ownership of the portion of +the user's Registry or files involved in the application. + +This literally prevents users (or other applications) from modifying your setting. It gives your +application a steady state where users are not permitted to work around your settings (whether +they're online or offline, or the machine is running or not running). + +When you select "Perform ACL Lockdown" using Endpoint Policy Manager Application Settings Manager, +Endpoint Policy Manager Application Settings Manager will automatically figure out which additional +elements within the ApSet share the same file or Registry container. + +For instance, in WinZip, if you right-click "Minimum password length" and select "Perform ACL +Lockdown," Endpoint Policy Manager will automatically select it for all other items in the AppSet +that share the same location in the Registry (see Figure 35). If you right-click any of the +checkboxes in the Passwords tab, you can see that "Perform ACL Lockdown" will be already checked, +because all the elements on this page are within the same portion of the Registry. + +![policypak_application_settings_1_14](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_14.webp) + +Figure 35. With "Perform ACL Lockdown" selected, all password options are automatically checked. + +However, clicking on another tab—such as Cameras—and right-clicking a setting will show that +"Perform ACL Lockdown" is not set (see Figure 36). + +![policypak_application_settings_1_15](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_15.webp) + +Figure 36. If other tabs are selected, "Perform ACL Lockdown" will not be set. + +This is because the items within the Cameras tab are located in a different place in the Registry +than the items in the Passwords tab. + +To reiterate, if an application's data is stored in a file, then usually ALL items within the AppSet +will be locked when "Perform ACL Lockdown" is selected. In the example shown in Figure 37, "Perform +ACL Lockdown" is selected for one Firefox setting. + +![policypak_application_settings_1_16](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_16.webp) + +Figure 37. "Perform ACL Lockdown" is selected for one Firefox setting. + +However, because all the settings within Firefox are stored in the same file, they will be +uneditable by the end user. + +When the GPO no longer applies, the ACL Lockdown settings that were originally on the Registry or on +the files are returned to the state they were in before Endpoint Policy Manager took ownership. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/applock.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/applock.md new file mode 100644 index 0000000000..5d4d8c0e64 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/applock.md @@ -0,0 +1,50 @@ +--- +title: "AppLock™ Modes" +description: "AppLock™ Modes" +sidebar_position: 40 +--- + +# AppLock™ Modes + +Endpoint Policy Manager Application Settings Manager AppLock™ is a patent-pending technology that +enables administrators to truly lock down their applications so users cannot work around the +configured settings. For example, in an earlier example we were able to hide all the settings in the +Cameras tab for WinZip. + +**NOTE:** Endpoint Policy Manager Application Settings Manager AppLock™ modes are only available +when you utilize Endpoint Policy Manager DesignStudio Capture Wizard to capture an existing user +interface from an application. If you use Endpoint Policy Manager DesignStudio and design your own +interface from scratch, Endpoint Policy Manager DesignStudio won't capture the original +user-interface (UI); therefore, it has no ability to lock it down. Note that not every UI is +capturable, and not every capturable UI is able to be locked down. See Appendix B: Endpoint Policy +Manager Application Settings Manager DesignStudio Guide for more information. + +There are three Endpoint Policy Manager Application Settings Manager AppLock™ modes. + +- "Hide corresponding control in target application." This removes the corresponding control in the + application from the users' view so users cannot see that there is an element present. +- "Disable corresponding control in target application." This disables (grays out) the corresponding + control in the application. In this mode, users will be able to see the element but will not be + able to configure or manipulate the setting. +- "Force display of this control in target application." This should be used when you want to + restore a setting. This can be used by an upper-level domain admin, along with the Group Policy + Enforced property, on the GPO itself. This can ensure that a lower-level admin cannot permanently + lock out the UI of an application. + +If you right-click on any tab, you'll find two more settings. + +- "Disable whole tab in target application." This disables (grays out) the entire corresponding tab + in the application. Users will be able to see the tab, but they will not be able to access the + contents of the tab to manipulate any settings within that tab. +- "Force display of whole tab in target application." This should be used when you want to restore a + tab in the UI. This can be used by an upper-level domain admin, along with the Group Policy + Enforced property, on the GPO's link. This can ensure that a lower-level admin cannot permanently + lock out the UI of an application. + +Figures 28, 30, and 32 illustrate the selection process for the various settings that can be +enforced. Figures 29, 31, and 33 show the results of the settings on the target machines. + +| ![policypak_application_settings_1_7](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_7.webp) Figure 28. Endpoint Policy Manager Application Settings Manager Applock™ hide mode. | ![policypak_application_settings_1_8](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_8.webp) Figure 29. The corresponding control in the target application has been hidden. | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| ![policypak_application_settings_1_9](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_9.webp) Figure 30. Endpoint Policy Manager Application Settings Manager Applock™ disable mode. | ![policypak_application_settings_1_10](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_10.webp) Figure 31. The corresponding control in the target application has been grayed out. | +| ![policypak_application_settings_1_11](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_11.webp) Figure 32. In the Group Policy Editor, right-click below the tab you wish to disable, as seen here. | ![policypak_application_settings_1_12](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_12.webp) Figure 33. The target tab, Cameras, has been grayed out. Users cannot click it to see or modify any elements within this tab. | diff --git a/docs/endpointpolicymanager/applicationsettings/modes/deliversettingsvalues.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/deliversettingsvalues.md similarity index 95% rename from docs/endpointpolicymanager/applicationsettings/modes/deliversettingsvalues.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/deliversettingsvalues.md index ee8b91972e..d017122650 100644 --- a/docs/endpointpolicymanager/applicationsettings/modes/deliversettingsvalues.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/deliversettingsvalues.md @@ -1,3 +1,9 @@ +--- +title: "Delivering Settings and Values" +description: "Delivering Settings and Values" +sidebar_position: 10 +--- + # Delivering Settings and Values In the previous section, we placed a check inside the "at least one symbol character diff --git a/docs/endpointpolicymanager/applicationsettings/modes/enforcement.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/enforcement.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/modes/enforcement.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/enforcement.md index 6899878086..1889482bbe 100644 --- a/docs/endpointpolicymanager/applicationsettings/modes/enforcement.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/enforcement.md @@ -1,3 +1,9 @@ +--- +title: "Enforcement Modes" +description: "Enforcement Modes" +sidebar_position: 20 +--- + # Enforcement Modes When actions are set for an element (using Endpoint Policy Manager DesignStudio), enforcement modes diff --git a/docs/endpointpolicymanager/applicationsettings/modes/mouseshortcuts.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/mouseshortcuts.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/modes/mouseshortcuts.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/mouseshortcuts.md index 2026320c2e..95c218c6d1 100644 --- a/docs/endpointpolicymanager/applicationsettings/modes/mouseshortcuts.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/mouseshortcuts.md @@ -1,3 +1,9 @@ +--- +title: "Special Mouse Shortcuts for Quick Enforcement of Modes" +description: "Special Mouse Shortcuts for Quick Enforcement of Modes" +sidebar_position: 60 +--- + # Special Mouse Shortcuts for Quick Enforcement of Modes The Endpoint Policy Manager Application Settings Manager user interface has several shortcuts to diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/overview.md new file mode 100644 index 0000000000..2ae21a4314 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/overview.md @@ -0,0 +1,42 @@ +--- +title: "Modes" +description: "Modes" +sidebar_position: 20 +--- + +# Modes + +If you used the Quick Start guides, you now have a feel for some of the special modes in Endpoint +Policy Manager Application Settings Manager. Endpoint Policy Manager Application Settings Manager +modes are available on a per-attribute basis, which provides for excellent flexibility when deciding +which elements to configure, enforce, and even disable or hide. + +**NOTE:** To see an overview of the Enforcement modes, watch this quick tutorial video: +[https://www.endpointpolicymanager.com/video/endpointpolicymanager-the-superpowers.html](http://tinyurl.com/screenshotpilot). + +**NOTE:** To see an overview of ACL Lockdown™ mode, watch this tutorial: +[https://www.endpointpolicymanager.com/video/endpointpolicymanager-acl-lockdown-for-registry-based-applications.html](https://support.microsoft.com/en-us/kb/3087759). + +In Figure 22, you can see which modes are available when right-clicking a Endpoint Policy Manager +Application Settings Manager attribute with settings data inside. + +![policypak_application_settings_1_1](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_1.webp) + +Figure 22. The modes available in Endpoint Policy Manager Application Settings Manager. + +Let's examine the areas of control for an element, as seen in Figure 23. You can see we've +highlighted the following modes: + +- Enforcement modes +- Reversion mode +- Endpoint Policy Manager Application Settings Manager ACL Lockdown™ mode +- Endpoint Policy Manager Application Settings Manager Applock™ modes + +![policypak_application_settings_1_2](/img/product_docs/endpointpolicymanager/applicationsettings/modes/endpointpolicymanager_application_settings_1_2.webp) + +Figure 23. The areas of control for an element. + +**NOTE:** There is a special AppLock mode that you can apply to the entire tab to disable it. We'll +discuss this in the "AppLock Modes" section. + +We first need to discuss how to set and deliver settings and values. diff --git a/docs/endpointpolicymanager/applicationsettings/modes/reversion.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/reversion.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/modes/reversion.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/reversion.md index ba3210c90b..65309b0868 100644 --- a/docs/endpointpolicymanager/applicationsettings/modes/reversion.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/reversion.md @@ -1,3 +1,9 @@ +--- +title: "Reversion Mode" +description: "Reversion Mode" +sidebar_position: 30 +--- + # Reversion Mode The second set of options on an element dictates the reversion mode, or the policy removal options. diff --git a/docs/endpointpolicymanager/applicationsettings/modes/settingsdeliveryreinforcementoptions.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/settingsdeliveryreinforcementoptions.md similarity index 98% rename from docs/endpointpolicymanager/applicationsettings/modes/settingsdeliveryreinforcementoptions.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/settingsdeliveryreinforcementoptions.md index f21fab55ea..5cbd713d4d 100644 --- a/docs/endpointpolicymanager/applicationsettings/modes/settingsdeliveryreinforcementoptions.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/settingsdeliveryreinforcementoptions.md @@ -1,3 +1,9 @@ +--- +title: "Settings Delivery and Reinforcement Options" +description: "Settings Delivery and Reinforcement Options" +sidebar_position: 80 +--- + # Settings Delivery and Reinforcement Options When the client is online and able to make contact with a domain controller, Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/applicationsettings/modes/switched.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/switched.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/modes/switched.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/switched.md index 7396abea6b..d41533c37c 100644 --- a/docs/endpointpolicymanager/applicationsettings/modes/switched.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/modes/switched.md @@ -1,3 +1,9 @@ +--- +title: "Switched Mode" +description: "Switched Mode" +sidebar_position: 70 +--- + # Switched Mode Endpoint Policy Manager Application Settings Manager has a special mode, called Switched mode, which diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/overview.md new file mode 100644 index 0000000000..2124de0290 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/overview.md @@ -0,0 +1,38 @@ +--- +title: "Application Settings Manager" +description: "Application Settings Manager" +sidebar_position: 10 +--- + +# Application Settings Manager + +Quick Start with Preconfigured AppSets + +Before reading this section, please ensure you have read Book 2: Installation and Quick Start, which +will help you learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section in Appendix A: Advanced Concepts +on Group Policy and non–Group Policy methods (MEMCM, KACE, and MDM service or Netwrix Endpoint +Policy Manager (formerly PolicyPak) Cloud) to deploy your directives. + +Endpoint Policy Manager Application Settings Manager is one of the Endpoint Policy Manager +components. Its job is to help you configure, manage, lock down, and remediate your desktop +applications. It ships with hundreds of preconfigured AppSets (previously referred to as +AppSets)—ready to use. + +Some of our most popular AppSets are for use with: + +- Firefox +- Chrome +- Internet Explorer +- Adobe products +- Microsoft products + +You can find the latest versions of our AppSets on our website at +[http://www.endpointpolicymanager.com/products/endpointpolicymanager-preconfigured-paks.html](http://www.endpointpolicymanager.com/videos/sn6j7q1clmq.html). +Most AppSets have corresponding videos with examples showing you how to use the AppSets. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/overview_1.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/overview_1.md new file mode 100644 index 0000000000..f5e4dc8d3d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/overview_1.md @@ -0,0 +1,92 @@ +--- +title: "Backup, Restore, and XML Export and Import" +description: "Backup, Restore, and XML Export and Import" +sidebar_position: 50 +--- + +# Backup, Restore, and XML Export and Import + +In this section, we're going to learn about how to backup and restore with regards to Netwrix +Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager and understand how +Endpoint Policy Manager Application Settings Manager performs Group Policy reporting. + +Let's recall the three pieces that constitute Endpoint Policy Manager Application Settings Manager: + +- The pXML file created using Endpoint Policy Manager DesignStudio. This is your source file that + defines your AppSet. +- The Endpoint Policy Manager extension DLL. This is the output after you compile your pXML file, + which enables you to see your AppSet inside the group policy object (GPO). +- The Endpoint Policy Manager Application Settings Manager data that is stored in the GPO. This + defines the precise settings inside your GPO. + +## Backup and Restore + +**NOTE:** Video: For an overview video of how to backup and restore, please see this +video:[Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md). + +The three pieces that constitute Endpoint Policy Manager Application Settings Manager should be +backed up in case of loss, failure, overwriting, or some other damage. Below, we describe some +suggested best practices for backing up your files. + +The pXML files you create with the Endpoint Policy Manager DesignStudio should be placed in a secure +place and be available in case of loss or damage. These are only text (XML) files and can be easily +stored. Be sure to have backups of these files in case of an emergency. Treat them like any other +important document in your company. + +The Endpoint Policy Manager extension DLLs are best placed in the Central Storage. These files are +then replicated to all domain controllers and are available for use when administrators roam from +machine to machine creating GPOs. However, these should also be backed up and stored in a secure +place where they can be available in case the Central Storage is damaged or someone deletes a +Endpoint Policy Manager extension DLL from it. These files are usually quite small and can be easily +stored. + +The Endpoint Policy Manager Application Settings Manager data inside a GPO is backed up and restored +with normal GPMC backup procedures, as seen in Figure 90. + +![backup_restore_and_xml_export](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/backup_restore_and_xml_export.webp) + +Figure 90. Backing up data with normal GPMC backup procedures. + +If a GPO is ever deleted, its data can be quickly restored using the GPMC's "Manage Backups" option, +also seen in Figure 89. + +When restoring, the Endpoint Policy Manager Application Settings Manager data and all the modes +(Enforcement, Reversion, and Endpoint Policy Manager AppLock™) are restored. + +## Settings for XML Export and Import + +**NOTE:** For an overview of exporting and importing settings, please see this video: +[Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) +(at the 2 minute and 50 second mark). + +The exact settings you specified inside an AppSet within a GPO can be exported and imported. This +might be useful if you have to test out different scenarios (perhaps again and again) but don't want +to start fresh every time with the defaults you set within the AppSet. You might also want to +configure a group of settings within an AppSet and share those exact settings with another +administrator for later implementation. + +The idea of exporting is simple: use your AppSet, set your settings, click on the Options button, +and then select "Export" to export the data, as seen in Figure 91. + +![backup_restore_and_xml_export_1](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/backup_restore_and_xml_export_1.webp) + +Figure 91. The exact settings you specified inside a Pak within a GPO can be exported and, later, +imported by selecting one of these options. + +You will be prompted for a location to save your data. Be sure to give a name that makes sense for +your AppSet, configuration scenario, or test case. Note that the file is an XML file and can only be +used to import data into the same (or very similarly configured) AppSet. It cannot be loaded into +the Endpoint Policy Manager DesignStudio or used for any other purpose. + +When you're ready, you can reverse the process by using the Endpoint Policy Manager | Import +function to import your previously exported settings. Note that an import will only change elements +that are defined within the XML you are importing. That is, the import process may overwrite some +existing values, and it may also leave existing values alone. Again, only values defined in the XML +are changed upon import. + +**NOTE:** Exporting settings in XML is different than XML data export, which is described in +Appendix A: Using Endpoint Policy Manager with MDM and UEM Tools. Use "Exporting Directives as XML +Data Files" to export settings to save or reload into Group Policy Objects. Use XML data export +(Appendix A) to deploy Endpoint Policy Manager settings without using Group Policy Objects, for +instance, with use of Microsoft Endpoint Configuration Manager, Endpoint Policy Manager MDM or +Endpoint Policy Manager Cloud. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/_category_.json new file mode 100644 index 0000000000..b542366e6a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Quick Start With Preconfigured AppSets", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/acllockdown.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/acllockdown.md new file mode 100644 index 0000000000..31c4b4099e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/acllockdown.md @@ -0,0 +1,63 @@ +--- +title: "Locking Down the Use of Application Settings Manager ACL Lockdown™" +description: "Locking Down the Use of Application Settings Manager ACL Lockdown™" +sidebar_position: 50 +--- + +# Locking Down the Use of Application Settings Manager ACL Lockdown™ + +In the example above, we changed some values, closed the application, and reopened it. We also saw +that PolicyPak Application Settings Manager automatically remediated the application's settings +again at relaunch. + +In addition, Endpoint Policy Manager Application Settings Manager can perform ACL Lockdown™. + +**NOTE:** To see Endpoint Policy Manager Application Settings Manager ACL Lockdown™ in action, +watch this video: +[https://www.endpointpolicymanager.com/video/endpointpolicymanager-acl-lockdown-for-registry-based-applications.html](http://www.endpointpolicymanager.com/videos/bypassing-internal-item-level-targeting-filters.html). + +ACL stands for Windows's Access Control List. ACLs are a built-in operating system function that +performs true lockout on sections of the Registry and files. With Endpoint Policy Manager +Application Settings Manager ACL Lockdown™ enabled, users literally cannot make or keep changes in +the effected pieces of the application. + +**Step 1 –** To see ACL Lockdown in action, let's go back into the GPO and turn it on. To do this, +right-click "at least one lower case character (a-z)" and select "Perform ACL Lockdown," as seen in +Figure 14. + +![policypak_application_settings_13](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/endpointpolicymanager_application_settings_13.webp) + +Figure 14. Selecting the "Perform ACL Lockdown" setting. + +**Step 2 –** When you perform ACL Lockdown on one setting, the same portion of the Registry (or file +system) might contain more than one setting. For instance, all the items in the Passwords tab are +located in the same place in the Registry. Therefore, if you were to right-click any other setting +in the Passwords tab, you'll see that "Perform ACL Lockdown" is automatically checked for those +settings, as well. + +On the client machine + +- ensure WinZip is closed, +- run `GPupdate `(or log off and log back on) to get the new "signal" that you want to test ACL + Lockdown™, and +- rerun WinZip. + +**Step 3 –** ACL Lockdown is now working while the application is running. Now, go back to WinZip's +Options, select the Passwords tab, and uncheck the two checkboxes that are available, as shown in +Figure 15. Then click OK. + +![policypak_application_settings_14](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/endpointpolicymanager_application_settings_14.webp) + +Figure 15. The Passwords tab in WinZip Options. + +**Step 4 –** After that's done, immediately go back to Options and select the Passwords tab again. +Figure 16 shows that the user's desired changes did not take effect because Endpoint Policy Manager +Application Settings Manager has used ACL Lockdown™ to perform the lockout of the settings. + +![policypak_application_settings_15](/img/product_docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/endpointpolicymanager_application_settings_15.webp) + +Figure 16. Using ACL Lockdown, the user's changes have not taken effect because the settings have +been locked. + +For more information on ACL Lockdown™, see section, "ACL Lockdown™ Mode," in the next major +section in the manual. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/automaticreapplicationchanges.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/automaticreapplicationchanges.md similarity index 90% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/automaticreapplicationchanges.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/automaticreapplicationchanges.md index 891c01b7b9..656a8ae48a 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/automaticreapplicationchanges.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/automaticreapplicationchanges.md @@ -1,3 +1,9 @@ +--- +title: "Automatic Reapplication of Changes" +description: "Automatic Reapplication of Changes" +sidebar_position: 40 +--- + # Automatic Reapplication of Changes **Step 1 –** Now, let's simulate what would happen if the user works around some set changes. In diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/leverageexisting.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/leverageexisting.md similarity index 92% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/leverageexisting.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/leverageexisting.md index dfa30fcec9..9913f6ba82 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/leverageexisting.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/leverageexisting.md @@ -1,3 +1,9 @@ +--- +title: "Leveraging an Existing Preconfigured AppSet" +description: "Leveraging an Existing Preconfigured AppSet" +sidebar_position: 10 +--- + # Leveraging an Existing Preconfigured AppSet For this first Quickstart test and example, we urge you to use the preconfigured Endpoint Policy diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/revertappset.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/revertappset.md similarity index 96% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/revertappset.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/revertappset.md index f0e1263340..2c411f928f 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/revertappset.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/revertappset.md @@ -1,3 +1,9 @@ +--- +title: "revertappset" +description: "revertappset" +sidebar_position: 60 +--- + ## Reverting the AppSet Let's simulate what would happen if the user changes job roles or the GPO is no longer applied. diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/specialnotes.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/specialnotes.md similarity index 93% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/specialnotes.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/specialnotes.md index 069af41b25..58352fa21d 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/specialnotes.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/specialnotes.md @@ -1,3 +1,9 @@ +--- +title: "Special Notes about the FireFox AppSet, Thunderbird AppSet, Java AppSet, and Internet Explorer AppSet" +description: "Special Notes about the FireFox AppSet, Thunderbird AppSet, Java AppSet, and Internet Explorer AppSet" +sidebar_position: 70 +--- + # Special Notes about the FireFox AppSet, Thunderbird AppSet, Java AppSet, and Internet Explorer AppSet Firefox, Thunderbird, and Java preconfigured AppSets all support user-interface (UI) lockout, diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/testapplication.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/testapplication.md similarity index 97% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/testapplication.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/testapplication.md index c9e21a0042..bf62f9c457 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/testapplication.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/testapplication.md @@ -1,3 +1,9 @@ +--- +title: "Testing the Application of a Preconfigured AppSet" +description: "Testing the Application of a Preconfigured AppSet" +sidebar_position: 20 +--- + # Testing the Application of a Preconfigured AppSet Now that your preconfigured, compiled AppSet is copied to your management machine, you are ready to diff --git a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/testclient.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/testclient.md similarity index 89% rename from docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/testclient.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/testclient.md index bb63ee39c3..24c4a5b103 100644 --- a/docs/endpointpolicymanager/applicationsettings/preconfigured/quickstart/testclient.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/quickstartwithprecon/testclient.md @@ -1,3 +1,9 @@ +--- +title: "Testing Your Application Settings Manager Settings on Your Client (Target) Machine" +description: "Testing Your Application Settings Manager Settings on Your Client (Target) Machine" +sidebar_position: 30 +--- + # Testing Your Application Settings Manager Settings on Your Client (Target) Machine Now we're ready to log in for testing. PolicyPak Application Settings Manager is ready to work as diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/_category_.json new file mode 100644 index 0000000000..01fd03c2d8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Reporting and What's Happening \"Under the Hood\"", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/deliveredreverted.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/deliveredreverted.md similarity index 94% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/deliveredreverted.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/deliveredreverted.md index abfab9a199..f1e74ae82c 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/deliveredreverted.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/deliveredreverted.md @@ -1,3 +1,9 @@ +--- +title: "How AppSets and Settings are Delivered and Reverted" +description: "How AppSets and Settings are Delivered and Reverted" +sidebar_position: 30 +--- + # How AppSets and Settings are Delivered and Reverted Endpoint Policy Manager Application Settings Manager evaluates AppSets and settings on the User side diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/overview.md new file mode 100644 index 0000000000..658906675b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/overview.md @@ -0,0 +1,11 @@ +--- +title: "Reporting and What's Happening \"Under the Hood\"" +description: "Reporting and What's Happening \"Under the Hood\"" +sidebar_position: 70 +--- + +# Reporting and What's Happening "Under the Hood" + +In this section, we're going to understand how Netwrix Endpoint Policy Manager (formerly PolicyPak) +Application Settings Manager reports data and also how to troubleshoot Endpoint Policy Manager +Application Settings Manager. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/precedence.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/precedence.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/precedence.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/precedence.md index e824ac5cce..6c07543112 100644 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/precedence.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/precedence.md @@ -1,3 +1,9 @@ +--- +title: "Precedence" +description: "Precedence" +sidebar_position: 10 +--- + # Precedence Endpoint Policy Manager Application Settings Manager can receive settings from a variety of sources diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/reporting.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/reporting.md new file mode 100644 index 0000000000..8605af916c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/underhood/reporting.md @@ -0,0 +1,57 @@ +--- +title: "Reporting" +description: "Reporting" +sidebar_position: 20 +--- + +# Reporting + +Endpoint Policy Manager Application Settings Manager supports all GPMC report types. This includes +Group Policy Object Settings reports (seen in our examples), Group Policy Results reports, and Group +Policy Modeling reports. + +Endpoint Policy Manager Application Settings Manager's reports are also available inside third-party +group policy object (GPO) change management tools such as NetIQ GPA, Microsoft AGPM, +Dell/Quest/Scriptlogic GPOadmin, and Quest ActiveAdministrator. + +**NOTE:** Video: For an overview of Endpoint Policy Manager and Change Management utilities like +GPA, AGPM, etc, see +[https://www.endpointpolicymanager.com/integration/endpointpolicymanager-group-policy-change-management-utilities.html](http://www.endpointpolicymanager.com/videos/endpointpolicymanager-using-shares-to-store-your-paks-share-based-storage.html). + +Whenever you add a new AppSet to a GPO and create settings, those settings appear in the GPMC +reports. In Figure 92, you can see the report generated when one AppSet is listed inside the GPO. + +![reporting_and_what_s_happening](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening.webp) + +Figure 92. The GPMC reports showing the new Pak that was added to a GPO. + +In Figure 93, you can see what is reported inside the GPMC when three AppSets have settings within a +GPO. + +![reporting_and_what_s_happening_1](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening_1.webp) + +Figure 93. Three Paks reported within the GPMC. + +Each AppSet's report has two sections: an overall settings section and the representation of the +data within each of the AppSet's tabs. You can see an example of overall settings for the AppSet in +Figure 94. This section also shows the description field (if used) version of Endpoint Policy +Manager DesignStudio that compiled the AppSet and any special flags on the AppSet, including whether +Item-Level Targeting is enabled or not. + +![reporting_and_what_s_happening_2](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening_2.webp) + +Figure 94. The settings in a Pak's report. + +As you can see in Figure 95, the settings themselves are reported, as well as any special cases for +the data settings. For instance, you can see that the value of "Minimum password length" is set to +11, the Enforcement mode is set to "Always reapply," and the AppLock™ state is set to "Grayed" + +![reporting_and_what_s_happening_3](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening_3.webp) + +Figure 95. Examples of special settings displayed in the settings details. + +However, note that only items with settings that are being delivered appear in the reports, not +every single value that is under AppLock. For instance, in the previous example, you might have only +two values set such as "at least one lower case character" and "at least one numeric character" and +then have performed "ACL Lockdown" over "at least one lower case character." In the reports, you +would not see any other settings, because none of the other settings have any changed values. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/variables.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/variables.md new file mode 100644 index 0000000000..4a997107f8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/variables.md @@ -0,0 +1,39 @@ +--- +title: "Environment Variables and Shell Folders" +description: "Environment Variables and Shell Folders" +sidebar_position: 60 +--- + +# Environment Variables and Shell Folders + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager can use +environment variables and Shell Folder variables. + +First, you can use any environment variable that is already defined on the machine. Simply type set +at a command prompt on a target machine and see what environment variables are already set. +Additionally, you can use Group Policy Preferences' Environment Variables extension to set up +another one if you like. + +You can use any value name from the following key and use it as an environment variable: +`SoftwareMicrosoft\Windows\CurrentVersion\Explorer\Shell` Folders. For example, there's no real +environment variable for the Desktop. + +But when you're using Endpoint Policy Manager Application Settings Manager, you can specify +`%desktop%\SomeFile.ini` or `%desktop%\SomeFile.rdp`. This is done the same way for Favorites; you +can specify %favorites% (or any other Registry value name from that key) in both the DesignStudio +and the MMC. + +As an extra tip, you should use `%{374DE290-123F-4565-9164-39C4925E467B}%` for downloads instead of +%Downloads%. That's because the Registry value name for that folder is actually the odd name of +`{374DE290-123F-4565-9164-39C4925E467B}`. + +Endpoint Policy Manager also supports the use of variables such as `%USERPROFILE%\Favorites` or +`%USERPROFILE%\Downloads`. When you use this, the variable will expand to something similar +to` C:\Users\Jake. Therefore`, the paths for `%USERPROFILE%\Favorites` and +`%USERPROFILE%\ Downloads` should resolve (by default) to +`C:\Users\Jake\Favorites and C:\Users\Jake\Downloads`. That being said, there is no guarantee that +the downloads will be redirected to another volume or even to a network share. + +Therefore the direct environment variable names such as +`%{374DE290-123F-4565-9164-39C4925E467B}%`,` %Desktop%, and %Favorites%` are safer to use because +they expand to the actual path that client-side extension (CSE) gets from the Registry. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/_category_.json new file mode 100644 index 0000000000..e9f8d35608 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Browser Router", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/block.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/block.md new file mode 100644 index 0000000000..82dccf74b7 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/block.md @@ -0,0 +1,25 @@ +--- +title: "Using Block Policies" +description: "Using Block Policies" +sidebar_position: 40 +--- + +# Using Block Policies + +You can block specific websites by making a rule and selecting the **Block** website type. You can +choose to provide **Block Text**, which will appear in a pop-up for the user, explaining why they +cannot visit the website. + +**NOTE:** For an overview of using Block policies, see the following video: +[Block web sites from opening in all browsers.](/docs/endpointpolicymanager/video/browserrouter/blockwebsites.md) + +![about_policypak_browser_router_16](/img/product_docs/endpointpolicymanager/browserrouter/policy/about_endpointpolicymanager_browser_router_16.webp) + +When you include text in the **Block Text** field, the endpoint will react in all browsers with a +pop-up like this one. + +![about_policypak_browser_router_17](/img/product_docs/endpointpolicymanager/browserrouter/policy/about_endpointpolicymanager_browser_router_17.webp) + +**NOTE:** If you leave the **Block Text** field empty, default text is automatically provided. + +![about_policypak_browser_router_18](/img/product_docs/endpointpolicymanager/browserrouter/policy/about_endpointpolicymanager_browser_router_18.webp) diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/commandlinearguments.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/commandlinearguments.md new file mode 100644 index 0000000000..c1f8bae0eb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/commandlinearguments.md @@ -0,0 +1,37 @@ +--- +title: "Using Command Line Arguments" +description: "Using Command Line Arguments" +sidebar_position: 60 +--- + +# Using Command Line Arguments + +This feature enables you to create a route in situations where you start off in the wrong browser +and want to open up the right browser, with specific options such as  `-incognito` for Chrome and +`-private-window` for Firefox, or launch a custom App-V virtualized Internet Explorer plugin like +this one: + +``` +-noframemerging /appwe:76d7f387-c5c4-44a9-8982-cca6124a6aec.  +``` + +Below is an example of launching www.abc.com in Chrome's incognito mode. + +![about_policypak_browser_router_21](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_21.webp) + +Note how you must specifically include **%url%** to specify where the URL will reside on the command +line. Just selecting **incognito** by itself is not enough. The **%url%** will populate the correct +URL, and it is up to you to place it correctly within the command line arguments structure, based on +your needs. + +Another use for the **Custom** policy that utilizes command line arguments might be if you want to +launch a specific non-browser application instead of launching an actual browser. For example, one +use might be to launch a Remote Desktop Protocol (RDP) session that calls a remote program, which +would usually be a browser on the RDP machine. + +To do this, select **Custom** for the browser type. Then set the **Command Line Arguments** field to +**Yes**. Finally, in the **Custom Browser Path** and **Command Line Arguments** field, specify the +application you want to launch (as in, MSTSC) and the command line arguments to pass (as in, +`c:\temp\file1.rdp /v:server1 8080`). + +![about_policypak_browser_router_22](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_22.webp) diff --git a/docs/endpointpolicymanager/browserrouter/policy/custom.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/custom.md similarity index 93% rename from docs/endpointpolicymanager/browserrouter/policy/custom.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/custom.md index 033dea4e2c..36c043b73d 100644 --- a/docs/endpointpolicymanager/browserrouter/policy/custom.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/custom.md @@ -1,3 +1,9 @@ +--- +title: "Using Custom Policies" +description: "Using Custom Policies" +sidebar_position: 50 +--- + # Using Custom Policies Custom policies are useful in a variety of situations. The most common situation concerns a user who diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/exportcollections.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/exportcollections.md new file mode 100644 index 0000000000..d44e5ef5b3 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/exportcollections.md @@ -0,0 +1,28 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 120 +--- + +# Exporting Collections + +Advanced Concepts explains how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint +Policy Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, +your own MDM service, or Endpoint Policy Manager Cloud. + +To export a policy for later use using Endpoint Policy Manager Exporter or Endpoint Policy Manager +Cloud, follow thee steps: + +![about_policypak_browser_router_47](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_47.webp) + +**Step 1 –** Right-click the collection or the policy and select **Export to XML**. This enables you +to save an XML file for later use. + +![about_policypak_browser_router_48](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_48.webp) + +Choose a policy and select Export to XML. + +**NOTE:** Exported collections or policies maintain any Item-Level Targeting that is set. Endpoint +Policy Manager Browser Router policies are always contained within collections, even if you export +one single policy. In other words, a collection is automatically created at the time of export if +you export a single policy. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/_category_.json new file mode 100644 index 0000000000..96c4b6b339 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Understanding Browser Router and Internet Explorer", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/browserrouter/internetexplorer/convertxmls.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/convertxmls.md similarity index 94% rename from docs/endpointpolicymanager/browserrouter/internetexplorer/convertxmls.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/convertxmls.md index a95df0fcef..e600c9ba2a 100644 --- a/docs/endpointpolicymanager/browserrouter/internetexplorer/convertxmls.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/convertxmls.md @@ -1,3 +1,9 @@ +--- +title: "Converting Existing IE Site List XMLs" +description: "Converting Existing IE Site List XMLs" +sidebar_position: 20 +--- + # Converting Existing IE Site List XMLs **NOTE:** To get an overview on how to convert existing IE site lists, please see: diff --git a/docs/endpointpolicymanager/browserrouter/internetexplorer/edgemod.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/edgemod.md similarity index 98% rename from docs/endpointpolicymanager/browserrouter/internetexplorer/edgemod.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/edgemod.md index 8c4b111091..af7d6229f6 100644 --- a/docs/endpointpolicymanager/browserrouter/internetexplorer/edgemod.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/edgemod.md @@ -1,3 +1,9 @@ +--- +title: "edgemod" +description: "edgemod" +sidebar_position: 10 +--- + ## Internet Explorer in Edge Mode **NOTE:** To get an overview of Endpoint Policy Manager Browser Router and Internet Explorer in Edge diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/overview.md new file mode 100644 index 0000000000..0178956c5f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/overview.md @@ -0,0 +1,76 @@ +--- +title: "Understanding Browser Router and Internet Explorer" +description: "Understanding Browser Router and Internet Explorer" +sidebar_position: 80 +--- + +# Understanding Browser Router and Internet Explorer + +Endpoint Policy Manager Browser Router has special functions for managing Internet Explorer. First, +you can set Internet Explorer 11's Enterprise Mode and Document Modes for an individual website. +Second, there are also two overriding policies that help route many websites to Internet Explorer, +which is something that IT departments often want to do. + +## Setting Internet Explorer Enterprise Modes and Document Modes + +Internet Explorer 11, when patched to certain levels, will embrace Enterprise Mode (EM) and Document +Modes (DM). Internet Explorer 11 EM and DM enable you to tell Internet Explorer 11 how to render +certain websites for a more compatible view. + +**NOTE:** To get an overview of Endpoint Policy Manager Browser Router and Internet Explorer 11's +Enterprise and Document Modes, please see +[http://www.endpointpolicymanager.com/video/endpointpolicymanager-browser-router-enterprise-and-document-modes.html](http://www.endpointpolicymanager.com/video/endpointpolicymanager-browser-router-block-web-sites-from-opening-in-all-browsers.html). + +**NOTE:** To learn more about Internet Explorer 11 Enterprise and Document Modes, see the following +Microsoft websites: Enterprise Mode is at: +[Internet Explorer to Endpoint Policy Manager Browser Router Site lists](/docs/endpointpolicymanager/video/browserrouter/iesitelists.md) +and Document Modes is at: +[https://technet.microsoft.com/en-us/library/dn321432.aspx](http://www.endpointpolicymanager.com/video/endpointpolicymanager-using-pp-browser-router-on-citrix-or-rds-servers-with-published-browser-applications.html). + +**CAUTION:** This Endpoint Policy Manager Browser Router method is meant to replace the Microsoft +method of creating Enterprise Mode site lists. Do not try to use Microsoft's list (explained in the +Microsoft URL above) along with Endpoint Policy Manager Browser Router's function. Only use Endpoint +Policy Manager Browser Router to perform this function. + +Using Endpoint Policy Manager Browser Router, you can require particular websites to use a specific +Internet Explorer Enterprise Mode or Document Mode. + +![about_policypak_browser_router_25](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_25.webp) + +Internet Explorer 11's Enterprise Mode has two specifications: v1 and v2. Endpoint Policy Manager +Browser Router automatically detectsthe version of Internet Explorer installed on your endpoint +machines and write the Enterprise site list based on the correct specification. Note that **PORT** +is not supported in the Internet Explorer EM v1 specification, and as such, is ignored when v1 site +lists must be used. + +**NOTE:** Site lists for v2 are automatically created and used when Windows 10 and Internet Explorer +11 (version 11.0.10586.\*) are detected. Site lists for v1 are used in all other circumstances. + +Note the checkbox labeled **Don't make a route**. If the user is already using Firefox or Chrome and +goes to this website, Internet Explorer will always open when **Don't make a route** is unchecked. +When it is checked, the user is free to use Firefox or Chrome on this website, and they will only +see the Internet Explorer Document Mode set when they specifically select Internet Explorer. This +gives you the ability to use Endpoint Policy Manager Browser Router to manage the Internet Explorer +Enterprise Mode site list without having to force users to specifically use Internet Explorer and +impose a route. + +You can easily see if Endpoint Policy Manager Browser Router and the Internet Explorer 11 Enterprise +Mode are working. There's an Internet Explorer 11 EM icon in the title bar next to the address bar +that demonstrates that EM is active. + +![about_policypak_browser_router_26](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_26.webp) + +If you've chosen to use one of the Internet Explorer Document Modes, you might have a hard time +locating them if they are applying correctly since they are difficult to see. For instance, here +we've set a page to display in IE5 Document Mode using Endpoint Policy Manager Browser Router. + +![about_policypak_browser_router_27](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_27.webp) + +When users visit the website at this point, Endpoint Policy Manager Browser Router correctly sets +the IE Document Mode accordingly. To see the DM, you need to press F12 within Internet Explorer 11 +for **Developer Tools**, and then click the Emulation tab. + +![about_policypak_browser_router_28](/img/product_docs/endpointpolicymanager/browserrouter/internetexplorer/about_endpointpolicymanager_browser_router_28.webp) + +In this way, you can easily create routes for all webpages that need special rendering modes using +Endpoint Policy Manager Browser Router. diff --git a/docs/endpointpolicymanager/browserrouter/internetexplorer/specialtypes.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/specialtypes.md similarity index 90% rename from docs/endpointpolicymanager/browserrouter/internetexplorer/specialtypes.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/specialtypes.md index c48eee8c81..58d5a8454a 100644 --- a/docs/endpointpolicymanager/browserrouter/internetexplorer/specialtypes.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/internetexplorer/specialtypes.md @@ -1,3 +1,9 @@ +--- +title: "Using Special Policy Types for Internet Explorer" +description: "Using Special Policy Types for Internet Explorer" +sidebar_position: 30 +--- + # Using Special Policy Types for Internet Explorer There are two special policies that may be used only once per collection (see Figure 37 for diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/itemleveltargeting.md new file mode 100644 index 0000000000..20015efb1e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/itemleveltargeting.md @@ -0,0 +1,70 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 90 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint +Policy Manager to target or filter where specific items will apply. With Endpoint Policy Manager +Browser Router, Item-Level Targeting can be used with collections as well as Browser Router policies +within collections. + +To do this, right-click **Collection** and select **Change Item Level Targeting** + +![about_policypak_browser_router_37](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_37.webp) + +Alternatively, within a Browser Router policy, you can dictate when a policy will apply by clicking +**Item Level Targeting**. + +![about_policypak_browser_router_38](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_38.webp) + +The **Edit Item Level Targeting** menu item brings up the **Targeting Editor**. You can select any +combination of characteristics you want to test for. Administrators familiar with Group Policy +Preferences' Item-Level Targeting will be at home in this interface as it is functionally +equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically. You can also add targeting collections, which group together targeting items in much the +same way parentheses are used in an equation. In this way, you can create a complex determination +about where a policy will be applied. Collections may be set to **And**, **Or**, **Is**, or **Is +Not**. + +![about_policypak_browser_router_39](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_39.webp) + +In this example, the Pak would only apply to Windows 10 machines when the machine is portable and +the user is in the FABRIKAM\Traveling Sales Users group. + +Below are some real-world examples of how you can use Item-Level Targeting. + +- Software prerequisites - If you want to configure an application's settings, first make sure the + application is installed on the user's computer before configuring it. You can use **File Match** + or **Registry Match** targeting items (or both) to verify a specific version of a file or a + registry entry is present. For an example of this, look in the Uninstall registry key. +- Mobile computers - If you want to deploy settings exclusively for users on mobile PCs, filter the + rule to apply only to mobile PCs by using the **Portable Computer** targeting item. +- Operating system version - You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system, then filter each + rule using the **Operating System** targeting item. +- Group membership - You can link the **Group Policy Object** (GPO) to the whole domain or + organizational unit (OU), but only members within a specific group will pick up and process the + rule settings. +- IP range - You can specify different settings for various IP ranges, like different settings for + the home office and each field office. + +Close the editor when done. You canl see that the collection's icon has changed to orange, which +shows that it now has Item-Level Targeting on the whole collection. In other words, none of the +items in the collection will apply unless the Item-Level Targeting on the collection evaluates to +**True**. + +![about_policypak_browser_router_40](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_40.webp) + +Within the collection, if you set Item-Level Targeting within any policy, you'll see the icon turn +orange, and the Item-Level Targeting column will indicate if Item-Level Targeting is on **Yes** or +off **No**. + +![about_policypak_browser_router_41](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_41.webp) + +This feature allows you toadd very granular filters. First, filter with Item-Level Targeting in a +collection, and then filter on any specific rule if any Item-Level Targeting is applied there. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/navigation.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/navigation.md new file mode 100644 index 0000000000..dbdae25b58 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/navigation.md @@ -0,0 +1,95 @@ +--- +title: "Getting to Know Browser Router" +description: "Getting to Know Browser Router" +sidebar_position: 10 +--- + +# Getting to Know Browser Router + +Endpoint Policy Manager Browser Router editor is located in the Endpoint Policy Manager node. +Endpoint Policy Manager Browser Router enables you to create a new Endpoint Policy Manager Browser +Router policy or collection. + +**NOTE:** The Browser Router node is only visible with the latest Admin Console MSI installed on +your management station. + +![about_policypak_browser_router](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router.webp) + +All Endpoint Policy Manager Browser Router policies must always reside within collections. There are +two steps for this. + +![about_policypak_browser_router_1](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_1.webp) + +**Step 1 –** Create and name a collection. + +**Step 2 –** Put Browser Router policies (or other collections) inside the collection. + +![about_policypak_browser_router_2](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_2.webp) + +You can create collections and policies within collections on either the User or Computer side (or +both). Endpoint Policy Manager Browser Router has a precedence order if you decide to have multiple +policies, collections, or GPOs, or when you choose to use a "on-Group Policy method to deliver +settings. + +For more in formation on this, please see the section on +[Understanding Processing Order and Precedence](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/processorderprecedence.md). + +To complete the Quickstart examples, we recommend creating a collection on the User side. Next,, +create a new Browser Router policy, similar to the one shown below. In this example, we are routing +all requests for www.microsoft.com to Internet Explorer. + +![about_policypak_browser_router_3](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_3.webp) + +Once you click **OK**, you'll get an entry such as the one shown below. + +![about_policypak_browser_router_4](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_4.webp) + +If you'd like to follow along, create two more Browser Router policies in the same collection. In +the next example, we will route www.GPanswers.com to Firefox. + +![about_policypak_browser_router_5](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_5.webp) + +Click OK to save the entry. + +Create another policy to route \*.endpointpolicymanager.com to Edge. + +![about_policypak_browser_router_6](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_6.webp) + +Last, create an entry for **New Default Browser**. + +![about_policypak_browser_router_7](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_7.webp) + +After you do this, a dialog box with limited options appear. You can only choose a default browser, +which will be Chrome. + +![about_policypak_browser_router_8](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_8.webp) + +When you've finished these actions, your entries will resemble these. + +![about_policypak_browser_router_9](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_9.webp) + +Below is an explanation of each column in the editor: + +- Setting - This is the name you gave the policy. The default browser is always named Default + Browser. +- Enabled (True/False) - A policy entry can be enabled, which means it will go to work. If you need + to temporarily stop a policy entry from applying, you can disable it (set it to False). +- Scope - This is either User or Computer, depending on what side of the GPO you are on. +- Item-Level Targeting (No/Yes) - See the section on "Using Item-Level Targeting with Collections + and Policies"for mre information on this. +- Browser - This column lists what browser a particular entry will route to. +- Pattern - Explains what type of pattern (rules) we are following. The types are URL, Wildcard, + RegEx, and Internet Security Zone. + +On the endpoint, log on as a user who gets the GPO (or run GPupdate if the user is already logged +on). Make sure that Internet Explorer, Firefox, and Chrome are all installed. You will be ready to +go if you followed along with the Endpoint Policy Manager Browser Router Quickstart, created a new +Wordpad document, and typed in each URL (www.microsoft.com, www.gpanswers.com, +[www.endpointpolicymanager.com](https://technet.microsoft.com/en-us/library/dn321432.aspx)). Next, type in a URL +that is unrelated to anything, such as www.abc.com. Based on the rules, the correct browser is +opened for each URL. + +![about_policypak_browser_router_10](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_10.webp) + +Notice that since there was no rule for www.abc.com, the overriding Default Browser rule took effect +and launched Internet Explorer. diff --git a/docs/endpointpolicymanager/browserrouter/osweb.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/osweb.md similarity index 85% rename from docs/endpointpolicymanager/browserrouter/osweb.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/osweb.md index a697d28422..df8a6be268 100644 --- a/docs/endpointpolicymanager/browserrouter/osweb.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/osweb.md @@ -1,3 +1,9 @@ +--- +title: "Using \"OS Web Browser Look & Feel\"" +description: "Using \"OS Web Browser Look & Feel\"" +sidebar_position: 110 +--- + # Using "OS Web Browser Look & Feel" Browser Router has a policy called OS Web Browser Look & Feel. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview.md new file mode 100644 index 0000000000..c9eee5630a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview.md @@ -0,0 +1,99 @@ +--- +title: "Browser Router" +description: "Browser Router" +sidebar_position: 20 +--- + +# Browser Router + +**NOTE:** Before reading this section, please ensure you have read +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which explain how to: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the sectionon **Advanced Concepts on Group +Policy and non-Group Policy methods** (MEMCM, KACE, and MDM service or Netwrix Endpoint Policy +Manager (formerly PolicyPak) Cloud), located +in[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md). This information on +how to deploy your directives. + +**NOTE:** Watch this video for an overview of Endpoint Policy Manager Browser Router: +[](http://www.endpointpolicymanager.com/video/endpointpolicymanager-browser-router-ensure-users-utilize-the-right-browser-for-the-right-website.html)[Ensure users utilize the RIGHT browser for the right website !](/docs/endpointpolicymanager/video/browserrouter/rightbrowser.md). + +Let's say you wanted to apply the following routing policies: + +- www.microsoft.com is set to Internet Explorer. +- www.gpanswers.com is set to Firefox. +- \*.endpointpolicymanager.com is set to Edge. +- abc.endpointpolicymanager.com is set to Firefox via App-V. +- xyz.endpointpolicymanager.com is set to Chrome via ThinApp. +- All websites with \*xxx\* in the name are blocked; that is, a browser will not launch for them. + +With Endpoint Policy Manager Browser Router, you can apply all of the above policies and more. +Browser Router enables you to perform the following functions: + +- Assemble settings (policies) into collections. +- Set Item-Level Targeting on policies and collections. +- Deliver user-side policies to the Computer side without Group Policy Loopback mode. +- Create exact criteria for when specific websites should open, and in which browser. +- Export policies or collections as XML files (which can be used with Endpoint Policy Manager + Exporter and Endpoint Policy Manager Cloud). See + [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) for more details. +- Set custom messages when you have blocked a website. +- Dynamically set Internet Explorer 11 Enterprise Mode (IE 11 EM) and Document Modes site lists. +- Automatically write Internet Explorer 11 EM version 1 or version 2 site lists, based on the + machine type. +- Route all intranet traffic from Microsoft Edge to IE 11. +- Route all sites on Internet Explorer Site List from Edge to IE 11. + +If you would like to perform your own Quickstart with Endpoint Policy Manager Browser Router, it is +recommended that you have one endpoint (Windows 10) set up with the following browsers: + +- Internet Explorer 11 +- Firefox (latest) +- Chrome (latest) + +There are more advanced scenarios, but this will get you going quickly. + +There are a few basic ways to use Endpoint Policy Manager Browser Router. First, you can create one +or multiple Microsoft Group Policy Objects (GPOs) using Endpoint Policy Manager Browser Router. If +you use Group Policy as the delivery mechanism, that directive is deployed to client machines. +Alternatively, you can export the Endpoint Policy Manager Browser Router rules and deliver them via +the following methods: + +Microsoft Endpoint Manager (SCCM and/or Intune) + +- Systems management software +- Endpoint Policy Manager Cloud service + +The client machine with the Endpoint Policy Manager client-side extension (CSE) embraces the +directives and performs the work. + +**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy +settings over the Internet, even to non-domain-joined machines. + +**NOTE:** You can also use Endpoint Policy Manager Browser Router with your Citrix or RDS servers. +See the following video for more information: +[Using PP Browser Router on Citrix or RDS servers with published browser applications](/docs/endpointpolicymanager/video/browserrouter/citrix.md). + +## Endpoint Policy Manager Browser Router Moving Parts + +You will need the following to get started with Endpoint Policy Manager Browser Router: + +- A management station. You must install the Endpoint Policy Manager Admin Console MSI on the + management station where you create GPOs. Once it's installed, you'll see the Endpoint Policy + Manager | Endpoint Policy Manager Browser Router node. +- The Endpoint Policy Manager CSE that runs on the client (target) machine. This is the same CSE for + all Endpoint Policy Manager products; there isn't anything separate to install. The Endpoint + Policy Manager CSE must be present in order to accept Endpoint Policy Manager Security Settings + Manager directives when using Microsoft Endpoint Manager (SCCM and Intune), KACE, similar + utilities, or Endpoint Policy Manager Cloud. +- Endpoints. Endpoints must be licensed for Endpoint Policy Manager Browser Router using one of the + licensing methods. +- Endpoint Policy Manager Exporter (optional). This is a free utility that lets you take exported + Group Policy and Endpoint Policy Manager XML files and wrap them into a "portable" MSI file for + deployment using Microsoft Endpoint Manager (SCCM and Intune) or your own systems management + software. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview_1.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview_1.md new file mode 100644 index 0000000000..4ed0dfec14 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview_1.md @@ -0,0 +1,38 @@ +--- +title: "Understanding Default Browser Policies" +description: "Understanding Default Browser Policies" +sidebar_position: 20 +--- + +# Understanding Default Browser Policies + +In the previous example, you used the **New Default Browser** policy to set the default browser to +Internet Explorer. In this way, Internet Explorer only would be used when users click on an external +link (e.g., from an email) and there is no other rule routing to a specific browser. Any of the +browsers can be the default, but only one can be chosen as the default. Additionally, there is a +special browser called **User Selectable**. Below you can see how to select the default browser. + +**NOTE:** For an overview of the User Selectable option, see +[Endpoint Policy Manager Browser Router User-Selected Default](/docs/endpointpolicymanager/video/browserrouter/userselecteddefault.md). + +![about_policypak_browser_router_11](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/about_endpointpolicymanager_browser_router_11.webp) + +The **User Selectable** option enables the user to specify their desired default browser as Internet +Explorer, Edge, Chrome, or Firefox. The Endpoint Policy Manager engine "learns" this setting at the +next Group Policy background update (or if GPupdate is manually invoked). This means there could be +a situation where the user changes their default browser, but then logs off before Group Policy +re-applies to capture their desired setting. If this is the case, Endpoint Policy Manager cannot +"learn" the user's desired defaults until the user changes the setting and Group Policy re-applies +it in the background. + +You might also want to specify a default browser one time and then drift. In other words, the user +is assigned a default browser the first time they open a URL but can then change the default browser +to one of their own choosing. In this case, we select the same settings as last time except we +choose to apply the rule only one time, as sown below + +![about_policypak_browser_router_12](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/about_endpointpolicymanager_browser_router_12.webp) + +Users can then change the default browser to their own liking, even though their settings show that +the web browser is managed by their organization. + +![about_policypak_browser_router_13](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/about_endpointpolicymanager_browser_router_13.webp) diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview_2.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview_2.md new file mode 100644 index 0000000000..54f090daac --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview_2.md @@ -0,0 +1,33 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 130 +--- + +# Troubleshooting + +We have two guides online to help you troubleshoot Endpoint Policy Manager Browser Router. + +If you're having problems getting Endpoint Policy Manager Browser Router to work, see the following +guide: + +[How to quickly troubleshoot Endpoint Policy Manager Browser Router](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/quick.md). + +If you're having problems getting Endpoint Policy Manager Browser Router to route between browsers +as expected, see the following guide: + +[Troubleshooting routing between browsers.](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/betweenbrowsers.md). + +Additionally, Endpoint Policy Manager Browser Router has extensive logging, which needs to be turned +on. You can do this using the Endpoint Policy Manager Browser Router ADMX templates and turning on +logging. A video of the process can be found here: +[Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md). + +Log files for Endpoint Policy Manager Browser Router are found in the two following places: + +- `%appdata%\local\PolicyPak\PolicyPak Browser Router` +- `%Programdata%\PolicyPak\PolicyPak Browser Router` + +Logs are automatically wrapped up and can be sent to +[support@endpointpolicymanager.com](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode) +with the PPLOGS.EXE command on any endpoint where the CSE is installed. diff --git a/docs/endpointpolicymanager/browserrouter/ports.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/ports.md similarity index 85% rename from docs/endpointpolicymanager/browserrouter/ports.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/ports.md index 9a236d4baf..03346334ee 100644 --- a/docs/endpointpolicymanager/browserrouter/ports.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/ports.md @@ -1,3 +1,9 @@ +--- +title: "Routing Using Ports" +description: "Routing Using Ports" +sidebar_position: 70 +--- + # Routing Using Ports Endpoint Policy Manager Browser Router can open a specific website when a particular website needs a @@ -18,4 +24,4 @@ route similar to the one shown below. **NOTE:** Not every version of Internet Explorer 11 is ready to receive v2 site lists. For a list of which versions of Internet Explorer 11 use v1 vs v2, see -[When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists?](/docs/endpointpolicymanager/troubleshooting/browserrouter/versions.md). +[When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists?](/docs/endpointpolicymanager/knowledgebase/browserrouter/knowledgebase/troubleshooting/versions.md). diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/processorderprecedence.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/processorderprecedence.md new file mode 100644 index 0000000000..5a1f1175a9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/processorderprecedence.md @@ -0,0 +1,93 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 100 +--- + +# Understanding Processing Order and Precedence + +When you use Endpoint Policy Manager Browser Router you might have multiple policies and/or +conflicting settings. When you do, you need to troubleshoot by understanding the processing order +and precedence order as explained in the following sections. + +## Processing Order + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So, lower-numbered collections attempt to process first, and higher-numbered collections attempt to +process last. + +![about_policypak_browser_router_42](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_42.webp) + +Within any collection, each policy is processed in numerical order from lowest to highest. + +![about_policypak_browser_router_43](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_43.webp) + +## Precedence + +Policies can be delivered by Group Policy and non-Group Policy methods, such as Microsoft Endpoint +Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As +such, the Endpoint Policy Manager engine needs to make a final determination whether there is any +overlap of policies. Here is how the precedence works: + +- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. +- Policies delivered through Endpoint Policy Manager files have the next highest precedence. +- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest + precedence. + +After that, user-side policy has precedence over computer-side (switched) policy. This is so that +you can specify a baseline setting for various computers and then have particular (overriding) +policies when specific users log on. + +If policies are on the same side, a more-specific URL pattern takes precedence over a less-specific +URL pattern. For example, mail.endpointpolicymanager.com takes precedence over \*.endpointpolicymanager.com. + +If patterns are equally specific, a pattern in a more specific policy always takes precedence over a +pattern in a less-specific policy. For example, a pattern in a GPO linked to an OU wins over a +pattern in a GPO linked to a domain (unless the OU GPO is set to **Enforced**). In other words, +Endpoint Policy Manager Browser Router honors all Group Policy rules and constructs. + +If policies are equally specific, the policy with a higher precedence (which is determined based on +the link order for GPOs and file names for XML Data policies) takes precedence. + +If policies have the same precedence (e.g., we have two patterns in the same GPO), the "last" +pattern takes precedence over previous patterns. For example, patterns in Collection 2 win over +patterns in Collection 1, and any pattern in a collection wins over all previous patterns in the +same collection. + +## Rule Precedence + +Endpoint Policy Manager Browser Router has four rule types. + +![about_policypak_browser_router_14](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_14.webp) + +The following precedence order applies to these rule types. + +| Precedence | Rule | +| ----------- | ------------- | +| Most | URL | +| Second Most | Internet Zone | +| Third Most | Wildcard | +| Last | Regex | + +For instance, if you have a specific URL rule, like google.com gets routed to Firefox, when end +users go directly to google.com, it will open in Firefox. If \*.google.com is routed to Internet +Explorer, then when users go to gmail.google.com, it will open in Internet Explorer. + +Next, we'll look at the precedence of specific rule types of Wildcard and RegEx. + +## Precedence with Wildcards + +Example precedence order with wildcards would be arranged in the following way: + +- google\* +- g\* +- \* + +## Precedence with RegEx + +Items with additional RegEx characters will be considered more specific than those with fewer RegEx +characters. So an example of priority order would be as follows: + +- (x)(.\*)(x)(.\*)(x).com +- (blue)(.\*) +- (.\*) diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/rules.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/rules.md new file mode 100644 index 0000000000..426fd2db10 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/rules.md @@ -0,0 +1,102 @@ +--- +title: "Understanding Browser Router Rules" +description: "Understanding Browser Router Rules" +sidebar_position: 30 +--- + +# Understanding Browser Router Rules + +When you make a new Browser Router policy, you have several ways to make site rules: **URL**, +**Wildcard**, **RegEx**, and **Internet Security Zone**. + +![about_policypak_browser_router_14](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_14.webp) + +## Examples + +The following table shows different types of pattern rules and how they would match. Note that +**Wildcard** can be used to match against Schema, Host, Port, and Path. **RegEx** can only be used +to match against Host. + +| Pattern Rule | Example | Matches | +| -------------------------- | ----------------------------------- | ---------------------------------------------------------------------- | +| Specific URL String | www.endpointpolicymanager.com | [www.endpointpolicymanager.com](http://www.endpointpolicymanager.com/) | +| Wildcard String | www.pol\*.com | endpointpolicymanager.com, politicos.com, pollution.org | +| RegEx (Regular Expression) | (.\*)(pol)(.\*).com | SpolE.com, ESpol24.com, pol.com, etc. | +| Windows IE Zone Pattern | Trusted sites, intranet sites, etc. | All trusted sites, intranet sites, etc. | + +When a pattern matches, it is routed to the correct browser, blocked, or delivered to a custom +browser. + +![about_policypak_browser_router_15](/img/product_docs/endpointpolicymanager/browserrouter/about_endpointpolicymanager_browser_router_15.webp) + +**NOTE:** For specific URL strings, **Apply to child URLs** is set to **yes** by default. This means +that any website that falls underneath that URL will also be affected. + +You can also select **Block**, which means Endpoint Policy Manager Browser Router won't launch the +URL in any supported browser (Internet Explorer, Firefox, or Chrome), blocking it from launching. +There is also a special type called **Custom**. This can be set to any application that the +administrator wants an end user to open a URL with. One good use for this is that you can specify a +custom entry to open virtualized browsers when using App-V or ThinApp, or route to an alternate +browser such as Opera, Vivaldi, or anything else that can open HTML pages. + +## Wildcard Matching + +While **RegEx** can only be used to match against the host name, Wildcard matching can be utilized +to match against other parts of a site identifier/URL. Patterns are not case-sensitive. A site +identifier consists of the following: + +``` +[Schema://]host[:port][/path] +``` + +where + +- **Schema** must be http, https, \*, or not specified at all. +- **host** is required and must be either a host name, wildcard host name, or \* for any host. +- **port** is optional, and if no port is specified, all ports match. +- **path** is optional, and specified as either a particular path or wildcard path. If a path is not + specified, it matches all paths on host. + +Examples of wildcard matching are shown below. + +Example 1:  Criteria matching only a host name + +Criteria: `*policy*` + +Description: Matches any port and path on a URL with a matching host name that contains the word +"policy" + +Matching examples: + +- http://www.endpointpolicymanager.com +- https://www.endpointpolicymanager.com +- http://www.endpointpolicymanager.com:1234/ +- http://www.endpointpolicymanager.com:5678/any_other_path + +Example 2:  Criteria matching all hosts and a wildcard path + +Criteria: `*/app/*Create*` + +Description: Matches any host and port with a path containing the word "Create" anywhere in the +path. Since host is always mandatory, we MUST specify \* at the beginning for ANY host: + +Matching examples: + +- http://appsvr/app/Create_user.aspx +- https://appsvr/app/Create_item.aspx +- http://appsvr:99/app/Create_prd.aspx +- http://appsvr/app/Create/newrec.aspx + +Example 3: Criteria matching a host, wildcard path, and specific port + +Criteria:`aa.com:8080/*app*/` + +Description:  Matches the aa.com host (www is implied) on port 8080 with the word "app" anywhere in +the path + +Matching examples: + +- http://www.aa.com:8080/app +- https://www.aa.com:8080/res/app/load.aspx +- http://www.aa.com:8080/lib/resapp.aspx +- http://www.aa.com:8080/ffapp/main.aspx diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/_category_.json new file mode 100644 index 0000000000..321946993b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Java Enterprise Rules Manager", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/gettingstarted.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/gettingstarted.md new file mode 100644 index 0000000000..0935b0ef2d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/gettingstarted.md @@ -0,0 +1,116 @@ +--- +title: "Quick Start" +description: "Quick Start" +sidebar_position: 20 +--- + +# Quick Start + +**NOTE:** Watch this video for an overview of Java Rules Manager: See +[Use Endpoint Policy Manager Cloud to choose which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/cloud.md) +Netwrix Endpoint Policy Manager (formerly PolicyPak). + +Endpoint Policy Manager Java Rules Manager editor is within the Endpoint Policy Manager node. +Endpoint Policy Manager Java Rules Manager enables you to create a new Endpoint Policy Manager Java +Rules Manager policy or collection. + +**NOTE:** You will only see the Java Rules Manager node when you have the latest Endpoint Policy +Manager Admin Console MSI installed on your management station. + +![quickstart_policypak_java](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java.webp) + +Endpoint Policy Manager Java Rules Manager rules can only be created on the Computer side. If you +attempt to use the user-side configuration node, you will receive a message explaining that you need +to use the Computer side. This is because Endpoint Policy Manager Java Rules Manager rules affect +the system and all users on the machine. In other words, all users must honor the Endpoint Policy +Manager Java Rules Manager rule set, even though it can be filtered by using Item-Level Targeting +(explained later). + +Endpoint Policy Manager Java Rules Manager policies can use collections. If you want to keep things +organized, you can create a collectioni Endpoint Policy Manager and then put Java Rules policies (or +other collections) inside the collection. + +![quickstart_policypak_java_1](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_1.webp) + +![quickstart_policypak_java_2](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_2.webp) + +Endpoint Policy Manager Java Rules Manager has a precedence order. This happens if you decide to +have multiple policies, collections, and Group Policy Objects (GPOs), or if you choose to use +something other than Group Policy to deliver settings. + +**Step 1 –** For the Quickstart, we recommend creating a collection on the Computer side. Within +that collection, create a new Endpoint Policy Manager Java Rules Manager policy, such as the one +shown below. In this example, we are making a rule for [https://java.com ](https://java.com)by using +Java 7 U 51. (Note that this is https, notjust http). + +![quickstart_policypak_java_3](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_3.webp) + +**Step 2 –** Once you click **OK** you will receive an entry similar to the one shown below. + +![quickstart_policypak_java_4](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_4.webp) + +**Step 3 –** If you would like to follow along with this Quickstart, create two more Endpoint Policy +Manager Java Rules Manager policies in the same collection. The next one will make a rule so that +[http://javatester.org ](http://javatester.org)will run with Java 8 U 25. (Note that this URL is +http, nothttps). + +![quickstart_policypak_java_5](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_5.webp) + +**Step 4 –** Click **OK** to save the entry.. + +**Step 5 –** Create another policy that will block `https://*.nasa.gov/`.Note that this URL is +https. + +![quickstart_policypak_java_6](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_6.webp) + +**Step 6 –** When complete, your entries will look like this:. + +![quickstart_policypak_java_7](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_7.webp) + +Here is what each column in the above figure means: + +- Policy Name — This is the name you gave the policy. Default browser is always named Default + Browser. +- Manage Type — The method to perform the mapping of the Java applet to the version of Java you want + to use (explained in more detail later). +- Rule — In this example, this is the location/URL you chose to manage. +- Enabled (True/False) — A policy entry can be enabled, which means it will go to work. If you need + to temporarily stop a policy entry from applying, you can disable it (set it to False). +- Item-Level Targeting (No/Yes) — We will describe this column later on in the section + [Using Item-Level Targeting with Collections and Policies](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/itemleveltargeting.md). +- Comment — Any entry can have a comment option, which is used to explain why you made the decision. + +**Step 7 –** On the endpoint, reboot the computer or run GPupdate so the GPO with the policies that +affect the computer will apply. + +**NOTE:** Logging in as a test user will not work in this case since these Endpoint Policy Manager +entries are on the Computer side and are only processed when the computer is updated (at reboot or +GPupdate). + +**Step 8 –** Now try out Endpoint Policy Manager Java Rules Manager by doing the following: + +- Open Internet Explorer and visit [java.com](http://www.java.com/). Next, click **Do I have Java?** + Instead of showing the latest version of Java installed on your machine, you should see that you + have Java 7 U 51. +- Open Firefox and visit [www.javatester.org](http://www.javatester.org/). Then click **Test this + version of Java**. You should see Java 1.8.0_25, that is, Java 8 U 25. + +![quickstart_policypak_java_8](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_8.webp) + +**Step 9 –** On either browser, visit +[https://atcsim.arc.nasa.gov/version/index.html](https://atcsim.arc.nasa.gov/version/index.html). +When you visit the NASA website, you will receive a prompt warning you that the web certificate is +out of date and will be received (which is not related to Java). Continue to run the applet. The +result is shown below. + +![quickstart_policypak_java_9](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_9.webp) + +**Step 10 –** Click **OK**. Next, click the **Error: Click for details** message. When you do this, +another message will pop-up. + +![quickstart_policypak_java_10](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_10.webp) + +This ends the Endpoint Policy Manager Java Rules Manager Quickstart, which demonstrated the power of +Endpoint Policy Manager Java Enterprise Rules Manager in the fastest amount of time. Note that +prompts for various Java-related items might be received during your Quickstart. To overcome this, +please see section on [Overcoming Java Prompts](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/overview.md). diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/_category_.json new file mode 100644 index 0000000000..5dfef96d71 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/deploymentruleset.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/deploymentruleset.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/javaenterpriserules/deploymentruleset.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/deploymentruleset.md index 2690999f8c..abb085df53 100644 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/deploymentruleset.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/deploymentruleset.md @@ -1,3 +1,9 @@ +--- +title: "Checking the Active Deployment Rule Set" +description: "Checking the Active Deployment Rule Set" +sidebar_position: 30 +--- + # Checking the Active Deployment Rule Set Because Endpoint Policy Manager Java Rules Manager automates Java's Deployment Rule Set, you should diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/eventviewer.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/eventviewer.md similarity index 90% rename from docs/endpointpolicymanager/troubleshooting/javaenterpriserules/eventviewer.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/eventviewer.md index 77e6c93197..47f12412c8 100644 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/eventviewer.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/eventviewer.md @@ -1,3 +1,9 @@ +--- +title: "Checking the Event Viewer" +description: "Checking the Event Viewer" +sidebar_position: 40 +--- + # Checking the Event Viewer Endpoint Policy Manager logs events to Windows Event log. In the Event Viewer | Application and diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/itemleveltargeting.md new file mode 100644 index 0000000000..7a879c15f6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/itemleveltargeting.md @@ -0,0 +1,11 @@ +--- +title: "Checking Item-Level Targeting" +description: "Checking Item-Level Targeting" +sidebar_position: 60 +--- + +# Checking Item-Level Targeting + +Item-Level Targeting (ILT) filters can apply and match (or not match) to any Endpoint Policy Manager +Java Rules Manager rule. If an ILT filter evaluates to TRUE, then it will appear in the Java Rule +Set. If an ILT filter evaluates to FALSE, then it will be removed from the Java Rule Set. diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/licensefile.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/licensefile.md similarity index 85% rename from docs/endpointpolicymanager/troubleshooting/javaenterpriserules/licensefile.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/licensefile.md index a263b5513c..b1dd516764 100644 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/licensefile.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/licensefile.md @@ -1,3 +1,9 @@ +--- +title: "Checking the License File" +description: "Checking the License File" +sidebar_position: 10 +--- + # Checking the License File Endpoint Policy Manager Java Rules Manager must be licensed like every other Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/logfiles.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/logfiles.md new file mode 100644 index 0000000000..3d9826e0fd --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/logfiles.md @@ -0,0 +1,38 @@ +--- +title: "Checking the Log Files" +description: "Checking the Log Files" +sidebar_position: 70 +--- + +# Checking the Log Files + +Log files for Endpoint Policy Manager Java Rules Manager are found in two places: + +- `%Programdata%\PolicyPak\PolicyPak Java Rules Manager` +- `%appdata%\local\PolicyPak\PolicyPak Java Rules Manager` + +To see the \ProgramData\PolicyPak folder, run an admin command prompt as shown in Figure 35. +Endpoint Policy Manager Java Rules manager logs are contained within the Endpoint Policy Manager +Java Rules Manager folder. + +![troubleshooting_policypak_6](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_6.webp) + +Figure 35. The PolicyPak Java Rules Manager logs are contained withinEndpoint Policy Manager Java +Rules Manager folder. + +The log files can help determine processing occurrences. There is a different log file for each time +Group Policy applies. The following list shows some of these logs: + +- `ppComputer_onPolicyChanged` is used when Group Policy, Endpoint Policy Manager Cloud, and/or + PolicyPak XML files (via PolicyPak Exporter) are used. This is your best bet to try first. +- `ppComputer_onLogon` is used when the computer starts up and processes initial GPOs. +- `ppComputer_onGroupPolicy` is used when Group Policy is processed. +- `ppComputer_OnManual` is used when Endpoint Policy Manager's command ppupdate.exe is run. +- `ppComputer_onSchedule` is used when Endpoint Policy Manager's internal processes attempt to look + for any changes while offline (usually every 60 minutes). + +Logs are automatically wrapped up and can be sent to +[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) with the `PPLOGS.EXE` command on any endpoint +where the client-side extension (CSE) is installed. Since the main logs for Endpoint Policy Manager +Java Rules Manager are in ProgramData, run an Elevated Command Prompt (as admin), and run +`PPLOGS.EXE` to obtain the data from the PolicyPak Java Rules Manager logs. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/overview.md new file mode 100644 index 0000000000..1f0fb383c6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/overview.md @@ -0,0 +1,14 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 40 +--- + +# Troubleshooting + +Troubleshooting Netwrix Endpoint Policy Manager (formerly PolicyPak) Java Rules Manager is somewhat +different from troubleshooting other Endpoint Policy Manager components. This is because PolicyPak +Java Rules Manager only applies to the Computer side and not to the User side. The typical problem +encountered with Endpoint Policy Manager Java Rules Manager is that RIA websites don't honor the +version of Java JRE you expect on an endpoint. The sections below list the most common reasons why +they don't and provide some troubleshooting steps. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/processorder.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/processorder.md new file mode 100644 index 0000000000..657ec608e4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/processorder.md @@ -0,0 +1,12 @@ +--- +title: "Checking the Processing Order" +description: "Checking the Processing Order" +sidebar_position: 50 +--- + +# Checking the Processing Order + +Multiple GPOs that have Endpoint Policy Manager Java Rules Manager policies can apply to the machine +and will be cumulative. If a conflict does occur, the higher Group Policy with the higher precedence +should "win." See the "Processing Order" section earlier in this document to understand what happens +when Group Policy, file-based policy, and cloud-based policy conflict. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/version.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/version.md new file mode 100644 index 0000000000..d9555e171b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/javaenterpriserules/version.md @@ -0,0 +1,30 @@ +--- +title: "Checking the Version" +description: "Checking the Version" +sidebar_position: 20 +--- + +# Checking the Version + +Each rule you specify attempts to map an RIA to a specific version of Java (as best it can). When +you specify to use an "Exact" version, Java Rules Manager will only try to match the exact version +(see Figure 30). + +![troubleshooting_policypak_1](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_1.webp) + +Figure 30. The "Exact" specification for a Java version won't be exact, but it will be close. + +If that version is not present, then Java Rules will notify you as shown in Figure 31. + +![troubleshooting_policypak_2](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_2.webp) + +Figure 31. You will receive this prompt if your "Exact" specification doesn't have a Java version +match. + +Also note that if you specify "Latest in family" (as demonstrated in Figure 32), then the latest +version of Java is utilized. + +![troubleshooting_policypak_3](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_3.webp) + +Figure 32. "Latest on machine" does what it implies; it utilizes the latest version of Java +available and installs it on the machine. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/overview.md new file mode 100644 index 0000000000..520a75fba2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/overview.md @@ -0,0 +1,85 @@ +--- +title: "Java Enterprise Rules Manager" +description: "Java Enterprise Rules Manager" +sidebar_position: 30 +--- + +# Java Enterprise Rules Manager + +**NOTE:** Before reading this section, please ensure you have read Book 2: +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section in Appendix A: +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) to deploy your +directives. + +The goals of Netwrix Endpoint Policy Manager (formerly PolicyPak) Java Rules Manager are as follows: + +- Dictate specific versions of Java that should be utilized by specific Java applets (usually housed + within specific webpages). +- Reduce or eliminate prompts to end users about Java. +- Continue to run unknown or unnamed Java applets with the most secure version of Java. + +Java Rules Manager enables you to map the version of Java you want to use in individual +circumstances. It is the fastest way to implement Oracle's Java Deployment Rule Set feature (which +will be explained later). PolicyPak is not reinventing the wheel or tricking Java. Instead, it works +alongside Oracle's sanctioned method for the mapping of Java versions to Java applets. + +**NOTE:** See this video +[Use Endpoint Policy Manager Cloud to choose which version of Java for what website](/docs/endpointpolicymanager/video/javaenterpriserules/cloud.md) for +an overview of Endpoint Policy Manager Java Rules Manager. + +For instance, you might want to ensure that the following policies are running on your machine: + +- Use Java 7 U 51 for when end users go to www.internal.com/app1. +- Use Java 8 U 25 for when end users go to www.internal.com/app2. +- Block specific Java applets from running in specific websites. +- Use the latest version of Java for all other sites and circumstances. + +PolicyPak Java Rules Manager enables you to perform the following functions: + +- Assemble settings (policies) into collections. +- Set Item-Level Targeting on policies and collections. +- Deliver policies to the Computer side (without Group Policy Loopback mode). +- Create exact criteria for when specific Java versions should open in a browser. +- Export policies or collections as XML files for use with PolicyPak Exporter and PolicyPak Cloud. + See [Exporting Collections](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/exportcollections.md) for additional information. +- Set custom messages when blocking a Java applet. + +To use the Quickstart for PolicyPak Java Rules Manager, we recommend you have one endpoint (Windows +7 or later) configured with the following browsers and Java versions: + +- Internet Explorer 11 +- Firefox (latest ESR version still supports Java) +- Chrome (latest) +- Java 7 (our examples will use Java 7 U 51) +- Java 8 (our examples will use Java 8 U 25) +- The latest version of Java (Java 8 U 111 as of this manual's publication) + +It is recommended that you test the endpoint (Windows 7 or later) with all these versions of Java, +as well as Internet Explorer, Firefox, and Chrome. + +![about_policypak_java_rules](/img/product_docs/endpointpolicymanager/javaenterpriserules/about_endpointpolicymanager_java_rules.webp) + +Even though there are more advanced scenarios, this will get you going quickly. + +There are a few basic ways you can use PolicyPak Java Rules Manager. + +- First, create a Microsoft Group Policy Object (GPO) using PolicyPak Java Rules Manager. If you use + Group Policy as the delivery mechanism, then that directive is deployed to client machines. +- Alternatively, export the PolicyPak Java Rules Manager rules and deliver them via the following + applications: + + - Microsoft Endpoint Manager (SCCM and Intune) + - Your own systems management software + - PolicyPak Cloud service + - The client machine with the PolicyPak client-side extension (CSE) + +**NOTE:** If you use the PolicyPak Cloud service, you can deliver Group Policy settings even to +non-domain-joined machines over the Internet. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/_category_.json new file mode 100644 index 0000000000..ba60bf1dab --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overcoming Java Prompts", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/firefox.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/firefox.md new file mode 100644 index 0000000000..cbae87ad09 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/firefox.md @@ -0,0 +1,18 @@ +--- +title: "Type 2: Java Messages for Firefox" +description: "Type 2: Java Messages for Firefox" +sidebar_position: 20 +--- + +# Type 2: Java Messages for Firefox + +When an end user encounters a Java applet on a website, they are asked to Activate Java, and to +Allow Now or Allow and Remember appear + +![overcoming_java_prompts_1](/img/product_docs/endpointpolicymanager/javaenterpriserules/prompts/overcoming_java_prompts_1.webp) + +![overcoming_java_prompts_2](/img/product_docs/endpointpolicymanager/javaenterpriserules/prompts/overcoming_java_prompts_2.webp) + +See +[Firefox: How do I set "Allow Now", "Allow and Remember" or "Block Plugin" as plug-ins are requested?](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/ApplicationSettings/Preconfigured/Firefox/AllowRemember.htm) +for additional information. diff --git a/docs/endpointpolicymanager/javaenterpriserules/prompts/firefoxinternetexplorer.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/firefoxinternetexplorer.md similarity index 89% rename from docs/endpointpolicymanager/javaenterpriserules/prompts/firefoxinternetexplorer.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/firefoxinternetexplorer.md index 889a2ed6c6..0fbd316960 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/prompts/firefoxinternetexplorer.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/firefoxinternetexplorer.md @@ -1,3 +1,9 @@ +--- +title: "Type 1: Java Messages for Firefox and Internet Explorer" +description: "Type 1: Java Messages for Firefox and Internet Explorer" +sidebar_position: 10 +--- + # Type 1: Java Messages for Firefox and Internet Explorer If the message Application Blocked by Java Security appears when working in Internet Explorer and diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/_category_.json new file mode 100644 index 0000000000..6c75c81f0c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Type 3: Java Messages for Internet Explorer", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message1.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message1.md similarity index 95% rename from docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message1.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message1.md index 31bd5e0054..88ec6fb88f 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message1.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message1.md @@ -1,3 +1,9 @@ +--- +title: "IE Message 1" +description: "IE Message 1" +sidebar_position: 10 +--- + # IE Message 1 A user may receive the following Java message when encountering an applet in Internet Explorer: diff --git a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message2.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message2.md similarity index 95% rename from docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message2.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message2.md index 7972d99186..14a991f7a4 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message2.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message2.md @@ -1,3 +1,9 @@ +--- +title: "IE Message 2" +description: "IE Message 2" +sidebar_position: 20 +--- + # IE Message 2 Another IE Java message you might encounter is as follows: diff --git a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message3.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message3.md similarity index 96% rename from docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message3.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message3.md index e7cc50eb7d..aa9d213c87 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/prompts/internetexplorer/message3.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/message3.md @@ -1,3 +1,9 @@ +--- +title: "IE Message 3" +description: "IE Message 3" +sidebar_position: 30 +--- + # IE Message 3 A third IE Java message you may encounter is this: diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/overview.md new file mode 100644 index 0000000000..fecf8ff7ea --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/internetexplorer/overview.md @@ -0,0 +1,10 @@ +--- +title: "Type 3: Java Messages for Internet Explorer" +description: "Type 3: Java Messages for Internet Explorer" +sidebar_position: 30 +--- + +# Type 3: Java Messages for Internet Explorer + +You likely want to eliminate messages about Java when users are using Internet Explorer. The tips in +this section can help you to do just that. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/overview.md new file mode 100644 index 0000000000..f2b63f9a9a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/prompts/overview.md @@ -0,0 +1,15 @@ +--- +title: "Overcoming Java Prompts" +description: "Overcoming Java Prompts" +sidebar_position: 50 +--- + +# Overcoming Java Prompts + +Java applets work in Internet Explorer and Firefox. They do not work in Chrome or Microsoft Edge. +Therefore, you will receive Java prompts, which apply to the following browsers: + +- Type 1 — Firefox AND Internet Explorer (These are generic Java messages, which could apply to + either browser.) +- Type 2 — Firefox +- Type 3 — Internet Explorer diff --git a/docs/endpointpolicymanager/javaenterpriserules/theory.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/theory.md similarity index 95% rename from docs/endpointpolicymanager/javaenterpriserules/theory.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/theory.md index 2f8a877318..78234702e3 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/theory.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/theory.md @@ -1,3 +1,9 @@ +--- +title: "Theory of Operation and Moving Parts" +description: "Theory of Operation and Moving Parts" +sidebar_position: 10 +--- + # Theory of Operation and Moving Parts In this section you will learn about two main things: the theory of operation and the moving parts diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/_category_.json new file mode 100644 index 0000000000..547efce216 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Java Rules Manager", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "usage" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/exportcollections.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/exportcollections.md new file mode 100644 index 0000000000..5b47598983 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/exportcollections.md @@ -0,0 +1,20 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 40 +--- + +# Exporting Collections + +Appendix A explains how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy +Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, your +own MDM service, or Endpoint Policy Manager Cloud. To export a policy for later use using Endpoint +Policy Manager Exporter or Endpoint Policy Manager Cloud, right-click the collection or the policy +and select **Export to XML**. This will enable you to save an XML file, which you can use later. + +![using_policypak_java_rules_13](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_13.webp) + +**NOTE:** Exported collections or policies maintain any Item-Level Targeting that has already been +set. Also, note that Endpoint Policy Manager Java Rules Manager policies are always contained within +collections, even if you export one single policy. In other words, a collection is automatically +created at export time even if you export a single policy. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/itemleveltargeting.md new file mode 100644 index 0000000000..1d4c37590a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/itemleveltargeting.md @@ -0,0 +1,67 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 20 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint +Policy Manager to target or filter where specific policies will apply. With Endpoint Policy Manager +Java Rules Manager, Item-Level Targeting can be placed on collections as well as Java Rules Manager +policies within collections. + +**Step 1 –** To start, right-click the collection, and select **Change Item Level Targeting**. + +![quickstart_policypak_java_2](/img/product_docs/endpointpolicymanager/javaenterpriserules/quickstart_endpointpolicymanager_java_2.webp) + +**Step 2 –** Within a Java Rules Manager policy, you can dictate an Item-Level Targeting policy by +clicking on **Item-Level Targeting**. + +![using_policypak_java_rules_7](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_7.webp) + +**Step 3 –** The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select +any combination of characteristics you want to test for. Administrators familiar with Group Policy +Preferences' Item-Level Targeting will be at home in this interface as it is functionally +equivalent. + +**Step 4 –** You can apply one or more targeting items to a policy, which enables targeting items to +be joined logically. You can also add targeting collections, which group together targeting items in +much the same way parentheses are used in an equation. In this way, you can create a complex +determination about where a policy will be applied. Collections may be set to **And**, **Or**, +**Is**, or **Is Not**. + +![using_policypak_java_rules_8](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_8.webp) + +Below are some real-world examples of how you can use Item-Level Targeting. + +- Software prerequisites — If you want to configure an application's settings, first make sure the + application is installed on the user's computer before configuring it. You can use File Match or + Registry Match targeting items (or both) to verify a specific version of a file or a registry + entry is present. (For an example of this, look in the Uninstall registry key.) +- Mobile computers — If you want to deploy settings exclusively for users on mobile PCs, then filter + the rule to apply only to mobile PCs by using the Portable Computer targeting item. +- Operating system version — You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system. Then filter each + rule using the Operating System targeting item. +- Group membership — You can link the Group Policy Object (GPO) to the whole domain or + organizational unit (OU), but only members within a specific group will pick up and process the + rule settings. +- IP range — You can specify different settings for various IP ranges, like different settings for + the home office and each field office. + +**Step 5 –** Close the editor when done. The collection's icon will have changed to orange, which +indicates it now has Item-Level Targeting on the whole collection. In other words, none of the items +in the collection will apply unless the Item-Level Targeting on the collection evaluates to True. + +![using_policypak_java_rules_9](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_9.webp) + +Within the collection, setting Item-Level Targeting within any policy results in the icon turning +orange. The Item-Level Targeting column will indicate if Item-Level Targeting is on (Yes) or off +(No). + +![using_policypak_java_rules_10](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_10.webp) + +In this way, you can have granular control over policies and collections. First, filter with +Item-Level Targeting on a collection, and then filter any specific rule if any Item-Level Targeting +is applied there. diff --git a/docs/endpointpolicymanager/javaenterpriserules/manageria.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/manageria.md similarity index 98% rename from docs/endpointpolicymanager/javaenterpriserules/manageria.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/manageria.md index 328a66cf5a..4564910d1f 100644 --- a/docs/endpointpolicymanager/javaenterpriserules/manageria.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/manageria.md @@ -1,3 +1,9 @@ +--- +title: "Managing Java Rules" +description: "Managing Java Rules" +sidebar_position: 10 +--- + # Managing Java Rules Rich Internet Application (RIA) is a way to describe a Java applet used on a website. There are diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/processorderprecedence.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/processorderprecedence.md new file mode 100644 index 0000000000..2ed7926fcc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/processorderprecedence.md @@ -0,0 +1,34 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 30 +--- + +# Understanding Processing Order and Precedence + +When you use Endpoint Policy Manager Java Rules Manager you might have multiple policies and/or +conflicting settings. When you do, you should attempt to troubleshoot by understanding the +processing order and precedence order as explained in the following sections. + +## Processing Order + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So, lower-numbered collections attempt to process first, and higher-numbered collections attempt to +process last. Then, within any collection, each policy is processed in numerical order from lowest +to highest. + +![using_policypak_java_rules_11](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_11.webp) + +![using_policypak_java_rules_12](/img/product_docs/endpointpolicymanager/javaenterpriserules/using_endpointpolicymanager_java_rules_12.webp) + +## Precedence + +Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint +Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As +such, the Endpoint Policy Manager engine needs to make a final determination whether there is any +overlap of policies. Here is how the precedence works: + +- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. +- Policies delivered through Endpoint Policy Manager files have the next highest precedence. +- Policies delivered through Endpoint Policy Manager k Group Policy directives have the highest + precedence. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/usage.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/usage.md new file mode 100644 index 0000000000..4054ae1232 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/usage/usage.md @@ -0,0 +1,15 @@ +--- +title: "Using Java Rules Manager" +description: "Using Java Rules Manager" +sidebar_position: 30 +--- + +# Using Java Rules Manager + +In this section, you will learn how to do the following: + +- Create the right Java rules for the right circumstances +- Modify rules with Item-Level Targeting +- Understand the processing order of rules +- Learn how to export collections and rules to deploy using Microsoft Endpoint Manager (SCCM and + Intune) or Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/_category_.json b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/_category_.json new file mode 100644 index 0000000000..2bdb3200ea --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Security Settings Manager", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/securitysettings/exportwizard.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/exportwizard.md similarity index 90% rename from docs/endpointpolicymanager/securitysettings/exportwizard.md rename to docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/exportwizard.md index 0e6798252e..9a8e87dff1 100644 --- a/docs/endpointpolicymanager/securitysettings/exportwizard.md +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/exportwizard.md @@ -1,3 +1,9 @@ +--- +title: "Using the Endpoint Policy Manager Security Settings Manager Export Wizard" +description: "Using the Endpoint Policy Manager Security Settings Manager Export Wizard" +sidebar_position: 20 +--- + # Using the Endpoint Policy Manager Security Settings Manager Export Wizard Click on **Export this GPO's Computer-Side Security Settings forEndpoint Policy Manager Exporter and @@ -39,4 +45,4 @@ location and filename to save your XML file. Keep this file handy since you'll use it with Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. To learn more about how to deliver settings outside of Group Policy, be sure to read -Appendix A, [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md). +Appendix A, [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md). diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/gettoknow.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/gettoknow.md new file mode 100644 index 0000000000..b6d4581aa4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/gettoknow.md @@ -0,0 +1,21 @@ +--- +title: "Getting to Know Endpoint Policy Manager Security Settings Manager" +description: "Getting to Know Endpoint Policy Manager Security Settings Manager" +sidebar_position: 10 +--- + +# Getting to Know Endpoint Policy Manager Security Settings Manager + +Endpoint Policy Manager Security Settings Manager is a node you see within every GPO you create. +While Endpoint Policy Manager Security Settings Manager is listed on both the Computer and User +sides, it only functions on the the computer side. Below you can see the export option available. + +![about_policypak_security_settings_1](/img/product_docs/endpointpolicymanager/securitysettings/about_endpointpolicymanager_security_settings_1.webp) + +The only job of the Endpoint Policy Manager Security Settings Manager node is to export the +computer-side security settings as an XML file. This XML file can be used with Endpoint Policy +Manager Exporter (with Microsoft Endpoint Manager [SCCM and Intune], KACE, etc.) or uploaded to +Endpoint Policy Manager Cloud. + +**NOTE:** Additionally, if you use the PolicyPak Cloud service, you can even deliver these Group +Policy security settings to non-domain-joined machines over the Internet. diff --git a/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/overview.md b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/overview.md new file mode 100644 index 0000000000..57a4d9d901 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/overview.md @@ -0,0 +1,55 @@ +--- +title: "Security Settings Manager" +description: "Security Settings Manager" +sidebar_position: 40 +--- + +# Security Settings Manager + +**NOTE:** Before reading this section, please ensure you have read Book 2: +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section in Appendix A: +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) to deploy your +directives. + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Security Settings Manager enables +administrators to harness the power of Microsoft's existing security settings and deliver those +settings without Group Policy (via Microsoft Endpoint Manager [SCCM], KACE, or Endpoint Policy +Manager Cloud). The supported Microsoft security settings can be seen below.  Red lines indicate +these items are not supported by Endpoint Policy Manager. + +![about_policypak_security_settings](/img/product_docs/endpointpolicymanager/securitysettings/about_endpointpolicymanager_security_settings.webp) + +**NOTE:** The following items are NOT supported by Endpoint Policy Manager Security Settings +Manager: + +- IP Security +- Wired network (IEEE 802.3) policies +- Wireless network (IEEE 802.11) policies +- Advanced audit policies + +## Moving Parts + +Endpoint Policy Manager Security Settings Manager has the following components: + +- A management station — To start, create a standard Group Policy Object (GPO), editing it with the + security settings you want (**Computer Configuration** **>** **Policies | Security**). Then use + the **Endpoint Policy Manager** **>** **Endpoint Policy Manager Security Settings Manager** node. +- The Endpoint Policy Manager client-side extension (CSE) — This runs on the client (target) + machine. It is the same CSE for all Endpoint Policy Manager products. There isn't anything + separate to install, and the Endpoint Policy Manager CSE must be present in order to accept + Endpoint Policy Manager Security Settings Manager directives when using Microsoft Endpoint Manager + (SCCM and Intune), KACE, similar utilities, or Endpoint Policy Manager Cloud. +- Endpoints — Endpoints must be licensed for Endpoint Policy Manager Security Settings Manager using + one of the licensing methods. +- Endpoint Policy Manager Exporter (optional) — This is a free utility that lets you take Endpoint + Policy Manager Admin Templates Manager and other Endpoint Policy Manager products' XML files and + wrap them into a portable MSI file for deployment using Microsoft Endpoint Manager (SCCM and + Intune), a mobile device management service, or your own systems management software. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/_category_.json b/docs/endpointpolicymanager/manuals/desktopautomationand/_category_.json new file mode 100644 index 0000000000..ea14dc408c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Desktop Automation And Connectivity Pak", + "position": 90, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/scriptstriggers/networksecuritymanager.md b/docs/endpointpolicymanager/manuals/desktopautomationand/networksecuritymanager.md similarity index 87% rename from docs/endpointpolicymanager/scriptstriggers/networksecuritymanager.md rename to docs/endpointpolicymanager/manuals/desktopautomationand/networksecuritymanager.md index b8852278dd..052769c989 100644 --- a/docs/endpointpolicymanager/scriptstriggers/networksecuritymanager.md +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/networksecuritymanager.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Network Security Manager" +description: "Endpoint Policy Manager Network Security Manager" +sidebar_position: 30 +--- + # Endpoint Policy Manager Network Security Manager Network Security Manager enables you to restrict processes to communicate with specific IP addresses @@ -15,7 +21,7 @@ Some examples of use are: ## Getting started with Endpoint Policy Manager Network Security Manager **_RECOMMENDED:_** For an overview of this section, see this video: See -[Endpoint Policy Manager Network Security Manager - The Basics](/docs/endpointpolicymanager/video/networksecurity/basics.md) +[Endpoint Policy Manager Network Security Manager - The Basics](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/basics.md) topic for additional information. Pick an application you wish to restrict, like a browser (such as Edge, Firefox, PaleMoon, etc) or a @@ -100,7 +106,7 @@ Microsoft.com, but are restricted to the specific network location you specified ## Auditing Events **_RECOMMENDED:_** See the -[Endpoint Policy Manager Network Security Manager - Auditing Events](/docs/endpointpolicymanager/video/networksecurity/auditingevents.md) +[Endpoint Policy Manager Network Security Manager - Auditing Events](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/auditingevents.md) topic for additional information. Auditing Events can be useful if you want to determine if your rules are working. Each rule may be @@ -125,13 +131,13 @@ reduce the amount of noise. Because Network Security Manager uses the same basic UI as Endpoint Policy Manager Least Privilege Manager, you can learn more about Simple rules here: -- [Elevating Executables](/docs/endpointpolicymanager/leastprivilege/elevate/executables.md) -- [Creating and Using Executable Combo Rules](/docs/endpointpolicymanager/leastprivilege/bestpractices/rules/executablecombo.md) +- [Elevating Executables](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/executables.md) +- [Creating and Using Executable Combo Rules](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/executablecombo.md) You can learn more about the following additional Endpoint Policy Manager Network Security manager topics via our How-To videos: - Understanding Applications & Ports: - [Endpoint Policy Manager Network Security Manager - Applications and Ports](/docs/endpointpolicymanager/video/networksecurity/applicationsports.md) + [Endpoint Policy Manager Network Security Manager - Applications and Ports](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/applicationsports.md) - Deeper Dive into Customizations & Notifications: - [Endpoint Policy Manager Network Security Manager - Global settings](/docs/endpointpolicymanager/video/networksecurity/globalsettings.md) + [Endpoint Policy Manager Network Security Manager - Global settings](/docs/endpointpolicymanager/knowledgebase/networksecuritymanag/videolearningcenter/gettingstarted/globalsettings.md) diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/_category_.json b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/_category_.json new file mode 100644 index 0000000000..90ab9550c6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Remote Desktop Protocol Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/_category_.json b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/_category_.json new file mode 100644 index 0000000000..09885dea13 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting To Know RDP Manager", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/remotedesktopprotocol/importrdpfile.md b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/importrdpfile.md similarity index 87% rename from docs/endpointpolicymanager/remotedesktopprotocol/importrdpfile.md rename to docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/importrdpfile.md index fc85e73baa..f331ede3ea 100644 --- a/docs/endpointpolicymanager/remotedesktopprotocol/importrdpfile.md +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/importrdpfile.md @@ -1,3 +1,9 @@ +--- +title: "importrdpfile" +description: "importrdpfile" +sidebar_position: 20 +--- + ## Importing an RDP File If you already have existing RDP files configured and saved, you can import them. diff --git a/docs/endpointpolicymanager/remotedesktopprotocol/policiessettings.md b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/policiessettings.md similarity index 96% rename from docs/endpointpolicymanager/remotedesktopprotocol/policiessettings.md rename to docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/policiessettings.md index bf53f4b992..c3dc55ea06 100644 --- a/docs/endpointpolicymanager/remotedesktopprotocol/policiessettings.md +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/gettingtoknowrdpmana/policiessettings.md @@ -1,3 +1,9 @@ +--- +title: "Policies and Settings" +description: "Policies and Settings" +sidebar_position: 10 +--- + # Policies and Settings In this example, we're going to deliver an RDP file to the user desktop. The shortcut will appear diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/_category_.json b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/_category_.json new file mode 100644 index 0000000000..819a2206d6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Item-Level Targeting with Collections and Policies", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/exportcollections.md b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/exportcollections.md new file mode 100644 index 0000000000..00a59b0e37 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/exportcollections.md @@ -0,0 +1,21 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 20 +--- + +# Exporting Collections + +Appendix A: Advanced Concepts explains how to use the Endpoint Policy Manager Exporter to wrap up +any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and +Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. To export a policy for later +use using Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud, right-click the +collection or the policy and select **Export to XML**. This will enable you to save an XML file, +which you can use later. + +![using_item_level_targeting_7](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_7.webp) + +Remember that Endpoint Policy Manager RDP policies can be created and exported on the User or +Computer side. For instance, below we have a collection being exported. + +![using_item_level_targeting_8](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_8.webp) diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/overview.md b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/overview.md new file mode 100644 index 0000000000..bca6bc1471 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/overview.md @@ -0,0 +1,54 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 20 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix +Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. +With Endpoint Policy Manager RDP Manager, Item-Level Targeting can be placed on collections, as well +as policies within collections. + +A collection enables you to group together Endpoint Policy Manager RDP Manager policies so they can +act together. For instance, you might create a collection for only East Sales users and another for +HR Users. + +![using_item_level_targeting](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting.webp) + +Below you can see the two collections we have created which can hold other collections or policies. +You can also see how you can apply Item-Level Targeting for a collection. + +![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_1.webp) + +To change the Item-Level Targeting, right-click any Endpoint Policy Manager RDP Manager policy, and +select **Edit Item Level Targeting**. + +![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_2.webp) + +The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select any +combination of characteristics you want to test for. Administrators familiar with Group Policy +Preferences' Item-Level Targeting will be at home in this interface, as it is functionally +equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically. You can also add targeting collections, which group together targeting items in much the +same way parentheses are used in an equation. In this way, you can create a complex determination +about where a policy will be applied. Collections may be set to And, Or, Is, or Is Not. + +When targeting policies and collections for Endpoint Policy Manager RDP Manager policies, it is a +good idea to target portable computers and mobile user security groups. You can also require that +users not be on the corporate LAN as well. + +![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_3.webp) + +In this example, the Pak would only apply to Windows 10 machines when the machine is portable and +not on the corporate LAN subnet, and the user is in the FABRIKAM\Traveling Sales Users group. + +When using Item-level Targeting and conditional settings, you can check the **Remove RDP file when +policy no longer applies** option to delete the RDP file when the policy no longer applies. For +example, using the example below, the policy would no longer apply whenever the computer obtains an +address from the corporate LAN. + +![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_4.webp) diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/processorderprecedence.md new file mode 100644 index 0000000000..eea593a174 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/processorderprecedence.md @@ -0,0 +1,16 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 10 +--- + +# Understanding Processing Order and Precedence + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So, lower-numbered collections attempt to process first, and higher-numbered collections attempt to +process last. Then, within any collection, each policy is processed in numerical order from lowest +to highest. + +![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_5.webp) + +![using_item_level_targeting_6](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_6.webp) diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/overview.md b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/overview.md new file mode 100644 index 0000000000..49f9c39b05 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/overview.md @@ -0,0 +1,20 @@ +--- +title: "Remote Desktop Protocol Manager" +description: "Remote Desktop Protocol Manager" +sidebar_position: 10 +--- + +# Remote Desktop Protocol Manager + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Desktop Protocol (RDP) Manager enables +you to perform the following operations in Windows 10 in order to optimize remote work and VDI +scenarios: + +- Manage RDP connections using an intuitive GUI just like RDP Connection Manager +- Create, replace, update, and delete RDP files on user desktops +- Configure and deliver the complete gamut of RDP settings and keep them up to date +- Specify which RDP files should go on which machines based on conditional settings + +**NOTE:** See +[Create and update .RDP files for end-users for Remote Work and VDI scenarios](/docs/endpointpolicymanager/knowledgebase/endpointpolicyrdpman/videolearningcenter/remoteworkandvdiscen/vdiscenarios.md) +for an overview of Endpoint Policy Manager Remote Desktop Protocol Manager diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/overview_1.md b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/overview_1.md new file mode 100644 index 0000000000..dff9a3c245 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/overview_1.md @@ -0,0 +1,32 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 30 +--- + +# Troubleshooting + +Netwrix Endpoint Policy Manager (formerly PolicyPak) log files for Endpoint Policy Manager RDP +Manager are found in the following folders: + +- `%Programdata%\PolicyPak\PolicyPak Remote Desktop Protocol Manager for Computer side logs` +- `%AppData%\PolicyPak\PolicyPak Remote Desktop Protocol Manager for User side logs` + +There are also several files to check in the User folder: + +- `ppUser_OnLogon.log`: New data is added to this log when Group Policy applies at the time of login + (and items are set for the User, not the Computer). +- `ppUser_Switched.log`: New data is added to this log when Group Policy applies at the time of + login (but items are set for the Computer). +- `ppUser_OnGroupPolicy.log`: New data is added to this log when Group Policy applies in the + background (on GPupdate or when Group Policy applies in the background). +- `ppUser_onPolicyChanged.log`: New data is added to this log when Group Policy applies in the + background or when a method other than Group Policy is used (Microsoft Endpoint Manager [SCCM and + Intune], PolicyPak Cloud, and so on). + +Start troubleshooting by verifying the licensing, GPO name, and collection or policy name, as shown +in Figure 18. + +![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/remotedesktopprotocol/troubleshooting.webp) + +Figure 18. The ppuser log file. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/_category_.json b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/_category_.json new file mode 100644 index 0000000000..ca4fda6b33 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Scripts & Triggers Manager", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/advantages.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/advantages.md new file mode 100644 index 0000000000..eea55ab17c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/advantages.md @@ -0,0 +1,33 @@ +--- +title: "Advantages of Using Scripts & Triggers Manager" +description: "Advantages of Using Scripts & Triggers Manager" +sidebar_position: 20 +--- + +# Advantages of Using Scripts & Triggers Manager + +With Endpoint Policy Manager Scripts & Triggers Manager, the advantages you get are based on the +policy method you already employ. + +- For those using Group Policy: + + - You can deploy scripts to users or computers. + - Use can use Item-Level Targeting to determine whether the script should run. + - You can apply the script always, once, or when forced manually. + +- For those using Endpoint Policy Manager Cloud: + + - You can deploy scripts to your non-domain-joined machines. + - You can deploy scripts to your Windows 7 and 10 Home machines, which allows you to do + interesting things that were once only possible using Group Policy Preferences, for example, + delivering a shortcut to the Desktop of your non-domain-joined Windows 10 Home device. + +- For those using an MDM solution: + + - If your MDM solution has no scripting ability (or you have to pay extra for it) then Endpoint + Policy Manager provides the solution. + - You can use Item-Level Targeting to determine whether the script should run. + + - You can apply the script always, once, or when forced manually. + + - You can write your script in most common languages; not just PowerShell. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/_category_.json b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/_category_.json new file mode 100644 index 0000000000..b109235bb3 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting to Know Scripts & Triggers Manager", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/computerside.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/computerside.md new file mode 100644 index 0000000000..42572e6060 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/computerside.md @@ -0,0 +1,44 @@ +--- +title: "Using Endpoint Policy Manager Scripts on the Computer Side" +description: "Using Endpoint Policy Manager Scripts on the Computer Side" +sidebar_position: 20 +--- + +# Using Endpoint Policy Manager Scripts on the Computer Side + +In the Quickstart example, we delivered scripts to users, but Endpoint Policy Manager can also +deliver scripts on the Computer side. There are two options when you create a scripts policy from +the Computer side, which can be seen in Figure 17. + +![getting_to_know_scripts_triggers_13](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_13.webp) + +Figure 17. Using Endpoint Policy Manager Scripts & Triggers Manager Wizard on the Computer side. + +The two options to select from are: + +- Apply this policy to computer (default):  This will apply the settings to the computer in the + System context. This is best when you're trying to do things that only the system should do, like + manipulate the Registry with HKLM keys or system files, and so on. The policy only applies when + the Computer context is used. +- Apply this policy to all users who log into the computer (switched mode): This setting will run + the script either as System (default behavior) or in the User context. This gives you the ability + to run a script anytime a user logs into the computer, and then also specify the context (System + or User.) + +**NOTE:** Scripts placed on the Computer side, but run in the User context can be run interactively. +But scripts run in the System context cannot be run interactively. + +The main advantage to applying scripts on the Computer side, but running in User context, is that +you do not need Loopback in order to deliver user-side scripts to computers. In this way, you can +target specific scripts for collections of computers like training rooms, free seating areas, VDI, +and similar situations, and ensure that the same script runs for everyone who sits down at these +computers. + +Note some subtle differences about when policies are set to "Always apply": + +- Switched policies apply to users (even though they're targeted to computers.) As such, all + switched policies apply on login and anytime the Group Policy service updates (in the background, + and manually when you run GPupdate and PPupdate). +- All policies with "Always apply" selected will reapply when policy changes are made. +- All policies with "Always apply" selected will reapply when the Endpoint Policy Manager service + starts up. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/overview.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/overview.md new file mode 100644 index 0000000000..9263ee3d85 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/overview.md @@ -0,0 +1,41 @@ +--- +title: "Getting to Know Scripts & Triggers Manager" +description: "Getting to Know Scripts & Triggers Manager" +sidebar_position: 30 +--- + +# Getting to Know Scripts & Triggers Manager + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts & Triggers Manager is contained within +the PolicyPak node, as demonstrated in Figure 4. Endpoint Policy Manager Scripts & Triggers Manager +MMC snap-in enables you to create a new Endpoint Policy Manager Scripts & Triggers Manager policy or +collection. + +**NOTE:** You will only see the Endpoint Policy Manager Scripts & Triggers Manager node when the +latest Admin Console MSI is installed on the management station. + +![getting_to_know_scripts_triggers](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers.webp) + +Figure 4. The location of the Endpoint Policy Manager Scripts & Triggers Manager. + +The functions of collections and policies are as follows: + +- Policies are the rules that perform the work. +- Collections are groupings of policies. + +The next section provides a Quickstart to using Endpoint Policy Manager Scripts & Triggers Manager. +We suggest you download the sample scripts that we've provided on our website to your management +station and follow along. Select the Guidance XMLs and Scripts category, then download them, as seen +in Figure 5. + +![getting_to_know_scripts_triggers_1](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_1.webp) + +Figure 5. Download the Endpoint Policy Manager scripts from the Guidance XMLs location in the +Endpoint Policy Manager Portal. + +Before continuing, make sure you have the downloaded script examples unpacked and ready to go. You +should have a folder that looks similar to what's seen in Figure 6. + +![getting_to_know_scripts_triggers_2](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_2.webp) + +Figure 6. Endpoint Policy Manager script examples unpacked. diff --git a/docs/endpointpolicymanager/scriptstriggers/gettoknow/shortcuts.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/shortcuts.md similarity index 97% rename from docs/endpointpolicymanager/scriptstriggers/gettoknow/shortcuts.md rename to docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/shortcuts.md index d96d5e0dde..8e379d3355 100644 --- a/docs/endpointpolicymanager/scriptstriggers/gettoknow/shortcuts.md +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/shortcuts.md @@ -1,3 +1,9 @@ +--- +title: "Quick Start - Making and Removing Shortcuts" +description: "Quick Start - Making and Removing Shortcuts" +sidebar_position: 10 +--- + # Quick Start - Making and Removing Shortcuts **NOTE:** For some video overviews of Endpoint Policy Manager Scripts & Triggers Manager, see diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/usage.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/usage.md new file mode 100644 index 0000000000..8dde7082e4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/gettoknow/usage.md @@ -0,0 +1,67 @@ +--- +title: "Using Endpoint Policy Manager Scripts and Triggers" +description: "Using Endpoint Policy Manager Scripts and Triggers" +sidebar_position: 30 +--- + +# Using Endpoint Policy Manager Scripts and Triggers + +You may want to map a drive on a remote machine whenever it connects to the network through VPN or +map a printer whenever a user opens a designated application and then unmap the drive or printer +once the VPN connection or application is closed. You can do this through the use of Endpoint Policy +Manager scripts and triggers. + +**NOTE:** For an overview of Endpoint Policy Manager scripts and triggers see +[Endpoint Policy Manager Scripts + Triggers: Map a printer or drive when a process runs and un-map it when closed.](/docs/endpointpolicymanager/video/scriptstriggers/mapdrivetriggers.md). + +**Step 1 –** Let's use an example in which you want to map a printer for your users whenever they +use Acrobat Reader. There are a couple of script options we can use to map a printer. It is highly +recommended that you manually test your scripts first in order to make sure they work properly. This +will prevent you from having to troubleshoot issues down the road when you deploy your policies. In +Figure 18 we are using a simple PowerShell script to map the printer. (If the PowerShell script +doesn't work for your environment then you can use a traditional batch script to map it.) + +![getting_to_know_scripts_triggers_14](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_14.webp) + +Figure 18. Using a PowerShell script to map a printer. + +**Step 2 –** There are no revert scripts when using triggers so this section is not applicable as +shown in Figure 19. + +![getting_to_know_scripts_triggers_15](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_15.webp) + +Figure 19. There are no revert scripts when using triggers. + +**Step 3 –** You then need to select your desired trigger type. In Figure 20 we are selecting +"Process start."  Notice the other trigger options available. + +![getting_to_know_scripts_triggers_16](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_16.webp) + +Figure 20. Choosing the desired trigger type. + +**Step 4 –** You must then select the process. You can either point to the application file or point +to the application process itself if it is currently running. In Figure 21 we have selected the +Acrobat Reader file. + +![getting_to_know_scripts_triggers_17](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_17.webp) + +Figure 21. Selecting the application file. + +**Step 5 –** You can then configure Item-level Targeting if desired. + +**Step 6 –** Now you need to create another policy that will remove the printer mapping once the +user closes Acrobat Reader. To do this, we will use a PowerShell script, shown in Figure 22. + +![getting_to_know_scripts_triggers_18](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_18.webp) + +Figure 22. Using a PowerShell script to remove a printer connection. + +**Step 7 –** Now you need to select "Process close" for the trigger type, as shown in Figure 23. + +![getting_to_know_scripts_triggers_19](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_19.webp) + +Figure 23. Choosing "Process close" as the trigger type to remove the printer when the user closes +Acrobat Reader. + +**Step 8 –** Finally, point to the application file or open process and configure Item-level +Targeting if desired. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/insouts.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/insouts.md new file mode 100644 index 0000000000..b476a72f97 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/insouts.md @@ -0,0 +1,114 @@ +--- +title: "Ins and Outs" +description: "Ins and Outs" +sidebar_position: 10 +--- + +# Ins and Outs + +Endpoint Policy Manager Scripts & Triggers Manager solves several huge Windows 10 issues. Its basic +goal is to deliver scripts using whatever delivery mechanism you might want. For on-prem machines, +you already have some good, but not great, options for running the occasional script. With Endpoint +Policy Manager Cloud, Endpoint Policy Manager Scripts & Triggers Manager brings a method to deploy +scripts that didn't exist before. For those using an MDM solution, there is built-in script +deployment, but it has many restrictions. In this section, we'll examine how scripts have worked +with the in-box Group Policy method and with MDM solutions (without Endpoint Policy Manager ). + +### Managing Scripts with Group Policy + +Deploying scripts with Group Policy is not hard, but it does have some limitations. We'll go through +the process below. + +There are Startup and Shutdown script settings, which are found under the Computer Configuration | +Policies node in the Windows Settings | Scripts (Startup/Shutdown) branch. You can get your proposed +script into the proper GPO in many ways; however, we propose the following as the ideal way: + +**Step 1 –** In the Group Policy Management Editor, drill down to the Scripts (Startup/Shutdown) +node and double-click "Startup." The Startup Properties dialog box will appear. + +**Step 2 –** Click the Add button to open the "Add a Script" dialog box. + +**Step 3 –** In the Script Name field, you can enter a file name or click "Browse" to open the +Browse dialog box, shown in Figure 1. + +**Step 4 –** To create a new file, right-click in the Browse dialog box, and choose New| Text +Document, for example. + +**Step 5 –** Enter a name for the file, such as myscript.bat. + +![about_policypak_scripts_triggers](/img/product_docs/endpointpolicymanager/scriptstriggers/about_endpointpolicymanager_scripts_triggers.webp) + +Figure 1. Adding a script. + +Next, it's important to understand that Startup and Shutdown scripts run in the LocalSystem context. +If you want to connect to resources across the network, you'll need to ensure that those resources +allow for computer access across the network (not just user access), because the script will run in +the context of the computer account when it accesses network resources (such as the Domain Computers +group). + +The Logon and Logoff script settings are under the User Configuration | Policies node in the Windows +Settings | Scripts (Logon/Logoff) branch. Logon and logoff scripts run in the User context. Remember +that a user is just a mere mortal and might not be able to manipulate Registry keys that you may run +in a logon or logoff script. + +You can also run PowerShell-based scripts. You can find these settings in User Configuration | +Policies | Windows Settings | Scripts (Logon/Logoff). Similar settings for the computer are found in +Computer Configuration | Policies | Windows Settings | Scripts (Startup/Shutdown). The dialog can be +seen in Figure 2. + +![about_policypak_scripts_triggers_1](/img/product_docs/endpointpolicymanager/scriptstriggers/about_endpointpolicymanager_scripts_triggers_1.webp) + +Figure 2. Using the in-box Group Policy method to deploy PowerShell scripts. + +These processes are perfectly fine, but do not suit every case. The primary problems with the in-box +Group Policy method are: + +- Scripts can only run at Startup/Shutdown and Logon/Logoff and are only run once, despite the fact + that there may be other times when you want a script to run. +- Scripts are "all or nothing"; that is, the script cannot determine whether or not it should apply + based on certain conditions. +- To make a script run interactively, you must create a global setting (to the machine) within Group + Policy by going to User Configuration | Policies | Administrative Templates | System | Scripts, + and selecting either "Run logon scripts visible" or "Run logoff scripts visible." For Startup and + Shutdown scripts you must go to Computer Configuration | Policies | Administrative Templates | + System | Scripts, and select either "Run startup scripts visible" or "Run shutdown scripts + visible." However, you cannot make a specific script run interactively. +- You cannot make a script that would apply to all users who log into the computer (without using + loopback). + +### Managing Scripts with an MDM service + +On Microsoft Endpoint Manager, the ability to run PowerShell scripts is handled by the Intune +Management extension. For more information on this extension see +[https://docs.microsoft.com/en-us/intune/intune-management-extension](https://docs.microsoft.com/en-us/intune/intune-management-extension). +Figure 3 shows the available options for adding a PowerShell script with Intune. + +![about_policypak_scripts_triggers_2](/img/product_docs/endpointpolicymanager/scriptstriggers/about_endpointpolicymanager_scripts_triggers_2.webp) + +Figure 3. Deploying a PowerShell script using Microsoft Endpoint Manager. + +The MDM script deployment mechanism leaves a lot to be desired, however. The following are the +typical problems with built-in MDM scripts that you may find when using Microsoft Endpoint Manager +(Intune), VMware Workspace ONE (AirWatch), or MobileIron (although the problems might be different +on any given MDM solution, since they are all very different). + +- Some MDM solutions do not enable you to run any scripts at all for any reason. +- For MobileIron customers, enabling scripting costs extra with their MobileIron Bridge add-on. +- Depending on the vendor, the scripts might be restricted to one specific type. For instance, on + Microsoft Endpoint Manager the only script type that may be used is PowerShell. +- Typically, the scripts are applied and run only once (unless the script itself is updated). +- Scripts can only be targeted to computers, not to users. +- The scripts can be targeted to a group of computers, but have no way to determine if conditions + are true on the machine or not. (All the logic for when a script will apply has to be baked into + the script). +- Scripts can take up to an hour to run (that's the nature of MDM, anyway). +- There is no way to trigger the script to re-run manually for quick testing purposes. You need to + manually update the script and wait for MDM to re-deploy it. +- The following restrictions apply on Intune: + + - Scripts must be less than 10 KB (ASCII) or 5 KB (Unicode). + - Scripts can only call the 32-bit version of PowerShell, so 64-bit PowerShell cmdlets cannot be + used. + - The scripts only run when a computer is associated with a user; so with kiosk devices, using + the MDM scripting is often not possible. + - The scripts will not run with hybrid scenarios (domain-joined and Azure registered devices.) diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/_category_.json b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/_category_.json new file mode 100644 index 0000000000..dd0b8e0730 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Item-Level Targeting with Collections and Policies", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/exportcollections.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/exportcollections.md new file mode 100644 index 0000000000..89ecb5ae63 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/exportcollections.md @@ -0,0 +1,58 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 20 +--- + +# Exporting Collections + +Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) explains +how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager directive and +deliver it using an MDM service such as Microsoft Endpoint Manager (SCCM and Intune), KACE, and so +on, as well as via Endpoint Policy Manager Cloud. + +**NOTE:** For a video demonstrating the use of Endpoint Policy Manager scripts with Endpoint Policy +Manager Cloud and an MDM service see +[Endpoint Policy ManagerScripts .. Deploy Software via VPN or with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/scriptstriggers/cloud.md) +and +[Endpoint Policy Manager Scripts and YOUR MDM service: Un-real power](/docs/endpointpolicymanager/video/scriptstriggers/mdm.md) + +Remember that Endpoint Policy Manager Scripts & Triggers Manager policies can be created and +exported on the User or Computer side. For instance, in Figure 30, you can see an export from the +User side. + +![using_item_level_targeting_6](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_6.webp) + +Figure 30. Exporting a policy from the User side. + +In Figure 31, you can see an export of a Endpoint Policy Manager Scripts & Triggers Manager XML file +from the Computer side. + +![using_item_level_targeting_7](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_7.webp) + +Figure 31. Exporting a collection from the Computer side. + +Here are some helpful tips to decide which side to use: + +- When you export a user-side policy, and deploy it using Endpoint Policy Manager Cloud or MDM, it + will apply to every user on the machine (like switched mode). +- When you export a computer-side policy that affects the system, and deploy it using Endpoint + Policy Manager Cloud or MDM, it will apply to the computer as system. +- When you export a computer-side policy that affect all users on the machine, and deploy it using + Endpoint Policy Manager Cloud or MDM, it will apply to every user on the machine (like switched + mode). + +To export a policy for later use with Endpoint Policy Manager Exporter or Endpoint Policy Manager +Cloud, right-click the collection or the policy and select "Export as XML," as demonstrated in +Figure 32. + +**NOTE:** For a video showing how to export policies and use Endpoint Policy Manager Exporter, watch +[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md). + +![using_item_level_targeting_8](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_8.webp) + +Figure 32. Choosing this option will allow the user to export the policy for later use. + +Note that exported collections or policies maintain any Item-Level Targeting set within them. If +you've used items that represent Group Membership in Active Directory, then those items will only +function when the machine is domain-joined. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/overview.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/overview.md new file mode 100644 index 0000000000..a794dbd2a9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/overview.md @@ -0,0 +1,73 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 40 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix +Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. +With Endpoint Policy Manager Scripts & Triggers Manager, Item-Level Targeting can be placed on +collections, as well as Endpoint Policy Manager Scripts & Triggers Manager policies within +collections. + +A collection enables you to group together Endpoint Policy Manager Scripts & Triggers Manager +policies so they can act together. For instance, you might create a collection for only East Sales +computers and another for West Sales computers. Or you might create a collection for Windows 10 +machines and one for Windows Server 2016 RDS, as seen in Figure 24. + +![using_item_level_targeting](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting.webp) + +Figure 24. Scripts & Triggers Manger allows the user to create collections and then set Item-Level +Targeting upon the collections. + +Right-click any Endpoint Policy Manager Scripts & Triggers Manager policy, and select "Edit Item +Level Targeting," as demonstrated in Figure 25. + +![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_1.webp) + +Figure 25. Setting Item-Level Targeting for policy entries themselves. + +The "Edit Item Level Targeting" menu item brings up the Targeting Editor, which is shown in +Figure 26. You can select any combination of characteristics you want to test for. Administrators +familiar with Group Policy Preferences' Item-Level Targeting will be at home in this interface as it +is functionally equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically, also shown in Figure 26. You can also add targeting collections, which group together +targeting items in much the same way parentheses are used in an equation. In this way, you can +create a complex determination about where a policy will be applied. Collections may be set to +"And", "Or", "Is", or "Is Not." + +![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_2.webp) + +Figure 26. In this example, the Pak would only apply to Windows 10 machines when the machine is +portable and the user is in the FABRIKAM\Traveling Sales Users group. + +Below are some real-world examples of of how you can use Item-Level Targeting. + +- Software prerequisites. If you want to configure an application's settings, first make sure the + application is installed on the user's computer before configuring it. You can use File Match or + Registry Match targeting items (or both) to verify a specific version of a file or a registry + entry is present. (For an example of this, look in the Uninstall registry key.) +- Mobile computers. If you want to deploy settings exclusively for users on mobile PCs, then filter + the rule to apply only to mobile PCs by using the "Portable Computer" targeting item. +- Operating system version. You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system. Then filter each + rule using the "Operating System" targeting item. +- Group membership. You can link the Group Policy Object (GPO) to the whole domain or organizational + unit (OU), but only members within a specific group will pick up and process the rule settings. +- IP range. You can specify different settings for various IP ranges, like different settings for + the home office and each field office. + +After editing is completed, close the editor. Note that the icon for the policy or collection has +changed to orange, which shows that it now has Item-Level Targeting, as seen in Figure 27. + +![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_3.webp) + +Figure 27. When the policy or collection's icon is orange, the entry has Item-Level Targeting. + +When Item-Level Targeting is on, the policy won't apply unless the conditions are true. If +Item-Level Targeting is on a collection, then none of the items in the collection will apply unless +the Item-Level Targeting on the collection evaluates to True. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/processorderprecedence.md new file mode 100644 index 0000000000..33e617ba31 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/itemleveltargeting/processorderprecedence.md @@ -0,0 +1,38 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 10 +--- + +# Understanding Processing Order and Precedence + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So lower-numbered collections attempt to process first, and higher-numbered collections attempt to +process last as shown in Figure 28. Then, within any collection, each policy is processed in +numerical order from lowest to highest, as seen in Figure 29. + +![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_4.webp) + +Figure 28. The order collections are processed in. + +![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_5.webp) + +Figure 29. The order policies are processed in. + +## Merging and Conflicts + +Endpoint Policy Manager Scripts & Triggers Manager will merge all policies that come from the Group +Policy method (and/or policies and collections deployed from methods other than Group Policy), +unless there is a conflict. + +## Precedence + +Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint +Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As +such, the Endpoint Policy Manager engine needs to make a final determination whether there is any +overlap of policies. Here is how the precedence works: + +- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. +- Policies delivered through Endpoint Policy Manager files have the next highest precedence. +- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest + precedence. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/overview.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/overview.md new file mode 100644 index 0000000000..8607a4e3f0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/overview.md @@ -0,0 +1,63 @@ +--- +title: "Scripts & Triggers Manager" +description: "Scripts & Triggers Manager" +sidebar_position: 20 +--- + +# Scripts & Triggers Manager + +**NOTE:** Before reading this section, please ensure you have read Book 2: +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section in Appendix A: +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) to deploy your +directives. + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts & Triggers Manager enables you to +perform the following operations on Windows 10: + +- Deliver scripts of most usual types (Batch, Powershell, VB and JavaScript) +- Deliver scripts to both User and Computer sides +- Deliver an "On" script when conditions are true, and an "Off" script when conditions are false. + +**NOTE:** Watch this video for an overview of Endpoint Policy Manager Scripts & Triggers Manager: +[Use with on-prem Group Policy](/docs/endpointpolicymanager/video/scriptstriggers/gettingstarted/onpremise.md) + +The basic way to use Scripts & Triggers Manager is as follows: + +- Create a rule to express which file extensions should launch which applications. +- Export the Scripts & Triggers Manager rules and deliver them using: + + - Microsoft Endpoint Manager (SCCM and Intune) + - Your own systems management software + - A mobile device management (MDM) service + - Endpoint Policy Manager Cloud service + +- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace + the directives and perform the work. + +**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy +settings even to non-domain-joined machines over the Internet. + +## Moving Parts + +- A management station. The Endpoint Policy Manager Admin Console MSI must be installed on the + management station where you create group policy objects (GPOs). Once it's installed, you'll see + the Endpoint Policy Manager | Endpoint Policy Manager Scripts & Triggers Manager node. +- The Endpoint Policy Manager CSE. This runs on the client (target) machine and is the same CSE for + all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint + Policy Manager CSE must be present in order to accept Endpoint Policy Manager Scripts & Triggers + Manager directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and Intune), + KACE, MDM, or similar utilities. +- Endpoints. In order to use these, they must be licensed for Endpoint Policy Manager Scripts & + Triggers Manager using one of the licensing methods. +- Endpoint Policy Manager Exporter (optional). A free utility that lets you take Endpoint Policy + Manager Scripts & Triggers Manager and our other products' XML files and wrap them into a + "portable" MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM + service, or your own systems management software. diff --git a/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/overview_1.md b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/overview_1.md new file mode 100644 index 0000000000..325e72be65 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/overview_1.md @@ -0,0 +1,51 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 50 +--- + +# Troubleshooting + +The most common problem with Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts & Triggers +Manager happens during the initial application. Here are some tips when trying to troubleshoot +Endpoint Policy Manager Scripts & Triggers Manager. + +Endpoint Policy Manager Scripts & Triggers Manager's log files are found in the following folder: + +`%Programdata%\PolicyPak\PolicyPak Scripts Manager`. This is because Endpoint Policy Manager Scripts +& Triggers Manager affects the Computer side (and all users on that computer). It's also possible +there might be some user-side logins in the following folder: + +`%appdata%\local\PolicyPak\PolicyPak Scripts Manager`. But these will not be useful since all +Endpoint Policy Manager Scripts & Triggers Manager work happens on the Computer side. + +There are several files to check in the folder: + +`%Programdata%\PolicyPak\PolicyPak Scripts Manager`. These files are as follows: + +- `ppUser_OnLogon.log`: New data is added to this log when Group Policy applies at the time of login + (and items are set for the user, not the computer). +- `ppUser_Switched.log`: New data is added to this log when Group Policy applies at the time of + login (but items are set for the computer). +- `ppUser_OnGroupPolicy.log`: New data is added to this log when Group Policy applies in the + background (on GPupdate or when Group Policy applies in the background). +- `ppUser_onPolicyChanged.log`: New data is added to this log when Group Policy applies in the + background or when a method other than Group Policy is used (Microsoft Endpoint Manager [SCCM and + Intune], Endpoint Policy Manager Cloud, and so on). + +**Step 1 –** Start with troubleshooting to verify that you are set up with the following scenarios: + +- You have the group policy object (GPO) or file. +- You have a collection within the GPO. +- You have the policies within the collection. + +Figure 33 shows an example of a Endpoint Policy Manager Scripts & Triggers Manager log with some +annotations. + +![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/scriptstriggers/troubleshooting.webp) + +Figure 33. An example of a Endpoint Policy Manager Scripts & Triggers Manager log. + +**Step 2 –** If needed, logs are automatically wrapped up and can be sent to +[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) using the `PPLOGS.EXE` command on any endpoint +where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/manuals/devicemanagementpak/_category_.json b/docs/endpointpolicymanager/manuals/devicemanagementpak/_category_.json new file mode 100644 index 0000000000..870415f45f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Device Management Pak", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/_category_.json b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/_category_.json new file mode 100644 index 0000000000..658b37927f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Device Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/device/devicemanager/devicemanagerpolicies.md b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/devicemanagerpolicies.md similarity index 97% rename from docs/endpointpolicymanager/device/devicemanager/devicemanagerpolicies.md rename to docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/devicemanagerpolicies.md index a3a33cc3ca..ed6b1eb5e2 100644 --- a/docs/endpointpolicymanager/device/devicemanager/devicemanagerpolicies.md +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/devicemanagerpolicies.md @@ -1,3 +1,9 @@ +--- +title: "Device Manager Policies" +description: "Device Manager Policies" +sidebar_position: 20 +--- + # Device Manager Policies Now that USB, CD-ROM and Phone devices are all blocked, you may want to configure some policies for @@ -82,7 +88,7 @@ you're adding users not-joined to Active Directory, and only using an MDM servi **NOTE:** To get an overview of how to acquire SIDs with your MDM service and then use them with Endpoint Policy Manager Device Manager, see the -[How do I get Azure AD SIDs and use them with Item Level Targeting?](/docs/endpointpolicymanager/itemleveltargeting/entraidsids.md) +[How do I get Azure AD SIDs and use them with Item Level Targeting?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/entraidsids.md) and [Block and Allow USB and CD-ROMs with your MDM solution](/docs/endpointpolicymanager/video/device/mdm.md) topics for additional information. diff --git a/docs/endpointpolicymanager/device/devicemanager/globaldevicemanager.md b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/globaldevicemanager.md similarity index 95% rename from docs/endpointpolicymanager/device/devicemanager/globaldevicemanager.md rename to docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/globaldevicemanager.md index 994e0ff2d9..f6d1389748 100644 --- a/docs/endpointpolicymanager/device/devicemanager/globaldevicemanager.md +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/globaldevicemanager.md @@ -1,3 +1,9 @@ +--- +title: "Global Device Manager Policies" +description: "Global Device Manager Policies" +sidebar_position: 10 +--- + # Global Device Manager Policies To get started, create a Device Manager Global Settings policy. Find the node in **Computer diff --git a/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/helpertool.md b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/helpertool.md new file mode 100644 index 0000000000..cdbf2a40e9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/helpertool.md @@ -0,0 +1,49 @@ +--- +title: "Device Manager Helper Tool" +description: "Device Manager Helper Tool" +sidebar_position: 30 +--- + +# Device Manager Helper Tool + +The Endpoint Policy Manager Device Manager Help Tool can help you gather details from Devices, +including those which have been plugged into a system, but are not plugged in now. This can be +helpful on a machine where the user takes the device with them, and you still need to create a +policy for them. + +The Endpoint Policy Manager Device Manager Help Tool can be found in the download in the Endpoint +Policy Manager Extras folder. + +![helper1](/img/product_docs/endpointpolicymanager/device/devicemanager/helper1.webp) + +**NOTE:** The Endpoint Policy Manager Device Manager Helper tool may need local administrative +rights to run and also needs the WinRM service started. + +## Generate a Device List + +Follow the steps to generate a device list that can be used for creating Device Manager policies. + +![helper2](/img/product_docs/endpointpolicymanager/device/devicemanager/helper2.webp) + +**Step 1 –** Open the Endpoint Policy Manager Device Manager Helper. + +The Device Manager Export Wizard displays details for each selection: Disk Drives, Portable Devices, +and/or CD-ROMs. Only pages for detected devices are shown. + +The Device Manager Helper tool enables you to quickly gather Instance Paths for connected and +non-connected devices. + +![helper3](/img/product_docs/endpointpolicymanager/device/devicemanager/helper3.webp) + +**Step 2 –** On the Select Disk Devices window, right-click to automatically copy the detail to the +buffer for later pasting. + +![helper4](/img/product_docs/endpointpolicymanager/device/devicemanager/helper4.webp) + +You can also save the list of all devices at the end of the Wizard using the **Save application list +to this XML** option. + +Then, you may use this list using the previously described wizard pages such as Allow Device by +Serial Number and Allow Device by BitLocker Key, as shown in the example screen below. + +![helper5](/img/product_docs/endpointpolicymanager/device/devicemanager/helper5.webp) diff --git a/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/overview.md b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/overview.md new file mode 100644 index 0000000000..5833e1d7de --- /dev/null +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/overview.md @@ -0,0 +1,166 @@ +--- +title: "Device Manager" +description: "Device Manager" +sidebar_position: 10 +--- + +# Device Manager + +This manual is designed to be both an overview of what you can do with Endpoint Policy Manager +Device Manager and a Quickstart guide for getting up and running quickly. + +**NOTE:** You may ignore the standard or complete designations in the Endpoint Policy Manager Device +Manager UI. Typically, Endpoint Policy Manager is sold in Enterprise or SaaS editions and in those +configurations you get complete (meaning all the features). + +Before reading this section, please ensure you have read Book 2: Installation Quick Start, which +will help you learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, this manual demonstrates how to use on-prem Active Directory and Group Policy to deploy +Endpoint Policy Manager Device Manager directives. If you don't want to use Group Policy, see the +[MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md) topic to deploy directives for additional information. + +**NOTE:** For an overview of Endpoint Policy Manager Device Manager see the +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) topic for additional information. + +Endpoint Policy Manager Device Manager will manage USB and other removable media devices like +CD-ROMs, DVD ROMs, and phones which plug in and have storage when attached to Windows. + +For an overview of managing USB and other removeable media devices using Endpoint Policy Manager +Device Manager, see the +[Instantly Put the smackdown on USB sticks and CD-ROMs](/docs/endpointpolicymanager/video/device/usbdrive.md) topic for +additional information. + +The basic way to use Endpoint Policy Manager Device Manager is as follows: + +- Block end-users from accessing removable devices +- Create a rule to specify which removable devices a user would need access rights to +- Use On-Prem Group Policy to accept the Endpoint Policy Manager Device Manager policies created + +Alternatively, export the Endpoint Policy Manager Device Manger rules and deliver them in one of +these ways: + +- Microsoft SCCM — See the Deploy Endpoint Policy Manager Settings Using SCCM or Other Management + System! topic for additional information + +- Microsoft Intune — See the + [Block and Allow USB and CD-ROMs with your MDM solution](/docs/endpointpolicymanager/video/device/mdm.md) video overview + for additional information + +- PolicyPak Cloud service — See the + [Block USB sticks using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/device/cloud.md) topic for + additional information + +Then allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to +receive the directives and perform the work. + +**NOTE:** If you use an MDM service or Endpoint Policy Manager cloud service, you can deliver +Endpoint Policy Manager Device Privilege Manager settings even to non-domain-joined machines over +the Internet. + +## Endpoint Policy Device Manager Components + +Endpoint Policy Managerhas the following components: + +- A Management Station — The Endpoint Policy Manager Admin Console MSI must be installed on the + management station where you create GPOs. Once it’s installed, you’ll see the **Endpoint Policy + Manager Settings** > **Endpoint Policy Manager Device Privilege Manager** node, as shown below. + +- The Endpoint Policy Manager CSE — This runs on the client (target) machine and is the same CSE for + all Endpoint Policy Manager components (such as Least Privilege Manager, Device Manager, + Application Settings Manager) + +- Windows Endpoints — In order to use these, they must be licensed for Endpoint Policy Manager + Device Manager using one of the licensing methods + +- Also available is Endpoint Policy Manager Cloud when you purchase Enterprise or SaaS + +Endpoint Policy Manager Cloud enables you to create Endpoint Policy Manager Device Manager +directives using the in-cloud editors and connect endpoints to get Endpoint Policy Manager Device +Manager directives. + +![ppcloud](/img/product_docs/endpointpolicymanager/device/devicemanager/ppcloud.webp) + +While this manual mostly demonstrates concepts using the Group Policy editor, nearly everything can +be done using the Endpoint Policy Manager Cloud editors. Additionally, you can take on-prem MMC +directives and upload them to Endpoint Policy Manager Cloud and take in-cloud directives and +download them back as MMC directives. + +Also, you may use Endpoint Policy Manager Device Manager with any management system you like such as +SCCM, Intune, PDQ deploy or anything else. This is because Endpoint Policy Manager directives may be +exported as XML and wrapped up using the Exporter tool. This A free utility that lets you take +Endpoint Policy Manager Admin Templates Manager and our other products’ XML files and wrap them into +a portable MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune) or your own +systems management software. + +The [MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md) topic explains how to use the Endpoint Policy Manager +Exporter to wrap up any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint +Manager (SCCM and Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. + +This topic will get you going with the concepts and results you’re looking for and then you may +choose whatever delivery method makes sense for your organization. + +## Why you need Endpoint Policy Device Manager + +Microsoft makes it easy to turn off all access to USB sticks and other removable devices. With a +simply GPO or MDM setting that can accomplished. + +Here is exactly how to do that (without using Endpoint Policy Manager Device Manager) when using +ADMX settings via GPOs. + +![device01](/img/product_docs/endpointpolicymanager/device/devicemanager/device01.webp) + +The same may be performed using and MDM service like Intune using similar settings. + +![device02](/img/product_docs/endpointpolicymanager/device/devicemanager/device02.webp) + +The result will be the same where Removable Devices will be stopped. + +![device03](/img/product_docs/endpointpolicymanager/device/devicemanager/device03.webp) + +In this way you can completely shut out all devices for all users for all times. + +Unlike Microsoft policies, Endpoint Policy Manager Device Manager allows customized settings for USB +and other removable devices (henceforth written as devices). + +You can perform the following management on devices: + +- Which on-Prem Active Directory or Azure user can use devices +- What access type those devices has (Read, Read/Write, Full) +- Grant access to a device only if the device has Bitlocker on it +- Specify specific device vendors, device IDs and device revisions +- Specify specific serial numbers for devices + +None of this is possible with the in-box settings with Microsoft GPOs or MDM policies (like Intune). + +**NOTE:** Consider integrating with Netwrix Privilege Secure for Endpoints for additional features +when managing devices: + +- Endpoint Policy Manager Device Manager only deals with aspects of removable data devices. For + other device types, like Bluetooth, Serial Ports, printers and shares, consider Netwrix Endpoint + Protector. See the Device Control topic in the User Manual section of the Netwrix Endpoint + Protector [documentation](https://helpcenter.netwrix.com/category/endpointprotector) for + additional information. +- Endpoint Policy Manager Device Manager doesn't inspect the data as it goes by looking for + patterns. That is, PolicyPak Device Manager is not a traditional "Data Loss Prevention" (DLP) + product. For that functionality, consider Netwrix Endpoint Protector. See the Content Aware + Protection topics in the Administration section of the Netwrix Endpoint Protector + [documentation](https://helpcenter.netwrix.com/category/endpointprotector) for additional + information. +- Endpoint Policy Manager Device Manager isn't trying to protect against non-data devices like + "RubberDucky" devices or similar devices which act as keyboards to perform malicious actions. For + that functionality, consider Netwrix Endpoint Protector. See the Content Aware Protection topics + in the Administration section of the Netwrix Endpoint Protector + [documentation](https://helpcenter.netwrix.com/category/endpointprotector) for additional + information. + +To get started on device policies, create a link a GPO and link it to where your computers are. The +examples use East Sales Desktops. + +You may also use Endpoint Policy Manager Cloud to create these policies, or export your GPOs created +in this example for use with an MDM service like Intune. diff --git a/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/rules.md b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/rules.md new file mode 100644 index 0000000000..9591551ac2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/rules.md @@ -0,0 +1,186 @@ +--- +title: "Admin Approval, Branding, Customization and Automatically Createing Rules" +description: "Admin Approval, Branding, Customization and Automatically Createing Rules" +sidebar_position: 40 +--- + +# Admin Approval, Branding, Customization and Automatically Createing Rules + +Admin Approval enables you to anticipate devices without rules and enable users to use your service +desk to help authorize sanctioned devices - temporarily or permanently. + +See the +[Device Manager Admin Approval and Automatic Rules Creation](/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/dmapprovalautorules.md) +topic for additional information on Admin Approval & Branding and Customization. + +This document refers to the person doing the approval as an Approver. This can be someone on your +help desk, security team or yourself. + +There are three parts to Admin Approval: + +- The Endpoint Policy Manager Device Manager policies, which establish Admin Approval and its secret + key +- Securing the secret key (if using Group Policy method) +- The Endpoint Policy Manager Device Privilege Manager Admin Approval Tool + +Start out by creating an Admin Approval policy, as shown below. + +**NOTE:** You can only have one Admin Approval entry per collection and only one will ultimately +apply. + +![aa15](/img/product_docs/endpointpolicymanager/device/devicemanager/aa15.webp) + +Admin Approval has four tabs: + +- General + + - Admin Approval State — **Enable** or **Disable** Admin approval + - Secure Desktop — Endpoint Policy Manager Admin Approval Dialog will present itself by default + on the Windows Secure Desktop. You can change this behavior here. + - Warning message — When a device is schedule to be used for a period of time, this amount of + minutes is when the pop-up notification occurs to the end-user + +- Secret Key + + - Key — Here is where you can create a secret key by choosing either **Derive from Password** or + **Generate Random**. Then, click **Copy**, and, for now, paste the secret key into Notepad. + +- Email + + - Use of Email — **Enabled** or **Disabled**. When Enabled you can provide an email address. + When Disabled you will only get short over the phone codes. + - Send To — The email address you want the long request codes sent to + - Always use email (only) — Turns off the short code method + - Open the message in Notepad Instead — When using the Email method, instead of launching your + desktop's mail app, like Outlook, instead open the request in Notepad. Users can then paste it + into the mail program (Gmail.com) or application of their choice. + +- Misc + + - Custom Message — Optional message to customers about what to do, who to call, what is + permitted etc, to override the default Endpoint Policy Manager Device Manager behavior. + +![aa14](/img/product_docs/endpointpolicymanager/device/devicemanager/aa14.webp) + +## Brand Dialog Using Global Settings (Optional) + +You can brand your dialogs to your corporate standards. This is done in the Global Settings policy +type you saw earlier. + +Below you can see some example of what you may configure. You can even run a pre-test to see what +the user will see before implementation. + +![aa4](/img/product_docs/endpointpolicymanager/device/devicemanager/aa4.webp) + +## Test Admin Approval + +When unknown devices are encountered, the following dialog will appear. Users can use your details +to call the service desk and/or send email requests. + +Requests are then fielded by the Device Manager Admin Approval tool. + +![aa3](/img/product_docs/endpointpolicymanager/device/devicemanager/aa3.webp) + +## Device Manager Admin Approval Tool + +The Device Manager Admin Approval Tool is then used to field requests. This application is +pre-installed whenever the Endpoint Policy Manager Admin Console MSI is installed. Its also +available as a standalone portable application and found in the Endpoint Policy Manager Extras +folder in the download. + +![aa5](/img/product_docs/endpointpolicymanager/device/devicemanager/aa5.webp) + +The first time set up for an Approver requires that the Secret Key found in the policy is placed +into the tool. The Approver also has his own password to sign into the app to open it up. + +![aa6](/img/product_docs/endpointpolicymanager/device/devicemanager/aa6.webp) + +## Admin Approval Tool in Simple Mode + +The Approver can field Simple (over the phone) requests or Email requests. In this example, a +Request code is provided over the phone to an Approver. + +An Approver can set: + +- Permissions — Full access, Read, Read & Write, Read & Execute +- Timeframe — After this amount of time, device must be re-authorized. Permanent, 15 minutes, 1 + hour, 2 hours, 4 hours, 8 hours. +- Uses — Once, 5 times, 10 times, Unlimited +- Expires — Amount of time the Response code is valid for Never (Default), 10 minutes, 1 hour, 12 + hours + +![aa7](/img/product_docs/endpointpolicymanager/device/devicemanager/aa7.webp) + +The Response code will change based upon the Approver inputs. + +**NOTE:** Anytime TimeFrame is set to **Permanent**, it overrides all Uses limits and generates a +warning. For example: Uses set to **Once** and TimeFrame set to **Permanent**. + +![aa8](/img/product_docs/endpointpolicymanager/device/devicemanager/aa8.webp) + +In this combination, Timeframe overrides Uses, meaning that whatever access you give the device is +actually Permanent and not Once. + +To get out of this problem if you get into it, you have two choices: + +- Update the policy by disabling the Global Policy or turning off Device Manager. +- Or on a single machine you may erase the value for the device you granted Permanent access to. See + the + [What are the registry settings for Device Manager (and how do I reset Device Manager Admin Approval)?](/docs/endpointpolicymanager/knowledgebase/devicemanager/knowledgebase/registry.md) + topic for additional information. + +## Admin Approval Using Email Method + +You can use Admin Approval requests to go through your service desk as email requests. See the +[Endpoint Policy Device Manager and End-User Emails to Support](/docs/endpointpolicymanager/knowledgebase/devicemanager/videolearningcenter/gettingstarted/enduser.md) topic +for additional information. + +The email method will attempt to use your registered mail application. Your email app must be +registered with the .EML extension for this to work as expected. + +## ![aa9](/img/product_docs/endpointpolicymanager/device/devicemanager/aa9.webp) + +The Approver would then field this request, generate a Response code and send it back via email or +copy paste. + +The Email method has details about what the device actually is, versus the Simple method which +cannot provide those details. + +![aa10](/img/product_docs/endpointpolicymanager/device/devicemanager/aa10.webp) + +## Admin Approval Create Rule Button + +The Create Rule button allows you to launch a Wizard which will help generate a rule you can then +use permanently and deliver using Group Policy, MDM or Endpoint Policy Manager Cloud. + +Because the Device Details are now known via the Email method, you can create a permanent rule +similar to the Wizard we saw earlier. + +![aa11](/img/product_docs/endpointpolicymanager/device/devicemanager/aa11.webp) + +In the Wizard you can use the default settings or change the Members and Permissions. + +Finally, save your XML and import it into the MMC editor as a policy or use with Endpoint Policy +Manager Exporter or Endpoint Policy Manager Cloud. + +![aa12](/img/product_docs/endpointpolicymanager/device/devicemanager/aa12.webp) + +## Making a rule directly from an Email Request Code + +If you'd like you can take a Email request code and immediately generate a rule inside the MMC +console. + +Copy the code and then select **New Policy from Audit Event or Admin Approval Code**. + +Paste in the Request code and follow the Wizard to generate the rule which you need. + +![aa13](/img/product_docs/endpointpolicymanager/device/devicemanager/aa13.webp) + +## Make a Rule Directly from an Event on the Endpoint + +You can take Event IDs generated from Endpoint Policy Manager Device Manager, such as this and use +it as the basis to start a rule. + +![event1](/img/product_docs/endpointpolicymanager/device/devicemanager/event1.webp) + +# ![event2](/img/product_docs/endpointpolicymanager/device/devicemanager/event2.webp) diff --git a/docs/endpointpolicymanager/device/devicemanager/troubleshooting.md b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/troubleshooting.md similarity index 87% rename from docs/endpointpolicymanager/device/devicemanager/troubleshooting.md rename to docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/troubleshooting.md index db14df774f..933280849a 100644 --- a/docs/endpointpolicymanager/device/devicemanager/troubleshooting.md +++ b/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/troubleshooting.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 50 +--- + # Troubleshooting Logging occurs on the endpoint. Use the Event Log first to look for events. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/_category_.json new file mode 100644 index 0000000000..df1b0d7c76 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "GPO Compliance Pak", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/_category_.json new file mode 100644 index 0000000000..034966047e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Group Policy Compliance Reporter", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/_category_.json new file mode 100644 index 0000000000..e00dfabfec --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Concepts and Quick Start", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "concepts" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/concepts.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/concepts.md new file mode 100644 index 0000000000..b86ce0c943 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/concepts.md @@ -0,0 +1,10 @@ +--- +title: "Concepts and Quick Start" +description: "Concepts and Quick Start" +sidebar_position: 10 +--- + +# Concepts and Quick Start + +In the sections below, we'll discuss some important GPCR concepts and then jump into the Quickstart +guide. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/grouppolicyresults.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/grouppolicyresults.md similarity index 93% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/grouppolicyresults.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/grouppolicyresults.md index 7a766c8cdc..046e2459a3 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/grouppolicyresults.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/grouppolicyresults.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Group Policy Results Report" +description: "Microsoft Group Policy Results Report" +sidebar_position: 10 +--- + # Microsoft Group Policy Results Report Netwrix Endpoint Policy Manager (formerly PolicyPak) GPCR gets information about if a Group Policy diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/overview.md new file mode 100644 index 0000000000..0025eea73d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/overview.md @@ -0,0 +1,34 @@ +--- +title: "Pull and Push Modes" +description: "Pull and Push Modes" +sidebar_position: 20 +--- + +# Pull and Push Modes + +Figure 3 below demonstrates how the pull and push modes work in GPCR. The details of each mode are +discussed in the following sections. + +![gpcr_concepts_and_quickstart_2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/gpcr_concepts_and_quickstart_2.webp) + +Figure 3. Endpoint Policy Manager GPCR working in pull mode (gray arrows) and in push mode (black +arrows). + +## Pull Mode + +In pull mode with Endpoint Policy Manager GPCR, each administrator acts as an island. Administrators +query each endpoint (target) computer and pull their data. The endpoint must be on and available to +accept requests. For instance, the endpoint's firewall must be off and the required ports must +accept requests. + +## Push Mode + +Push mode in Endpoint Policy Manager GPCR uses the Endpoint Policy Manager GPCR server. +Administrators can still request (pull) data directly from endpoints, like in pull mode, but they +can also take advantage of the server with clientless auditing, through which endpoints deliver +their data directly to a central server. This enables all endpoints the ability to push their data +up whenever Group Policy applies or changes on an endpoint. In this way, endpoints are not required +to be on at the time administrators want to query their status. As soon as Group Policy applies, +data is automatically delivered to the shared database on the designated Endpoint Policy Manager +GPCR server. Additionally, since all data is centrally stored in a server, administrators can share +all tests or results. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/_category_.json new file mode 100644 index 0000000000..ca9ba6358b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Ready", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/client.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/client.md new file mode 100644 index 0000000000..b3b9b0daf2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/client.md @@ -0,0 +1,37 @@ +--- +title: "Client (Admin Console) Installation" +description: "Client (Admin Console) Installation" +sidebar_position: 30 +--- + +# Client (Admin Console) Installation + +Installation of the Endpoint Policy Manager GPCR client (admin console) should occur on each Group +Policy administrator's machine. There are no usage or licensing restrictions on the number of +installations of the Endpoint Policy Manager GPCR client (admin console) or on the number of +administrators using it. The Endpoint Policy Manager GPCR client (admin console) itself is not +licensed, but the endpoints you want to report on are. Installation of the GPCR client (admin +console) may be on any Windows 10 machine, 2012 Server machine or higher. It must have .NETFramework +3.5, and the Microsoft GPMC must be installed on the machine where you run the Endpoint Policy +Manager GPCR. + +To get started, run the Endpoint Policy Manager GPCR client (admin console) installation MSI and go +through the wizard, as shown in Figure 5. + +![gpcr_concepts_and_quickstart_6](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_6.webp) + +Figure 5. Using the wizard to install the Endpoint Policy Manager GPCR admin console. + +Beginning with version 21.1.2693.656, you cannot connect to an older version of the server. To +progress to the next step in the wizard you must accept this condition, as shown in Figure 6. + +![gpcr_concepts_and_quickstart_7](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_7.webp) + +Figure 6. The confirmation window. + +When you do this, the Endpoint Policy Manager GPCR client will appear on the Windows 10 or Windows +Server Start menu, as shown in Figure 7. + +![gpcr_concepts_and_quickstart_8](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_8.webp) + +Figure 7. Endpoint Policy Manager GPCR in the Start menu. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/configurationwizard.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/configurationwizard.md similarity index 94% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/configurationwizard.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/configurationwizard.md index f7f54d5756..db02d4952e 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/configurationwizard.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/configurationwizard.md @@ -1,3 +1,9 @@ +--- +title: "Configuration Wizard" +description: "Configuration Wizard" +sidebar_position: 40 +--- + # Configuration Wizard The first time you run the Endpoint Policy Manager GPCR client (admin console) you are presented diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/licensing.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/licensing.md new file mode 100644 index 0000000000..ef32cc0d9a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/licensing.md @@ -0,0 +1,105 @@ +--- +title: "Licensing Information" +description: "Licensing Information" +sidebar_position: 20 +--- + +# Licensing Information + +Neither the Endpoint Policy Manager GPCR server nor the client (admin console) require a license; +but the endpoint does. + +**NOTE:** Watch this video to see how to request a license: +[How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md). + +**NOTE:** To install the license file received from Endpoint Policy Manager, see the following +video: +[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md). + +Note that since the Endpoint Policy Manager client (admin console) does not need to be licensed, you +may run unlimited numbers of it in any organizational unit (OU). The Endpoint Policy Manager client +does not have to receive license files in order to work properly. + +## Licenses and Reporting + +Table 1 provides more detail as to what is reported through Endpoint Policy Manager GPCR. + +Table 1: GPCR reporting. + +| If the target (endpoint) computer has… | Endpoint Policy Manager GPCR will… | +| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| No license | Return nothing in the RSOP report | +| The word "computer" in the name | Report everything: all Endpoint Policy Manager settings, Microsoft Admin Templates settings, Microsoft Group Policy Preferences settings, and Microsoft Security settings A computer acts as if it had a Endpoint Policy Manager GPCR license. | +| A Endpoint Policy Manager GPCR endpoint license | Report everything: all Endpoint Policy Manager settings, Microsoft Admin Templates settings, Microsoft Group Policy Preferences settings, and Microsoft Security settings The client machine will be fully licensed. | + +In order to get Microsoft data (policies, security, and preferences), license all endpoints for +Endpoint Policy Manager GPCR reporting. You may also license Endpoint Policy Manager GPCR endpoints +if you are not licensed for other Endpoint Policy Manager products. You are not required to purchase +other AppSets or policies if you only want to engage in Group Policy reporting via the Endpoint +Policy Manager GPCR. To get licensed, run the licensing tool (LT) to generate a license request key +(LRK), then send it to Endpoint Policy Manager Sales. + +## Supported Group Policy Settings for Reporting + +Supported and unsupported Group Policy settings within a GPO or test are shown in Table 2. + +Table 2: Group Policy supported and unsupported settings. + +| Data type | User Policies | Computer Policies | +| ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Endpoint Policy Manager settings (all) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Group Policy Admin Templates (all ADM(X) templates and settings) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Group Policy Security Settings | | | +| Windows | Security | | | +| Account Policies | Password Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Account Policies | Account Lockout Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Account Policies | Kerberos Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Local Policies | Audit Policy | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Local Policies | User Rights Assignment | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Local Policies | Security Options | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Event log | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Windows Settings | | | +| Name resolution policy | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Scripts | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Policy-based QoS | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Public key policies | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | +| Software restriction policies | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | +| Restricted groups | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| System services | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Registry | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| File | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Wired network (IEEE 802.3) policies | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Windows firewall with advanced security | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Network list manager policies | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Wireless network (IEEE 802.11) policies | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Network access protection | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Application control policies (Applocker) | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| IP security policies on Active Directory | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Advanced audit policy configuration | n/a | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Group Policy Preferences (all are supported except those listed below) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Group Policy Preference data sources | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Scheduled tasks (immediate XP, scheduled XP) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Power options and scheme (for Windows XP) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| ODBC data source | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Folder options | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp)\* | +| Start menu (for XP) | n/a | ![gpcr_concepts_and_quickstart_4_17x17](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_4_17x17.webp) | +| Internet Explorer (5, 6, and 7) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Registry collection (special registry item type) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Folder redirection | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | +| Internet Explorer maintenance | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | n/a | +| Group Policy software install | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | +| Any third-party Group Policy Extension not from Endpoint Policy Manager | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | ![gpcr_concepts_and_quickstart_5_15x15](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/gpcr_concepts_and_quickstart_5_15x15.webp) | + +\*File type actions are not in the RSOP and thus show as "missing" in PPGPCR. + +**NOTE:** Endpoint Policy Manager GPCR is licensed per computer; if a particular endpoint is not +licensed, it will not return data. + +**NOTE:** It may look like there are more unsupported settings than supported settings. However, the +settings that are supported cover the top 90% of tasks that administrators typically do with Group +Policy and the unsupported settings cover the bottom 10%. We will be expanding coverage as needed in +the future. + +Endpoint Policy Manager Sales can send you a working Endpoint Policy Manager GPCR key. To install +the key, follow these instructions: +[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md). diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/overview.md new file mode 100644 index 0000000000..393ff6066d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/overview.md @@ -0,0 +1,12 @@ +--- +title: "Getting Ready" +description: "Getting Ready" +sidebar_position: 30 +--- + +# Getting Ready + +In this initial Quickstart, we will be using the Endpoint Policy Manager GPCR client (admin console) +in pull mode only. For information about how use the Endpoint Policy Manager GPCR server in push +mode (which enables administrators to store and share data plus perform clientless auditing), see +the section called "GPCR Server with Push Mode." diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/trialmode.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/trialmode.md similarity index 94% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/trialmode.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/trialmode.md index 209e1b0e75..3edda676a7 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/prepare/trialmode.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/prepare/trialmode.md @@ -1,3 +1,9 @@ +--- +title: "Enabling Trial Mode" +description: "Enabling Trial Mode" +sidebar_position: 10 +--- + # Enabling Trial Mode Enabling trial mode is optional. When you do this, Endpoint Policy Manager GPCR will act as if fully diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/_category_.json new file mode 100644 index 0000000000..9aaa39d55d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Standalone (Pull) Mode Quick Start", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/history.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/history.md new file mode 100644 index 0000000000..361c66f9d0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/history.md @@ -0,0 +1,16 @@ +--- +title: "History" +description: "History" +sidebar_position: 40 +--- + +# History + +The "History" button allows you to re-visit to a scenario you tested before. After you click on the +button, click "OK." The tests (in the defined order) and snapshot you used will be populated back +into the Results pane, as shown in Figure 32. This can be handy when you want to repeat a test and +don't want to have to populate the tests or the snapshot again. + +![gpcr_concepts_and_quickstart_33](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/gpcr_concepts_and_quickstart_33.webp) + +Figure 32. The "History" button populates the Results pane with a test scenario you used before. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/overview.md new file mode 100644 index 0000000000..778538142f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/overview.md @@ -0,0 +1,23 @@ +--- +title: "Standalone (Pull) Mode Quick Start" +description: "Standalone (Pull) Mode Quick Start" +sidebar_position: 40 +--- + +# Standalone (Pull) Mode Quick Start + +**NOTE:** For an overview of Endpoint Policy Manager GPCR in pull mode, watch this video +[Using Pull Mode (with or without PPGPCR server)](/docs/endpointpolicymanager/video/gpocompilancereporter/modepull.md). + +Endpoint Policy Manager GPCR has three panes in which you can perform work: + +- Snapshots: This is where you create sets of computers you want to query. +- Tests: This is where you define tests that you want to validate. +- Results: This is where you select a specific snapshot and a test and get results (see Figure 11) + +![gpcr_concepts_and_quickstart_12](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/gpcr_concepts_and_quickstart_12.webp) + +Figure 11. The Results pane of the GPCR client (admin console). + +Endpoint Policy Manager GPCR starts on the Snapshots pane. We'll start on this pane and move through +each of the panes in the sections below. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/results.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/results.md similarity index 98% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/results.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/results.md index b05742c737..4a790ff1f4 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/results.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/results.md @@ -1,3 +1,9 @@ +--- +title: "Results Pane" +description: "Results Pane" +sidebar_position: 30 +--- + # Results Pane The Results pane can be a little daunting initially but becomes easier after you have the diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/snapshots.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/snapshots.md similarity index 98% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/snapshots.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/snapshots.md index 336e50769a..c976548e23 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/snapshots.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/snapshots.md @@ -1,3 +1,9 @@ +--- +title: "Snapshots Pane" +description: "Snapshots Pane" +sidebar_position: 10 +--- + # Snapshots Pane When you click on the Snapshots pane, the other two panes move to the right side of the screen. In diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/tests.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/tests.md similarity index 98% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/tests.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/tests.md index 2473228711..88063f8bb1 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/pull/tests.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/pull/tests.md @@ -1,3 +1,9 @@ +--- +title: "Tests Pane" +description: "Tests Pane" +sidebar_position: 20 +--- + # Tests Pane The Test pane lets you create tests. Tests are like GPOs; in fact, they're based on GPOs, and as diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/testsrctorder.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/testsrctorder.md similarity index 93% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/testsrctorder.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/testsrctorder.md index 74cde07a00..71c22a36c8 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/testsrctorder.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/testsrctorder.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Ordering of Tests and the RCT" +description: "Understanding Ordering of Tests and the RCT" +sidebar_position: 50 +--- + # Understanding Ordering of Tests and the RCT One of the strengths of the Endpoint Policy Manager GPCR is that you can have multiple tests diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/_category_.json new file mode 100644 index 0000000000..fc202db52f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Tuning and Troubleshooting", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/admxregistry.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/admxregistry.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/admxregistry.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/admxregistry.md index 92b0aa0bc8..584c19c5bb 100644 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/admxregistry.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/admxregistry.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting with ADMX or Registry Entries" +description: "Troubleshooting with ADMX or Registry Entries" +sidebar_position: 70 +--- + # Troubleshooting with ADMX or Registry Entries Endpoint Policy Manager GPCR has the ability to provide extended logging if something unexpected @@ -5,7 +11,7 @@ happens. There are two ways to turn on extended logging: downloadable REG files would use the downloadable REG files when you want to enable extended logging on just one machine, and you would use the ADMX/ADML files to enable extended logging on multiple machines. The downloadable REG files are found on our website at: PolicyPak GP Compliance Reporter > -[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md). The ADMX files are +[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md). The ADMX files are in the download of Endpoint Policy Manager GPCR, as shown in Figure 77. ![tuning_and_troubleshooting_18](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_18.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/auditing.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/auditing.md similarity index 95% rename from docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/auditing.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/auditing.md index 3b15d8003c..2d09ba0bab 100644 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/auditing.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/auditing.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting Auditing Problems" +description: "Troubleshooting Auditing Problems" +sidebar_position: 40 +--- + # Troubleshooting Auditing Problems In the sections that follow, we'll cover two common auditing problems. diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/clientendpoint.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/clientendpoint.md similarity index 97% rename from docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/clientendpoint.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/clientendpoint.md index 178a478fa1..e987f06e93 100644 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/clientendpoint.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/clientendpoint.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting Client and Endpoint Problems" +description: "Troubleshooting Client and Endpoint Problems" +sidebar_position: 20 +--- + # Troubleshooting Client and Endpoint Problems In the sections below, we'll discuss some common problems and errors associated with the client and diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/eventlogs.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/eventlogs.md new file mode 100644 index 0000000000..ae2f0ce49f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/eventlogs.md @@ -0,0 +1,18 @@ +--- +title: "Event Logs" +description: "Event Logs" +sidebar_position: 60 +--- + +# Event Logs + +The Endpoint Policy Manager GPCR client (admin console) logs warnings and errors to the Windows +Event Viewer in the application log. Because a lot of data could be in the log, use the filters +shown in Figure 76 to make a custom view showing only Endpoint Policy Manager GPCR events in the +application log. + +![tuning_and_troubleshooting_17](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_17.webp) + +Figure 76. Creating a custom view for Endpoint Policy Manager GPCR events. + +If asked by Endpoint Policy Manager Support, be prepared to export these events for analysis. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/overview.md new file mode 100644 index 0000000000..32225e386a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/overview.md @@ -0,0 +1,11 @@ +--- +title: "Tuning and Troubleshooting" +description: "Tuning and Troubleshooting" +sidebar_position: 30 +--- + +# Tuning and Troubleshooting + +This section details tuning Netwrix Endpoint Policy Manager (formerly PolicyPak) GPCR endpoints if +the defaults need to be changed. We will also discuss several common problems, solutions, and +troubleshooting steps with Endpoint Policy Manager GPCR. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/scheduledtasks.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/scheduledtasks.md new file mode 100644 index 0000000000..9e6e6356de --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/scheduledtasks.md @@ -0,0 +1,31 @@ +--- +title: "Troubleshooting Scheduled Tasks" +description: "Troubleshooting Scheduled Tasks" +sidebar_position: 50 +--- + +# Troubleshooting Scheduled Tasks + +You can see the scheduled task on the endpoint, as shown in Figure 73. + +![tuning_and_troubleshooting_14](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_14.webp) + +Figure 73. The endpoint scheduled task. + +The ideal status is "Ready." When Group Policy triggers, it should change to "Queued," then to +"Running," and then back to "Ready." However, sometimes the scheduled task can get stuck at +"Queued," as shown in Figure 74. + +![tuning_and_troubleshooting_15](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_15.webp) + +Figure 74. The scheduled task stuck in a queued state. + +Sometimes endpoints require a reboot in order for data to start to flow to the Endpoint Policy +Manager GPCR server. This is normal when the task is first installed via a Group Policy Preference +scheduled task. If the task fires correctly, verify the action is set correctly so that +PPGPCR.Auditor.exe will be started from the proper location and the information will be delivered to +the target server (in this case DC), as shown in Figure 75. + +![tuning_and_troubleshooting_16](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_16.webp) + +Figure 75. Verifying the action is set correctly. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/server.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/server.md new file mode 100644 index 0000000000..e14ed951e1 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/server.md @@ -0,0 +1,25 @@ +--- +title: "Troubleshooting Server Problems" +description: "Troubleshooting Server Problems" +sidebar_position: 30 +--- + +# Troubleshooting Server Problems + +The most likely reason for server problems is that the service has not started. The service must be +running and started on a server, as shown in Figure 68. + +![tuning_and_troubleshooting_9](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_9.webp) + +Figure 68. Verification that the GPCR server service is running. + +Another possible reason why all connections are rejected is that the firewall is not allowing +incoming requests. Verify the following entry is in place, since it should automatically be created +when the Endpoint Policy Manager GPCR server component and service are installed (see Figure 69). + +![tuning_and_troubleshooting_10](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_10.webp) + +Figure 69. Ensuring the firewall is properly configured. + +If this does not solve the problem, temporarily disable the server's firewall to determine whether +requests start to come in. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/_category_.json new file mode 100644 index 0000000000..b0372c5f74 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Tuning Group Policy Compliance Reporter", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/admx.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/admx.md new file mode 100644 index 0000000000..a50856deb9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/admx.md @@ -0,0 +1,155 @@ +--- +title: "Using ADMX Files to Tune the Auditor" +description: "Using ADMX Files to Tune the Auditor" +sidebar_position: 10 +--- + +# Using ADMX Files to Tune the Auditor + +Inside the Endpoint Policy Manager GPCR download is the PPGPCR Diagnostics ADMX.ZIP. When unpacked +from the ZIP file, you can use the ADMX files to manage and tune Endpoint Policy Manager GPCR or for +troubleshooting if necessary. To use the ADMX files, do the following: + +- If you have a Group Policy Central store, copy the PolicyDefinitions folder into + + ``` + \\\sysvol\\Policies + ``` + +- If you do not have a Group Policy Central store, copy the PolicyDefinitions folder to + + ``` + c:\PolicyDefinitions + ``` + +You can see what copying those files to a Group Policy Central store looks like in Figure 58. + +![tuning_and_troubleshooting_624x274](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/tuning_and_troubleshooting_624x274.webp) + +Figure 58. Copying the ADMX files to the PolicyDefinitions folder. + +Now when you edit Group Policy Objects (GPOs), you will see Endpoint Policy Manager GPCR policy +settings under `Computer Configuration\Policies\Administrative Templates\PolicyPak`. The settings to +tune `PPGPCR.Auditor.exe` on endpoints can be seen in the Auditor Endpoints folder, as shown in +Figure 59. + +![tuning_and_troubleshooting_1_624x272](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/tuning_and_troubleshooting_1_624x272.webp) + +Figure 59. The policy settings for endpoints. + +The settings and their functions are each presented in the sections that follow. Note that they are +not presented in the same order as found in the figure above. + +## Maximum Check-Ins Per Day + +The "Maximum check-ins per day" setting allows you to limit how many times per day +`PPGPCR.Auditor.exe` will run on an endpoint automatically. The default maximum is 20 audits in a +calendar day (not 24 hours from when the computer is started). + +**NOTE:** If you were to run `PPGPCR.Auditor.exe` with the /force switch to manually start the +auditing process, it would not count toward this maximum number. The` PPGPCR.Auditor.exe` can only +run with the /force switch when run as SYSTEM (not as an admin). + +## Time Period Allowed to Run + +The "Time period allowed to run" setting allows you to limit the hours that the auditor will run. +This can be useful during times when it is not needed, such as outside of normal business hours. It +can also be used if you only want the auditor to run outside of business hours to save bandwidth. +The following options are available for the setting: + +- Default/Not Configured: Runs at all hours +- Enabled: Runs from 10 AM to 4 PM according to the time zone of the endpoint and is changeable +- Disabled: Runs at all hours + +## Run Auditor on Logon + +The "Run Auditor on logon" setting controls whether the auditor can run on user login and consume +bandwidth during that startup and login process. When allowed, this can cause massive network flow +at the start of working hours and can also slow the user's login time. Our recommended approach is +to keep the default setting, which will only send Endpoint Policy Manager GPCR auditor data in the +background (after the login process). The following options are available for the setting: + +- Default/Not Configured: Does not run at login +- Enabled: Runs at login +- Disabled: Does not run at login + +When enabled, the auditor will also trigger and send data when the following GP events occur: + +- 8000 Successful computer end event +- 8001 Successful user end event + +## Prevent Auditor from Running + +To save bandwidth it is recommended to only run the auditor during background events. This is the +Default/Not Configured recommendation. You can also prevent the auditor from running during +background events by changing the "Prevent Auditor from running upon Group Policy background events" +setting to "Disabled." If this policy is set to "Disabled," then you will likely need to enable +"PPGPCR Auditor Endpoints: Run Auditor on logon" or you will have no data from the auditor (unless +manually run with the `/force` command). The following options are available for the setting: + +- Not Configured/Enabled: Runs during background events +- Disabled: Does not run during background events + +When disabled, the auditor will no longer trigger for the following event IDs for background events: + +- 8006 Successful computer periodic refresh event +- 8007 Successful user periodic refresh event + +## Run Auditor Upon Network Change + +The setting "Run Auditor upon network change" controls whether the auditor runs on a network change. +This might be useful when computers are offline for a period of time, and then re-connect over +wireless or a VPN connection. We recommend you leave this off by default, and acquire auditing data +in the background, which will occur during the next background refresh cycle of Group Policy. The +following options are available for the setting: + +- Not Configured/Default: Does not run on a network change +- Enabled: Runs on a network change +- Disabled: Does not run on a network change + +If enabled, the auditor will trigger for the following event IDs: + +- 8002 Successful computer network change event +- 8003 Successful user network change event + +## Run Auditor Upon Manual GPUpdate + +The setting "Run Auditor upon manual gpupdate" controls whether the auditor runs when a user +manually runs GPUpdate. This is enabled by default because, typically, end-users do not run +GPUpdate; it is usually run by admins. Therefore, the default is that an Admin would run GPUpdate, +which would automatically run the Endpoint Policy Manager GPCR auditor and deliver latest data to +the server. The following options are available for the setting: + +- Default: Auditor will trigger when GPUpdate is run manually +- Enabled: Same as Default / auditor will run upon manual GPUpdate +- Disabled: Does not trigger the auditor when GPUpdate is run manually + +When disabled, the following event IDs are ignored: + +- 8004 Successful computer manual refresh event +- 8005 Successful user manual refresh event + +## Run Auditor Immediately + +The setting "Run Auditor immediately when Scheduled Task configuring Auditor is applied" controls +whether or not the auditor will run when a scheduled task it applied. We recommend using the default +setting as running the auditor immediately can create massive network flow just after configuring +auditor. The following options are available for the setting: + +- Default: Does not immediately run when the scheduled task is applied +- Enabled/Not Configured: Does not run immediately after the scheduled task is applied +- Disabled: Runs immediately on any machine after the scheduled task configuring the auditor is + applied + +The behavior of the auditor is not affected at the occurrence of any event IDs. + +## Only Run Group Policy Compliance Reporter Auditor on Computer Side + +The setting "Only run PPGPCR Auditor on computer side, but only when a user is actually logged in" +controls whether the auditor runs when no user is logged in to a PC. You might want to set this +setting to "Enabled" to only capture auditing data when someone is actually logged in to save +bandwidth. The following options are available for the setting: + +- Default/Not configured: Runs on the computer side regardless of whether a user is logged in or not +- Enabled: Only runs on the computer side when a user is logged in +- Disabled: Runs on the computer side regardless of whether a user is logged in or not diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/overview.md new file mode 100644 index 0000000000..18c6a0f5df --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/grouppolicycomplianc/tuning/overview.md @@ -0,0 +1,105 @@ +--- +title: "Tuning Group Policy Compliance Reporter" +description: "Tuning Group Policy Compliance Reporter" +sidebar_position: 10 +--- + +# Tuning Group Policy Compliance Reporter + +Tuning Endpoint Policy Manager GPCR involves using provided ADMX files to reduce or increase how +often Endpoint Policy Manager GPCR endpoints communicate with the Endpoint Policy Manager GPCPR +server. We discuss using these files, as well as how the auditing process works and what triggers +it, in the sections below. + +## Triggering the Auditor with a Scheduled Task + +Starting with Endpoint Policy Manager GPCR build 1227, endpoints using `PPGPCR.Auditor.exe` will not +push data up to the server every time Group Policy applies. However, a scheduled task will trigger +`PPGPCR.Auditor.exe` to run every time Group Policy is applied. This is shown below in the Group +Policy Preference item that triggers the auditor to run: + +``` +Subscription +``` + +The auditor EXE determines when to run and then sends the data back to the server. + +## Default Auditor Triggers + +The Endpoint Policy Manager GPCR auditor EXE process will only do work and send data back to the +server when a Group Policy background refresh event occurs: + +- 8006 Successful computer periodic refresh event +- 8007 Successful user periodic refresh event + +This ensures that the computer is started and the user is logged in (90–120 minutes after login) and +Group Policy is successful. The auditor EXE also keeps track of how many times per day it runs, with +a maximum of 20. Capping the auditor EXE at 20 runs per day ensures you'll never send an unrealistic +number of audits in a day. You could also configure the `PPGPCR.Auditor.exe` using ADMX files (see +the section called "Troubleshooting with ADMX or Registry Entries) to change or augment these +settings. + +## Auditing Process for Modern Versions of Group Policy Compliance Reporter + +When `PPGPCR.Auditor.exe` runs, the first thing it does is gather the RSOP via WMI and send them to +the Endpoint Policy Manager GPCR server for storage and processing. + +- Running` PPGPCR.Auditor.exe` over the network requires about 1.4 MB of extra data to be sent. This + occurs only at the background refresh cycle (but is changeable using ADMX settings). +- Taking an XML RSOP from WMI happens locally and takes no bandwidth. +- Sending the RSOP data to the server takes virtually no bandwidth. Once the RSOP is determined + (about 600 KB), it is zipped down to about 68 KB. +- If the RSOP is the same as the last time, then no zipped files are sent from the client to the + server, but a 1 KB heartbeat is still sent to update the server. + +Note that it's possible to copy `PPGPCR.Auditor.exe` locally and run it there instead of running it +from a share on the server. This saves running 1.4 MB over the network every time any Group Policy +event is triggered. Values may change slightly from run to run. + +## Auditing Process for Older Versions of Group Policy Compliance Reporter + +With older versions of the PPGPCR, the first thing that `PPGPCR.Auditor.exe` does is run the +in-system function GPRESULT /X to generate RSOPs and send them to the Endpoint Policy Manager GPCR +server for storage and processing. When this happens, about 10 MB of data is sent over the network. +This is the very nature of `GPRESULT /X`. You can do a rough calculation of how long Endpoint Policy +Manager GPCR might take to push data from the endpoints up to the server based on the number of +endpoints and the bandwidth by using this calculator: +[http://ibeast.com/tools/band-calc.asp](http://ibeast.com/tools/band-calc.asp). + +For example, if you had nine computers over a very slow 1.5 MB link to the closest DC, you could +estimate that the upload would take 8 minutes and 8 seconds if they all ran the auditor at the exact +same time. Since Group Policy is randomly running across all machines in the background (90–120 +minutes after login), and since PPGPCR.Auditor.exe will only trigger on successful background user +and computer refreshes (now by default) and not at computer startup or user login, the risk of +saturation of a slow link is minimized. + +Here is the breakdown of exactly what is happening when PPGPCR.Auditor.exe is triggered to do work: + +- Running PPGPCR.Auditor.exe over the network requires about 1.4 MB of extra data to be sent. This + occurs only at the background refresh cycle (but is changeable using ADMX settings). +- Taking an XML RSOP from `gpresult.exe /x` causes about 7–10 MB of data to be sent over the network + from the DC to the endpoint. +- Sending the RSOP data to the server takes virtually no bandwidth. Once the RSOP is determined + (about 600 KB), it is zipped down to about 34 KB. +- If the RSOP is the same as the last time, then no zipped files are sent from the client to the + server, but a 1 KB heartbeat is still sent to update the server. + +Note that it's possible to copy` PPGPCR.Auditor.exe` locally and run it there instead of running it +from a share on the server. This saves running 1.4 MB over the network every time any Group Policy +event is triggered. Values may change slightly from run to run, but in summary, after running +GPUpdate, the Endpoint Policy Manager GPCR auditor takes about 10 MB of network bandwidth on the +next auditor run because of the need to generate a new RSOP and compare it to the last one. The +biggest problem is that the Endpoint Policy Manager GPCR auditor relies on GPRESULT /X, which is a +system command and is hardcoded to work the way it does, making it take up the bulk of the +bandwidth. This is why only events that actually trigger the auditor to do real work are successful +user and computer background events, and they are capped at 20 per day. + +Endpoint Policy Manager GPCR has a problem where bandwidth is constrained between the client and the +DCs, but build 1227 has dramatically improved on this problem. In builds beyond 1227, we will +continue working on additional ways to minimize the problem GPresult /x causes over slow links with +future releases. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/overview.md new file mode 100644 index 0000000000..75b7a3a3b6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/overview.md @@ -0,0 +1,27 @@ +--- +title: "Group Policy Compliance Reporter" +description: "Group Policy Compliance Reporter" +sidebar_position: 10 +--- + +# Group Policy Compliance Reporter + +Thank you for trying or purchasing Netwrix Endpoint Policy Manager (formerly PolicyPak) Group Policy +Compliance Reporter (GPCR). Endpoint Policy Manager GPCR reports whether something you wanted +delivered by Group Policy actually was delivered by the Group Policy engine. Endpoint Policy Manager +GPCR is made up of the following components: + +- GPCR client (also known as the admin console): This is the main interface for Endpoint Policy + Manager GPCR. +- GPCR endpoints: These are the machines you wish to get Group Policy data from. +- GPCR server (optional): This enables endpoints to push data to a common collection point and + enables multiple administrators to share results and reuse each other's completed work. + +This document is both our QuickStart Guide and our full User Guide for Endpoint Policy Manager GPCR +and will help you understand the Endpoint Policy Manager GPCR system. For details on our other +products,  see theEndpoint Policy Manager website. After your testing is complete and you're ready +to license Endpoint Policy Manager GPCR, send an email to +[sales@endpointpolicymanager.com](mailto:sales@endpointpolicymanager.com) or call (800) 883-8002. + +**NOTE:** You may also wish to watch our Quickstart videos of Endpoint Policy Manager GPCR if you're +in a hurry: [Concepts and Quick Start](/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/concepts/concepts.md). diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/_category_.json new file mode 100644 index 0000000000..6697e97814 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Server with Push Mode", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/clientlessauditing.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/clientlessauditing.md similarity index 95% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/clientlessauditing.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/clientlessauditing.md index 2a96805b1e..205d986927 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/clientlessauditing.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/clientlessauditing.md @@ -1,3 +1,9 @@ +--- +title: "Using Clientless Auditing" +description: "Using Clientless Auditing" +sidebar_position: 50 +--- + # Using Clientless Auditing When using push mode for clientless auditing, you do not need to create snapshot sets as is required diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/concepts.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/concepts.md new file mode 100644 index 0000000000..29e7c7d83f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/concepts.md @@ -0,0 +1,40 @@ +--- +title: "Push Mode Concepts" +description: "Push Mode Concepts" +sidebar_position: 30 +--- + +# Push Mode Concepts + +Once the designated server is licensed and the Endpoint Policy Manager GPCR client (admin console) +can connect to it, you can choose to set up the clientless auditing feature. Auditing enables all +licensed machines (endpoints) to push their Group Policy results data to a central server +automatically, without anything being installed on them. This gives administrators the ability to +query machines anytime because the last known Group Policy data is always up-to-date and on the +server. See Figure 42 for a diagram of how Endpoint Policy Manager GPCR Server with push mode +receives information from Endpoint Policy Manager GPCR endpoints. + +![gpcr_server_with_push_mode_6](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_6.webp) + +Figure 42. Auditing with GPCR Server in push mode. + +The process for receiving information is as follows: + +**Step 1 –** A GPO delivers a scheduled task to all endpoint machines. + +**Step 2 –** When Group Policy runs (triggers) on the endpoint, the endpoint runs the auditor EXE +(PPGPCR.Auditor.exe) which lives on a file share. + +**NOTE:** This can be any server at all and not necessarily the same server running the Endpoint +Policy Manager GPCR server. + +**Step 3 –** Data (the RSOP report) is generated on the client and processed for delivery. + +**Step 4 –** About one minute later, data is pushed from the Endpoint Policy Manager GPCR endpoint +to the designated server. + +Data is then stored in the database, where Endpoint Policy Manager GPCR clients (admin consoles) can +see, in real time, the latest settings from across the network. + +**NOTE:** The server will only accept data from computers which are specifically enabled to do so +via an Active Directory group. This will be discussed in more detail in the next section. diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/install.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/install.md new file mode 100644 index 0000000000..cac74079d1 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/install.md @@ -0,0 +1,51 @@ +--- +title: "Installation and Uninstallation" +description: "Installation and Uninstallation" +sidebar_position: 10 +--- + +# Installation and Uninstallation + +We recommend that installation of the GPCR Server Edition be on a server (Server 2008 R2 or higher). +However, Endpoint Policy Manager GPCR in push mode doesn't need to be installed on a server at all, +and could be installed on any machine (Windows 7 or higher). To start the installation, find the +Endpoint Policy Manager GP Compliance Reporter (Server).msi file, as shown in Figure 36. + +![gpcr_server_with_push_mode](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode.webp) + +Figure 36. GPCR server MSI. + +**Step 1 –** To install Endpoint Policy Manager GP Compliance Reporter, click on the MSI file and +start the wizard (Figure 37). + +![gpcr_server_with_push_mode_1](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_1.webp) + +Figure 37. The Endpoint Policy Manager Group Policy Compliance Reporter Server Setup Wizard. + +**Step 2 –** Next, choose the domain group that will have rights to the Endpoint Policy Manager GPCR +server as shown in Figure 38. + +**NOTE:** To see a video on Compliance Reporter and specific group membership requirements, see the +following link: +[Enhanced Security for Server](/docs/endpointpolicymanager/video/gpocompilancereporter/securityenhanced.md). + +![gpcr_server_with_push_mode_2](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_2.webp) + +Figure 38. Choosing the domain group that will have access to the GPCR server. + +**Step 3 –** Then select which type of database you want to use (see Figure 39). You can choose +Microsoft SQL Server Compact if you only expect a small amount of data for processing and testing. +However, in most cases, Microsoft SQL Server is recommended. + +![gpcr_server_with_push_mode_3](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/gpcr_server_with_push_mode_3.webp) + +Figure 39. Selecting the type of database. + +**Step 4 –** Once the installation process is complete, close the wizard. + +**NOTE:** If you need to uninstall Endpoint Policy Manager GPCR Server, use Add/Remove Programs and +uninstall Endpoint Policy Manager. Then, remove + +`C:\ProgramData\PolicyPak\PolicyPak Group Policy Compliance Reporter Server` and all subfolders. +Additionally, remove the Endpoint Policy Manager Group Policy Compliance Reporter (endpoint) license +from the Group Policy Object (GPO). diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/overview.md new file mode 100644 index 0000000000..9efe27e73d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/overview.md @@ -0,0 +1,31 @@ +--- +title: "Server with Push Mode" +description: "Server with Push Mode" +sidebar_position: 20 +--- + +# Server with Push Mode + +In the following sections, we'll discuss how to set up GPCR Server and use it with push mode. + +**CAUTION:** The Netwrix Endpoint Policy Manager (formerly PolicyPak) GPCR server doesn't lock out +administrators when they are editing the same test. + +## Introduction + +The goal of push mode with Endpoint Policy Manager GPCR is twofold: + +- To use the Endpoint Policy Manager GPCR server as a centralized repository for client endpoint + computers to push their Group Policy (RSOP) data for later analysis. +- To accept incoming requests from multiple Endpoint Policy Manager GPCR clients (admin consoles), + store the data, and ensure that multiple administrators cannot modify the data at the same time. + +**CAUTION:** You must use the Endpoint Policy Manager GPCR server in order for multiple +administrators to share the same data. If you point the Endpoint Policy Manager GPCR client (admin +console) to a file share (using standalone mode), there is no guarantee that the Endpoint Policy +Manager GPCR data will not be corrupted when multiple admins try to access it at the same time. + +## Licensing + +Endpoint Policy Manager GPCR Server does not require any extra licensing to be used. Only computer +endpoints must be licensed for GPCR. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/resultsreports.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/resultsreports.md similarity index 87% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/resultsreports.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/resultsreports.md index a903f072dd..7009c8bff2 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/resultsreports.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/resultsreports.md @@ -1,3 +1,9 @@ +--- +title: "Producing Results Reports with Push Mode" +description: "Producing Results Reports with Push Mode" +sidebar_position: 60 +--- + # Producing Results Reports with Push Mode Since computers are always automatically delivering their latest data to the server with push mode, diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/_category_.json b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/_category_.json new file mode 100644 index 0000000000..95ee264fe2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Setup and Clientless Auditing", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/auditorpath.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/auditorpath.md similarity index 92% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/auditorpath.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/auditorpath.md index 97d7d7b5d2..707bad3c41 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/auditorpath.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/auditorpath.md @@ -1,3 +1,9 @@ +--- +title: "Specify Auditor Path" +description: "Specify Auditor Path" +sidebar_position: 20 +--- + # Specify Auditor Path **Step 1 –** In this step, you need to specify the path to run `PPGPCR.Auditor.exe`. First, you need diff --git a/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/overview.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/overview.md new file mode 100644 index 0000000000..3d565af1e3 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/overview.md @@ -0,0 +1,32 @@ +--- +title: "Setup and Clientless Auditing" +description: "Setup and Clientless Auditing" +sidebar_position: 40 +--- + +# Setup and Clientless Auditing + +**Step 1 –** To set up clientless auditing, click the "Audit Setup..." button, as shown in +Figure 43. + +**NOTE:** For a video overview of this section, see the following link: Setup and Clientless +Auditing. + +![gpcr_server_with_push_mode_7](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/gpcr_server_with_push_mode_7.webp) + +Figure 43. Setting up clientless auditing. + +**Step 2 –** When you click on "Audit Setup...," you are provided two choices: do the complete setup +or change the security group (see Figure 44). Choose the option, "Create and deploy a scheduled task +to run the auditor executable and submit audit data." + +![gpcr_server_with_push_mode_8](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/gpcr_server_with_push_mode_8.webp) + +Figure 44. Two options for setting up clientless auditing. + +**Step 3 –** Then you can perform each step in the Audit Setup Wizard, as shown in Figure 45. These +steps are covered in the following sections. + +![gpcr_server_with_push_mode_9](/img/product_docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/gpcr_server_with_push_mode_9.webp) + +Figure 45. The Audit Setup Wizard. diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/selectauditedcomputers.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/selectauditedcomputers.md similarity index 92% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/selectauditedcomputers.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/selectauditedcomputers.md index b7d942014e..92787110b7 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/selectauditedcomputers.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/selectauditedcomputers.md @@ -1,3 +1,9 @@ +--- +title: "Select Audited Computers" +description: "Select Audited Computers" +sidebar_position: 10 +--- + # Select Audited Computers When a computer runs PPGPCR.Auditor.exe from a server's share, it sends Group Policy results data to diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/specifyserver.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/specifyserver.md similarity index 86% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/specifyserver.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/specifyserver.md index ccbd07bf4e..beec869698 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/specifyserver.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/specifyserver.md @@ -1,3 +1,9 @@ +--- +title: "Specify Server" +description: "Specify Server" +sidebar_position: 30 +--- + # Specify Server In this step, you need to specify where the endpoint's data will be delivered. Note that the server diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/taskdelivery.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/taskdelivery.md similarity index 94% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/taskdelivery.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/taskdelivery.md index edc6b3d2e4..4da254cc35 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/setup/taskdelivery.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/setup/taskdelivery.md @@ -1,3 +1,9 @@ +--- +title: "Set Up Task Delivery" +description: "Set Up Task Delivery" +sidebar_position: 40 +--- + # Set Up Task Delivery **Step 1 –** At this point, you're ready to create the scheduled task. The easiest method is to diff --git a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/switchmode.md b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/switchmode.md similarity index 93% rename from docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/switchmode.md rename to docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/switchmode.md index a192075623..27e1d0ae5c 100644 --- a/docs/endpointpolicymanager/grouppolicycompliancereporter/mode/push/switchmode.md +++ b/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/push/switchmode.md @@ -1,3 +1,9 @@ +--- +title: "switchmode" +description: "switchmode" +sidebar_position: 20 +--- + ## Switching from Standalone Mode to Server Mode within the Client **Step 1 –** When you are ready to start using the server, click the options icon in the upper right diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/_category_.json b/docs/endpointpolicymanager/manuals/gporeductionandtrans/_category_.json new file mode 100644 index 0000000000..947d5ef9e6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "GPO Reduction And Transitions Pak", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/_category_.json b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/_category_.json new file mode 100644 index 0000000000..5c8b87e152 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Administrative Templates Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/adminstrativetemplates/comments.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/comments.md similarity index 82% rename from docs/endpointpolicymanager/adminstrativetemplates/comments.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/comments.md index 5bf5a87497..2cf15f5648 100644 --- a/docs/endpointpolicymanager/adminstrativetemplates/comments.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/comments.md @@ -1,3 +1,9 @@ +--- +title: "Using Comments" +description: "Using Comments" +sidebar_position: 40 +--- + # Using Comments You can add your own note or description to each policy directive. When you decide to do this, you diff --git a/docs/endpointpolicymanager/adminstrativetemplates/existinggpos.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/existinggpos.md similarity index 93% rename from docs/endpointpolicymanager/adminstrativetemplates/existinggpos.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/existinggpos.md index 899102c622..3810f8f234 100644 --- a/docs/endpointpolicymanager/adminstrativetemplates/existinggpos.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/existinggpos.md @@ -1,3 +1,9 @@ +--- +title: "Merging and Reducing Existing GPOs" +description: "Merging and Reducing Existing GPOs" +sidebar_position: 60 +--- + # Merging and Reducing Existing GPOs Netwrix Endpoint Policy Manager (formerly PolicyPak) ships with the Endpoint Policy Manager Group diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/export.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/export.md new file mode 100644 index 0000000000..54bf8b342a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/export.md @@ -0,0 +1,19 @@ +--- +title: "Exporting Policies and Collections" +description: "Exporting Policies and Collections" +sidebar_position: 50 +--- + +# Exporting Policies and Collections + +The [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) topic explains how to +use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager directives and +deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, your own MDM service, or +Endpoint Policy Manager Cloud. To export a policy for later use using Endpoint Policy Manager +Exporter or Endpoint Policy Manager Cloud, right-click the collection or the policy and select +**Export to XML**. This allows you to save an XML file for later use. + +**NOTE:** For a video of Endpoint Policy Manager Admin Templates Manager delivering settings using +Endpoint Policy Manager Exporter and Microsoft Endpoint Manager (SCCM and Intune), see the +[Endpoint Policy Manager Cloud: Deploy Group Policy Admin template settings over the internet](/docs/endpointpolicymanager/video/administrativetemplates/deployinternet.md) +topic for additional information. diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/_category_.json b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/_category_.json new file mode 100644 index 0000000000..3e0cad7f78 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting to Know Administrative Templates Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/collection.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/collection.md similarity index 90% rename from docs/endpointpolicymanager/adminstrativetemplates/gettoknow/collection.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/collection.md index 9325d90af1..a0b3c3d913 100644 --- a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/collection.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/collection.md @@ -1,3 +1,9 @@ +--- +title: "Adding a Collection" +description: "Adding a Collection" +sidebar_position: 20 +--- + # Adding a Collection A Endpoint Policy Manager Admin Templates Manager collection enables you to assemble multiple @@ -33,5 +39,5 @@ There are settings in the collection that affect only the specified users. Next, we'll ensure that only the East Sales Users get these policy settings while using Item-Level Targeting. See the -[Using Item-Level Targeting with Collections and Policies](/docs/endpointpolicymanager/adminstrativetemplates/itemleveltargeting.md) topic for +[Using Item-Level Targeting with Collections and Policies](/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/itemleveltargeting.md) topic for additional information on the next steps. diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/computerside.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/computerside.md new file mode 100644 index 0000000000..f5baec6c5f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/computerside.md @@ -0,0 +1,25 @@ +--- +title: "Adding a Policy on the Computer Side" +description: "Adding a Policy on the Computer Side" +sidebar_position: 30 +--- + +# Adding a Policy on the Computer Side + +When using Endpoint Policy Manager Admin Templates Manager to create a policy on the Computer side, +you can tap into both Computer and User policy settings. + +![about_policypak_admin_templates_6](/img/product_docs/endpointpolicymanager/adminstrativetemplates/gettoknow/about_endpointpolicymanager_admin_templates_6.webp) + +With both computer and user policy settings available in Endpoint Policy Manager Admin Templates +Manager you can deliver user-side settings to any computer that has this GPO. + +**NOTE:** For more information on the Endpoint Policy Manager Admin Templates Manager delivering +user-side settings to computers, see the +[Endpoint Policy Manager Admin Templates Manager: Switched Policies (without Loopback)](/docs/endpointpolicymanager/video/administrativetemplates/switchedpolicies.md) +topic for additional information. + +This feature allows you to avoid the complex process of Group Policy Loopback processing just for +the sake of delivering one (or more) user-side settings to a series of computers. Alternatively, you +may change the Scope Filter and elect to show User Policy only, Computer Policy only, or All Policy +(both user and computer). diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/overview.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/overview.md new file mode 100644 index 0000000000..f80feaf147 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/overview.md @@ -0,0 +1,13 @@ +--- +title: "Getting to Know Administrative Templates Manager" +description: "Getting to Know Administrative Templates Manager" +sidebar_position: 10 +--- + +# Getting to Know Administrative Templates Manager + +The Endpoint Policy Manager Admin Templates Manager editor is found in the Endpoint Policy Manager +node. The Endpoint Policy Manager Admin Templates Manager allows you to create a new policy or +collection. + +![about_policypak_admin_templates_2](/img/product_docs/endpointpolicymanager/adminstrativetemplates/gettoknow/about_endpointpolicymanager_admin_templates_2.webp) diff --git a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/userside.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/userside.md similarity index 92% rename from docs/endpointpolicymanager/adminstrativetemplates/gettoknow/userside.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/userside.md index d0ca5e9f82..c4570465c2 100644 --- a/docs/endpointpolicymanager/adminstrativetemplates/gettoknow/userside.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/gettoknow/userside.md @@ -1,3 +1,9 @@ +--- +title: "Adding a Policy on the User Side" +description: "Adding a Policy on the User Side" +sidebar_position: 10 +--- + # Adding a Policy on the User Side When you add a Endpoint Policy Manager Admin Template policy setting on the User side, you see the diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/itemleveltargeting.md new file mode 100644 index 0000000000..8ec6b65d1b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/itemleveltargeting.md @@ -0,0 +1,77 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 20 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint +Policy Managerchange the scope of individual preference items , so they apply only to selected users +or computers. In this example, we want the collection named **Control Panel Settings for East Sales +Users** to apply only to the East Sales Users. To do this, right-click the collection and then +select **Change Item Level Targeting**, as seen below. + +![about_policypak_admin_templates_11](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_11.webp) + +The **Edit Item Level Targeting** menu item brings up the **Targeting Editor**. You can select any +combination of characteristics you want to test for. The interface is similar to that used in Group +Policy Preferences' Item-Level Targeting. + +![about_policypak_admin_templates_12](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_12.webp) + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically. You can also add targeting collections, which group together targeting items in much the +same way parentheses are used in an equation. In this way, you can create a complex determination +about where a policy will be applied. Collections may be set to **And**,**Or**, **Is**, or **Is +Not**. In this example, the Pak would only apply to Windows 10 machines when the machine is portable +and the user is in the FABRIKAM\Traveling Sales Users group. + +Below are some real-world examples of how you can use Item-Level Targeting. + +- Software prerequisites — If you want to configure an application's settings, first make sure the + application is installed on the user's computer before configuring it. You can use File Match or + Registry Match targeting items (or both) to verify a specific version of a file or a registry + entry is present. For an example of this, look in the Uninstall registry key. +- Mobile computers — If you want to deploy settings exclusively for users on mobile PCs, then filter + the rule to apply only to mobile PCs by using the **Portable Computer** targeting item +- Operating system version — You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system. Then, filter each + rule using the **Operating System** targeting item. +- Group membership — You can link the Group Policy Object (GPO) to the whole domain or + organizational unit (OU), but only members within a specific group can pick up and process the + rule settings +- IP range — You can specify different settings for various IP ranges, like different settings for + the home office and each field office + +![about_policypak_admin_templates_13](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_13.webp) + +After you are done editing, close the editor. In the GP Management editor, you see that the +collection's icon has changed to orange, which shows that it now has Item-Level Targeting on the +whole collection. In other words, none of the items in the collection will apply unless the +Item-Level Targeting on the collection evaluates to **True**. + +![about_policypak_admin_templates_14](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_14.webp) + +You can also see that Item-Level Targeting is set on the collection when you click a higher node, +where you'll see the name of the collection and a column designating if Item-Level Targeting is on +(**Yes**) or off (**No**). + +![about_policypak_admin_templates_15](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_15.webp) + +You may also right-click any policy directive and select **Edit Item Level Targeting**. + +This enables you to be even more granular with the settings. For instance, you can specify whether +or not you want Item-Level Targeting applied to the following settings: + +- Only apply **Control Panel Settings for East Sales Users** to the East Sales User Group +- Only apply the **Prevent Changing theme** policy setting (within the collection) to users on + laptops + +![about_policypak_admin_templates_16](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_16.webp) + +If you put Item-Level Targeting on a specific policy setting, you can see the icon's color change to +orange, and the field **Item Level Targeting** will change to **Yes**. + +**NOTE:** Click the **Item-Level Targeting** button within any policy setting to open that policy's +Item-Level Targeting editor. diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/overview.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/overview.md new file mode 100644 index 0000000000..3e79a0d725 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/overview.md @@ -0,0 +1,84 @@ +--- +title: "Administrative Templates Manager" +description: "Administrative Templates Manager" +sidebar_position: 10 +--- + +# Administrative Templates Manager + +**NOTE:** Before reading this section, please see the +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md) topic  for more +information on the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, see the +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) topic for more +information. + +Endpoint Policy Manager Admin Templates Manager enables administrators to harness the existing power +of Microsoft's 3000+ Admin Template settings and a lot more. + +**NOTE:** See the +[Endpoint Policy Manager Admin Templates: Collections and Item Level Targeting](/docs/endpointpolicymanager/video/administrativetemplates/collections.md) +topic for more in formation on Endpoint Policy Manager Admin Templates Manager. + +![about_policypak_admin_templates](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates.webp) + +Here we can see some of Microsoft's Admin Template settings. + +![about_policypak_admin_templates_1](/img/product_docs/endpointpolicymanager/adminstrativetemplates/about_endpointpolicymanager_admin_templates_1.webp) + +Endpoint Policy Manager Admin Templates Manager is a node you see within every Group Policy Object +(GPO) you create. + +Endpoint Policy Manager Admin Templates Manager enables you to perform the following functions: + +- Assemble settings (policies) into collections +- Set Item-Level Targeting on policies and collections +- Deliver user-side policies to computers (without Group Policy Loopback mode) +- Use either Local Storage or Central Storage when choosing definitions +- Search for policies that match certain words in their titles or help text +- Export policies or collections as XML files (available with Endpoint Policy Manager Exporter and + Endpoint Policy Manager Cloud). See the + [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) topic for more + information on using Endpoint Policy Manager with MDM and UEM Tools. + +The basic way to use Endpoint Policy Manager Admin Templates Manager is as follows: + +- Create a Microsoft GPO using Endpoint Policy Manager Admin Templates Manager. If you use Group + Policy as the delivery mechanism, it is deployed to client machines. +- If you do not use Group Policy, deploy the GPO using one of these other ways: + + - Microsoft Endpoint Manager (SCCM and Intune) + - Your own systems-management software + - An MDM service + - Endpoint Policy Manager Cloud service + +- The client machine embraces the directives and performs the work + +Endpoint Policy Manager Admin Templates Manager lets admins use Group Policy to deliver settings and +also lets you use a mechanism other than Group Policy to get policies delivered. + +**NOTE:** Additionally, using the Endpoint Policy Manager Cloud service, can even deliver Group +Policy settings to non-domain-joined machines over the Internet. + +## Components + +Endpoint Policy Manager Admin Templates Manager has the following components: + +- A management station — Start out by creating a standard GPO (which will be edited) and then use + the Endpoint Policy Manager Admin Templates Manager node. +- The Endpoint Policy Manager client-side extension (CSE) — This runs on the client (target) + machine. It is the same CSE for all Endpoint Policy Manager products. There isn't anything + separate to install, and the Endpoint Policy Manager CSE must be present in order to accept + Endpoint Policy Manager Admin Templates Manager directives. +- Endpoints — Must be licensed for Endpoint Policy Manager Admin Templates Manager using one of the + licensing methods +- Endpoint Policy Manager Exporter (optional) — A free utility that lets you take Endpoint Policy + Manager Admin Templates Manager and our other products XML files and wrap them into a portable MSI + file for deployment using Microsoft Endpoint Manager (SCCM and Intune) or your own + systems-management software. diff --git a/docs/endpointpolicymanager/adminstrativetemplates/priority.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/priority.md similarity index 94% rename from docs/endpointpolicymanager/adminstrativetemplates/priority.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/priority.md index 4583d81179..39d3975eca 100644 --- a/docs/endpointpolicymanager/adminstrativetemplates/priority.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/priority.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Priority" +description: "Understanding Priority" +sidebar_position: 30 +--- + # Understanding Priority Endpoint Policy Manager Admin Templates Manager enables you to put policy directives inside a single diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/_category_.json b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/_category_.json new file mode 100644 index 0000000000..f1b56fb35d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Preferences Manager", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/_category_.json b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/_category_.json new file mode 100644 index 0000000000..84c8ba7063 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Quick Start", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "gettingstarted" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/preferences/deploymsis.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/deploymsis.md similarity index 92% rename from docs/endpointpolicymanager/preferences/deploymsis.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/deploymsis.md index 46c6081b8a..66b7e8a9e3 100644 --- a/docs/endpointpolicymanager/preferences/deploymsis.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/deploymsis.md @@ -1,3 +1,9 @@ +--- +title: "Deploying MSIs to Your Target Machine" +description: "Deploying MSIs to Your Target Machine" +sidebar_position: 20 +--- + # Deploying MSIs to Your Target Machine You need to take the MSI you just created and get it to your target machine. In this step, you're diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/gettingstarted.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/gettingstarted.md new file mode 100644 index 0000000000..993bf2fe55 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/gettingstarted.md @@ -0,0 +1,74 @@ +--- +title: "Quick Start" +description: "Quick Start" +sidebar_position: 20 +--- + +# Quick Start + +This Quickstart of Netwrix Endpoint Policy Manager (formerly PolicyPak) Preferences Manager will +introduce the following: + +- Deploying Microsoft Group Policy Preference items without Group Policy by using your own on-prem + deployment system, such as Microsoft Endpoint Manager (SCCM and Intune), KACE, and so on. +- Keeping Microsoft Group Policy Preferences settings compliant even when the computer goes offline + (regardless of how they are deployed). + +**NOTE:** See Appendix E: +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md) and User Guide for +additoinal information on Endpoint Policy Manager Preferences Manager in use with Endpoint Policy +Manager Cloud + +**NOTE:** To perform these demonstrations, Microsoft Group Policy Preference items must be +available. You can use some of our preconfigured items from the Endpoint Policy Manager Portal, or +you can create your own using the Group Policy Preferences Editor. + +## Option 1 - Downloading Microsoft Group Policy Preference Example Items + +Some easy-to-use Microsoft Group Policy Preference items have been previously created and are +available inside the Endpoint Policy Manager Portal for download in the Latest Manuals section. +Currently the file is called `ppprefs-shortcut.xml`.  You can get to it by accessing the customer +portal and navigating to Latest Manuals.  Then, click on Endpoint Policy Manager Examples (to be +used with PP Cloud-MDM-SCCM-etc).zip. + +![quickstart_using_policypak](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager.webp) + +Inside the download of the Endpoint Policy Manager preferences and Endpoint Policy Manager Cloud XML +examples, you'll see a file named `ppprefs-shortcut.xml`. + +![quickstart_using_policypak_1](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager_1.webp) + +Remove the file from the ZIP archive, and put it in a handy place for the deployment step. + +The Group Policy Preference item has a simple goal: to place a shortcut for www.endpointpolicymanager.com on the +desktop. If you wish to create a Group Policy Preference item from scratch, see the next section. + +## Option 2 - Using Microsoft Group Policy Preferences Editor + +While you can use any combination of Group Policy Preference items, we strongly recommend that you +use the Group Policy Preference item shown below, which puts an icon for www.endpointpolicymanager.com on the +desktop. + +These are the settings used to make the Group Policy Preference item: + +- Name: www.endpointpolicymanager.com +- Target Type: URL +- Location: Desktop +- Target URL: www.endpointpolicymanager.com +- Icon file path: `%SystemRoot%\system32\SHELL32.dll` +- Icon index: 47 + +![quickstart_using_policypak_2](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager_2.webp) + +When you click **OK**, it will save the data within the Group Policy Object (GPO). However, you can +drag and drop a Group Policy Preference item to the desktop or a folder, which makes an XML file. +Another way to do this is to right-click either the Endpoint Policy Manager or Endpoint Policy +Manager Preferences Manager node, as seen below, and use the Group Policy Preference Export wizard, +which will export the Group Policy Preference items from the GPO. + +**NOTE:** The Group Policy Preference Export wizard will only export settings for the User side or +Computer side, depending on which side on are on. + +![quickstart_using_policypak_3](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager_3.webp) + +Keep the Group Policy Preference item file you created handy for the next step. diff --git a/docs/endpointpolicymanager/preferences/maintaincompliance.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/maintaincompliance.md similarity index 92% rename from docs/endpointpolicymanager/preferences/maintaincompliance.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/maintaincompliance.md index 820d07b677..ef2c74e6e6 100644 --- a/docs/endpointpolicymanager/preferences/maintaincompliance.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/maintaincompliance.md @@ -1,3 +1,9 @@ +--- +title: "Maintaining Compliance" +description: "Maintaining Compliance" +sidebar_position: 30 +--- + # Maintaining Compliance When a computer is off the network and out of contact with a domain controller, Group Policy diff --git a/docs/endpointpolicymanager/preferences/makemsis.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/makemsis.md similarity index 91% rename from docs/endpointpolicymanager/preferences/makemsis.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/makemsis.md index 0273cdb2d1..b37397fa44 100644 --- a/docs/endpointpolicymanager/preferences/makemsis.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/gettingstarted/makemsis.md @@ -1,7 +1,13 @@ +--- +title: "Using the Endpoint Policy Manager Exporter to Make MSIs" +description: "Using the Endpoint Policy Manager Exporter to Make MSIs" +sidebar_position: 10 +--- + # Using the Endpoint Policy Manager Exporter to Make MSIs **NOTE:** For an overview of the Endpoint Policy Manager Exporter utility, please watch this video: -[](http://www.endpointpolicymanager.com/video/endpointpolicymanager-preferences-with-endpointpolicymanager-exporter.html)[Endpoint Policy ManagerPreferences with Endpoint Policy Manager Exporter](/docs/endpointpolicymanager/archive/preferencesexporter.md)l. +[](http://www.endpointpolicymanager.com/video/endpointpolicymanager-preferences-with-endpointpolicymanager-exporter.html)[Endpoint Policy ManagerPreferences with Endpoint Policy Manager Exporter](/docs/endpointpolicymanager/knowledgebase/archive/preferencesexporter.md)l. Endpoint Policy Manager Exporter's job is to take Microsoft or Endpoint Policy Manager items and wrap them up into an MSI. This MSI can then be deployed using whatever technique you want: Microsoft @@ -55,5 +61,5 @@ we've saved it to the desktop as Deploy GPP MSI.msi. ![quickstart_using_policypak_8](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager_8.webp) -See Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) for +See Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) for additional information on the Endpoint Policy Manager Exporter utility diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/itemleveltargeting.md new file mode 100644 index 0000000000..5f94596e9b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/itemleveltargeting.md @@ -0,0 +1,78 @@ +--- +title: "Item-Level Targeting" +description: "Item-Level Targeting" +sidebar_position: 30 +--- + +# Item-Level Targeting + +One of the best features of Microsoft Group Policy Preferences is its Item-Level Targeting. It +enables you to filter where a particular Group Policy Preference item will take effect. + +**NOTE:** See [Group Policy Preferences: Item Level Targeting](/docs/endpointpolicymanager/knowledgebase/archive/itemleveltartgeting.md) +for a video of Group Policy Preferences and Item-Level targeting + +If you followed the Quickstart guide in the previous section, then you deployed a Group Policy +Preferences shortcut item to the desktop for every user. With Netwrix Endpoint Policy Manager +(formerly PolicyPak) Preferences Manager, there are two ways you can limit or target which users and +computers will receive Group Policy Preferences directives by doing the following: + +- Use Endpoint Policy Manager Exporter and specify certain users and groups instead of computer/all + users +- Modify Group Policy Preference items in such a way that they have Item-Level Targeting that + describes the conditions under which they should apply + +Additionally, you can choose to use both methods together if you prefer. For instance, you might: + +- Use the Group Policy Preferences Editor and make a Group Policy Preferences Power Settings item to + configure power settings +- Continue to use the Group Policy Preferences Editor Item-Level Targeting to specify that the item + should only apply to Windows 10 laptops that are in a particular IP address range + (192.168.2.0–192.168.3.0) +- Use Endpoint Policy Manager Exporter to specify that only the Sales group within Active Directory + should process this policy + +In this example, the net result of using these methods is that your Group Policy Preference item +will only apply to Windows 10 machines that are laptops and within a specific IP address range +(192.168.2.0–192.168.3.0), and when the user is a member of the Sales Active Directory group. + +![group_policy_preferences_item](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item.webp) + +You can then choose which item you want to target: + +![group_policy_preferences_item_1](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_1.webp) + +You can apply one or more targeting items to a Microsoft Group Policy Preference item, which enables +targeting items to be joined logically. You can also add targeting collections, which group together +targeting items in much the same way parentheses are used in an equation. In this way, you can +create a complex determination about where a policy will be applied. Collections may be set to And, +Or, Is, or Is Not. + +![group_policy_preferences_item_2](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_2.webp) + +In the example above the Pak would only apply to (1) Windows 10 machines when (2) the machine is +portable and (3) the user is in the FABRIKAM\Traveling Sales Users group. + +Here are some real-world examples of how you can use Item-Level Targeting with Group Policy +Preferences: + +- Mobile computers — If you want to deploy settings for users on mobile PCs, filter the Group Policy + Preference item to deploy to only mobile PCs by using the Portable Computer targeting item. +- Operating system version — You can specify different settings for applications based on the + operating system version. To do this, create two Group Policy Preference items, one for each + operating system. Then filter each AppSet using the Operating System targeting item. +- Group membership — You can specify a Group Policy Preference item that would normally apply to all + users on the computer and, instead, filter by members within a specific group to pick up and + process the Group Policy Preference item. +- IP range — You can specify different settings for various IP ranges, like different browser + settings for the home office and each field office. + +When Item-Level Targeting is used, it can be seen and verified in the XML view of the Group Policy +Preference item by choosing the Display Xml option. The Item-Level Targeting is highlighted in the +Filters section. + +![group_policy_preferences_item_3](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_3.webp) + +![group_policy_preferences_item_4](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_4.webp) + +The XML of the Group Policy Preference item verifies that Item-Level Targeting is being used. diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/overview.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/overview.md new file mode 100644 index 0000000000..7d37b805f5 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/overview.md @@ -0,0 +1,105 @@ +--- +title: "Preferences Manager" +description: "Preferences Manager" +sidebar_position: 20 +--- + +# Preferences Manager + +**NOTE:** Before reading this section, please ensure you have read Book 2: +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure +- Optionally, if you don't want to use Group Policy, read the section in Appendix A: + [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) on Group Policy and + non–Group Policy methods (MEMCM, KACE, and MDM service or Netwrix Endpoint Policy Manager + (formerly PolicyPak) Cloud) to deploy your directives. + +Microsoft Group Policy Preferences are great because they let you configure 21 categories of items, +including the following a,nd many more. + +- Printers +- Shortcuts +- Drive maps +- VPN settings +- Device lock-down +- Regional settings + +![about_policypak_gpo_export](/img/product_docs/endpointpolicymanager/preferences/about_endpointpolicymanager_gpo_export.webp) + +Despite these advantages, Microsoft's Group Policy Preferences have some issues that cannot be +overcome without a little help. That's where Endpoint Policy Manager Preferences Manager comes in. + +## Main Concepts + +Endpoint Policy Manager Preferences Manager does the following jobs: + +- It maintains the compliance of a Group Policy Preference item even when the computer is offline. +- It enables a Group Policy Preference item to be delivered without using Active Directory Group + Policy. Therefore, with Endpoint Policy Manager Preferences Manager, you may now use Microsoft + Endpoint Manager (SCCM and Intune), LANDesk, or KACE to deliver Group Policy Preferences without + the inbox Group Policy mechanism being involved. +- In conjunction with the Endpoint Policy Manager Cloud service, or your own mobile device + management (MDM) service, you can deliver Group Policy Preference items to computers over the + Internet (to both domain-joined and non-domain-joined machines). For more information on Endpoint + Policy Manager Cloud, see Appendix E: + [Setup, Download, Install, and Verify](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/quickstart.md) and User Guide. For more + information about using Endpoint Policy Manager with an MDM service, see Appendix A: + [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md). + +**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy +Preferences directives even to non-domain-joined machines. + +**NOTE:** See +[Which settings can be managed with the Preferences Manager component?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/settings.md)for additional +information on Endpoint Policy Manager Preferences Manager used with SCCM, Endpoint Policy Manager +Cloud, or an MDM service, + +The basic way to use Endpoint Policy Manager Preferences Manager is to perform the following +procedures: + +- Create a Microsoft Group Policy Preferences directive on your Windows administrative machine using + the Microsoft GPMC and Group Policy Preferences Editor. +- Deliver the directive to the client machines. If you use Group Policy as the delivery mechanism, + the directive is received via client machines. You can also use Endpoint Policy Manager + Preferences Manager to deliver it via the following ways: + + - Microsoft Endpoint Manager (SCCM and Intune) + - Your own systems management software + - Endpoint Policy Manager Cloud service + +- Allow the client machine to embrace the directives and perform the work. + +This way you are not required to use the Group Policy mechanism as the transport to deploy Group +Policy Preferences directives. + +## Moving Parts + +Endpoint Policy Manager Preferences Manager has the following main components: + +- A management station — Start out by creating a standard Group Policy Preference item using the + GPMC you use every day. Then export the settings using the Endpoint Policy Manager Preferences + Manager Export wizard. You can export these settings for use with Endpoint Policy Manager Cloud, + or deploy these settings using methods other than Group Policy methods. +- The Endpoint Policy Manager client-side extension (CSE) — This runs on the client (target) + machine. It is the same CSE for all Endpoint Policy Manager products. There isn't anything + separate to install. +- Endpoints — Endpoints must be licensed for Endpoint Policy Manager Preferences Manager using one + of the licensing methods. +- Endpoint Policy Manager Exporter (optional) — A free utility that lets you take Microsoft Group + Policy Preferences and our other Endpoint Policy Manager XML data files and wrap them into a + portable MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), or your own + systems management software. + +![about_policypak_gpo_export_1](/img/product_docs/endpointpolicymanager/preferences/about_endpointpolicymanager_gpo_export_1.webp) + +Endpoint Policy Manager Preferences Manager does not require any particular type of domain +controllers (DCs). Nothing is installed on any DC, and you don't need to extend the Active Directory +schema. Additionally, you do not need to install any server components, upgrade any servers or DCs, +or buy any server-side infrastructure. There is no requirement for domain mode or functional level. +To be clear, every client computer (Windows 7 and higher) or Terminal Services (RDS)/Citrix machine +(Windows Server 2008 or higher) must have the Endpoint Policy Manager CSE installed and licensed. diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/_category_.json b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/_category_.json new file mode 100644 index 0000000000..5dfef96d71 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/preferences/clientmachines.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/clientmachines.md similarity index 86% rename from docs/endpointpolicymanager/troubleshooting/preferences/clientmachines.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/clientmachines.md index 17ae67119d..2beffc8fdf 100644 --- a/docs/endpointpolicymanager/troubleshooting/preferences/clientmachines.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/clientmachines.md @@ -1,3 +1,9 @@ +--- +title: "Applying Settings to Client Machines" +description: "Applying Settings to Client Machines" +sidebar_position: 20 +--- + # Applying Settings to Client Machines The most common technical support question we get is "Why aren't Group Policy Preferences settings @@ -16,7 +22,7 @@ installation of the MSI? **Step 4 –** Is your computer licensed? All computers must be licensed in order for Endpoint Policy Manager Preferences Manager to work properly (see Book 1: -[Introduction and Basic Concepts](/docs/endpointpolicymanager/basicconcepts.md) for more information). Alternatively, try +[Introduction and Basic Concepts](/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/basicconcepts.md) for more information). Alternatively, try renaming the computer to "Computer1" (or a similar name) such that "computer" is in the name. When you do this, the Endpoint Policy Manager Preferences Manager CSE will act as if it's fully licensed. If Endpoint Policy Manager Preferences Manager starts to work, you have a licensing issue. diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/logs.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/logs.md new file mode 100644 index 0000000000..d2dec9626d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/logs.md @@ -0,0 +1,46 @@ +--- +title: "Troubleshooting Logs" +description: "Troubleshooting Logs" +sidebar_position: 10 +--- + +# Troubleshooting Logs + +Endpoint Policy Manager Preferences Manager client-side extension (CSE) has several key log files. +Endpoint Policy Manager Preferences Manager can affect the Computer side and User side. The +computer-side log files can be seen in Figure 19, and the user-side log files can be seen in +Figure 20. + +![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/preferences/troubleshooting.webp) + +Figure 19. Computer-side log files. + +![troubleshooting_1](/img/product_docs/endpointpolicymanager/troubleshooting/preferences/troubleshooting_1.webp) + +Figure 20. User-side log files. + +If you want to look through the log files to help diagnose your problems, Table 1 shows the list of +Endpoint Policy Manager Preferences Manager log files. + +Table 1: Log files. + +| Log file | Location | Description | +| -------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | +| `ppUser_onLogon.log` | LocalAppData | CSE log for user policies created by PPWatcherSvc on login | +| `ppUser_onManual.log` | LocalAppData | CSE log for user policies created when Group Policy is manually run via GPupdate | +| `ppUser_onSchedule.log` | LocalAppData | CSE log for user policies created by automatic reapplication of settings using the timer | +| `ppUser_onPolicyChanged.log` | LocalAppData | CSE log for user policies created when Endpoint Policy Manager Preferences Manager receives data from GPOs or XML Data files | +| `ppUser_onServiceStart.log` | LocalAppData | Log for when the Endpoint Policy Manager Application Settings Manager Service starts and attempts to process the user-side | +| `ppComputer_onServiceStart.log` | ProgramData | Log for when the Endpoint Policy Manager Application Settings Manager Service starts and attempts to process the computer-side | +| `ppComputer_manual.log` | ProgramData | CSE log for computer policies created during ppupdate call | +| `ppComputer_onLogon.log` | ProgramData | CSE log for computer policies created by PPWatcherSvc on login (see next section for more information) | +| `ppComputer_onSchedule.log` | ProgramData | CSE log for computer policies created by automatic reapplication of settings using the timer | +| `ppComputer_onPolicyCHanged.log` | ProgramData | CSE log for computer policies created when XML Data settings get changed | +| `ppUpdatesChecker.log` | ProgramData | Automatic updates log. Check here to see if the auto-update component is seeing the updates.config file with instructions on how to auto-update. | +| `ppService.log` | ProgramData | Main Endpoint Policy Manager CSE service log. This log contains messages related to system-wide functions. | + +You can see an example of the contents of the logs in Figure 21. + +![troubleshooting_2](/img/product_docs/endpointpolicymanager/troubleshooting/preferences/troubleshooting_2.webp) + +Figure 21. The contents of the logs that are required for troubleshooting. diff --git a/docs/endpointpolicymanager/troubleshooting/preferences/logsenhanced.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/logsenhanced.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/preferences/logsenhanced.md rename to docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/logsenhanced.md index 28b3e1eeb4..48ca34c5b5 100644 --- a/docs/endpointpolicymanager/troubleshooting/preferences/logsenhanced.md +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/logsenhanced.md @@ -1,3 +1,9 @@ +--- +title: "Enhanced Client Logging" +description: "Enhanced Client Logging" +sidebar_position: 30 +--- + # Enhanced Client Logging Endpoint Policy Manager technical support may ask you to turn on enhanced client logging if the diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/overview.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/overview.md new file mode 100644 index 0000000000..88ff360036 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/preferences/overview.md @@ -0,0 +1,33 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 40 +--- + +# Troubleshooting + +In this section, we're going to learn how Netwrix Endpoint Policy Manager (formerly PolicyPak) +Preferences Manager reports data and how to troubleshoot Endpoint Policy Manager Preferences +Manager. Endpoint Policy Manager Preferences Manager is a relatively simple system with two +important components: the CSE, which is installed on the client, and the Group Policy Preferences +XML files copied into the special folders within `%ProgramData%`. However, there are several areas +that you may want to focus on if you encounter problems. Before calling or emailing PolicyPak +technical support, make sure to perform the following steps to solve common problems with easy +solutions. + +## Working with Technical Support + +To get you working as quickly as possible, please send us the following items: + +- Your Group Policy Preferences XML data file(s). +- An example of a client's log files. All Endpoint Policy Manager products have a universal log + "collector" utility. Simply run` pplogs.exe` from a command prompt and a ZIP file will be + generated for you. Mail that ZIP file to [support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) or + directly to your support representative if asked. +- Screenshots or a video of the problem, if there's something to see. Use an application such as + ScreenShot Pilot ([http://tinyurl.com/screenshotpilot](http://tinyurl.com/screenshotpilot)) or + Jing ([www.Techsmith.com](http://www.Techsmith.com)) to capture images or videos showing your + issue. + +We'll try to get you an answer right away. Call (800) 883-8002 if you think we haven't gotten your +request for help. We want to help you! diff --git a/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/setup.md b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/setup.md new file mode 100644 index 0000000000..ca48e4eefa --- /dev/null +++ b/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/setup.md @@ -0,0 +1,35 @@ +--- +title: "Getting Set Up" +description: "Getting Set Up" +sidebar_position: 10 +--- + +# Getting Set Up + +In the next section, you'll learn more about Netwrix Endpoint Policy Manager (formerly PolicyPak) +Preferences Manager and how to ensure that everything works the way you expect it to. + +The goals of the Endpoint Policy Manager Preferences Manager Quickstart in the next section are as +follows: + +- Create a simple Group Policy Preference item and get its XML. +- Make an MSI from the Group Policy Preferences XML file. +- Manually copy the MSI file to a target computer. This simulates deploying the MSI using your own + management system such as Microsoft Endpoint Manager [SCCM and Intune], KACE, LANDesk, PDQ Deploy, + Specops Deploy, etc. +- Install the MSI and see the Group Policy Preference item appear. +- See compliance for Group Policy Preference items be maintained by Endpoint Policy Manager + Preferences Manager. +- Log on as any user and see the Group Policy Preference item appear. + +At this point, you should have the following ready: + +- A client system (Windows 7 or later preferred) with "computer" in the name for Trial mode, or + fully licensed. +- The Endpoint Policy Manager 32-bit or 64-bit client-side extension on your client machine. +- A management station with the GPMC and Endpoint Policy Manager Admin Console.MSI (MMC snap-in) + installed on the machine where you have the GPMC installed (32-bit or 64-bit machines, as + appropriate). +- The Endpoint Policy Manager Exporter utility on the management station. + +Now you're ready to test Endpoint Policy Manager Preferences Manager. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/_category_.json new file mode 100644 index 0000000000..410f8e5344 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Introduction And Quick Start Manuals", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/_category_.json new file mode 100644 index 0000000000..05f44642a7 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Introduction and Basic Concepts", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "basicconcepts" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/basicconcepts.md b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/basicconcepts.md similarity index 97% rename from docs/endpointpolicymanager/basicconcepts.md rename to docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/basicconcepts.md index 0c454597fc..51fdfefae4 100644 --- a/docs/endpointpolicymanager/basicconcepts.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/basicconcepts.md @@ -1,3 +1,9 @@ +--- +title: "Introduction and Basic Concepts" +description: "Introduction and Basic Concepts" +sidebar_position: 10 +--- + # Introduction and Basic Concepts Thank you for trying Netwrix Endpoint Policy Manager (formerly PolicyPak) Software. This manual will diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/_category_.json new file mode 100644 index 0000000000..7efb5738d9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Editions, Solutions, Paks, and Policies", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/overview.md new file mode 100644 index 0000000000..958ef7a7f1 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/overview.md @@ -0,0 +1,38 @@ +--- +title: "Editions, Solutions, Paks, and Policies" +description: "Editions, Solutions, Paks, and Policies" +sidebar_position: 10 +--- + +# Editions, Solutions, Paks, and Policies + +In the sections that follow, we will discuss the different editions of Netwrix Endpoint Policy +Manager (formerly PolicyPak) you can choose from, and the solutions, Paks, and policies that are +available with each edition. + +## Editions + +Endpoint Policy Manager is available in one of three editions: + +- Endpoint Policy Manager Enterprise Edition: With this edition, you get all solutions, all Paks, + and all policies. +- Endpoint Policy Manager Professional Edition: With this edition, you get all solutions, a choice + of Paks, and the policies within the Paks you choose. +- Endpoint Policy Manager SaaS Edition: With this edition, you get Endpoint Policy Manager Cloud, + most Paks, and the policies within those Paks. + +To use PolicyPak, you need to delivery policies via a solution method. You can use one method, or +you can start with a method and then use more methods as time goes on. The editions and allowed +solution methods, as well as the relationship between editions and Paks, are shown in the table +below. + +Products and solution methods. + +| Solution Method | Endpoint Policy Manager Enterprise Edition (all Paks) | Endpoint Policy Manager Professional Edition (pick your Paks) | Endpoint Policy Manager SaaS Edition (most Paks) | +| ---------------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------ | +| Active Directory/GPO Method | ✓ | ✓ | X | +| MDM Method | ✓ | ✓ | X | +| Cloud Method | ✓ | ✓ | ✓ | +| Cloud Hybrid Method (MDM or RMM + Endpoint Policy Manager Cloud) | ✓ | ✓ | ✓ | +| Unified Endpoint Management Method | ✓ | ✓ | X | +| Virtualization | ✓ (Single desktops, shared desktops, shared sessions) | ✓ (Single desktops, shared desktops, shared sessions) | ✓ (Single virtualized desktops) | diff --git a/docs/endpointpolicymanager/editions/paks.md b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/paks.md similarity index 93% rename from docs/endpointpolicymanager/editions/paks.md rename to docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/paks.md index ef4d153a41..b7b6cb76f0 100644 --- a/docs/endpointpolicymanager/editions/paks.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/paks.md @@ -1,3 +1,9 @@ +--- +title: "Paks" +description: "Paks" +sidebar_position: 20 +--- + # Paks Paks are a vehicle to deliver policies (components) to customers after they have selected a Endpoint diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/policies.md b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/policies.md new file mode 100644 index 0000000000..5971c3e2ea --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/policies.md @@ -0,0 +1,224 @@ +--- +title: "Policies" +description: "Policies" +sidebar_position: 30 +--- + +# Policies + +Endpoint Policy Manager policies are configurable items which perform work on the endpoint. + +**NOTE:** Policies are also known as components, and that wording may be used interchangeably. + +Each policy has a different function, so we are going to briefly explore what these components can +do for you. Remember, you may use any of the solution methods to deploy a policy, provided your +license enables it. + +## Application Settings Manager with Endpoint Policy Manager DesignStudio + +Endpoint Policy Manager Application Settings Manager has over 400 preconfigured AppSets to get you +started managing and locking down pesky applications right away. + +Many popular applications are available, including Internet Explorer, Teams, Acrobat Reader, Java, +Firefox, Office, and more. Additionally, with our Endpoint Policy Manager DesignStudio, you can +design your own Paks for just about any application. With Endpoint Policy Manager Software, it is +easy to configure, manage, and lock down 1, 2, 50, or more in-house or commercial applications. In +conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy Endpoint +Policy Manager Application Settings Manager directives over the Internet, even to non-domain-joined +machines. + +**Note**: For more information on this topic, please see this video: +[What is Endpoint Policy Application Manager (Cloud Edition)](/docs/endpointpolicymanager/video/applicationsettings/cloud.md). + +## Least Privilege Manager + +Endpoint Policy Manager Least Privilege Manager enables your users with standard user rights to get +access to applications in situations where they might need local admin privileges. + +It will also stop attacks from malware, crypto-malware, etc., and will block any application if it +is not installed by an administrator. This is called the Endpoint Policy Manager LPM SecureRun™ +feature. In conjunction with Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy +Manager Least Privilege Manager can deploy directives over the Internet, even to non-domain-joined +machines. + +For more information on this topic, please see this video: +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Privilege Manager. + +**NOTE:** Note that Endpoint Policy Manager Least Privilege Manager has two versions: Standard and +Complete. If a customer is a Endpoint Policy Manager Enterprise or SaaS customer, they get Least +Privilege Manager Complete. If the customer is a Endpoint Policy Manager Professional customer, they +can decide between Least Privilege Manager Standard or Complete. For an overview of the two +versions, check out this page: +[https://www.endpointpolicymanager.com/paks/least-privilege-security-pak/](https://www.endpointpolicymanager.com/paks/least-privilege-security-pak/). + +## Browser Router + +Endpoint Policy Manager Browser Router dictates which browser should open up which web pages for end +users. + +If you have a specific need to open up Edge, Firefox, Chrome, Internet Explorer, or a custom +browser, Endpoint Policy Manager Browser Router can make it easy. It can also dictate which browser +should be the default for websites so the user is not prompted. It can also block access to certain +websites (e.g., Facebook) for all browsers. It can also specify Internet Explorer's document and +enterprise modes on the fly. In conjunction with Endpoint Policy Manager Cloud or your own MDM +service, you can also deliver these Endpoint Policy Manager Browser Router settings over the +Internet to domain-joined and non-domain-joined machines. + +**Note**: For more information on this topic, please see this video: +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Browser Router + +## Java Enterprise Rules Manager + +Endpoint Policy Manager Java Enterprise Rules Manager enables you to choose the version of Java that +specific websites use or block Java websites entirely, even for remote machines via the cloud. + +Making a Java deployment rule set for your enterprise has never been easier or more flexible. In +conjunction with Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy Manager Java +Enterprise Rules Manager can deploy most Microsoft Security settings to computers over the Internet, +even to non-domain-joined machines. + +**Note**: For more information on this topic, please see this +video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Java +Enterprise Rules Manager . + +## Admin Templates Manager + +Endpoint Policy Manager Admin Templates Manager enables you to deploy any Microsoft setting (or +third-party admin template [.admx file]) to either users or computers. + +You can also put Group Policy settings into collections and ensure that they are specifically +targeted with conditions to users and computers . Endpoint Policy Manager Admin Templates Manager +will enable you to deploy Admin Template items without using Group Policy, by using Microsoft SCCM, +Windows Intune, or your own systems management software. In conjunction with Endpoint Policy Manager +Cloud, Endpoint Policy Manager Admin Templates Manager allows you to deploy any Microsoft Admin +Template (or third-party ADMX setting) to computers over the Internet, even to non-domain-joined +machines. + +**Note**: For more information on this topic, please see this +video:[Administrative Templates Manager](/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/overview.md). + +## File Associations Manager + +Endpoint Policy Manager File Associations Manager enables you to map specific file extensions (such +as .pdf) to specific applications, like Acrobat Reader (standard apps and Windows 10 Universal +apps), and handling applications with protocols (such as MAILTO:). + +**Note**: For more information on this topic, please see this video: +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > File Associations +Manager. + +## Preferences Manager + +Endpoint Policy Manager Preferences Manager keepsw Group Policy Preferences working and compliant, +even when the computer goes offline. + +It enables you to deploy Group Policy Preference items without using Group Policy. For instance, by +using Microsoft SCCM, Windows Intune, or your own systems management software. In conjunction with +Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy Manager Preferences Manager +deploys Group Policy Preference items over the Internet, even to non-domain-joined machines. + +**NOTE:** The license for this policy is not provided unless specifically requested by the customer +when Endpoint Policy Manager is used with the Group Policy delivery mechanism. For more details on +why the license is not automatically provided, please see the following link: +[Where is my Endpoint Policy Manager Preferences Component license and how do I request one?](/docs/endpointpolicymanager/knowledgebase/gpoexportmergeadmint/knowledgebase/exportinggrouppolicy/componentlicense.md). + +**Note**: For more information on this topic, please see this +video:[Preferences Manager](/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/overview.md) + +## Security Settings Manager + +Endpoint Policy Manager Security Settings Manager enables you to deploy Group Policy's Security +settings without using Group Policy. + +You can do this by using Microsoft SCCM, Windows Intune, or your own systems management software. In +conjunction with Endpoint Policy Manager Cloud or your own MDM service, Endpoint Policy Manager +Security Manager can deploy most Microsoft Security settings to computers over the Internet, even to +non-domain-joined machines. + +**Note**: For more information on this topic, please see this video: +[Security Settings Manager](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/overview.md). + +## Start Screen & Taskbar Manager + +Endpoint Policy Manager Start Screen & Taskbar Manager enables you to map specific applications +(Win32 and WUP apps) and Edge links to specific Windows 10 Start menu groups. + +It gives you granular control to create groups of individual tiles and locks those groups down. +Additionally, you can use this component to pin items to the Windows 10 taskbar. + +**NOTE:** You may wish to watch our Quickstart videos of Endpoint Policy Manager Start Screen & +Taskbar Manager: Start Screen & Task Bar Manager > +[Video Learning Center](/docs/endpointpolicymanager/video/index.md). + +**Note**: For more information on this topic, please see this video: +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Start Screen & Task +Bar Manager + +## Scripts & Triggers Manager + +You can use Endpoint Policy Manager Scripts & Triggers Manager to automate any task, with a script. +You can use triggers to enable the scripts to run at specific times. + +In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can use scripts to +deploy software over the Internet, even to non-domain-joined machines. + +**Note**: For more information on this topic, please see this +video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Scripts & +Triggers Manager. + +## Remote Work Delivery Manager + +You can use Endpoint Policy Manager Remote Work Delivery Manager to automate the delivery of files +from UNC shares or Internet shares, install software, and keep software automatically updated. + +In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy VPN +connections over the Internet, even to non-domain-joined machines. + +**Note**: For more information on this topic, please see this video: Remote Work Delivery Manager > +[Video Learning Center](/docs/endpointpolicymanager/video/index.md). + +## Feature Manager for Windows + +Endpoint Policy Manager Feature Manager lets you select and deselect the Windows features and +optional features that best fit the needs of your users. + +You can also specify or postpone necessary reboots. In conjunction with Endpoint Policy Manager +Cloud or your own MDM service, Endpoint Policy Manager Feature Manager for Windows lets you manage +the Windows features and options on machines over the Internet, even to non-domain-joined machines. + +**Note**: For more information on this topic, please see this +video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Feature Manager for +Windows . + +## Remote Desktop Protocol Manager + +You can use Endpoint Policy Manager Remote Desktop Protocol Manager to enable users to remotely +connect into existing RDP machines. + +In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy policies +that add or remove .rdp file connections over the Internet, even to non-domain-joined machines. + +**Note**: For more information on this topic, please see this +video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md)[Video Learning Center](/docs/endpointpolicymanager/video/index.md)[Video Learning Center](/docs/endpointpolicymanager/video/index.md). + +## Network Security Manager + +You can use Network Security Manager to specify which processes and applications can communicate to +what IP, web addresses and over what protocols. + +**Note**: For more information on this topic, please see this +video:[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Network Security +Manager + +## Software Package Manager + +You can use Endpoint Policy Manager Software Package Manager to add or remove packages from the +Microsoft Store. + +In conjunction with Endpoint Policy Manager Cloud or your own MDM service, you can deploy policies +which add or remove Microsoft Store application connections over the Internet, even to +non-domain-joined machines. + +**Note**: For more information on this topic, please see this video: +[Video Learning Center](/docs/endpointpolicymanager/video/index.md) > Software Package +Manager. diff --git a/docs/endpointpolicymanager/editions/solutions.md b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/solutions.md similarity index 95% rename from docs/endpointpolicymanager/editions/solutions.md rename to docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/solutions.md index 0fecddaf1a..7f6fd0b75b 100644 --- a/docs/endpointpolicymanager/editions/solutions.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/editions/solutions.md @@ -1,3 +1,9 @@ +--- +title: "Solution Methods" +description: "Solution Methods" +sidebar_position: 10 +--- + # Solution Methods Based on the edition you purchase, you are entitled to use one or more solution methods. The usual @@ -24,7 +30,7 @@ details of where Endpoint Policy Manager data is stored. The most popular method of using Endpoint Policy Manager is via Group Policy. **Note**: For more information on this topic, please see this -video:[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) > Group Policy +video:[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) > Group Policy When you use the Group Policy method, you are 100% in control of your data because it is all contained within your Active Directory.The image below shows what Endpoint Policy Manager looks like @@ -104,7 +110,7 @@ with the MDM service deploying the Endpoint Policy Manager CSE and license files If you plan to use Endpoint Policy Manager with your MDM service, you can find more information about the Endpoint Policy Manager exporter in this topic: -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md)Using with MDM and UEM +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md)Using with MDM and UEM Tools. ## Cloud Method @@ -122,7 +128,7 @@ Cloud method is the only method available to you. ![editions_solutions_paks_and_4](/img/product_docs/endpointpolicymanager/editions/editions_solutions_paks_and_4.webp) For a more detailed coverage of Endpoint Policy Manager Cloud see the quick start topic:  Endpoint -Policy Manager [Setup, Download, Install, and Verify](/docs/endpointpolicymanager/cloud/quickstart.md). +Policy Manager [Setup, Download, Install, and Verify](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/quickstart.md). ## Cloud Hybrid Method @@ -131,7 +137,7 @@ installed on the endpoint. Once this is done, it claims a license. Then, Endpoin performs the work. Some customers may want to bootstrap the installation of the Endpoint Policy Manager Cloud client using an RMM or MDM tool they already have hooked into the client. More details on how to do this can be found in the quick start topic: -[Setup, Download, Install, and Verify](/docs/endpointpolicymanager/cloud/quickstart.md) +[Setup, Download, Install, and Verify](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/quickstart.md) **NOTE:** For a video overview of using Endpoint Policy Manager with an MDM or RMM tool to bootstrap the Endpoint Policy Manager Cloud installer, see: @@ -152,7 +158,7 @@ Below we can see what Endpoint Policy Manager would look like using a tool like We provide the Endpoint Policy Manager Exporter Tool. This topic is not discussed in this section but you can get more information here: -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md). +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md). ![editions_solutions_paks_and_6](/img/product_docs/endpointpolicymanager/editions/editions_solutions_paks_and_6.webp) @@ -178,4 +184,4 @@ Directory and it's active, it counts your Endpoint Policy Manager licensing. In use it with Endpoint Policy Manager SaaS/Cloud. For more answers about licensing Endpoint Policy Manager with virtualized systems, see: -[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) > All Things Licensing. +[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) > All Things Licensing. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/licensing.md b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/licensing.md new file mode 100644 index 0000000000..5fec042677 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/licensing.md @@ -0,0 +1,282 @@ +--- +title: "Licensing" +description: "Licensing" +sidebar_position: 20 +--- + +# Licensing + +Licensing Netwrix Endpoint Policy Manager (formerly PolicyPak) is easy. We have one tool to request +information about Active Directory and Intune. + +**NOTE:** For a video overview of the process, watch this tutorial: +[How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md) + +Here are the basics: + +- Endpoint Policy Manager is licensed on a per-client-computer basis. All client computers (desktop, + laptop, and virtual desktop infrastructure [VDI]) must be licensed if you want Endpoint Policy + Manager policies to apply and enforce settings. +- Endpoint Policy Manager is also licensed per concurrent-session-connection for your Terminal + Services (RDS) or Citrix servers. All inbound Terminal Services (RDS) or Citrix XenApp connections + must be licensed if you want Endpoint Policy Manager to apply and enforce settings. +- Endpoint Policy Manager can also be licensed in conjunction with an MDM service such as Intune, + Workspace ONE, or MobileIron. This scenario is covered later in this guide and in detail in + Appendix A: Using Endpoint Policy Manager with MDM and UEM Tools. + +**NOTE:** To be in compliance with Endpoint Policy Manager licensing, you must license inbound +Terminal Services (RDS) or Citrix connections. These are simply added to the count of your Endpoint +Policy Manager licenses. For instance, if you want to use Endpoint Policy Manager with 500 desktops, +200 laptops, and 100 concurrent Terminal Services or Citrix session connections, then you will need +800 Endpoint Policy Manager licenses. Full details of how Endpoint Policy Manager licenses Terminal +Services (RDS) or Citrix inbound connections can be found at the following link: +[http://www.endpointpolicymanager.com/purchasing/citrix-licensing-scenarios.html](http://www.endpointpolicymanager.com/purchasing/citrix-licensing-scenarios.html). + +In other words, to be fully compliant, you must license the number of computers in Active Directory +plus the inbound Terminal Services (RDS) and/or Citrix connections. If you don't wish to run +Endpoint Policy Manager on your Terminal Services (RDS) or Citrix machines, then these inbound +connections do not need to be declared at purchase time. + +Once a computer is licensed, the trial mode restrictions are lifted. (The computer can be named +anything.) Virtual desktops (any VDI, including Windows Virtual Desktops) are licensed the same way +that real desktops and laptops are licensed. In short, we count the number of computer account +records in Active Directory. For most customers, all areas of Endpoint Policy Manager licensing are +handled by the Endpoint Policy Manager licensing tool (named LT.exe), which is included in the +Licensing for All On-Prem Products folder inside the ISO download. + +Endpoint Policy Manager licenses themselves can be deployed within Group Policy Objects (GPOs), or +delivered via MSI. Client computers download the GPO with the license file or the MSI with the +license file, and automatically determine if they are licensed. Be aware that the Endpoint Policy +Manager licensing tool (LT) is used with the Active Directory solution method and Intune, and not +other MDM services like VMware Workspace ONE. In those cases, you'll work with your sales team to +demonstrate how many machines are MDM-enrolled. + +**NOTE:** To be in compliance with Endpoint Policy Manager licensing on Citrix and Terminal Services +(RDS), you must run LT on a server. When LT is run on a server, it is usually able to count Terminal +Services and Citrix connections and report them. Even if LT does not properly count the Citrix and +Terminal Services licenses, you are still bound by the End User License Agreement to report them for +licensing purposes. + +Endpoint Policy Manager's LT utility can also help you minimize costs by finding and disabling +unused computers. For instance, many organizations have dozens or hundreds of computers that have +not been logged onto for months. Since you pay on a per-computer basis with Endpoint Policy Manager +in Active Directory, we don't want you paying for computers you're not actually using. If you'd like +to find and disable unused computers, LT can help you do that before you make your initial license +request. If you want more information on this, jump to the section "Finding and Disabling Unused +Computers." + +Licensing occurs in two phases: + +- Phase I: Get a License Request Key.In this phase, LT will ask several questions—such as where you + want to license it—and will then help you generate your license request. This license is usually + good for one year, depending on your contract with Endpoint Policy Manager. +- Phase II: Re-run and get another License Request Key. Once the initial license year is up, you + simply re-run the Endpoint Policy Manager LT utility each following year. LT will review existing + installed licenses and do a count of computers. You need to perform this step every year + (according to your Endpoint Policy Manager license agreement) to continue to use Endpoint Policy + Manager. Otherwise, Endpoint Policy Manager will stop functioning on your anniversary date. You + pay for any overage from the previous year. + +## Finding and Disabling Unused Computers + +We only want you to pay for the computers you're actually going to use with the Endpoint Policy +Manager. Endpoint Policy Manager's LT has an option, "Find and Disable unused computers," as seen in +Figure 12. + +![licensing_policypak](/img/product_docs/endpointpolicymanager/licensing_endpointpolicymanager.webp) + +Figure 12. The option to disable unused computers. + +When you select this option, you are led through an wizard that finds any computers that have not +been logged into for 90 days (or any other number of days you select). You can then select the +computers you want to disable and click "Next," as shown in Figure 13. + +![licensing_policypak_1](/img/product_docs/endpointpolicymanager/licensing_endpointpolicymanager_1.webp) + +Figure 13. Selecting the unused computers. + +Note that you can also choose to include computers that no users have ever logged onto. All +computers that you select will be disabled when you click "Next." By doing so, you will have fewer +computers in your count and thus fewer to pay for. + +**NOTE:** Endpoint Policy Manager's LT utility cannot re-enable accounts once they've been disabled. +Also, Endpoint Policy Manager's LT utility cannot move computer accounts after they are disabled. + +## Licensing Modes + +Licensing with Endpoint Policy Manager involves the following items: + +- A license for a component +- The component's capability if applicable (for instance, Least Privilege Manager has Standard and + Complete capabilities) +- A scope +- For Active Directory: a whole Active Directory Domain or specific organizational units (OUs) +- For MDM: a specific UPN or company name +- For Endpoint Policy Manager Cloud: licensed by Endpoint Policy Manager Cloud +- An enablement method +- Group Policy +- MDM (used with your MDM provider) +- Endpoint Policy Manager Cloud +- XML Method (used alongside a UEM tool, like SCCM) + +You can purchase some (or all) Paks, and then choose the enablement methods and dictate the licensed +scopes. In the XML example license file below, the customer has selected the following: + +- Specific Paks which entitle them to specific policies and specific capabilities if applicable (for + instance, Least Privilege Manager and Software Package Manager have specific capabilities) +- A whole domain for the scope (Fabrikam.com) +- Enablement methods "GP-POLICIES" and "XML-POLICIES" + + ``` + +                                  + Example (Customertest)                 + 2021-03-09                 + 2021-03-31                 + false                 +                  +                  +                  +                  + gp-policies                 + xml-policies                 +                  +                  +                  +                  +                  +                  +                  + complete                 +                  +                  +                  +                  + appx                 +                  +                  +                  +                  +                  +                  +                  +                  + ABCDEF==                 +                  + + ``` + +The licensing modes are: + +- Licensed Mode (temporary). When a computer is licensed (temporarily for 30 days or licensed for + one year), it is permitted to process all directives intended for it. In Licensed Mode, there is + no limit to the number of Endpoint Policy Manager directives a client machine will process and + keep compliant. +- Trial Mode. Trial Mode functions similarly to Licensed Mode. Trial Mode enables you to try + Endpoint Policy Manager very quickly in your test lab or real Active Directory. Trial Mode is + enabled when your test computers' names have the word "computer" in them. For instance, a computer + named "COMPUTER1" would automatically be in Trial Mode and act as if fully licensed. To see an + example of how and why this works, see this video: + [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/cloud/testlab/renameendpoint.md) + +We want you to use this Endpoint Policy Manager in your testing similarly to how you would use it in +the real world. So in Trial Mode, we allow you to do the following: + +- Deploy the client-side extension (CSE) to all the test machines you want to manage +- Install the GPMC admin console on a management station +- Fully test the software with any number of users and computers (provided the computer name has the + word "computer" in it) + +These restrictions allow you to use your own test lab or Active Directory OU to try the Endpoint +Policy Manager components. You'll be able to see what happens when you make central changes and +watch your clients react. + +## Licensing Endpoint Policy Manager with Your Own MDM Service + +Endpoint Policy Manager can be used in conjunction with your own MDM service, such as Workspace ONE +or MobileIron. However, licensing Endpoint Policy Manager with these utilities is a bit different +than licensing Endpoint Policy Manager with Active Directory or Intune. In short, you need to work +with your sales team to declare the number of Windows 10 machines you want to license. Typically, +you would use the MDM reporting system to express how many Windows 10 machines you have enrolled and +the number you plan add in the current year. All the details on exactly how to perform a count and +what to send back to Endpoint Policy Manager Sales can be found here: +[When licensing Endpoint Policy Managerwith an MDM provider, what do I need to send in to Endpoint Policy Manager? ](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesmd/setup.md). + +An example of an MDM system account with a very low number of machines can be seen in Figure 14. +Note that the company information is obscured in this demonstration, but you would have to provide +it. + +![licensing_policypak_2](/img/product_docs/endpointpolicymanager/licensing_endpointpolicymanager_2.webp) + +Figure 14. An example of an MDM system account. + +## License Requests + +Once you have ensured that your license request contains all computers that you want to license, +save the file, and then deliver this to your Endpoint Policy Manager sales representative to receive +a license file. + +**NOTE:** The resulting XML file is tamper-proof and will be invalid if the number of elements is +changed after creation. + +## License Files + +You may receive multiple license files for Endpoint Policy Manager: + +To deploy your licenses, you can use the following: + +Use these key installation instructions (which demonstrate Active Directory, SCCM, and MDM methods): +[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) + +## Licensing Endpoint Policy Manager Through Endpoint Policy Manager Cloud + +Endpoint Policy Manager Cloud has a licensing mechanism build in. When a computer acquires a +license, it stays licensed unless it becomes unused for an amount of time. (See Appendix E: Endpoint +Policy Manager Cloud Quickstart and User Guide for more details on this.) However, there is one +caveat around a licensing scenario in which an acquired Endpoint Policy Manager Cloud license could +possibly enable the Active Directory method. Below is the breakdown of how this works. + +### Legacy Endpoint Policy Manager Cloud monthly or yearly customers: + +When clients consume licenses from Endpoint Policy Manager Cloud, they automatically pick up Group +Policy as well (for free). So if you're a Endpoint Policy Manager Cloud customer, you don't need to +also license the machine for Group Policy. Being able to use Group Policy as the settings delivery +mechanism is automatic because the client has consumed the Cloud license. In this way, you get a +free on-premise (Group Policy Edition) license automatically when a client has consumed a license +with Endpoint Policy Manager Cloud (and continues to check in within the check-in period). For +information on how to do this, see this video: +[Endpoint Policy ManagerStart Screen & Taskbar Manager: Manage non-domain joined machines using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/startscreentaskbar/nondomainjoined.md). + +### Endpoint Policy Manager Professional and Endpoint Policy Manager Enterprise Edition customers: + +In this case, your Universal License key will have to be enabled for the Group Policy method. You +will not be able to automatically enable the Group Policy method when being licensed via Endpoint +Policy Manager Cloud. + +### Endpoint Policy Manager SaaS/Cloud-only customers: + +In this case, you cannot use Endpoint Policy Manager Cloud to enable the Group Policy method. If you +wish to enable the Group Policy method, you need to transition from Endpoint Policy Manager SaaS to +Endpoint Policy Manager Enterprise Edition or Endpoint Policy Manager Professional Edition. You can +still manage Active Directory joined machines, but you must use the Endpoint Policy Manager Cloud +delivery mechanism to perform the operation, and not Active Directory or a GPO. + +## Final Licensing Thoughts + +Once you've tested Endpoint Policy Manager, you'll be ready to become a part of the licensed +Endpoint Policy Manager family. The following are a few reminders on licensing: + +- Endpoint Policy Manager is licensed on a per-computer basis. +- When Endpoint Policy Manager is fully licensed, the restriction on the computer name is lifted. +- The Endpoint Policy Manager client-side extension (CSE) will not function unless it's in Trial + Mode (the computer name has the word "computer" in it) or the CSE has a time-based licensed where + the scope is correct. + +Note that you only need to install the CSE once on the client machines you want to use. When you are +unlicensed, Endpoint Policy Manager stops working. When you are licensed, it will fully process all +Endpoint Policy Manager directives. + +Volume licenses and domain-wide licenses for Endpoint Policy Manager are available. + +**NOTE:** For an overview and FAQ of the licensing process, please visit: +[http://www.endpointpolicymanager.com/support-sharing/licensing-faq.html](http://www.endpointpolicymanager.com/support-sharing/licensing-faq.html). diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/_category_.json new file mode 100644 index 0000000000..6f9fd24261 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Endpoint Policy Manager Cloud Quick Start", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/_category_.json new file mode 100644 index 0000000000..86d3f3a373 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Concepts, Logons, and Downloads", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "concepts" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/concepts.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/concepts.md new file mode 100644 index 0000000000..f1483a9597 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/concepts.md @@ -0,0 +1,73 @@ +--- +title: "Concepts, Logons, and Downloads" +description: "Concepts, Logons, and Downloads" +sidebar_position: 30 +--- + +# Concepts, Logons, and Downloads + +In this section, you'll learn about: + +- The basic concepts of Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud +- Logging on to Endpoint Policy Manager Cloud +- The Endpoint Policy Manager Portal and downloading on-prem software from the Portal +- Setting up an on-prem test lab + +It is very easy to get started with Endpoint Policy Manager Cloud, and you can be up and running +within minutes. + +## Endpoint Policy Manager Cloud Concepts + +Endpoint Policy Manager Cloud is, at its core, a way to deliver directives (XML data files) from the +Endpoint Policy Manager Cloud service to client machines, where they are received and processed for +the directives you have licensed. Endpoint Policy Manager Cloud can be used with or without Active +Directory. + +![concepts_logons_and_downloads_437x399](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_437x399.webp) + +![concepts_logons_and_downloads_1_436x375](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_1_436x375.webp) + +Below are some Endpoint Policy Manager Cloud concepts: + +- Admin management station - This is a Windows system which is able to create a directive. This + Windows system connects to Endpoint Policy Manager Cloud and uploads directives. +- Directives - These are files that contain instructions to perform work. All Endpoint Policy + Manager Cloud directives are XML data files you create. +- ComponentsThese are the various functions that Endpoint Policy Manager can perform. For instance, + Endpoint Policy Manager Least Privilege Manager, Endpoint Policy Manager Browser Router, and so + on, are components. +- In-cloud editorsThese are graphical editors you can use within Endpoint Policy Manager Cloud to + create directives (XML data files). +- MMC editorThis is the same Admin Console tool an on-prem customer would typically use to create + directives and deploy them via Group Policy Object (GPO). This is needed to create directives when + there are no corresponding in-cloud editors. +- License poolThis is how many computers (maximum) you are licensed to use with Endpoint Policy + Manager Cloud. +- LicenseOne computer's use of Endpoint Policy Manager Cloud. +- Endpoint Policy Manager Cloud clientThe agent you install on a client computer to join your + Endpoint Policy Manager Cloud account and claim a license. It's the only thing you need to install + on the client machine, and when you do, the client-side extension (CSE) will be automatically + downloaded and will begin to process directives. +- Endpoint Policy Manager CSEThis is the processing piece of PolicyPak. It is automatically + downloaded after the Endpoint Policy Manager Cloud client is installed on the machine. The CSE + performs the work of processing Microsoft GPOs (as XML directives) and also Endpoint Policy + Manager directives (as XML directives). +- EndpointAny Windows machine running any currently supported version of Windows 10. The computer + may or may not be domain-joined. + +Operationally, there are no server requirements of any type with Endpoint Policy Manager Cloud. You +don't need to build anything to actually use Endpoint Policy Manager Cloud. You can use Endpoint +Policy Manager Cloud with or without Active Directory. Endpoint Policy Manager Cloud doesn't require +Group Policy, SCCM, or any on-premise software. Remember: Endpoint Policy Manager Cloud is the +delivery mechanism for your policies. + +With that being said, we strongly recommend you create a small on-prem test lab (more on this later) +that contains one domain controller and one domain-joined Windows 10 machine. When you do this, you +will be able to perform small-scale testing and troubleshooting (taking Endpoint Policy Manager +Cloud out of the equation if necessary). Additionally, because not all of PolicyPak's components +have in-cloud editors, you may need to create directives using the MMC console first, then export +them and use them with Endpoint Policy Manager Cloud afterward. We go into this important topic in +more detail later. + +Tip: When you use the Endpoint Policy Manager Cloud service, you can deliver any Endpoint Policy +Manager setting plus nearly any Microsoft Group Policy setting, even to non-domain-joined machines. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/downloads.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/downloads.md new file mode 100644 index 0000000000..61352414a7 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/downloads.md @@ -0,0 +1,55 @@ +--- +title: "Downloading On-Prem Software from the Portal" +description: "Downloading On-Prem Software from the Portal" +sidebar_position: 20 +--- + +# Downloading On-Prem Software from the Portal + +As part of your welcome kit to Endpoint Policy Manager Cloud, you should have received a second +email with access to the Endpoint Policy Manager Customer Portal. The Endpoint Policy Manager +Customer Portal is not the Endpoint Policy Manager Cloud service. The Endpoint Policy Manager +Customer Portal is where you can download the latest install files if you are also an on-prem +customer. The Portal enables you to download the on-prem version of the software (the Bits), AppSets +(for use with Endpoint Policy Manager Application Settings Manager), manuals, and XML examples, +which can be used with Endpoint Policy Manager Least Privilege Manager, Endpoint Policy Manager +Scripts Manager, and so on. + +You might be wondering why you need access to the Portal if nearly everything can be done within the +Endpoint Policy Manager Cloud service. You still need the Endpoint Policy Manager on-prem "Bits" +when using Endpoint Policy Manager Cloud because you will need them to create some directives within +the Windows 10 GPMC MMC console whenever there is no corresponding in-cloud editor for a component. +As such, we recommend you download the Bits and organize them to create a small on-prem test lab. +Your on-prem test lab is 100% free and can be used to test examples without Endpoint Policy Manager +Cloud possibly interfering. This also enhances quick troubleshooting. Moreover, there are always +going to be some advanced policy creation items which can only be done in the MMC console first, +then exported for use with Endpoint Policy Manager cloud. + +The main menu for the Endpoint Policy Manager Customer Portal is shown below. + +![concepts_logons_and_downloads_10_374x437](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_10_374x437.webp) + +Video: For an overview on how to use the Endpoint Policy Manager Customer Portal, please watch this +video: [http://www.endpointpolicymanager.com/customerportal](http://www.endpointpolicymanager.com/customerportal). + +For now, downloading the Bits is sufficient, but you are also welcome to download everything. If you +do, you will get a ZIP file with the following: + +- Manuals for this product and other products +- Examples to use in your Endpoint Policy Manager Cloud Quickstart +- A ZIP file containing pre-configured AppSets for Endpoint Policy Manager Application Settings + Manager +- A ZIP file containing the CSE +- Our on-premise licensing utility (not used at all for Endpoint Policy Manager Cloud) + +The Endpoint Policy Manager on-prem Bits files are shipped as an ISO so you can quickly make use of +the download in virtual environments (which can easily mount ISO files) or to burn your own CDs. + +Below you can see the list of files and directories that are inside the Endpoint Policy Manager ISO +download. + +![concepts_logons_and_downloads_11_624x287](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_11_624x287.webp) + +You won't need most of these items for Endpoint Policy Manager Cloud. Indeed, the only folders you +need are the **Admin Console MSI** folder and the **Client Side Extension (CSE)** folder, as +explained in the next section. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/logons.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/logons.md new file mode 100644 index 0000000000..28203a1742 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/logons.md @@ -0,0 +1,61 @@ +--- +title: "Logging On to Endpoint Policy Manager Cloud for the First Time" +description: "Logging On to Endpoint Policy Manager Cloud for the First Time" +sidebar_position: 10 +--- + +# Logging On to Endpoint Policy Manager Cloud for the First Time + +You should have received credentials to log on to Endpoint Policy Manager Cloud. To log on, go to +the Endpoint Policy Manager home page and click **Customer Login**. Then, select Log In from the +Endpoint Policy Manager Cloud path on the right side of the screen. You may also go to and bookmark +cloud.endpointpolicymanager.com if you want a specific link. + +![concepts_logons_and_downloads_2](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_2.webp) + +Tip: At the actual Endpoint Policy Manager Cloud login page, you may request a forgotten password. +If you're still having trouble, contact your Endpoint Policy Manager sales person. + +You will be placed into **Restricted Mode** in Endpoint Policy Manager Cloud. You must accept the +EULA and also set up two-factor authentication (2FA). + +![concepts_logons_and_downloads_3](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_3.webp) + +You will be prompted and required to perform two-factor authentication. You can use email-based or +application-based authentication (or both). While Google and Microsoft authenticator apps are both +supported, we strongly recommend the Authy app ([authy.com](http://authy.com/)) instead of Google +Authenticator or Microsoft Authenticator. This is because if you lose your device (usually a cell +phone), the authentication token is automatically re-gained from the Authy service. Also, Authy is +free. + +The steps to perform 2FA are shown below. You can select email-based or application-based +authentication. + +![concepts_logons_and_downloads_4](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_4.webp) + +If you select email-based authentication, you will need to verify the 2FA code sent via email. + +![concepts_logons_and_downloads_5](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_5.webp) + +If you select application-based 2FA, then you must use an application like Authy to scan the QR code +and enter in the six-digit password. + +![concepts_logons_and_downloads_6](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_6.webp) + +If you do not complete 2FA, you will not be able to log on to Endpoint Policy Manager Cloud. + +![concepts_logons_and_downloads_7](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_7.webp) + +Once 2FA is completed, you can click **Close**. + +![concepts_logons_and_downloads_8](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_8.webp) + +Finally, once you're logged in to Endpoint Policy Manager Cloud, you'll see the interface. + +![concepts_logons_and_downloads_9](/img/product_docs/endpointpolicymanager/cloud/concepts_logons_and_downloads_9.webp) + +This manual will explore all areas of the Endpoint Policy Manager Cloud interface, but you can see +some details called out above. If you are trying out Endpoint Policy Manager Cloud or you purchased +Endpoint Policy Manager Cloud, you should see the licenses available to you as soon as you log on. +Verify you have the correct number of licenses and your expiration date looks correct. If something +is wrong, please contact your Endpoint Policy Manager sales team member. diff --git a/docs/endpointpolicymanager/cloud/testlab.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/testlab.md similarity index 93% rename from docs/endpointpolicymanager/cloud/testlab.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/testlab.md index 788c662432..aeb8866b1d 100644 --- a/docs/endpointpolicymanager/cloud/testlab.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/concepts/testlab.md @@ -1,3 +1,9 @@ +--- +title: "Creating an Endpoint Policy Manager Cloud On-Prem Test Lab" +description: "Creating an Endpoint Policy Manager Cloud On-Prem Test Lab" +sidebar_position: 30 +--- + # Creating an Endpoint Policy Manager Cloud On-Prem Test Lab As previously stated, there are many editors in Endpoint Policy Manager Cloud for Microsoft Group diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/gettingstarted.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/gettingstarted.md new file mode 100644 index 0000000000..63320318af --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/gettingstarted.md @@ -0,0 +1,33 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 20 +--- + +# Getting Started + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud is a way to deliver the following items: + +- Any Endpoint Policy Manager directive you are licensed for, such as Endpoint Policy Manager Least + Privilege Manager, Endpoint Policy Manager Browser Router, etc. +- Any Microsoft directive you are licensed for, such as Microsoft ADMX settings, Microsoft Group + Policy Preferences settings, and Microsoft Group Policy Security settings. + +This document is a QuickStart Guide for Endpoint Policy Manager Cloud and our full User Guide for +Endpoint Policy Manager Cloud. It will help you understand Endpoint Policy Manager Cloud and how the +Endpoint Policy Manager components work with it. + +**NOTE:** For more details on any of the Endpoint Policy Manager components themselves, see the +related manual for that component. + +Getting started with Endpoint Policy Manager Cloud requires you to talk with Endpoint Policy Manager +Sales. Endpoint Policy Manager Sales will set up your Endpoint Policy Manager Cloud trial account, +which is typically set up as follows: + +- 10 licenses for Endpoint Policy Manager Cloud, valid for 30 days +- Enablement of all components +- Required computer check-in to Endpoint Policy Manager Cloud every 14 days (or the computer's + license is released back into the pool) + +After you're done testing and you're ready to get a pool of licenses, which are good for a year, +contact Netwrixsupport to obtain a license. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/_category_.json new file mode 100644 index 0000000000..3b73e8afae --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Web Interface and Controls", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/billing.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/billing.md new file mode 100644 index 0000000000..b0b409edab --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/billing.md @@ -0,0 +1,11 @@ +--- +title: "Billing" +description: "Billing" +sidebar_position: 80 +--- + +# Billing + +Under the **Billing** tab, you can pay for Endpoint Policy Manager Cloud monthly using your credit +card. There is a video on the page to help walk you through the process. It is recommended you +always have two valid credit cards on file to ensure uninterrupted service. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/_category_.json new file mode 100644 index 0000000000..1636674476 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Company Details", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/addcompanyadmin.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/addcompanyadmin.md similarity index 86% rename from docs/endpointpolicymanager/cloud/interface/companydetails/addcompanyadmin.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/addcompanyadmin.md index 71bebdcee8..952648b197 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/addcompanyadmin.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/addcompanyadmin.md @@ -1,3 +1,9 @@ +--- +title: "Add Company Admin" +description: "Add Company Admin" +sidebar_position: 40 +--- + # Add Company Admin If there is currently only one admin at a company, a second one can be added using the **Add company diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/_category_.json new file mode 100644 index 0000000000..79ed783bdb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Company Administrators", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/_category_.json new file mode 100644 index 0000000000..27c9fd1b31 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "General Info", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/changeemail.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/changeemail.md similarity index 95% rename from docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/changeemail.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/changeemail.md index ac81483661..776e8eaaad 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/changeemail.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/changeemail.md @@ -1,3 +1,9 @@ +--- +title: "Change Email" +description: "Change Email" +sidebar_position: 10 +--- + # Change Email Email changes are not instantaneous. They must be confirmed by the original email address and the diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/loginrestrictionseditor.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/loginrestrictionseditor.md similarity index 82% rename from docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/loginrestrictionseditor.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/loginrestrictionseditor.md index a467a08a9f..65b1ead4b4 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/loginrestrictionseditor.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/loginrestrictionseditor.md @@ -1,3 +1,9 @@ +--- +title: "Login Restrictions Editor" +description: "Login Restrictions Editor" +sidebar_position: 30 +--- + # Login Restrictions Editor The login restrictions, also known as IP restrictions, that we discussed already in a previous diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/notificationeditor.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/notificationeditor.md new file mode 100644 index 0000000000..b8be606d03 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/notificationeditor.md @@ -0,0 +1,10 @@ +--- +title: "Notification Editor" +description: "Notification Editor" +sidebar_position: 40 +--- + +# Notification Editor + +See the topic [Edit Notification Configuration](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editnotificationconfiguration.md) for details +on this operation. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/overview.md new file mode 100644 index 0000000000..c9128cd027 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/overview.md @@ -0,0 +1,19 @@ +--- +title: "General Info" +description: "General Info" +sidebar_position: 10 +--- + +# General Info + +On the **General Info** tab, you have a few actions to select from. + +![web_interface_and_controls_75_624x208](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/web_interface_and_controls_75_624x208.webp) + +The actions you can take are listed below and explained in the following sections: + +- [Change Email](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/changeemail.md) +- Change Password (No further information needed, therefore not addressed in the sections below.) +- [Resend Welcome Letter](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/resendwelcomeletter.md) +- [Login Restrictions Editor](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/loginrestrictionseditor.md) +- [N](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editnotificationconfiguration.md)[Notification Editor](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/notificationeditor.md)ditor diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/resendwelcomeletter.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/resendwelcomeletter.md similarity index 83% rename from docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/resendwelcomeletter.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/resendwelcomeletter.md index 661faf2311..760e4c8e15 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/generalinfo/resendwelcomeletter.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/generalinfo/resendwelcomeletter.md @@ -1,3 +1,9 @@ +--- +title: "Resend Welcome Letter" +description: "Resend Welcome Letter" +sidebar_position: 20 +--- + # Resend Welcome Letter The **Resend Welcome Letter** action is typically performed when one admin cannot log on, and needs diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/overview.md new file mode 100644 index 0000000000..345d278f79 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/overview.md @@ -0,0 +1,22 @@ +--- +title: "Company Administrators" +description: "Company Administrators" +sidebar_position: 20 +--- + +# Company Administrators + +For an overview of security features, including roles, watch this video: +[Endpoint Policy Manager Cloud: Immutable Log](/docs/endpointpolicymanager/video/cloud/security/immutablelog.md). + +Your company may have one or more administrators who share access. Those admins may have the same +roles, or different roles that enable different interactions with Endpoint Policy Manager Cloud. Any +specific admin's properties and roles can be accessed via the **Edit** button next to their name. + +![web_interface_and_controls_74_624x169](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/web_interface_and_controls_74_624x169.webp) + +In this window, you can specify the following: + +- General information +- Two-factor options +- Role management diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/rolemanagement.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/rolemanagement.md new file mode 100644 index 0000000000..80262659aa --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/rolemanagement.md @@ -0,0 +1,25 @@ +--- +title: "Role Management" +description: "Role Management" +sidebar_position: 30 +--- + +# Role Management + +Endpoint Policy Manager Cloud has a few roles that can be assigned to other admins. Each user's +assigned roles can be seen in the **Role Management** tab. + +![web_interface_and_controls_85_624x118](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/web_interface_and_controls_85_624x118.webp) + +The following roles are available: + +- Authentication Options Admin: An admin with this role can specify which admins can have which 2FA + options. Additionally, they may also set customer-level portal policies as described in the + [Edit Customer-Level Portal Policies](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editcustomerlevelportalpolicies.md) section. + Specifically, they can force email-based or application-based 2FA for all admins. They can also + set the 2FA one-time password lifetime, as well as the automatic log off on idle time. +- Notification & Logging Options Admin: An admin with this role can use the **Notifications Editor** + For more information, see the + [Edit Notification Configuration](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editnotificationconfiguration.md) section). +- Customer Admin Manager: An admin with this role can approve newly created admins when other admins + initiate the request. diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/twofactoroptions.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/twofactoroptions.md similarity index 83% rename from docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/twofactoroptions.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/twofactoroptions.md index 8ee00415d6..c36616818d 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/companyadministrators/twofactoroptions.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/companyadministrator/twofactoroptions.md @@ -1,3 +1,9 @@ +--- +title: "Two-Factor Options" +description: "Two-Factor Options" +sidebar_position: 20 +--- + # Two-Factor Options Each user starts off with at least one 2FA option enabled. Users must have at least one or more 2FA diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/configureentraidaccess.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/configureentraidaccess.md similarity index 93% rename from docs/endpointpolicymanager/cloud/interface/companydetails/configureentraidaccess.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/configureentraidaccess.md index 229fc9f3e8..66b1963620 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/configureentraidaccess.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/configureentraidaccess.md @@ -1,3 +1,9 @@ +--- +title: "Configure Azure AD Access" +description: "Configure Azure AD Access" +sidebar_position: 100 +--- + # Configure Azure AD Access For an overview of this section, please watch the following video: diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/customerlog.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/customerlog.md similarity index 96% rename from docs/endpointpolicymanager/cloud/interface/companydetails/customerlog.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/customerlog.md index cc9e9b27ce..62fc5fb934 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/customerlog.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/customerlog.md @@ -1,3 +1,9 @@ +--- +title: "Customer Log" +description: "Customer Log" +sidebar_position: 70 +--- + # Customer Log For an overview of this section, see this video: diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/downloads.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/downloads.md new file mode 100644 index 0000000000..726d7ffbb9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/downloads.md @@ -0,0 +1,26 @@ +--- +title: "Downloads" +description: "Downloads" +sidebar_position: 30 +--- + +# Downloads + +Go to the Downloads section of the Company Details tab to download the Endpoint Policy Manager Cloud +client for your instance of Endpoint Policy Manager Cloud. Once installed on the client machine, the +machine joins your Endpoint Policy Manager Cloud instance. This is the process to acquire licenses, +download directives, auto-install the CSE, and perform other cloud-specific operations. Typically +you would download the 32-bit or 64-bit versions, or both as a bundled ZIP. + +![web_interface_and_controls_86_624x192](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/web_interface_and_controls_86_624x192.webp) + +**CAUTION:** Clients will continue to use the Endpoint Policy Manager Cloud client version they +started with until you specifically tell them to use a later version. Please watchthe following +videoto see how to use groups to keep clients updated: +[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md). + +From time to time you may be asked by Endpoint Policy Manager Support to attempt to use an older +version of the client. In this case, you can click on Download other versions and select an older +version. + +![web_interface_and_controls_87_624x282](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/web_interface_and_controls_87_624x282.webp) diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/editcustomerlevelportalpolicies.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editcustomerlevelportalpolicies.md similarity index 89% rename from docs/endpointpolicymanager/cloud/interface/companydetails/editcustomerlevelportalpolicies.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editcustomerlevelportalpolicies.md index 1878756daa..26d18e61c0 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/editcustomerlevelportalpolicies.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editcustomerlevelportalpolicies.md @@ -1,3 +1,9 @@ +--- +title: "Edit Customer-Level Portal Policies" +description: "Edit Customer-Level Portal Policies" +sidebar_position: 80 +--- + # Edit Customer-Level Portal Policies Customer-level portal policies are only available for admins with the **Authentication Options diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/editnotificationconfiguration.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editnotificationconfiguration.md similarity index 96% rename from docs/endpointpolicymanager/cloud/interface/companydetails/editnotificationconfiguration.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editnotificationconfiguration.md index 7277c88344..f1c136d62e 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/editnotificationconfiguration.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/editnotificationconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Edit Notification Configuration" +description: "Edit Notification Configuration" +sidebar_position: 60 +--- + # Edit Notification Configuration The **Notifications Editor** is only available to admins with the **Notification & Logging Options diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/exportcompanycertificatepfx.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/exportcompanycertificatepfx.md similarity index 81% rename from docs/endpointpolicymanager/cloud/interface/companydetails/exportcompanycertificatepfx.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/exportcompanycertificatepfx.md index 0bd4eeb87d..de1b0f53a2 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/exportcompanycertificatepfx.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/exportcompanycertificatepfx.md @@ -1,3 +1,9 @@ +--- +title: "Export Company Certificate as .PFX" +description: "Export Company Certificate as .PFX" +sidebar_position: 90 +--- + # Export Company Certificate as .PFX The "Export company certificate as .PFX" action enables you to export the certificate, which is diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/loginrestrictions.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/loginrestrictions.md similarity index 89% rename from docs/endpointpolicymanager/cloud/interface/companydetails/loginrestrictions.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/loginrestrictions.md index 6e3d1b562b..615b815027 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/loginrestrictions.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/loginrestrictions.md @@ -1,3 +1,9 @@ +--- +title: "Login Restrictions" +description: "Login Restrictions" +sidebar_position: 10 +--- + # Login Restrictions The **Login restrictions** button is a security feature which can enable your account to only be diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/overview.md new file mode 100644 index 0000000000..c9132ee045 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/overview.md @@ -0,0 +1,77 @@ +--- +title: "Company Details" +description: "Company Details" +sidebar_position: 50 +--- + +# Company Details + +The **Company Details** tab has several sections. Some sections involve settings related to the look +and feel of things, but many others are security related. + +For an overview of the major Endpoint Policy Manager Cloud security features (2FA, admin roles, +notifications, IP block restrictions, etc.) check out this video: +[Endpoint Policy Manager Cloud: Security Features](/docs/endpointpolicymanager/video/cloud/security/features.md). + +![web_interface_and_controls_70_624x296](/img/product_docs/endpointpolicymanager/cloud/interface/companydetails/web_interface_and_controls_70_624x296.webp) + +In the sections that follow,we cover the following items: + +- Company Details: name, time zone, and computer registration mode +- Login restrictions: external IPs that are allowed to connect to Endpoint Policy Manager Cloud +- Company administrators: admins who can participate in your instance of Endpoint Policy Manager + Cloud and their roles +- Downloads: additional information on downloads that was not covered in the Quickstart + +Additionally, we'll explore the actions available to us in the **Company Details** tab: + +- Add company admin +- Revoke company's certificate +- Edit notification configuration +- Customer log +- Edit customer-level portal policies +- User Requests +- Export company certificate as .PFX +- Configure Azure AD Access + +## Company Details Section + +Video: For an overview of this section, see this video: +[Endpoint Policy Manager Cloud: Strict vs. Loose Computer Registration Mode](/docs/endpointpolicymanager/video/cloud/registrationmode.md). + +The **Company Details** section under the **Company Details** tab allows you to change your company +display name and time zone, which is used for reporting on log files. However, the most important +setting in this section is the **Computer registration mode**, which has four options. + +![web_interface_and_controls_71_624x518](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/web_interface_and_controls_71_624x518.webp) + +This setting directs Endpoint Policy Manager Cloud on how to act when an endpoint computer is +already joined to Endpoint Policy Manager Cloud and attempts to re-register or claim another +license. This can occur when the client machine is wiped and reloaded with another operating system, +or when the Endpoint Policy Manager Cloud client is unloaded and then re-loaded. + +Here is how the four modes operate: + +- **Strict (always register a new computer)**- Even if Endpoint Policy Manager Cloud has seen the + hardware UUID or MAC address of the client machine before, it will always create a new secure + certificate connection, and treat the computer as if it has never been seen before. The computer + then loses any existing group membership and is always (only) assigned back to the built-in + **Unassigned** and **All** groups. +- **Loose (allow computers to recovery access by UUID)**- If a computer account already exists (and + matches by hardware UUID only) then use that existing account. If a computer is already a member + of company groups, that membership is maintained. +- **Loose (allow computers to recovery access by UUID or MAC Address)**- If a computer account + already exists (and matches by hardware UUID only, or MAC address) then use that existing account. + If a computer is already a member of company groups, that membership is maintained. +- **Advanced (always register a new computer and keep existing records)**- If a computer account + already exists (and matches by hardware UUID or MAC address) then create a new record in Endpoint + Policy Manager Cloud just as you would do in strict mode. The difference is that the record for + the previous computer is not deleted. Thus multiple computers with the same hardware can be + registered, each with their own unique record in Endpoint Policy Manager Cloud. This scenario is + useful for VDI, where the machines act identical, but you need to register each one in a new way. + +The default behavior is strict mode because it is the most secure. + +**NOTE:** Even in loose mode, Endpoint Policy Manager Cloud still verifies the client using the x509 +certificate embedded into the MSI. Therefore, guessing the UUID or MAC address is not enough for an +unrelated person to join your Endpoint Policy Manager Cloud. diff --git a/docs/endpointpolicymanager/cloud/interface/companydetails/revokecompanycertificate.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/revokecompanycertificate.md similarity index 84% rename from docs/endpointpolicymanager/cloud/interface/companydetails/revokecompanycertificate.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/revokecompanycertificate.md index f27b219680..a435990ccc 100644 --- a/docs/endpointpolicymanager/cloud/interface/companydetails/revokecompanycertificate.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/revokecompanycertificate.md @@ -1,7 +1,13 @@ +--- +title: "Revoke Company's Certificate" +description: "Revoke Company's Certificate" +sidebar_position: 50 +--- + # Revoke Company's Certificate Endpoint machines join Endpoint Policy Manager Cloud via the Cloud client MSI download (see the -[Downloads](/docs/endpointpolicymanager/cloud/interface/companydetails/downloads.md) section ). Inside the Cloud client MSI (for each company) is a unique x509 +[Downloads](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/companydetails/downloads.md) section ). Inside the Cloud client MSI (for each company) is a unique x509 certificate. This identifies your MSI among all other Endpoint Policy Manager customers. This way, only your Endpoint Policy Manager Cloud client MSI can be used to join computers to your Endpoint Policy Manager Cloud account. If your MSI is lost, you see unexpected machines in your Endpoint diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/_category_.json new file mode 100644 index 0000000000..4449d7c65d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Computer Groups", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/overview.md new file mode 100644 index 0000000000..4ea6b1eb06 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/overview.md @@ -0,0 +1,65 @@ +--- +title: "Computer Groups" +description: "Computer Groups" +sidebar_position: 40 +--- + +# Computer Groups + +You are likely to spend most of your time working onthe **Computer Groups** tab. In this tab covers +the following features + +- Groups. There are two types of groups: + + - Built-in groups (created by the system) + - Company groups (created by you) + +- Create policies using the XML data files tab or the in-cloud editors +- Link XML data files to the computer group of your choice + +**NOTE:** The actions that appear on the right when you click on a group are context sensitive. + +![web_interface_and_controls_50_593x200](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_50_593x200.webp) + +This is an example of items and actions that are available when you click a policy. + +![web_interface_and_controls_51_593x184](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_51_593x184.webp) + +In the next sections, we cover the following: + +- Creating policies with the in-cloud editors +- Working with groups + + - Built-in groups + - Company groups + - Policy forecast/modeling report + - Policy link order + - Block inheritance and enforce + - Search box + +## Creating Policies with In-Cloud Editors + +After you click on a group, you can create a policy to link to the group using the in-cloud editor. + +**NOTE:** If you want to create a policy but not link it yet, then use the XML Data Files tab. By +creating the policy there, it will not be linked anywhere until you come back to the **Computer +Groups** tab and perform the link. + +In the example below, we clicked on the **All** group, then selected **Create and link a new +Policy....** When you do this, the **Create policy** dialog appears, and you can select the in-cloud +editor of your choice. + +![web_interface_and_controls_52_624x291](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_52_624x291.webp) + +For details and guidance on using the in-cloud editors, refer back to the previous section on +creating policies. + +**NOTE:** Not all Endpoint Policy Manager nor all Group Policy Preferences types have in-cloud +editors. As such, you need to use your on-prem test lab to create and test the policy first. For +more information, refer to the **Creating a Endpoint Policy Manager Cloud On-Prem Test Lab** and +**Upload XML Data File** sections. + +Once you have your exported policy XML data file, you can select the group, then select Upload and +link a new XML here and then, paste the XML data. + +![web_interface_and_controls_53_623x265](/img/product_docs/endpointpolicymanager/cloud/interface/computergroups/web_interface_and_controls_53_623x265.webp) diff --git a/docs/endpointpolicymanager/cloud/interface/computergroups/workingwith.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/workingwith.md similarity index 99% rename from docs/endpointpolicymanager/cloud/interface/computergroups/workingwith.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/workingwith.md index ed71464519..edc8037ac0 100644 --- a/docs/endpointpolicymanager/cloud/interface/computergroups/workingwith.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/computergroups/workingwith.md @@ -1,3 +1,9 @@ +--- +title: "Working with Groups" +description: "Working with Groups" +sidebar_position: 10 +--- + # Working with Groups Your experience with the Computer Groups tab will be similar to the experience with Microsoft's diff --git a/docs/endpointpolicymanager/cloud/interface/filebox.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/filebox.md similarity index 95% rename from docs/endpointpolicymanager/cloud/interface/filebox.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/filebox.md index 12f42991a0..1c3d1ef1c1 100644 --- a/docs/endpointpolicymanager/cloud/interface/filebox.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/filebox.md @@ -1,3 +1,9 @@ +--- +title: "File Box" +description: "File Box" +sidebar_position: 30 +--- + # File Box The **File Box** tab provides access to two features: @@ -16,7 +22,7 @@ Manager from this video: [Deploy software with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/remoteworkdelivery/cloud.md). You can learn more about the external links function in -[How to use Remote Work Delivery Manager to apply Firewall policies](/docs/endpointpolicymanager/cloud/remoteworkdeliverymanager.md). +[How to use Remote Work Delivery Manager to apply Firewall policies](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/remoteworkdeliverymanager.md). But in short, you can use public web services, like Amazon S3, to house software and then deploy it to your remote PCs. However, Endpoint Policy Manager Cloud needs to know about this link before it can be used. For this reason, you need to select the **Add external link** action and then specify diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/licensestatus.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/licensestatus.md new file mode 100644 index 0000000000..9ade16d25e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/licensestatus.md @@ -0,0 +1,58 @@ +--- +title: "License Status" +description: "License Status" +sidebar_position: 10 +--- + +# License Status + +As a reminder, Endpoint Policy Manager Cloud is made up of components, such as Endpoint Policy +Manager Application Settings Manager, Endpoint Policy Manager Least Privilege Manager, etc., which +are licensed in pools. You cannot buy different numbers of licenses for each component, so you need +the exact same number of licenses for all the components. This is represented in the line item +**Base Products**. On this screen you can see how many Endpoint Policy Manager Cloud licenses you +have purchased and how many of them are consumed by connected computers. You can also see any +unlicensed products you might have that are available for purchase. Additionally, you can see two +columns listed as **Consumed** and **Waiting**. When you click on the number within the cell, a +pop-up window appears showing the computers that are consumed or waiting. + +![web_interface_and_controls_1_624x138](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_1_624x138.webp) + +When you click the number in the **Consumed** column, you can see the computers which are actively +taking on a Endpoint Policy Manager Cloud license. You can then determine the first and last check +in. Additionally, you can click **Show state changes** to see every time a computer lost and +re-claimed a license, or Show linked policies to get a quick report of which policies are affecting +the specific computer. + +![web_interface_and_controls_2_624x190](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_2_624x190.webp) + +For instance, clicking on **COMPUTERMDM64** and then **how linked policies** would return the window +shown below. Note that you can sort by the product name (component name), as well as the policy name +(or both), as signified by the 1 and 2 column sorters. Additionally, you can see the last delivery +time for each policy. Or, if the policy has never been received, you can see a blank value. We'll go +into further detail on reporting in a separate section on reports. + +![web_interface_and_controls_3_624x247](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_3_624x247.webp) + +Computers may transition from a licensed state of **consumed** to a state of **waiting**. The +Endpoint Policy Manager Cloud waiting list is used to describe two conditions: + +- Condition #1 - A computer had a license but then went offline for more than (usually) 14 days. + When this happens, the license transitions from consumed to waiting. If the computer comes back + online and there are available licenses (and the computer can communicate with the cloud service), + the license will then transition from waiting back to consumed. + +**NOTE:** If you have available licenses, but computers are unexpectedly transitioning to the +waiting list, this means that the computers are not able to communicate as expected with the +Endpoint Policy Manager Cloud service. After about 14 days, the computers will lose their licenses +and those licenses becomes available. + +- Condition #2: All licenses are already consumed but then you add more computers. This is called + being oversubscribed. Computers cannot claim a license because there are no more licenses + available. You will need to purchase more licenses. When you do, the oversubscribed computers will + then consume an available license at the next check-in time (typically every hour). + +Below you can see that nine computers have transitioned from consumed to waiting. The switch to +waiting for all of those nine computers was due to inactivity, not because of oversubscription. + +![web_interface_and_controls_4_625x326](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_4_625x326.webp) diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/overview.md new file mode 100644 index 0000000000..9fa57aec92 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/overview.md @@ -0,0 +1,33 @@ +--- +title: "Web Interface and Controls" +description: "Web Interface and Controls" +sidebar_position: 50 +--- + +# Web Interface and Controls + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud has several roles: + +- Acts as a licensing broker, enabling some computers to be licensed through the Endpoint Policy + Manager Cloud client MSI and connection to the Cloud service. +- Stores XML directives which can be created with the in-cloud editors or exported from the on-prem + MMC console. +- Enables a relationship between licensed computers and groups, which allows them to get XML + directives. +- Works as a delivery mechanism for created XML directives. + +The Endpoint Policy Manager Cloud web interface contains the following sections: + +![web_interface_and_controls_624x229](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_624x229.webp) + +In this section, we will go over the tabs in the following order (not the order in which they +actually appear) + +- License Status +- XML Data Files +- File Box +- Computer Groups +- Company Details +- Tools +- Reports +- Billing diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/reports.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/reports.md new file mode 100644 index 0000000000..9ccd10fb10 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/reports.md @@ -0,0 +1,65 @@ +--- +title: "Reports" +description: "Reports" +sidebar_position: 70 +--- + +# Reports + +There are two reports under the **Reports** tab: **Computers (Status)** and **Policy Reports (XML +Delivery)**. These reports are discussed in the following sections. + +## Computers (Status) Report + +The **Computers (Status) Report** has several sub-reports, where you can focus in on computers with +a specific status, as shown below. This report shows a table of results with data on computers +currently connected to Endpoint Policy Manager Cloud. The following data is available: computer +name, installed OS, IP address, and computer status for Cloud. + +![web_interface_and_controls_112_624x332](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_112_624x332.webp) + +The status selector on the upper left of the table allows you to filter the results. + +Currently you can sort by thefollowin g criteria: **Acquired** (active), **Waiting List**, +**Revoked**, and **Revoked by Endpoint Policy Manager Software**. The table can be exported and +saved in MS Excel or Word format by clicking the **Save** button and selecting Excel or Word. + +![web_interface_and_controls_114_624x196](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_114_624x196.webp) + +## Policy Reports (XML Delivery) Report + +Video: For an overview of this section, check out this video: +[Endpoint Policy Manager Cloud Reporting Demo](/docs/endpointpolicymanager/video/cloud/reports.md) + +Policy Reports (XML Delivery) Report is a very powerful feature. This report enables you to know +which computers received which XML files. To see this report, select **Add Report**, then pick a +computer group. + +![web_interface_and_controls_115_624x355](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_115_624x355.webp) + +Next, select the scope you would like to examine. The recommended selection is **Select all XML data +files linked to this folder and all parent folders (recommended)**. + +![web_interface_and_controls_116_468x353](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_116_468x353.webp) + +You could also select the option **Select all XML data files linked ONLY to this folder**, which +could select fewer XML data files. + +![web_interface_and_controls_117_468x354](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_117_468x354.webp) + +You can also select **Manually select XML data files from XML repository** and specify specific XML +files to test for. + +Once you have created your report, it is saved for future use but not yet run. When you run your +report, it will have the following organization: + +- All the computers in the group are shown in the first column. +- All the XML files are in all other columns. + +The intersection between computer and XML file demonstrates the date and time the computer got the +most recent XML file (in green), the date and time the computer got an old version of the XML file +(in yellow), and if the XML file was not received at all (in red). + +![web_interface_and_controls_118_499x373](/img/product_docs/endpointpolicymanager/cloud/interface/web_interface_and_controls_118_499x373.webp) + +This allows you to precisely knows which XML policy files were embraced by what machine and when. diff --git a/docs/endpointpolicymanager/cloud/interface/tools.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/tools.md similarity index 97% rename from docs/endpointpolicymanager/cloud/interface/tools.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/tools.md index 1bb867bebd..7c3df5923b 100644 --- a/docs/endpointpolicymanager/cloud/interface/tools.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/tools.md @@ -1,3 +1,9 @@ +--- +title: "Tools" +description: "Tools" +sidebar_position: 60 +--- + # Tools Video: For an overview of this section, see diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/_category_.json new file mode 100644 index 0000000000..0e8aed28e9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "XML Data Files", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/createpolicy.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/createpolicy.md similarity index 92% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/createpolicy.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/createpolicy.md index 980b528d54..d85e6f9770 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/createpolicy.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/createpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Create Policy" +description: "Create Policy" +sidebar_position: 70 +--- + # Create Policy You can use the Endpoint Policy Manager Cloud in-cloud editors to create many types of policies (XML @@ -8,7 +14,7 @@ for the policy type, the editor will enable you to create the policy but you wil it to any groups. For the items which do not have in-cloud editors, you must use the steps described in the -**[Upload XML Data File](/docs/endpointpolicymanager/cloud/interface/xmldatafiles/upload.md)** section. In this case, you must create the policy on-prem +**[Upload XML Data File](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/upload.md)** section. In this case, you must create the policy on-prem first, then export and upload it manually. ![web_interface_and_controls_18_625x627](/img/product_docs/endpointpolicymanager/cloud/interface/xmldatafiles/web_interface_and_controls_18_625x627.webp) diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/createpolicytemplate.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/createpolicytemplate.md similarity index 90% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/createpolicytemplate.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/createpolicytemplate.md index 92c75a9d5a..364618d33d 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/createpolicytemplate.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/createpolicytemplate.md @@ -1,3 +1,9 @@ +--- +title: "Create Policy from Template" +description: "Create Policy from Template" +sidebar_position: 90 +--- + # Create Policy from Template In 2019, Microsoft designed some security templates to be used on various types of workstations, diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/delete.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/delete.md similarity index 77% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/delete.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/delete.md index 99705cf61c..0b859fb449 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/delete.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/delete.md @@ -1,3 +1,9 @@ +--- +title: "Delete" +description: "Delete" +sidebar_position: 40 +--- + # Delete You can delete any XML data file by clicking on the **Delete** icon. diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/download.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/download.md similarity index 95% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/download.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/download.md index f3909a978d..2144134810 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/download.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/download.md @@ -1,3 +1,9 @@ +--- +title: "Download" +description: "Download" +sidebar_position: 30 +--- + # Download If you have an existing XML data file, but there is not an in-cloud editor for it, you may wish to diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/duplicate.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/duplicate.md similarity index 84% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/duplicate.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/duplicate.md index 2230641146..782f990961 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/duplicate.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/duplicate.md @@ -1,3 +1,9 @@ +--- +title: "Duplicate" +description: "Duplicate" +sidebar_position: 50 +--- + # Duplicate You can duplicate any policy, which will safely copy the XML data file and enable you to edit it. diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/importpolicies.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/importpolicies.md similarity index 96% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/importpolicies.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/importpolicies.md index c58d5bcc37..bf28401bca 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/importpolicies.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/importpolicies.md @@ -1,3 +1,9 @@ +--- +title: "Import Policies from GPO Backup" +description: "Import Policies from GPO Backup" +sidebar_position: 100 +--- + # Import Policies from GPO Backup Video: For a video overview on this section, see: diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/itemleveltargetingcollections.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/itemleveltargetingcollections.md similarity index 98% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/itemleveltargetingcollections.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/itemleveltargetingcollections.md index 4beb24d53e..3d4eadb606 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/itemleveltargetingcollections.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/itemleveltargetingcollections.md @@ -1,3 +1,9 @@ +--- +title: "Item-Level Targeting and Collections" +description: "Item-Level Targeting and Collections" +sidebar_position: 80 +--- + # Item-Level Targeting and Collections Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/modify.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/modify.md new file mode 100644 index 0000000000..53ff7e6754 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/modify.md @@ -0,0 +1,19 @@ +--- +title: "Modify" +description: "Modify" +sidebar_position: 10 +--- + +# Modify + +If you attempt to edit an XML data file that Endpoint Policy Manager Cloud has an in-cloud editor +for, you will be able to immediately edit the item. + +![web_interface_and_controls_6_624x329](/img/product_docs/endpointpolicymanager/cloud/interface/xmldatafiles/web_interface_and_controls_6_624x329.webp) + +However, since Endpoint Policy Manager Cloud doesn't have in-cloud editors for all items, some items +will not be available for editing, but will be available for updating. In these cases, you would +take an existing Endpoint Policy Manager XML export from the MMC console and enter it into the box. +. + +![web_interface_and_controls_7_624x431](/img/product_docs/endpointpolicymanager/cloud/interface/xmldatafiles/web_interface_and_controls_7_624x431.webp) diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/overview.md new file mode 100644 index 0000000000..2e2c5272f0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/overview.md @@ -0,0 +1,30 @@ +--- +title: "XML Data Files" +description: "XML Data Files" +sidebar_position: 20 +--- + +# XML Data Files + +This section describes XML data files, which are a way to interface with the directives you create +with settings that are pre-populated, those which you have uploaded from an on-prem MMC console, and +those which you create with the in-cloud editors. For any existing XML data file, you have the +following functions (icons shown below) + +- Modify +- Show Report +- Download +- Delete +- Duplicate + +You can also expand an item to see which groups an XML directive is specifically linked to. +Additionally, you can perform the following actions, which create new policies: + +- Upload XML Data File +- Create Policy (which uses the in-cloud editors) +- Create Policy From Template +- Import Policies From GPO Backup + +![web_interface_and_controls_5_624x199](/img/product_docs/endpointpolicymanager/cloud/interface/xmldatafiles/web_interface_and_controls_5_624x199.webp) + +These functions and actions are described in more detail in the sections that follow. diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/showreport.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/showreport.md similarity index 87% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/showreport.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/showreport.md index f5fab99f99..9b6174f516 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/showreport.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/showreport.md @@ -1,3 +1,9 @@ +--- +title: "Show Report" +description: "Show Report" +sidebar_position: 20 +--- + # Show Report Clicking on the **Show Report** icon generates a human readable report about the settings within the diff --git a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/upload.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/upload.md similarity index 96% rename from docs/endpointpolicymanager/cloud/interface/xmldatafiles/upload.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/upload.md index c47c70061e..bb393628f3 100644 --- a/docs/endpointpolicymanager/cloud/interface/xmldatafiles/upload.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/interface/xmldatafiles/upload.md @@ -1,3 +1,9 @@ +--- +title: "Upload XML Data File" +description: "Upload XML Data File" +sidebar_position: 60 +--- + # Upload XML Data File Video: For an overview of this section, see the following video: diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/_category_.json new file mode 100644 index 0000000000..efd0535150 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Licensing with Endpoint Policy Manager Cloud Components", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/licensing/computeraccountdeletion.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/computeraccountdeletion.md similarity index 91% rename from docs/endpointpolicymanager/cloud/licensing/computeraccountdeletion.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/computeraccountdeletion.md index 91b340982a..76acb60294 100644 --- a/docs/endpointpolicymanager/cloud/licensing/computeraccountdeletion.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/computeraccountdeletion.md @@ -1,3 +1,9 @@ +--- +title: "Computer Account Deletion" +description: "Computer Account Deletion" +sidebar_position: 60 +--- + # Computer Account Deletion When a computer account is deleted, its acquired license is immediately returned back to the diff --git a/docs/endpointpolicymanager/cloud/licensing/licensemanagement.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/licensemanagement.md similarity index 90% rename from docs/endpointpolicymanager/cloud/licensing/licensemanagement.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/licensemanagement.md index 6608500d66..d0a522eae4 100644 --- a/docs/endpointpolicymanager/cloud/licensing/licensemanagement.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/licensemanagement.md @@ -1,3 +1,9 @@ +--- +title: "License Management" +description: "License Management" +sidebar_position: 50 +--- + # License Management If you want to prohibit a computer from participating in Endpoint Policy Manager Cloud for a diff --git a/docs/endpointpolicymanager/cloud/licensing/otherpolicydeliverymechanisms.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/otherpolicydeliverymechanisms.md similarity index 92% rename from docs/endpointpolicymanager/cloud/licensing/otherpolicydeliverymechanisms.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/otherpolicydeliverymechanisms.md index 710504fd23..2ef5280d62 100644 --- a/docs/endpointpolicymanager/cloud/licensing/otherpolicydeliverymechanisms.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/otherpolicydeliverymechanisms.md @@ -1,3 +1,9 @@ +--- +title: "Other Policy Delivery Mechanisms" +description: "Other Policy Delivery Mechanisms" +sidebar_position: 20 +--- + # Other Policy Delivery Mechanisms Licensing for Endpoint Policy Manager Cloud and other policy deliver mechanisms vary depending on diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/overview.md new file mode 100644 index 0000000000..89463a22cd --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/overview.md @@ -0,0 +1,116 @@ +--- +title: "Licensing with Endpoint Policy Manager Cloud Components" +description: "Licensing with Endpoint Policy Manager Cloud Components" +sidebar_position: 60 +--- + +# Licensing with Endpoint Policy Manager Cloud Components + +Licensing Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud is pretty easy. However, the +following sections give some technical details that will help you be a betterunderstand the process. + +## Editions + +You can license Endpoint Policy Manager Cloud by the following methods: + +- Legacy - If you licensed Endpoint Policy Manager Cloud before 2021, you are considered a customer + in legacy status: Legacy Cloud Monthly or Legacy Cloud Yearly. +- Endpoint Policy Manager SaaS Edition - Endpoint Policy Manager Cloud is the only method offered + within this edition. Licensing is by Monthly Post-Pay Licensing. +- Endpoint Policy Manager Professional Edition - Endpoint Policy Manager Cloud is included within + this edition. Licensing is by Yearly Post-Pay Licensing. +- Endpoint Policy Manager Enterprise Edition - Endpoint Policy Manager Cloud is included within this + edition. Licensing is by Yearly Post-Pay Licensing. + +### Legacy (Pooled Licenses) + +If you are a Endpoint Policy Manager Cloud Edition customer (also known as Legacy), then your model +is a maximum number of licenses that you could possibly consume. In this model you have pre-paid for +proposed usage, and if you go over your usage you need to contact us at Endpoint Policy Manager for +more licenses. For this reason, we strongly advise you to work with our team to transition to the +SaaS Edition, Professional Edition, or Enterprise Edition licenses, where you will enjoy post-pay +billing instead of having to work with a ceiling for the number of licenses you can use. + +![licensing_with_policypak_cloud_623x164](/img/product_docs/endpointpolicymanager/cloud/licensing/licensing_with_endpointpolicymanager_cloud_623x164.webp) + +### SaaS Edition (Monthly Post-Pay Licenses) + +If you have chosen the Endpoint Policy Manager SaaS edition, the only licensing model available to +you is Monthly Post-Pay Licensing. In this this model, you may install the Endpoint Policy Manager +Cloud client on as many computers as you wish. During the billing cycle, we count the number of +computers consumed each day. We charge your credit card automatically based on the highest number +used within the month. The following is an example: + +You start with Endpoint Policy Manager Cloud Saas Edition on April 15. + +During April the following occurs: + +- On April 15, you install the Endpoint Policy Manager Cloud client MSI on 100 computers, and have + thus consumed 100 licenses on Day 1. +- On April 20, you install the Endpoint Policy Manager Cloud client MSI on 200 more computers and + have consumed 300 licenses total. +- On April 25, you install the Endpoint Policy Manager Cloud client MSI on 500 more computers and + have consumed 800 licenses total. +- On April 30, you un-install the Endpoint Policy Manager Cloud client MSI on 100 computers, making + your consumption 700 licenses in total. + +Your monthly highest number for April is 800 and we will automatically bill you for 800 licenses. + +### Professional or Enterprise Edition (Yearly Average Post-Pay Licensing) + +If you have chosen the Endpoint Policy Manager Professional or Enterprise Editions, the only +licensing model available to you is Yearly Post-Pay Licensing. In this this model, you may install +the Endpoint Policy Manager Cloud client on as many computers as you wish. During every month, we +count the number of computers consumed each day and produce an average across that billing cycle. +Every month will have a day with the highest number of computers used on that day. This highest +number is used as the monthly highest number. Then, all the monthly highest numbers for all the +months of the year are added together, then averaged over 12 months. You will then true up your +usage for Endpoint Policy Manager Cloud. You will also true up your usage for any Endpoint Policy +Manager use with Active Directory, SCCM, or MDM. The following is an example: + +- You start with Endpoint Policy Manager Cloud Enterprise Edition on April 15. +- For April the following occurs: + + - On April 15, you install the Endpoint Policy Manager Cloud client MSI on 100 computers, and + have thus consumed 100 licenses on Day 1. + - On April 20, you install the Endpoint Policy Manager Cloud client MSI on 200 more computers + and have consumed 300 licenses total. + - On April 25, you install the Endpoint Policy Manager Cloud client MSI on 500 more computers + and have consumed 800 licenses total. + - On April 30, you uninstall the Endpoint Policy Manager Cloud client MSI on 100 computers, + making your consumption 700 licenses in total. + +- Your monthly highest number for April is 800. +- For May the following occurs: + + - On May 1, you install the Endpoint Policy Manager Cloud client MSI on 300 more computers, and + have thus consumed 1,000 licenses total. + - On May 20, you install the Endpoint Policy Manager Cloud client MSI on 200 more computers and + have consumed 1,200 licenses total. + - On May 25, you install the Endpoint Policy Manager Cloud client MSI on 500 more computers and + have consumed 1,700 licenses total. + - On May 30, you uninstall the Endpoint Policy Manager Cloud client MSI on 300 computers, making + your consumption 1,500 licenses in total. + +- Your monthly highest number for May is 1,700. +- For June the following occurs: + + - On June 1, you uninstall the Endpoint Policy Manager Cloud client MSI on 1,000 computers, + reducing your license count to 700. + - In the remainder of June you neither consume nor reduce your license usage. + +- Your monthly highest number for June is 700. + +- The monthly highest numbers for the remaining months in that 12-month period are the following: + + - July: 1,000 + - August: 1,200 + - September: 900 + - October: 1,000 + - November: 1,500 + - December: 1,500 + - January: 1,000 + - February: 800 + - March: 900 + +In summary, you are charged for the highest number (averaged) in the 12-month period which is 1,083. diff --git a/docs/endpointpolicymanager/cloud/licensing/reconnectionperiod.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/reconnectionperiod.md similarity index 88% rename from docs/endpointpolicymanager/cloud/licensing/reconnectionperiod.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/reconnectionperiod.md index 8e5ab17550..4427a44ff8 100644 --- a/docs/endpointpolicymanager/cloud/licensing/reconnectionperiod.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/reconnectionperiod.md @@ -1,3 +1,9 @@ +--- +title: "Reconnection Period" +description: "Reconnection Period" +sidebar_position: 10 +--- + # Reconnection Period All computers that acquire a license must connect to Endpoint Policy Manager Cloud. The normal time @@ -5,7 +11,7 @@ period within which all customers must re-connect with Endpoint Policy Manager C which enables them to keep using the service and get new policies. A computer that is offline for more than 14 days will transition to a state of being unlicensed. To see what happens when a computer becomes unlicensed (per component), see this KB article: -[What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/license/unlicense/components.md). +[What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md). However, as soon as the computer re-connects to Endpoint Policy Manager Cloud and claims an available license, the computer picks up right where it left off. Having a computer return a license diff --git a/docs/endpointpolicymanager/cloud/licensing/serversessionvirtualization.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/serversessionvirtualization.md similarity index 91% rename from docs/endpointpolicymanager/cloud/licensing/serversessionvirtualization.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/serversessionvirtualization.md index 68377f948e..bad5564254 100644 --- a/docs/endpointpolicymanager/cloud/licensing/serversessionvirtualization.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/serversessionvirtualization.md @@ -1,3 +1,9 @@ +--- +title: "Server (Session) Virtualization" +description: "Server (Session) Virtualization" +sidebar_position: 30 +--- + # Server (Session) Virtualization Licensing for Endpoint Policy Manager Cloud with Server (Session) Virtualization varies depending on @@ -11,7 +17,7 @@ your purchase. server, instead of handling actual usage to the maximum extent of the server. If you need to do this, you must also have a corresponding Endpoint Policy Manager Group Policy Edition license where the number of sessions is expressly counted. You can read more about this in this KB: - [How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/license/virtualization/multisession.md). + [How do I license my Citrix, RDS, WVD, VDI or other multi-session Windows version with Endpoint Policy Manager Cloud ?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/multisession.md). - For Endpoint Policy Manager Enterprise and Endpoint Policy Manager Professional customers, when a computer acquires a Endpoint Policy Manager Cloud license, the computer will not process on-prem or MDM directives as well, unless a corresponding license for that method is acquired as part of diff --git a/docs/endpointpolicymanager/cloud/licensing/vdi.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/vdi.md similarity index 86% rename from docs/endpointpolicymanager/cloud/licensing/vdi.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/vdi.md index 0d46e82190..46d2f999c9 100644 --- a/docs/endpointpolicymanager/cloud/licensing/vdi.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/licensing/vdi.md @@ -1,3 +1,9 @@ +--- +title: "vdi" +description: "vdi" +sidebar_position: 40 +--- + ## VDI VDI, or desktop virtualization, is defined when a full Windows 10 computer is virtualized, not when @@ -24,6 +30,6 @@ Use the following KB articles for tips to install Endpoint Policy Manager Cloud scenarios: - Endpoint Policy Manager Cloud and Windows Virtual Desktop: - [How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/integration/azurevirutaldesktop.md). + [How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md). - Endpoint Policy Manager Cloud and VMware Horizon: - [How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/integration/vdisolutions.md). + [How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/vdisolutions.md). diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/overview.md new file mode 100644 index 0000000000..e858fba328 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/overview.md @@ -0,0 +1,31 @@ +--- +title: "Endpoint Policy Manager Cloud Quick Start" +description: "Endpoint Policy Manager Cloud Quick Start" +sidebar_position: 40 +--- + +# Endpoint Policy Manager Cloud Quick Start + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud is our system for delivering and +enforcing Microsoft Group Policy and all Endpoint Policy Manager special settings to +non-domain-joined, domain-joined on-prem, or remote machines. Endpoint Policy Manager Cloud enables +machines to stay protected, regardless of where they are. It is comprised of separate components to +enable you to control different types of settings. If you are in a hurry to get started, you can +start with a web browser and one Windows 10 machine and see Endpoint Policy Manager immediately in +action. + +Here's the fastest way to get started: + +**Step 1 –** Check out our **Two minute introduction** video then our Quickstart video here: Getting +Started with Cloud > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). Work through the +videos one-by-one to try out all the main features. + +**Step 2 –** Additionally, we strongly recommend you have a mini on-prem test lab for editing and +testing purposes. You should work through each of the videos on the Test Lab Best Practices page and +make sure you have your free-to-use test lab working: Getting Started with Cloud > +[Video Learning Center](/docs/endpointpolicymanager/video/index.md). + +**Step 3 –** Use the rest of the manual to understand the finer points of Endpoint Policy Manager +Cloud including some key security settings. + +Enjoy Endpoint Policy Manager Cloud! diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/_category_.json new file mode 100644 index 0000000000..f3c054e420 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Setup, Download, Install, and Verify", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "quickstart" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/cloud/quickstart.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/quickstart.md similarity index 98% rename from docs/endpointpolicymanager/cloud/quickstart.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/quickstart.md index c187b34c97..198bebc143 100644 --- a/docs/endpointpolicymanager/cloud/quickstart.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/quickstart.md @@ -1,3 +1,9 @@ +--- +title: "Setup, Download, Install, and Verify" +description: "Setup, Download, Install, and Verify" +sidebar_position: 40 +--- + # Setup, Download, Install, and Verify In this section and the next section, you'll learn some more concepts, get a feel for Netwrix diff --git a/docs/endpointpolicymanager/cloud/verify.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/verify.md similarity index 96% rename from docs/endpointpolicymanager/cloud/verify.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/verify.md index 58742ae15c..4fa7619f2c 100644 --- a/docs/endpointpolicymanager/cloud/verify.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/quickstart/verify.md @@ -1,3 +1,9 @@ +--- +title: "Verifying Endpoint Policy Manager Cloud Is Working" +description: "Verifying Endpoint Policy Manager Cloud Is Working" +sidebar_position: 10 +--- + # Verifying Endpoint Policy Manager Cloud Is Working We have pre-populated your Endpoint Policy Manager Cloud instance with some Endpoint Policy Manager diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/security.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/security.md new file mode 100644 index 0000000000..3f8d0fb7e1 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/security.md @@ -0,0 +1,46 @@ +--- +title: "About Security" +description: "About Security" +sidebar_position: 10 +--- + +# About Security + +As expected, some data from your organization is stored within Netwrix Endpoint Policy Manager +(formerly PolicyPak) Cloud after it is joined by a computer joins. Below is a list of what is stored +within Endpoint Policy Manager Cloud. + +- Endpoint Policy Manager UUID: This is a random, unique ID generated in the cloud when a computers + joins. It doesn't contain any computer-specific data, but it helps us to identify the computer + when it checks in. +- Fingerprint: This is a SHA256 hash of hardware UUID and OS IDs. This is used as a unique computer + ID in order to generate a unique license. +- MAC address: This is the physical network adapter MAC address. +- BIOS UUID: This is a unique hardware ID assigned to every physical and virtual machine by the + manufacturer. (For more information on BIOS UUID, see + [http://searchsoa.techtarget.com/definition/UUID](http://searchsoa.techtarget.com/definition/UUID)) +- Last known public IP address: This is stored only for reporting and to allow search on the + website. +- OS version and build: This is stored only for reporting. (e.g., Microsoft Windows NT 6.2.9200.0 or + Microsoft Windows NT 6.1.7601 Service Pack 1) +- Computer name: This is the FQDN computer name that has been assigned. +- Check-in times: This is the first check-in date and time and last check-in date and time. + +**NOTE:** At no time are usernames, passwords, organizational units (OUs), or domain names used or +stored within Endpoint Policy Manager Cloud. + +All communication to and from the client machines with Endpoint Policy Manager Cloud is always +encrypted. Below is a description of how the client attempts to communicate with Endpoint Policy +Manager Cloud. + +- The Endpoint Policy Manager Cloud client first tries HTTPS (secure HTTP) using port 443 and an + encrypted Endpoint Policy Manager Cloud certificate that the client received at the time it + joined. +- If that is unsuccessful, then the Endpoint Policy Manager Cloud client tries HTTP using port 80, + but with a message-level algorithm suite that uses RSA15 as the key wrap algorithm, SHA256 for the + signature digest, and 256-bit Basic as the message encryption algorithm. In HTTP mode, the + Endpoint Policy Manager Cloud client verifies the identity of the server using a hard-coded + certificate. + +**NOTE:** Endpoint Policy Manager Cloud will usually work using proxy servers with either HTTP or +HTTPS and should honor system-wide proxy settings. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/_category_.json new file mode 100644 index 0000000000..a7c6ef277c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Underneath the Hood and Troubleshooting", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/clientcommands.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/clientcommands.md similarity index 81% rename from docs/endpointpolicymanager/troubleshooting/cloud/underhood/clientcommands.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/clientcommands.md index ac26099201..184c64f5da 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/clientcommands.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/clientcommands.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Cloud Client Commands" +description: "Endpoint Policy Manager Cloud Client Commands" +sidebar_position: 30 +--- + # Endpoint Policy Manager Cloud Client Commands The Endpoint Policy Manager Cloud client can be invoked from an elevated command prompt with the @@ -15,9 +21,9 @@ The Endpoint Policy Manager Cloud client can be invoked from an elevated command within groups. - `/sysprep`: Used to install the Endpoint Policy Manager Cloud client on a virtual desktop image. See "Option 2" in this KB article: - [How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/integration/azurevirutaldesktop.md). + [How to install the Endpoint Policy Manager Cloud Client for use in an Azure Virtual Desktop image](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/azurevirutaldesktop.md). Or see this article: - [How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/integration/vdisolutions.md). + [How to install and configure the PPC Client for a Non-Persistent VDI Image in VMware Horizon](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/clienttipstricksandf/vdisolutions.md). - `/unregister`: Used to un-register a machine from Endpoint Policy Manager Cloud and reclaim a license. Used with a virtual desktops scenario. - `/jointoken:value`: Used in conjunction with the `/sysprep `switch to automatically join a diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/installation.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/installation.md new file mode 100644 index 0000000000..cd10c10ace --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/installation.md @@ -0,0 +1,100 @@ +--- +title: "Troubleshooting Installation" +description: "Troubleshooting Installation" +sidebar_position: 20 +--- + +# Troubleshooting Installation + +If you choose an interactive installation of the Endpoint Policy Manager Cloud client, then any +success or failure messages that occur when connecting to Endpoint Policy Manager Cloud will be +shown on the final window during installation, as shown in Figure 156. + +![underneath_the_hood_and_troubleshooting_2_624x343](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_2_624x343.webp) + +Figure 156. The final window of the installation process. + +There are some common issues that occur during installation, and these client troubleshooting errors +are documented in one place: Getting Started with Cloud > +[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md). However, three of our most common errors +are presented in the next few pages. + +## No Internet Connection During Installation + +You might install the Endpoint Policy Manager Cloud client during a time when there is no internet +connection, or some other issue might occur when your client initially joins Endpoint Policy Manager +Cloud. + +**NOTE:** If you always use a proxy, and the Endpoint Policy Manager Cloud client cannot seem to +contact the Endpoint Policy Manager services, please read this Endpoint Policy Manager KB article: +[http://www.endpointpolicymanager.com/knowledge-base/client-installation-troubleshooting/i-always-use-a-proxy-and-the-cloud-client-cannot-seem-to-make-contact-with-the-services-see-faq-item-3-above-first-what-else-can-i-try.html](http://www.endpointpolicymanager.com/knowledge-base/client-installation-troubleshooting/i-always-use-a-proxy-and-the-cloud-client-cannot-seem-to-make-contact-with-the-services-see-faq-item-3-above-first-what-else-can-i-try.html). + +During installation, the Endpoint Policy Manager Cloud client will try to connect with Endpoint +Policy Manager Cloud for a maximum of 60 seconds. If it is able to make a connection and acquire a +license within 60 seconds, you'll get a success message. If the Endpoint Policy Manager Cloud client +cannot locate Endpoint Policy Manager Cloud you'll get an error message, as shown in Figure 157. + +![underneath_the_hood_and_troubleshooting_3_406x302](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_3_406x302.webp) + +Figure 157. The error message when the Endpoint Policy Manager Cloud client cannot connect to +Endpoint Policy Manager Cloud. + +If you click "Continue," you'll see a success message, but no results of the connection to Endpoint +Policy Manager Cloud, as shown in Figure 158. + +![underneath_the_hood_and_troubleshooting_4_406x336](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_4_406x336.webp) + +Figure 158. The success message indicating installation is complete. + +Therefore, if the Endpoint Policy Manager Cloud is contacted and/or the license isn't acquired, then +the Endpoint Policy Manager Cloud client will try to sync again within the next hour. It will +continue to re-try every hour (after Internet access is restored). + +## System Time Error + +A common error occurs when the system time is off. If you get the error shown in Figure 159, ensure +that the system time on the client system is correct. If the time significantly off, the cloud +client cannot talk with the cloud server. + +![underneath_the_hood_and_troubleshooting_5](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_5.webp) + +Figure 159. System time error message. + +To check the time, do the following: + +**Step 1 –** Change the time zone to UTC, as shown in Figure 160. + +![underneath_the_hood_and_troubleshooting_6](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_6.webp) + +Figure 160. Selecting UTC as the time zone. + +**Step 2 –** Verify the time on the computer is now the same as what is shown at the following +website: +[https://www.worldtimeserver.com/current_time_in_UTC.aspx](http://www.worldtimeserver.com/current_time_in_UTC.aspx). + +**Step 3 –** If the computer's time is off, change it so it matches the UTC time. + +**Step 4 –** Then join Endpoint Policy Manager Cloud. + +**Step 5 –** After joining, change the time zone to your correct time zone. + +**Step 6 –** Verify Endpoint Policy Manager Cloud still works with commandline:` ppcloud /sync`. + +## Multiple Registrations for the Same Computer + +If you attempt to destroy and re-create a computer, for instance, after re-installing the whole OS, +then the computer will, by default, be seen as unique (see Figure 161). This is expected because of +the computer registration modes, and it can typically happen when the computer is a VDI machine that +gets destroyed and rebuilt often. To compensate for this, refer to the section "Company Details." + +![underneath_the_hood_and_troubleshooting_7_624x277](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_7_624x277.webp) + +Figure 161. A computer is seen as being unique after the OS is re-installed. + +The registration mode you likely want to use is "Loose (allow computers to recovery access by UUID +or MAC Address)" for normal machines (as shown in Figure 162), and "Advanced (always register a new +computer and keep existing records)" for VDI machines. + +![web_interface_and_controls_71_624x518](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/web_interface_and_controls_71_624x518.webp) + +Figure 162. Selecting the registration mode. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/overview.md new file mode 100644 index 0000000000..809e82c96f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/overview.md @@ -0,0 +1,28 @@ +--- +title: "Underneath the Hood and Troubleshooting" +description: "Underneath the Hood and Troubleshooting" +sidebar_position: 70 +--- + +# Underneath the Hood and Troubleshooting + +Recall that the job of Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud job is to do the +following: + +- Provide your company with its own Endpoint Policy Manager Cloud client MSI which is unique and + secure to your company. +- License a machine for use with Endpoint Policy Manager Cloud (for specific Endpoint Policy Manager + Cloud components). +- Deliver Endpoint Policy Manager XML data files for Endpoint Policy Manager settings or Microsoft + Group Policy settings. + +After that, the Endpoint Policy Manager product client-side extension (CSE) (Endpoint Policy Manager +Application Settings Manager CSE or Endpoint Policy Manager Preferences CSE) takes over and performs +the work. + +To get an overall feeling for what's happening within Endpoint Policy Manager Cloud and its +interaction with the client machines, let's explore three areas: + +- XML data storage (where XML directives are downloaded) +- Troubleshooting installation of the Cloud client and connection troubles +- Command line syntax for initiating commands from the client to the server diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/xmldatastorage.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/xmldatastorage.md similarity index 96% rename from docs/endpointpolicymanager/troubleshooting/cloud/underhood/xmldatastorage.md rename to docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/xmldatastorage.md index 5bb026566b..e244411918 100644 --- a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/xmldatastorage.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/underhood/xmldatastorage.md @@ -1,3 +1,9 @@ +--- +title: "XML Data Storage" +description: "XML Data Storage" +sidebar_position: 10 +--- + # XML Data Storage Once the Endpoint Policy Manager Cloud client MSI is installed, the following directories are diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/cloud/uninstall.md b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/uninstall.md new file mode 100644 index 0000000000..12eb19da56 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/cloud/uninstall.md @@ -0,0 +1,18 @@ +--- +title: "Endpoint Policy Manager Cloud Uninstallation" +description: "Endpoint Policy Manager Cloud Uninstallation" +sidebar_position: 80 +--- + +# Endpoint Policy Manager Cloud Uninstallation + +When the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client is manually uninstalled +(or the computer account is permanently deleted from within Endpoint Policy Manager Cloud), the +following happens: + +- All acquired licenses from Endpoint Policy Manager Cloud are returned to the pool (if the computer + can make contact with Endpoint Policy Manager Cloud). +- All XML data files that are in the Cloud folder are removed. +- Any Endpoint Policy Manager component will become unlicensed. Different licenses have different + behaviors when they become unlicensed. Check the KB article here for more information: + [What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components_2.md). diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/_category_.json new file mode 100644 index 0000000000..8890b34565 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "MDM & UEM Tools", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/gettingstarted.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/gettingstarted.md new file mode 100644 index 0000000000..e21f26f136 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/gettingstarted.md @@ -0,0 +1,79 @@ +--- +title: "MDM and UEM Tools Quick Start" +description: "MDM and UEM Tools Quick Start" +sidebar_position: 10 +--- + +# MDM and UEM Tools Quick Start + +You might want to use Endpoint Policy Manager along with the following UEM tools: + +- MEMCM (formerly known as SCCM) (video: + [Perform Desktop Lockdown using Microsoft SCCM and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/sccmsoftwarecenter.md)) +- Microsoft Intune (video: + [Endpoint Policy Manager and Microsoft Intune](/docs/endpointpolicymanager/video/mdm/microsoftintune.md)) +- Symantec Altiris +- Dell KACE +- LabTech +- PDQ Deploy (videos: + [Deploy and Manage Firefox with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeployfirefox.md) + and + [Deploy and Manage WinZip with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeploy.md)) +- Specops Deploy +- Microsoft Group Policy Software Installation +- Manual installation (when running with admin privileges) + +The wrapped up MSI files from Endpoint Policy Manager should work with just about any other software +distribution tool as well. Therefore, you can quickly deploy Endpoint Policy Manager directives +without needing to use Group Policy to deploy your settings. Just create the XML data file, use +Endpoint Policy Manager Exporter to make an MSI, and then use your software deployment tool of +choice to deploy the MSI. Once the MSI is delivered to the target machines, the users will pick up +the XML files in their own directories (or the Computers folder), and Endpoint Policy Manager +components will receive their directives. We've provided a handful of XML files you can use. You can +find them in the Endpoint Policy Manager Portal in the "Latest Manuals" section, as shown in +Figure 1. + +![deploying_policypak_directives](/img/product_docs/endpointpolicymanager/mdm/deploying_endpointpolicymanager_directives.webp) + +Figure 1. The list of XML files in the Endpoint Policy Manager Portal. + +Once unpacked, you should see a list of example XML files, displayed in Figure 2, which are wrapped +into an example MSI. + +![deploying_policypak_directives_1](/img/product_docs/endpointpolicymanager/mdm/deploying_endpointpolicymanager_directives_1.webp) + +Figure 2. The wrapped XML file example. + +The provided Endpoint Policy Manager -XML-`Examples.msi` can be used immediately and contains a +wrapped-up version of the provided XML files. Below is a summary of what each XML example does: + +- `Ppam-winzip.xml` changes settings in the Password tab of WinZip 14.0 and 14.5. +- `Ppatm-screensaver-settings.xml` sets the Windows screensaver to 17 minutes and forces the machine + to be locked when it is powered back on. +- `Ppbr-examples` makes some sample Endpoint Policy Manager Browser Router routes. Specifically, it + will route endpointpolicymanager.com to Internet Explorer, GPanswers.com to Chrome, and Mozilla.org to + Firefox, and it will block Facebook.com. +- `Pplpm-run-procmon-elevated.xml` enables Process Monitor to bypass UAC prompts and run elevated. +- P`pprefs-shortcut.xml` shows a Endpoint Policy Manager shortcut item on the desktop. +- `Ppsm-rename-guest-account.xml` renames the local Guest account to ppGuest. + +By starting your journey with our pre-configured examples, we can help you troubleshoot a lot faster +than if you try other items, so we suggest you start with these examples. + +## Quick Start with MSI files and a UEM Tool + +Below are two videos you can use to get familiar with how to export settings and then use them with +a UEM tool. + +- [Deploy Real Group Policy using SCCM or Other Management System!](/docs/endpointpolicymanager/video/methods/sccmgrouppolicy.md) +- Deploy Endpoint Policy Manager Settings Using SCCM or Other Management System! + +## Quick Start with MSI files and an MDM Tool + +To get started quickly with our sample MSI files and an MDM tool, we recommend watching the +following video: + +- [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) + +Then, you can learn more about how to use Endpoint Policy Manager with your own MDM tool on this +page: Getting Started with MDM > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md new file mode 100644 index 0000000000..5643c000be --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md @@ -0,0 +1,62 @@ +--- +title: "MDM & UEM Tools" +description: "MDM & UEM Tools" +sidebar_position: 50 +--- + +# MDM & UEM Tools + +Deploying PolicyPak Directives without Group Policy + +If you're reading this section, you're likely interested in using Netwrix Endpoint Policy Manager +(formerly PolicyPak) in conjunction with Microsoft Endpoint Configuration Manager (MEMCM) (formerly +known as SCCM), Microsoft Intune, KACE, or your own systems management utility. The bullet points +below give the general idea of how you can use PolicyPak with these utilities. + +- All Endpoint Policy Manager components can export their settings as XML files. +- Those XML files can be imported into the Endpoint Policy Manager Exporter. +- The Endpoint Policy Manager Exporter makes MSI files. +- Those MSI files can be delivered using any technique you want: + + - Using an mobile device management (MDM) provider like: Microsoft Intune, VMware Workspace ONE, + etc. + - Using an unified endpoint management (UEM) tool like: SCCM, KACE, and so on. + +Therefore, you can deliver your settings to any machine with all the Endpoint Policy Manager +components (Endpoint Policy Manager Least Privilege Manager, Endpoint Policy Manager Application +Settings Manager, Endpoint Policy Manager Browser Router, Endpoint Policy Manager File Associations +Manager, Endpoint Policy Manager Preferences Manager, Endpoint Policy Manager Security Settings +Manager, and all the others) without using Group Policy as the delivery mechanism. + +**NOTE:** For an overview of using Endpoint Policy Manager Exporter with the Endpoint Policy Manager +components, please see the following video: +[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/methods/exporterutility.md). + +**CAUTION:** Note that non-domain-joined machines are not supported with Endpoint Policy Manager +products, unless you are using the MDM method. That is, the machine must have been previously +domain-joined and be in an organizational unit (OU) that is licensed (or will be licensed from a +licensing file). To deliver settings to non-domain-joined machines, you must use Endpoint Policy +Manager Cloud. + +In the next sections, we're going to work through the following procedures: + +- Exporting settings from each Endpoint Policy Manager application as an XML file +- Using the Endpoint Policy Manager Exporter utility to make an MSI file +- Learning what happens after the MSI file is delivered + +## Reasons to Use XML Data Files to Deliver Settings + +There are a variety of scenarios in which you might not> want to use Group Policy to deliver +Endpoint Policy Manager directives, including the following: + +- You are using MEMCM, LANDesk, KACE, or similar software for software deployment, and your team + doesn't want to use Group Policy, but wants to use the components and functionality of Endpoint + Policy Manager. +- You are using a mobile device management (MDM) service such as Microsoft Intune, MobileIron, or + VMware Workspace ONE (formerly known as AirWatch). +- You have clients who have a domain-joined account but haven't been to the office to get the Group + Policy settings. +- You have a special machine that is domain-joined, but you don't want it to get Group Policy. + Instead, you want it to get some Endpoint Policy Manager directives. +- You are using Microsoft Intune or another remote management system to manage machines, and you + want to add Group Policy functionality, but that utility doesn't have Group Policy functionality. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/_category_.json new file mode 100644 index 0000000000..bc2b096c7b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Endpoint Policy Manager Exporter Tips, Tricks, and Notes", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/mdm/tips/copypaste.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/copypaste.md similarity index 87% rename from docs/endpointpolicymanager/mdm/tips/copypaste.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/copypaste.md index 6bfebbd881..f7b6647352 100644 --- a/docs/endpointpolicymanager/mdm/tips/copypaste.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/copypaste.md @@ -1,3 +1,9 @@ +--- +title: "Copying and Pasting Valid Endpoint Policy Manager Items" +description: "Copying and Pasting Valid Endpoint Policy Manager Items" +sidebar_position: 20 +--- + # Copying and Pasting Valid Endpoint Policy Manager Items When using the Endpoint Policy Manager Exporter, you can select Add Existing Files to bring in files diff --git a/docs/endpointpolicymanager/mdm/tips/enableprioritymode.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/enableprioritymode.md similarity index 92% rename from docs/endpointpolicymanager/mdm/tips/enableprioritymode.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/enableprioritymode.md index 57e32a69a5..cb3abb37f6 100644 --- a/docs/endpointpolicymanager/mdm/tips/enableprioritymode.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/enableprioritymode.md @@ -1,3 +1,9 @@ +--- +title: "Enabling Priority Mode for Multiple XML Items" +description: "Enabling Priority Mode for Multiple XML Items" +sidebar_position: 40 +--- + # Enabling Priority Mode for Multiple XML Items When wrapping multiple XMLs into an MSI, you may want them to execute in a predictable order. There diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/manual.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/manual.md new file mode 100644 index 0000000000..a8b9a6701e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/manual.md @@ -0,0 +1,53 @@ +--- +title: "Manually Placing XML Data and Licensing Files on Target Computers" +description: "Manually Placing XML Data and Licensing Files on Target Computers" +sidebar_position: 60 +--- + +# Manually Placing XML Data and Licensing Files on Target Computers + +You might want to manually place XML data files or Endpoint Policy Manager licensing files on your +computers by including them within your system build, or using a script to copy them. Or you might +be curious about what the Endpoint Policy Manager Exporter utility is doing and what it is +delivering. + +Endpoint Policy Manager licenses and Endpoint Policy Manager XML data files need to be included in +the `%programdata%\PolicyPak\XMLdata` directory of the target machine (on Windows 7 and later). This +is typically `c:\ProgramData\PolicyPak\XMLdata`. In the directory, you'll see three subdirectories: +Users, Groups, and Computer. + +**NOTE:** There is also a Cloud directory that may or may not be present. It is used in conjunction +with Endpoint Policy Manager Cloud delivery and is not shown in this example. + +Within the Users subdirectory, you will see a subdirectory with the name SID for every domain user +who has logged on to that machine. Within Groups, you will see a subdirectory with the name SID for +every group of every user who has logged on to that machine (both local and Active Directory +groups). + +![policypak_exporter_tips_tricks_8](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_8.webp) + +To license (or extend the license) of an existing machine that is domain-joined, place the license +file you received from Endpoint Policy Manager in the computer folder. To make the client computer +use the XML data file, place the file you created in the previous step in one of these folders: the +Computer folder (which affects all users on the machine), the `Groups\ folder`, or the +`Users\ folder`. + +If you are unsure which SID is meant for which user (or which group your users belong to), you can +use a variety of tools to perform a SID-to-user lookup. A very easy way to look up a user is to +use` OBJ::SID`, which can be downloaded for free at +[https://petri.com/obj_sid](https://petri.com/obj_sid). Once you've downloaded the `OBJ::SID` file, +copy and paste the SID folder name into the OBJ::SID tool, which is automatically generated. The +output will reveal the name: + +![policypak_exporter_tips_tricks_9](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_9.webp) + +Alternatively, you can type in the user or group name to receive the SID name: + +![policypak_exporter_tips_tricks_10](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_10.webp) + +![policypak_exporter_tips_tricks_11](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_11.webp) + +The reason Endpoint Policy Manager uses the SID and not the actual user or group name is because +SIDs are permanent, whereas the underlying name in Active Directory can be changed. Once the +exported XML data files are in the directory, the Endpoint Policy Manager engine will pick up the +change within 10 seconds and perform the function. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/modify.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/modify.md new file mode 100644 index 0000000000..61f213760c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/modify.md @@ -0,0 +1,49 @@ +--- +title: "Modifying Existing MSI Files with Endpoint Policy Manager Exporter" +description: "Modifying Existing MSI Files with Endpoint Policy Manager Exporter" +sidebar_position: 10 +--- + +# Modifying Existing MSI Files with Endpoint Policy Manager Exporter + +Endpoint Policy Manager Exporter enables you to quickly open and edit previously created MSI files. +To do this, select "Open an existing MSI installer previously generated by this tool for editing," +as shown in Figure 51, when running Endpoint Policy Manager Exporter. + +![policypak_exporter_tips_tricks](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks.webp) + +Figure 51. Endpoint Policy Manager Exporter allows the user to open and edit existing MSI files. + +After choosing this option, specify the MSI file that you previously created using Endpoint Policy +Manager Exporter. When you do this, you'll be able to instantly see the XML data files you +previously placed inside the MSI along with the users you specified to receive the XML data files. + +You can manually add or delete users and add or replace XML data files and Endpoint Policy Manager +licensing files. In Figure 52, we've added another user to Winzip01.xml, added the file +Winzip03.xml, and specified a set of users for that file. + +![policypak_exporter_tips_tricks_1](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_1.webp) + +Figure 52. In this example, the user has specified which users can access the Winzip01.xml and +Winzip03.xml files. + +When you click "Next", you'll be able to update your MSI information, as shown in Figure 53. + +![policypak_exporter_tips_tricks_2](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_2.webp) + +Figure 53. In the Installer Properties, the user can edit the specific MSI files they are working +on. + +The MSI product code is always preserved when the MSI files are opened, updated, and saved. +Additionally, in Figure 52 you can see that the upgrade code is copied from the original MSI file. +This enables you to perform MSI upgrades using your software deployment tool. However, in order to +do this, you will also need to specify a higher number for the product version. This is performed +automatically for you. You're welcome to change the New Product Version field to whatever you like. + +**NOTE:** You can learn more about how the product version attribute is used within MSI files in +this technical note from Microsoft: +[http://msdn.microsoft.com/en-us/library/windows/desktop/aa370579(v=vs.85).aspx](). + +In short, when you open and utilize the MSI, save it again (using the same name or a different +name), and update the product version, the resulting MSI will correctly remove any old references +and correctly update any new references. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/overview.md new file mode 100644 index 0000000000..7bfb5d91fe --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/overview.md @@ -0,0 +1,17 @@ +--- +title: "Endpoint Policy Manager Exporter Tips, Tricks, and Notes" +description: "Endpoint Policy Manager Exporter Tips, Tricks, and Notes" +sidebar_position: 40 +--- + +# Endpoint Policy Manager Exporter Tips, Tricks, and Notes + +In this section, you'll learn some Netwrix Endpoint Policy Manager (formerly PolicyPak) Exporter +tips and tricks. Below are the tips we will be exploring: + +- Modifying existing MSI files +- Cutting and pasting XML directives instead of importing them as a file +- Recycling user lists that you create +- Enabling Priority Mode +- Understand how XML data files are processed when they are delivered +- Manually placing XML data files on target computers (advanced topic) diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/processorder.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/processorder.md new file mode 100644 index 0000000000..4ce45c364f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/processorder.md @@ -0,0 +1,44 @@ +--- +title: "Understanding Processing Order of XML Data Files" +description: "Understanding Processing Order of XML Data Files" +sidebar_position: 50 +--- + +# Understanding Processing Order of XML Data Files + +Once a Endpoint Policy Manager license XML file or Endpoint Policy Manager XML data file is +delivered to a machine, it takes only seconds (up to 10 seconds) for the Endpoint Policy Manager +client-side extension (CSE) to process the files. You can add multiple XML data files in any +configuration. For instance, you might want to have the following scenario: + +- WestSalesUser1 gets an XML data file stating that WinZip's password length must be 11. +- WestSalesUser2 gets an XML data file stating that WinZip's password length must be 12. +- WestSalesUser2 gets an XML data file dictating Acrobat Reader's JavaScript settings. +- WestSalesUsers Active Directory group gets an XML data file stating that Acrobat cannot be + updated. +- Everyone on the computer gets the same Firefox settings. +- Everyone on the computer is locked out of the WinZip Cameras tab. + +Files are processed in the following order: + +**Step 1 –** All XML data files for groups are processed first. In the case where multiple XML data +files are specified for a particular group, they are processed in alphabetical order. + +**Step 2 –** All XML data files specific to the user are processed next. In the case where multiple +XML data files are specified for a particular user, they are processed in alphabetical order. + +**Step 3 –** All XML data files specific to the computer are processed last. In the case where +multiple XML data files are specified to a particular computer, they are processed in alphabetical +order. + +If there is a conflict between settings within multiple XML data files, the last written XML data +file wins. Therefore, groups have the least precedence, and computer has the most precedence. + +**NOTE:** XML data files processed on a certain computer affect all users on that computer. + +Lastly, if there's a conflict between Endpoint Policy Manager XML data files and Endpoint Policy +Manager Active Directory Group Policy directives, the Active Directory Group Policy directives are +written last; therefore, they win. + +**NOTE:** Log files for the automatic application of XML data settings are found in +`%appdata%\local\PolicyPak` in a file called ppUser_onXMLdata.log. diff --git a/docs/endpointpolicymanager/mdm/tips/recycle.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/recycle.md similarity index 87% rename from docs/endpointpolicymanager/mdm/tips/recycle.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/recycle.md index 171bfa02b8..240ecfd75b 100644 --- a/docs/endpointpolicymanager/mdm/tips/recycle.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/tips/recycle.md @@ -1,3 +1,9 @@ +--- +title: "Recycling the User Lists within Endpoint Policy Manager Exporter" +description: "Recycling the User Lists within Endpoint Policy Manager Exporter" +sidebar_position: 30 +--- + # Recycling the User Lists within Endpoint Policy Manager Exporter You might want to recycle the user lists you make within the Endpoint Policy Manager Exporter diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/_category_.json new file mode 100644 index 0000000000..7e225153ac --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Endpoint Policy Manager with MDM and UEM Tools", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "uemtools" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/_category_.json new file mode 100644 index 0000000000..d99d77b5ca --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/mdm/ensuringenrollment.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/ensuringenrollment.md similarity index 82% rename from docs/endpointpolicymanager/troubleshooting/mdm/ensuringenrollment.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/ensuringenrollment.md index f30543b56a..bee7e573be 100644 --- a/docs/endpointpolicymanager/troubleshooting/mdm/ensuringenrollment.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/ensuringenrollment.md @@ -1,3 +1,9 @@ +--- +title: "Ensuring MDM Enrollment" +description: "Ensuring MDM Enrollment" +sidebar_position: 20 +--- + # Ensuring MDM Enrollment Make sure your machine is actually MDM enrolled and not workplace joined. Figure 49 shows how to diff --git a/docs/endpointpolicymanager/troubleshooting/mdm/installhand.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/installhand.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/mdm/installhand.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/installhand.md index 8fd51529d2..3b66342741 100644 --- a/docs/endpointpolicymanager/troubleshooting/mdm/installhand.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/installhand.md @@ -1,3 +1,9 @@ +--- +title: "Installing by Hand" +description: "Installing by Hand" +sidebar_position: 10 +--- + # Installing by Hand In the previous section, "Using Endpoint Policy Manager with any MDM Service," we explained our diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/overview.md new file mode 100644 index 0000000000..d6cfc21ccf --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/overview.md @@ -0,0 +1,13 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 20 +--- + +# Troubleshooting + +Remember that there are three items needed to make Endpoint Policy Manager work with an MDM service: +the Endpoint Policy Manager CSE, the Endpoint Policy Manager license file, and the Endpoint Policy +Manager settings MSI files. That means there are (at least) three places to look when things go +wrong. The next three sections address the top problems and resolutions connected to these three +items. diff --git a/docs/endpointpolicymanager/troubleshooting/mdm/successevents.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/successevents.md similarity index 93% rename from docs/endpointpolicymanager/troubleshooting/mdm/successevents.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/successevents.md index a6557bbc4d..87bfd9ee64 100644 --- a/docs/endpointpolicymanager/troubleshooting/mdm/successevents.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/successevents.md @@ -1,3 +1,9 @@ +--- +title: "Checking Success Events" +description: "Checking Success Events" +sidebar_position: 30 +--- + # Checking Success Events Because MDM does not notify you when something is wrong, the hardest part about using it with diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/_category_.json new file mode 100644 index 0000000000..3769127e2c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Endpoint Policy Manager with any MDM Service", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/mdm/service/microsoftintune.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/microsoftintune.md similarity index 82% rename from docs/endpointpolicymanager/mdm/service/microsoftintune.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/microsoftintune.md index e492f89c39..e10d306760 100644 --- a/docs/endpointpolicymanager/mdm/service/microsoftintune.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/microsoftintune.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager and Microsoft Intune MDM" +description: "Endpoint Policy Manager and Microsoft Intune MDM" +sidebar_position: 10 +--- + # Endpoint Policy Manager and Microsoft Intune MDM **NOTE:** See [Endpoint Policy Manager and Microsoft Intune](/docs/endpointpolicymanager/video/mdm/microsoftintune.md) for @@ -17,4 +23,4 @@ item from the Add/Remove Programs options to prevent uninstallation. Using the f Once you select the group, you can change the Deployment Action to Required Install. Be sure the computer is MDM-joined and in the correct group. If the MSIs do not download as expected, see the -[Troubleshooting](/docs/endpointpolicymanager/troubleshooting/mdm/overview.md) section. +[Troubleshooting](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/overview.md) section. diff --git a/docs/endpointpolicymanager/mdm/service/mobileiron.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/mobileiron.md similarity index 92% rename from docs/endpointpolicymanager/mdm/service/mobileiron.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/mobileiron.md index 17ccdd0fd7..eadc886401 100644 --- a/docs/endpointpolicymanager/mdm/service/mobileiron.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/mobileiron.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager and MobileIron MDM" +description: "Endpoint Policy Manager and MobileIron MDM" +sidebar_position: 30 +--- + # Endpoint Policy Manager and MobileIron MDM **NOTE:** [Endpoint Policy Manager and MobileIron MDM](/docs/endpointpolicymanager/video/mdm/mobileiron.md) for a video @@ -53,4 +59,4 @@ service. ![using_policypak_with_mdm_and_18](/img/product_docs/endpointpolicymanager/mdm/service/using_endpointpolicymanager_with_mdm_and_18.webp) Be sure the computer is MDM-joined and in the correct group (if any). If the MSIs do not download as -expected, see [Troubleshooting](/docs/endpointpolicymanager/troubleshooting/mdm/overview.md). +expected, see [Troubleshooting](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/mdm/overview.md). diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/overview.md new file mode 100644 index 0000000000..c70e61cab9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/overview.md @@ -0,0 +1,81 @@ +--- +title: "Using Endpoint Policy Manager with any MDM Service" +description: "Using Endpoint Policy Manager with any MDM Service" +sidebar_position: 10 +--- + +# Using Endpoint Policy Manager with any MDM Service + +You can use Endpoint Policy Manager with any MDM service you already have, like Intune, VMware +Workspace ONE (formerly Airwatch), MobileIron, etc. Below we see a systems hierarchical breakdown +when using Endpoint Policy Manager with any MDM system. + +![using_policypak_with_mdm_and_1](/img/product_docs/endpointpolicymanager/mdm/service/using_endpointpolicymanager_with_mdm_and_1.webp) + +**NOTE:** +[Deploying Real Group Policy (and Extra Endpoint Policy Manager Settings) Overview](/docs/endpointpolicymanager/video/mdm/realgrouppolicy.md)a +video overview of Endpoint Policy Manager and MDM. + +The ultimate goal is to upload the following Endpoint Policy Manager items to your MDM service and +then have them downloaded: + +- Endpoint Policy Manager MSI client +- Endpoint Policy Manager MDM license MSI +- Endpoint Policy Manager example MSI (or your own MSIs) + +However, we strongly recommend you first verify that the license and MSI files are working perfectly +before actually performing all these steps. Therefore, our recommendation would be as follows: + +On one machine proceed in the following manner: + +**Step 1 –** Join MDM. + +**Step 2 –** Install Endpoint Policy Manager MSI by hand. + +**Step 3 –** Install Endpoint Policy Manager licenses MSI by hand. + +**Step 4 –** Install Endpoint Policy Manager example policies MSI by hand. + +This will ensure all the correct parts are working in concert before you attempt to use an MDM +service to deliver these components. + +**NOTE:** See [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) a +video of this process. + +Once you've completed these procedures, you're ready to actually perform the steps needed to get the +files deployed using your MDM service. The ultimate result and goal will be that the Endpoint Policy +Manager MSI client, the Endpoint Policy Manager MDM license MSI, and the Endpoint Policy Manager +examples (or your own wrapped up examples) are downloaded from your MDM service and installed on the +system. + +Optionally, you can view or hide these components by using the Add/Remove Programs applet in the +Control Panel. An example of a final deployment would look something like this: + +![using_policypak_with_mdm_and_2](/img/product_docs/endpointpolicymanager/mdm/service/using_endpointpolicymanager_with_mdm_and_2.webp) + +The typical command you want your MDM service to run for each component would be something like +this: + +``` +msiexec /i "PolicyPak Client-side extension x64.msi" /qn ARPSYSTEMCOMPONENT=1 +``` + +``` +msiexec /i "endpointpolicymanager-Exported-Settings.msi" /qn ARPSYSTEMCOMPONENT=1 +``` + +``` +msiexec /i "Fabrikam-License1.msi" /qn ARPSYSTEMCOMPONENT=1 +``` + +It should be noted that: + +- The `/qn` flag runs the MSI silently. +- The `/ARPSYSTEMCOMPONENT=1` is optional and will hide the deployed MSI from Add/Remove Programs so + users or admins won't see it installed or try to remove it. + +**NOTE:** The name of the actual license file you get might be somewhat different. + +The next three sections discuss a few setup tips and tricks for Microsoft Intune MDM, MobileIron +MDM, and VMware Workspace ONE MDM. The setup steps may vary a little from what is listed in the next +few sections, but they are the basic steps for each of the major services. diff --git a/docs/endpointpolicymanager/mdm/service/vmwareworkspaceone.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/vmwareworkspaceone.md similarity index 92% rename from docs/endpointpolicymanager/mdm/service/vmwareworkspaceone.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/vmwareworkspaceone.md index 86c82a3adf..1a80590d02 100644 --- a/docs/endpointpolicymanager/mdm/service/vmwareworkspaceone.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/service/vmwareworkspaceone.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager and VMware Workspace ONE MDM" +description: "Endpoint Policy Manager and VMware Workspace ONE MDM" +sidebar_position: 20 +--- + # Endpoint Policy Manager and VMware Workspace ONE MDM **NOTE:** See diff --git a/docs/endpointpolicymanager/mdm/uemtools.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md similarity index 87% rename from docs/endpointpolicymanager/mdm/uemtools.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md index 7cab366926..feaede5de1 100644 --- a/docs/endpointpolicymanager/mdm/uemtools.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md @@ -1,3 +1,9 @@ +--- +title: "Using Endpoint Policy Manager with MDM and UEM Tools" +description: "Using Endpoint Policy Manager with MDM and UEM Tools" +sidebar_position: 30 +--- + # Using Endpoint Policy Manager with MDM and UEM Tools Netwrix Endpoint Policy Manager (formerly PolicyPak) works with your mobile device management (MDM) @@ -29,4 +35,4 @@ any systems management utility. **NOTE:** For a series of videos to get started with Endpoint Policy Manager and any UEM tool, like SCCM, KACE, etc., see the following link: Getting Started with Endpoint Policy Manager (Misc) > -[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md). +[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md). diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/_category_.json new file mode 100644 index 0000000000..00a528cecf --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Exporting Directives as XML Data Files", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/administrativetemplates.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/administrativetemplates.md similarity index 81% rename from docs/endpointpolicymanager/mdm/xmldatafiles/administrativetemplates.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/administrativetemplates.md index d7eb9051e3..d90b3da0aa 100644 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/administrativetemplates.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/administrativetemplates.md @@ -1,3 +1,9 @@ +--- +title: "XML Data Files from Endpoint Policy Manager Admin Templates Manager" +description: "XML Data Files from Endpoint Policy Manager Admin Templates Manager" +sidebar_position: 50 +--- + # XML Data Files from Endpoint Policy Manager Admin Templates Manager Once you have a Endpoint Policy Manager Admin Templates Manager policy or collection established, diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/applicationssettings.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/applicationssettings.md similarity index 83% rename from docs/endpointpolicymanager/mdm/xmldatafiles/applicationssettings.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/applicationssettings.md index 5e82633e25..a1de325571 100644 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/applicationssettings.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/applicationssettings.md @@ -1,3 +1,9 @@ +--- +title: "XML Data Files from Endpoint Policy Manager Applications Settings Manager" +description: "XML Data Files from Endpoint Policy Manager Applications Settings Manager" +sidebar_position: 10 +--- + # XML Data Files from Endpoint Policy Manager Applications Settings Manager If you have a Group Policy Object (GPO) with an existing Endpoint Policy Manager Application diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/browserrouter.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/browserrouter.md new file mode 100644 index 0000000000..edb8d698fc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/browserrouter.md @@ -0,0 +1,17 @@ +--- +title: "XML Data Files from Endpoint Policy Manager Browser Router" +description: "XML Data Files from Endpoint Policy Manager Browser Router" +sidebar_position: 30 +--- + +# XML Data Files from Endpoint Policy Manager Browser Router + +Endpoint Policy Manager Browser Router settings can be exported as an XML file. +Right-click` Computer Configuration | PolicyPak | Browser Router` or +`User Configuration | PolicyPak | Browser Router`, and pick the collection you wish to export, as +shown in Figure 13. For full details on the Endpoint Policy Manager Browser Router, see Book 5: +[Browser Router](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview.md). + +![deploying_policypak_directives_12](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_12.webp) + +Figure 13. Exporting a collection as an XML file via Endpoint Policy Manager Browser Router. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/feature.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/feature.md new file mode 100644 index 0000000000..514405694b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/feature.md @@ -0,0 +1,25 @@ +--- +title: "XML Data Files from Endpoint Policy Feature Manager" +description: "XML Data Files from Endpoint Policy Feature Manager" +sidebar_position: 120 +--- + +# XML Data Files from Endpoint Policy Feature Manager + +Endpoint Policy Manager Feature Manager settings can be exported as an XML file. You can export a +single policy, a collection, or the whole node. Feature Manager only supports computer rules. In +this example, we have created an install rule and an uninstall rule, and we are exporting the entire +collection by right-clicking `Computer Configuration | PolicyPak | Feature Manager` for Windows 10 +and Windows Server and picking the collection we wish to export. + +![deploying_policypak_directives_28](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_28.webp) + +Figure 28. Exporting a whole collection using Endpoint Policy Manager Feature Manager. + +Alternatively, we could select a designated setting to export as well. Right-click +`Computer Configuration | PolicyPak | Security Manager`, and select the setting that is available in +the menu, as shown in Figure 29. + +![deploying_policypak_directives_29](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_29.webp) + +Figure 29. Exporting a single Endpoint Policy Manager Feature Manager entry. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/fileassociations.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/fileassociations.md similarity index 80% rename from docs/endpointpolicymanager/mdm/xmldatafiles/fileassociations.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/fileassociations.md index a87edf0f96..2760f774ee 100644 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/fileassociations.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/fileassociations.md @@ -1,3 +1,9 @@ +--- +title: "XML Data Files from Endpoint Policy Manager File Associations Manager" +description: "XML Data Files from Endpoint Policy Manager File Associations Manager" +sidebar_position: 60 +--- + # XML Data Files from Endpoint Policy Manager File Associations Manager You can export a single Endpoint Policy Manager File Associations Manager entry, as shown in diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/javaenterpriserules.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/javaenterpriserules.md similarity index 84% rename from docs/endpointpolicymanager/mdm/xmldatafiles/javaenterpriserules.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/javaenterpriserules.md index 4e4544b4f6..4f0050dcfa 100644 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/javaenterpriserules.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/javaenterpriserules.md @@ -1,3 +1,9 @@ +--- +title: "XML Data Files from Endpoint Policy Manager Java Enterprise Rules Manager" +description: "XML Data Files from Endpoint Policy Manager Java Enterprise Rules Manager" +sidebar_position: 40 +--- + # XML Data Files from Endpoint Policy Manager Java Enterprise Rules Manager Endpoint Policy Manager Java Enterprise Rules Manager settings can be exported as an XML file. You diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/leastprivilegemanager.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/leastprivilegemanager.md similarity index 82% rename from docs/endpointpolicymanager/mdm/xmldatafiles/leastprivilegemanager.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/leastprivilegemanager.md index 3927e636b9..60b120e000 100644 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/leastprivilegemanager.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/leastprivilegemanager.md @@ -1,3 +1,9 @@ +--- +title: "XML Data Files from Endpoint Privilege Manager" +description: "XML Data Files from Endpoint Privilege Manager" +sidebar_position: 20 +--- + # XML Data Files from Endpoint Privilege Manager Endpoint Policy Manager Least Privilege Manager settings can be exported as an XML file. You can diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/overview.md new file mode 100644 index 0000000000..023a414b25 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/overview.md @@ -0,0 +1,147 @@ +--- +title: "Exporting Directives as XML Data Files" +description: "Exporting Directives as XML Data Files" +sidebar_position: 20 +--- + +# Exporting Directives as XML Data Files + +Creating Endpoint Policy Manager XML data files is easy. But each Endpoint Policy Manager component +has a slightly different way to make and export XML data files. The XML data files you export can +then be used with Endpoint Policy Manager Exporter (with MEMCM, KACE, Microsoft Intune, etc.) or +with Endpoint Policy Manager Cloud. We will discuss these processes in the following sections. Note +that instructions are not included for all components. We've provided a representative sample of +most of the components, and most will export in a similar way. All the exceptions are noted here, +however, like Admin Templates Manager, Application Settings Manager, and Security Settings manager, +which are somewhat different than the others. + +**NOTE:** For a video overview of how to wrap up XML data and license files into MSI files, see the +following link: +[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md). + +Now that you have your XML data files, you're ready to bundle them up and make them into an MSI for +easy deployment using any software distribution utility, such as Microsoft Endpoint Configuration +Manager (MEMCM), Microsoft Intune, MobileIron, VMware Workspace ONE, KACE, LANDesk, or anything else +that uses MSI files. + +**Step 1 –** When you install the Endpoint Policy Manager Admin Console MSI, you automatically +install the Endpoint Policy Manager Exporter utility. In order to launch it, locate the utility's +icon in the Start menu within Endpoint Policy Manager Application Settings Manager, as shown in +Figure 3. + +![deploying_policypak_directives_2](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_2.webp) + +Figure 3. The Endpoint Policy Manager Exporter utility icon in the Start menu. + +This utility enables you to do any of the following: + +- Create new Endpoint Policy Manager Application Settings Manager XML data files +- Use existing XML data files from all Endpoint Policy Manager products +- Use Endpoint Policy Manager licensing files +- Map which XML data files should be installed for which users on target machines +- Open existing MSI files you previously created and quickly edit and enable modifications and + upgrades + +In this demonstration of Endpoint Policy Manager Exporter, we'll assume you have a collection of +Endpoint Policy Manager XML data files or a Endpoint Policy Manager licensing file you want to wrap +up into an MSI file for easy deployment. Let's assume you had the following XML data files (as shown +in Table 1) and wanted to ensure that the following users received the directives when logging on to +specific machines. + +Table 1: Example files. + +| File Name | File Type | Users Receiving the File | +| ----------------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------ | +| WinZip1.xml | Endpoint Policy Manager Application Settings Manager XML data file | EastSalesUser1, EastSalesUser2, Active Directory users | +| FireFox1.xml | Endpoint Policy Manager Application Settings Manager XML data file | Computer (All Users) | +| Enforce Default Browser.xml | Endpoint Policy Manager Browser Router Manager XML data file | Computer (All Users) | +| Control Panel Settings.xml | Endpoint Policy Manager Admin Templates Manager XML data file | Computer (All Users) | +| Important Security Settings.xml | Endpoint Policy Manager Security Settings Manager XML data file | Computer (All Users), forced | +| Fabrikam.Local-License-Key-file.xml | Endpoint Policy Manager license file | Computer (All Users), forced | + +When Endpoint Policy Manager Exporter is launched, you'll be able to perform the actions shown in +Figure 4. + +![deploying_policypak_directives_3](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_3.webp) + +Figure 4. The Endpoint Policy Manager Exporter tool helps the user create XML data files and package +the files into an MSI installer. + +**Step 2 –** Endpoint Policy Manager Exporter will create MSIs from your existing XML data files and +Endpoint Policy Manager licensing files or open up an existing MSI that you created earlier using +this tool. For now, select "Create a new MSI installer." Then, you'll see the option, "Add Existing +Files," as shown in Figure 5. + +![deploying_policypak_directives_4](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_4.webp) + +Figure 5. The option to add existing files. + +The "Add Existing Files" button lets you bring in the following types of files: + +- Any Endpoint Policy Manager XML data files (such as from Endpoint Policy Manager Application + Settings Manager, Endpoint Policy Manager Browser Router, Endpoint Policy Manager Least Privilege + Manager, etc.) +- Microsoft Group Policy Preferences XML data files +- Microsoft Security Group Policy settings exported as XML data files using Endpoint Policy Manager + Security Settings Manager +- Microsoft Admin Template settings exported using Endpoint Policy Manager Admin Templates Manager +- Endpoint Policy Manager licensing files for Endpoint Policy Manager and the Endpoint Policy + Manager Group Policy Compliance Reporter + +With Endpoint Policy Manager Exporter you can wrap these up into an MSI. In Figure 6, we have added +a variety of exported XML settings. + +![deploying_policypak_directives_5](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_5.webp) + +Figure 6. Exported XML settings. + +**NOTE:** You cannot add more than one licensing file of the same product type to an MSI project. + +**Step 3 –** Next, you can dictate which files will be delivered to which users, or to Computer (All +Users). + +**NOTE:** For MDM and Endpoint Policy Manager Cloud scenarios, it's common to specify the settings +affecting Computer (All Users), so you can guarantee that whoever is on the machine will get the +settings. + +**Step 4 –** By default, newly added XML data files will be delivered to all users, as shown in +Figure 7. This means the settings get delivered to the Computer side, and the result is that all +users must receive the settings. However, in our example, we want the WinZip1.xml file to be +delivered to EastSalesUser1 and EastSalesUser2. Therefore, use the dropdown menu under "Install +For," and change it from "Computer" to "Users & Groups." After you do this, the Target column +populates with "0 Users," as illustrated in Figure 7. + +![deploying_policypak_directives_6](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_6.webp) + +Figure 7. Selecting which group will get the XML data files. + +**Step 5 –** Click on "0 Users" to specify the users you want the WinZip1.xml file to work with. In +the Select Users or Groups dialog, click "Add Users / Groups," and specify the users (or groups) you +want this XML data file to apply to (see Figure 8). Then click "OK." + +![deploying_policypak_directives_7](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_7.webp) + +Figure 8. Selecting the targeted users. + +Notice that `theWinZip1.xml` file is now set to be delivered to two users (see Figure 9). You can +also specify Active Directory groups instead of just users. To help specify these types of users, +the Target column will express how many users and how many groups are being targeted. + +![deploying_policypak_directives_8](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_8.webp) + +Figure 9. The Target column shows how many users and how many groups are being targeted. + +**NOTE:** Licensing files are always set to deliver to all users. + +**Step 6 –** You can repeat the process by clicking on "Create New PPAM XMLdata File" or "Add +Existing Files" and then specifying which users you want the directives to apply to. When you are +done, click "Next" to continue. This will initiate the Installer Properties page where you can name +the MSI and manufacturer however you wish (as shown in Figure 10). + +![deploying_policypak_directives_9](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_9.webp) + +Figure 10. Naming the MSI. + +**Step 7 –** When you click "Next" in the Installer Properties page, you will be prompted to save +your MSI file. If you need it later, the MSI file can be opened and edited again (see the section +"Modifying Existing MSI files with Endpoint Policy Manager Exporter"). diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/preferences.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/preferences.md new file mode 100644 index 0000000000..37b1155b00 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/preferences.md @@ -0,0 +1,28 @@ +--- +title: "XML Data Files from Endpoint Policy Preferences Manager" +description: "XML Data Files from Endpoint Policy Preferences Manager" +sidebar_position: 70 +--- + +# XML Data Files from Endpoint Policy Preferences Manager + +To make an XML file from a Group Policy Preference item, first create the item. Be sure to embed any +Group Policy Preference Item-Level Targeting within your item to limit when the item will apply. For +instance, you may want to limit by operating system, IP address range, the presence of a file, and +so on. Refer to Book 9: [Preferences Manager](/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/overview.md), for more details. +Then, drag the Group Policy Preference item from the MMC console to create the XML data file. You +can drag this file to a folder or your desktop, as shown in Figure 19. + +![deploying_policypak_directives_19](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_19.webp) + +Figure 19. Dragging the the Group Policy Preference item from the MMC console to the desktop in +order to create a XML data file. + +Alternatively, the Endpoint Policy Manager management console can also export existing Group Policy +Preference items from within an existing GPO (without you needing to drag and drop items one by +one). You can see an example of this in Figure 20. + +![deploying_policypak_directives_20](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_20.webp) + +Figure 20. The user can export an existing GPO through the Endpoint Policy Manager management +console. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/scripts.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/scripts.md new file mode 100644 index 0000000000..519a79badb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/scripts.md @@ -0,0 +1,20 @@ +--- +title: "XML Data Files from Endpoint Policy Scripts Manager" +description: "XML Data Files from Endpoint Policy Scripts Manager" +sidebar_position: 110 +--- + +# XML Data Files from Endpoint Policy Scripts Manager + +You can export a single Endpoint Policy Manager Script Manager entry, as shown in Figure 26. + +![deploying_policypak_directives_26](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_26.webp) + +Figure 26. Exporting a single Endpoint Policy Manager Scripts Manager entry. + +Alternatively, you can export a whole collection, as shown in Figure 27, by right-clicking +`Computer Configuration | PolicyPak | Browser Router` and picking the collection you wish to export. + +![deploying_policypak_directives_27](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_27.webp) + +Figure 27. Exporting a whole collection using Endpoint Policy Manager Scripts Manager. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/securitysettings.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/securitysettings.md new file mode 100644 index 0000000000..f599cb4c5d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/securitysettings.md @@ -0,0 +1,17 @@ +--- +title: "XML Data Files from Endpoint Policy Manager Security Settings Manager" +description: "XML Data Files from Endpoint Policy Manager Security Settings Manager" +sidebar_position: 80 +--- + +# XML Data Files from Endpoint Policy Manager Security Settings Manager + +Endpoint Policy Manager Security Settings Manager will export the computer-side security within a +GPO as an XML file. Right-click `Computer Configuration | PolicyPak | Security Manager`, and select +the only setting that is available in the menu, as shown in Figure 21. For full details on the +Endpoint Policy Manager Security Settings Manager Export Wizard, see Book 10: +[Security Settings Manager](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/overview.md). + +![deploying_policypak_directives_21](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_21.webp) + +Figure 21. Exporting the computer-side security within a GPO as an XML file. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/startscreen.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/startscreen.md similarity index 85% rename from docs/endpointpolicymanager/mdm/xmldatafiles/startscreen.md rename to docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/startscreen.md index 1dbb617d0b..3aae733c3e 100644 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/startscreen.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/startscreen.md @@ -1,3 +1,9 @@ +--- +title: "XML Data Files from Endpoint Policy Manager Start Screen Manager" +description: "XML Data Files from Endpoint Policy Manager Start Screen Manager" +sidebar_position: 90 +--- + # XML Data Files from Endpoint Policy Manager Start Screen Manager Endpoint Policy Manager Start Screen Manager for Windows 10 settings can be exported as an XML file. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/taskbar.md b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/taskbar.md new file mode 100644 index 0000000000..4c713f48bc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/mdm/xmldatafiles/taskbar.md @@ -0,0 +1,24 @@ +--- +title: "XML Data Files from Endpoint Policy Taskbar Manager" +description: "XML Data Files from Endpoint Policy Taskbar Manager" +sidebar_position: 100 +--- + +# XML Data Files from Endpoint Policy Taskbar Manager + +Endpoint Policy Manager Taskbar Manager settings can be exported as an XML file. You can export a +single policy, a collection, or the whole node. For example, right-click +`Computer Configuration | PolicyPak | Taskbar Manager` for Windows 10 or +`User Configuration | PolicyPak | Taskbar Manager` for Windows 10, and pick the root node or +collection you wish to export, as shown in Figure 24. + +![deploying_policypak_directives_24](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_24.webp) + +Figure 24. Exporting a whole collection using Endpoint Policy Manager Taskbar Manager. + +You can also export a single Endpoint Policy Manager Taskbar Manager entry, as as shown in +Figure 25. + +![deploying_policypak_directives_25](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_25.webp) + +Figure 25. Exporting a single Endpoint Policy Manager Taskbar Manager entry. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/_category_.json new file mode 100644 index 0000000000..c4f5a1776c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Quick Start", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overviewinstall" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/clientsideextension.md b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/clientsideextension.md new file mode 100644 index 0000000000..3f95059877 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/clientsideextension.md @@ -0,0 +1,108 @@ +--- +title: "Deploying the Client-Side Extension to Multiple Clients" +description: "Deploying the Client-Side Extension to Multiple Clients" +sidebar_position: 40 +--- + +# Deploying the Client-Side Extension to Multiple Clients + +The Netwrix Endpoint Policy Manager (formerly PolicyPak) directives you create are not performed on +clients unless the Endpoint Policy Manager client-side extension (CSE) is on the target machine and +the CSE is licensed. You may use any of the following methods to install the CSE for the first time +on your target machines: + +- One-by-one installation (good for test labs) +- Group Policy Software Installation (not recommended) +- Third-party software delivery mechanism (such as PDQ Deploy) +- Microsoft Endpoint Configuration Manager (MEMCM) software delivery +- Microsoft Endpoint Manager Intune software delivery +- Installation with startup scripts +- Building the Endpoint Policy Manager CSE into your virtual desktop infrastructure (VDI), desktop, + or laptop image +- Bootstrapping the CSE via RMM or another mobile device management (MDM) tool + +There's not a single right way to do this, but to make the installation as painless as possible, we +have included a few suggestions in the sections below to help you through the process. + +The Endpoint Policy Manager CSE ships as an MSI file and, as such, is very flexible in the initial +deployment and upkeep. + +In the next section, we will discuss the following three main ideas: + +- Using our recommended tool, PDQ Deploy +- Deploying the CSE using Group Policy Software Installation and upgrading an older version using + Group Policy Software Installation (not recommended) +- Using the PolicyPak's built-in CSE auto-update feature (which allows the programs to silently + download, update, and report on performing updates) + +## PDQ Deploy + +Our recommended tool of choice to get the Endpoint Policy Manager CSE deployed to multiple machines +is PDQ Deploy. PDQ Deploy has a free mode and a paid mode, which is reasonably priced. You can see +how to deploy a package with PDQ Deploy please see the +[Managing Group Policy using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodpdqdeployrecom/pdqdeploy.md) +topic for additional information. + +## MDM, UEM, or RMM Tools + +Because the Endpoint Policy Manager CSE ships as an MSI file, you can quickly get this deployed +using Microsoft Endpoint Configuration Manager (MEMCM) software delivery, Microsoft Endpoint Manager +Intune software delivery, KACE, LANDesk, or anything else that deploys an MSI. Consult your tool's +documentation for MSI deployment best practices. + +## Group Policy Software Installation + +**NOTE:** You can also use Microsoft Group Policy Software Installation to deploy the Endpoint +Policy Manager CSE. However, software delivery (and removal) by Group Policy Software Installation +can be unreliable, and this method is not recommended. + +If you do choose to use it, the process can usually done in four steps: + +**Step 1 –** Set up a share or DFS point for which all clients have Read access. In our examples, +we've set up a share named Endpoint Policy Manager. + +**Step 2 –** Copy the Endpoint Policy Manager Client-Side Extension x32.msi for 32-bit systems or +Endpoint Policy Manager Client-Side Extension x64.msi for 64-bit systems to that share. + +**Step 3 –** Create a Group Policy Object (GPO) and link it to the organizational unit (OU) +containing the target computers. + +**Step 4 –** Use Group Policy Software Installation to deploy that file to all target computers. + +**NOTE:** To see a demonstration of this section, please watch these two tutorial videos: +[Mass Deploy the Endpoint Policy Manager CSE using GPSI](/docs/endpointpolicymanager/knowledgebase/archive/massdeploy.md) and +[Upgrading the CSE using GPSI](/docs/endpointpolicymanager/knowledgebase/archive/upgrading.md). In this example, we've created a GPO named +Deploy PP Client and linked it to East Sales Desktops. + +![Deploying Client Side](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_350x474.webp) + +**Step 5 –** Next, right-click the GPO and select **Edit**. Once you're inside the Group Policy +Editor, scroll down to **Computer** > **Configuration** > **Software Settings** > **Software +Installation**. Right-click, and select **New** > **Package**. + +![deploying_the_client_side_1_620x359](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_1_620x359.webp) + +**Step 6 –** Once this is complete, type in the server and share names you used. In our example, our +server is `\\DC-Computer` and our share is Endpoint Policy Manager. Then select the Endpoint Policy +Manager CSE Setup x64.msi file, and click **Open**. Next, choose **Assigned**, and select **OK**. + +![deploying_the_client_side_2_620x389](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_2_620x389.webp) + +![deploying_the_client_side_3_550x381](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_3_550x381.webp) + +When you're done, the GPO should look like this:. + +![deploying_the_client_side_4_1200x309](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_4_1200x309.webp) + +**Step 7 –** Repeat this process until both the x86 and x64 MSIs appear. + +![deploying_the_client_side_5_1200x240](/img/product_docs/endpointpolicymanager/install/deploying_the_client_side_5_1200x240.webp) + +**NOTE:** Be sure that the source field is pointing to a network path (e.g., `\\server\share`) and +not a local path (e.g., `c:\something\`). + +If you have an older version of the Endpoint Policy Manager CSE and wish to update it using Group +Policy Software Installation, it's easy to do. + +For more information on how to perform an upgrade using Group Policy Software Installation. See the +[Upgrading the CSE using GPSI](/docs/endpointpolicymanager/knowledgebase/archive/upgrading.md) topic for additional information. diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/downloadcontents.md b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/downloadcontents.md similarity index 86% rename from docs/endpointpolicymanager/gettingstarted/quickstart/downloadcontents.md rename to docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/downloadcontents.md index 410b32b37e..0f9d7bbaf7 100644 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/downloadcontents.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/downloadcontents.md @@ -1,3 +1,9 @@ +--- +title: "Step 1: Get the download and inspect its contents" +description: "Step 1: Get the download and inspect its contents" +sidebar_position: 10 +--- + # Step 1: Get the download and inspect its contents Once the Endpoint Policy Manager ZIP is downloaded, Extract all and keep things organized. diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md similarity index 89% rename from docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md rename to docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md index b8fd98ae52..bdf821ad66 100644 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md @@ -1,3 +1,9 @@ +--- +title: "Installation Quick Start" +description: "Installation Quick Start" +sidebar_position: 30 +--- + # Installation Quick Start Thank you for downloading Netwrix Endpoint Policy Manager (formerly PolicyPak). Here is is a quick @@ -12,7 +18,7 @@ overview of the process you need to follow: **NOTE:** This guide provides you with the most basic steps to get Endpoint Policy Manager unpacked and installed and ready to use. See the other topics in the parent publication, as well as the -[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md) > All Things Installation & Upkeep and the +[Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) > All Things Installation & Upkeep and the All Things Installation & Upkeep [Video Learning Center](/docs/endpointpolicymanager/video/index.md) topics for additional information. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/powershell.md b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/powershell.md new file mode 100644 index 0000000000..bff0565774 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/powershell.md @@ -0,0 +1,178 @@ +--- +title: "Endpoint Policy Manager and PowerShell" +description: "Endpoint Policy Manager and PowerShell" +sidebar_position: 50 +--- + +# Endpoint Policy Manager and PowerShell + +Netwrix Endpoint Policy Manager (formerly PolicyPak) has a PowerShell module that can perform some +key tasks. As of the writing of this manual, the PowerShell cmdlets can perform licensing steps and +discover Endpoint Policy Manager items within a Group Policy Object (GPO). The Endpoint Policy +Manager PowerShell module is located in the Endpoint Policy Manager Extras folder you downloaded. + +![policypak_and_powershell_1200x787](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_1200x787.webp) + +Run the Endpoint Policy Manager PowerShell Tools installer. The Endpoint Policy Manager PowerShell +modules will be installed to `>c:\Program Files\PolicyPak1\Tools\Modules\PolicyPak`. + +At a Powershell prompt run the command `>Import-Module endpointpolicymanager.psd1.` If you add the +`>-verbose `command you will see all of the available cmdlets. + +![policypak_and_powershell_1_1200x974](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_1_1200x974.webp) + +## Endpoint Policy Manager PowerShell and Licensing Endpoint Policy Manager + +To import a module, you need to call `>Import-Module Endpoint Policy Manager `in PowerShell. At the +time of the publication of this manual, all Endpoint Policy Manager cmdlets are for a licensing +component that requires the following commands: + +- Importing cmdlet '`Get-PPCses`' +- Importing cmdlet '`Get-PPGPOs`' +- Importing cmdlet '`Get-RegisteredCses`' +- Importing cmdlet '`Register-PPLicenses`' +- Importing cmdlet '`Test-PPLicense`' +- Importing cmdlet '`Disable-InactiveComputers`' +- Importing cmdlet '`Get-InactiveComputers`' +- Importing cmdlet '`Get-PPLicenses`' +- Importing cmdlet '`Register-PPLicense`' +- Importing cmdlet '`New-PPLicenseRequestFile`' + +To generate a new Endpoint Policy Manager license request, there are two methods. Method 1 requires +using the existing Microsoft cmdlet Get-ADOrganizationalUnit as shown below. + +`># New-PPLicenseRequest` + +`>Import-Module ActiveDirectory` + +`>Import-Module PolicyPak` + +`>$scope = Get-ADOrganizationalUnit -Filter {(name -eq "OU2") -or (name -like "Domain*") -or (name -like "Real*")} -Property * | FT DistinguishedName -A -HideTableHeaders | Out-String` + +`>$som = Get-ADOrganizationalUnit -Filter {(name -like "Real*") -or (name -like "Domain*")} -Property * | FT DistinguishedName -A -HideTableHeaders | Out-String` + +`>New-PPLicenseRequestfile "C:\Temp\request1.xml" -Scope $scope -Som $som -Verbose ` + +The request output is shownbelow. + +![policypak_and_powershell_2](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_2.webp) + +**NOTE:** To understand scope versus SOM, see +[Why does License Tool ask Who am I and Where do I want to use Endpoint Policy Manager?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensesfaqforactive/scope.md). + +Method 2 requires indicating specific organizational units (OUs), as shown below. In this example, +the scope is the whole domain, but the SOM is the Sales OU within the Fabrikam.com domain. Below is +an example script which requests a new license file from a specific SOM and scope. + +`># New-PPLicenseRequest` + +`>Import-Module ActiveDirectory` + +`>Import-Module PolicyPak` + +`>$scope = "DC=Fabrikam, DC=com" ` + +`>$som = "OU=Sales, DC=Fabrikam, DC=com"` + +`>New-PPLicenseRequestFile "E:\Downloads\adcomputer.text.new.xml" -scope $scope -som $som -Verbose` + +`>#---` + +![policypak_and_powershell_3_1200x833](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_3_1200x833.webp) + +The next cmdlet enables you to determine how many computers are not active. + +`># Get-InactiveComputers` + +`>Import-Module PolicyPak` + +`>Get-InactiveComputers -LastLoginTime 90 -inu -Verbose` + +`>#---` + +The result from this cmdlet is shown below. + +![policypak_and_powershell_4_950x333](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_4_950x333.webp) + +``` +>The next cmdlet disables inactive computers.># Disable-InactiveComputers +>Import-Module PolicyPak +>Disable-InactiveComputers -LastLoginTime 900 -Verbose +>#--- +``` + +You can then see the machines are disabled: + +![policypak_and_powershell_5_1200x561](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_5_1200x561.webp) + +When the next cmdlet is run, you can see if the license file you got from Endpoint Policy Manager +was valid. Note that you might have to run the cmdlet on each Endpoint Policy Manager license file +you get. + +``` +># Test-PPlicense>Import-Module PolicyPak +>Test-PPlicense  +>"C:\Users\server\Desktop_licenses\license_1.xml" -verbose +>Test-PPlicense  +>"C:\Users\server\Desktop_licenses\license1.xml" -verbose +>Test-PPlicense  +>"C:\Users\server\Desktop_licenses\license2.xml" -verbose +>Test-PPlicense  +>"C:\Users\server\Desktop_licenses\FIRSTLicense-Request-Key.xml" -verbose +>#--- +``` + +You can then see that the license is valid: + +![policypak_and_powershell_6_950x148](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_6_950x148.webp) + +When the next cmdlet is run, you can create a new GPO and link it to the scope. + +``` +># Register-PPlicense>Import-Module PolicyPak +>Register-PPlicense  +>"C:\Users\server\Desktop_licenses\license1.xml" -e $True -verbose  +``` + +You can then see the successful installation: + +![policypak_and_powershell_7_1200x328](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_7_1200x328.webp) + +The next cmdlet will specify a GPO by GUID. + +``` +>#Register-PPlicense >"C:\Users\server\Desktop_licenses\license1.xml" -e $True -mgpo "96A61654-8363-444B-97AC-47D466FE12EE" -verbose  +>#--- +># Get-PPlicenses +>Import-Module PolicyPak +>Get-PPlicenses -Verbose +>#--- +``` + +The result is shown below. You can see the GPO name, scope, expiration date of the license, Endpoint +Policy Manager license version type, and validation status of the license. + +![policypak_and_powershell_8_1200x803](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_8_1200x803.webp) + +## Endpoint Policy Manager PowerShell and Discovery + +Endpoint Policy Manager can help you discover which GPOs contain Endpoint Policy Manager directives. +After you have performed the import of the Endpoint Policy Manager module with Import-Module +PolicyPak, you can use cmdlets like the following examples: + +- `>Get-PPCses`: shows Endpoint Policy Manager client-side extension (CSE) names and guids +- `>Get-PPGPOs -cse "Security"`: same as above, but searches for CSEs with "security" in the name + (case insensitive) +- `>Get-RegisteredCses`: shows CSEs registered in the system +- `>Get-PPGPOs | Format-Table -wrap`: shows all GPOs with any Endpoint Policy Manager product as a + table (You can see this in Figure 26 below.) +- `>Get-PPGPOs | Select -ExpandProperty "GPO"`:  shows all GPOs with Endpoint Policy Manager + products as names only +- `>Get-PPGPOs -cse "Security" | Select -ExpandProperty "GPO"`: shows all GPOs with any Endpoint + Policy Manager products with "security" in the title +- `>Get-PPGPOs -cse "E0088A46-AB54-4FBD-A733-303C58244C5E"`: shows all GPOs based on CSE GUID + +![Text + +Description automatically +generated](/img/product_docs/endpointpolicymanager/install/endpointpolicymanager_and_powershell_9_850x594.webp) diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/prepareendpoint.md b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/prepareendpoint.md similarity index 89% rename from docs/endpointpolicymanager/gettingstarted/quickstart/prepareendpoint.md rename to docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/prepareendpoint.md index ef8a7d9bb8..8ec3f18e13 100644 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/prepareendpoint.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/prepareendpoint.md @@ -1,3 +1,9 @@ +--- +title: "Step 2: Prepare an endpoint machine to receive Endpoint Policy Manager policies" +description: "Step 2: Prepare an endpoint machine to receive Endpoint Policy Manager policies" +sidebar_position: 20 +--- + # Step 2: Prepare an endpoint machine to receive Endpoint Policy Manager policies During your trial period you will want to experience the power of Endpoint Policy Manager performing @@ -38,7 +44,7 @@ Next, install the Endpoint Policy Manager CSE on the endpoint. Use x64 for 64 bi machines. **NOTE:** See the -[Endpoint Policy Manager ARM Support Supportability Statement](/docs/endpointpolicymanager/requirements/support/arm.md) +[Endpoint Policy Manager ARM Support Supportability Statement](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/gettingstarted/arm.md) topic about Endpoint Policy Manager Support on Arm processors. After the Endpoint Policy Manager CSE is installed, you can test verify that the license is valid @@ -58,7 +64,7 @@ days after you perform the installation. Therefore, be aware of your Expiration be sooner than expected. See the -[How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/troubleshooting/license/components.md) +[How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/licensingtroubleshoo/components.md) topic for further details on validating licensing. See also the [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/troubleshooting/mdm.md) topic for further details showing what happens when you rename a computer and how Endpoint Policy diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/_category_.json new file mode 100644 index 0000000000..d8552c3299 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Step 3: Prepare a management station to create Endpoint Policy Manager policies", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "preparemanagementstation" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/preparemanagementstation.md b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/preparemanagementstation.md similarity index 87% rename from docs/endpointpolicymanager/gettingstarted/quickstart/preparemanagementstation.md rename to docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/preparemanagementstation.md index 8badcdec42..73d6af1008 100644 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/preparemanagementstation.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/preparemanagementstation.md @@ -1,3 +1,9 @@ +--- +title: "Step 3: Prepare a management station to create Endpoint Policy Manager policies" +description: "Step 3: Prepare a management station to create Endpoint Policy Manager policies" +sidebar_position: 30 +--- + # Step 3: Prepare a management station to create Endpoint Policy Manager policies Endpoint Policy Manager Policies are always created in the Group Policy editor, even if you plan to @@ -17,12 +23,12 @@ Console (GPMC) installed on it. Therefore, good candidates are your own manageme box” or, if you wish, you may install on a Domain Controller. **TIP**: Use the instructions in the -[What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?](/docs/endpointpolicymanager/install/methods.md) +[What are the two ways that can I install the GPMC on my Admin Station (Server or Windows 10) machine?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/methods.md) topic if you do not yet have the GPMC on your management station. **NOTE:** The Endpoint Policy Manager MMC Group Policy Snap-In does NOT require installation on a Domain Controller, it is simply an option. See the -[Does Endpoint Policy Manager admin console need to be installed on Domain Controller (DC)?](/docs/endpointpolicymanager/install/adminconsole.md) +[Does Endpoint Policy Manager admin console need to be installed on Domain Controller (DC)?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/methodgpoinitialinst/adminconsole.md) topic for details. The result of installing the Endpoint Policy Manager MMC Group Policy Snap-In on a management diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/specificcomponents.md b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/specificcomponents.md similarity index 83% rename from docs/endpointpolicymanager/gettingstarted/quickstart/specificcomponents.md rename to docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/specificcomponents.md index 7056737a65..3c88b21ff1 100644 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/specificcomponents.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/preparemanagementsta/specificcomponents.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started with specific components (Endpoint Policy ManagerLeast Privilege Manager, Endpoint Policy Device Manager, etc.)" +description: "Getting Started with specific components (Endpoint Policy ManagerLeast Privilege Manager, Endpoint Policy Device Manager, etc.)" +sidebar_position: 10 +--- + # Getting Started with specific components (Endpoint Policy ManagerLeast Privilege Manager, Endpoint Policy Device Manager, etc.) Endpoint Policy Manager is now installed on an endpoint (which is temporarily licensed) and you have @@ -17,7 +23,7 @@ TIPS: If you want to go beyond the basics and really dive in to each component, like Endpoint Policy Manager Least Privilege Manager or Endpoint Policy Manager Device Manager, or any of our components, see the -[Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles](/docs/endpointpolicymanager/knowledgebase.md) +[Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) topic, then locate the component of interest and its corresponding Knowledge Base articles and Video Learning Center topics. For true mastery on the basics of a component, you should watch all the videos in order within the Getting Started section of the Video Learning Center topics. These answer diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/_category_.json new file mode 100644 index 0000000000..45b98b0e17 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Endpoint Policy Manager Quick Start", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/cloud.md b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/cloud.md new file mode 100644 index 0000000000..3ef1105f88 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/cloud.md @@ -0,0 +1,50 @@ +--- +title: "Endpoint Policy Manager Cloud Delivery Quick Start" +description: "Endpoint Policy Manager Cloud Delivery Quick Start" +sidebar_position: 30 +--- + +# Endpoint Policy Manager Cloud Delivery Quick Start + +For an overview of delivery via PolicyPak Cloud, see the +[Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md) video . + +Follow the steps below to carry out the Endpoint Policy Manager cloud delivery: + +**Step 1 –** Install the Endpoint Policy Manager Cloud Client on an example endpoint + +Log on to [cloud.endpointpolicymanager.com](http://cloud.endpointpolicymanager.com/) with the credentials provided to you +via email from Netwrix sales. In the Company tab download the PolicyPak Cloud Client MSI for your +PolicyPak Cloud tenant. + +Install it by hand on a few Windows 10 or Windows 11 endpoints. Alternatively, use your software +deployment tool (like Intune) to deliver the CSE to a few endpoints. See the +[Endpoint Policy Manager Cloud + MDM Services: Install Cloud Client + automatically join PPC Groups and get policy.](/docs/endpointpolicymanager/video/cloud/mdm.md) +video of using Intune to bootstrap the PolicyPak cloud client install. + +The Endpoint Policy Manager Cloud Client automatically installs the PolicyPak CSE at the same time. + +**NOTE:** Each time you install the Endpoint Policy Manager Cloud Client you will consume one of +your 10 example licenses + +**Step 2 –** (optional, recommended): Install the Endpoint Policy Manager Admin Console on a +management machine with the GPMC pre-installed + +In the download, find the **Admin Console MSI**. Install it by hand on your machine. Your machine +needs to also have the GPMC pre-installed from Microsoft. We recommend you have both the Endpoint +Policy Manager Admin Console and the GPMC installed on a “fake DC” exclusively for editing purposes. +See the [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) video for +details and how to do this. + +**NOTE:** If you bypass this step, you can still use the Endpoint Policy Manager in-cloud editors, +but some options may not be available to you for editing without an on-prem editor station. + +**Step 3 –** Start creating policies using Endpoint Policy Manager Cloud + +If you want to make Microsoft Group Policy settings via Endpoint Policy Manager Cloud, see the +[Endpoint Policy ManagerCloud: How to deploy Microsoft Group Policy Settings using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/cloud/deploy/grouppolicysettings.md)video. + +If you want to make Endpoint Policy Manager specific settings (like Endpoint Policy Manager Least +Privilege Manager, etc.) via Endpoint Policy Manager Cloud, see the +[Endpoint Policy ManagerCloud: How to deploy Endpoint Policy Manager specific settings (using in-cloud editors and exporting from on-prem)](/docs/endpointpolicymanager/video/cloud/deploy/endpointpolicymanagersettings.md) +video. diff --git a/docs/endpointpolicymanager/gettingstarted/quickstart/grouppolicy.md b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/grouppolicy.md similarity index 89% rename from docs/endpointpolicymanager/gettingstarted/quickstart/grouppolicy.md rename to docs/endpointpolicymanager/manuals/introductionandquick/quickstart/grouppolicy.md index 8259470cde..46810c0587 100644 --- a/docs/endpointpolicymanager/gettingstarted/quickstart/grouppolicy.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/grouppolicy.md @@ -1,3 +1,9 @@ +--- +title: "Group Policy Delivery Quick Start" +description: "Group Policy Delivery Quick Start" +sidebar_position: 10 +--- + # Group Policy Delivery Quick Start For an overview of Group Policy Quick Start, the @@ -29,5 +35,5 @@ Follow the video to install a license file. Check the -[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) +[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) topic to see how to rename a computer or perform alternative licensing. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/mdm.md b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/mdm.md new file mode 100644 index 0000000000..32cf279572 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/mdm.md @@ -0,0 +1,40 @@ +--- +title: "MDM / Intune Delivery Quick Start" +description: "MDM / Intune Delivery Quick Start" +sidebar_position: 20 +--- + +# MDM / Intune Delivery Quick Start + +For a video overview of MDM delivery via Intune, see the +[Endpoint Policy Manager and Microsoft Intune](/docs/endpointpolicymanager/video/mdm/microsoftintune.md). The installation +steps are below. + +**Step 1 –** Install the Endpoint Policy Manager Client on an example endpoint. + +In the download, find the **Client Side Extensions (CSE)** folder. Install it by hand on a few +Windows 10 or Windows 11 endpoints. Alternatively, use your software deployment tool (like Intune) +to deliver the CSE to a few endpoints. + +**Step 2 –** Install the Endpoint Policy Manager Admin Console on a management machine with the GPMC +pre-installed + +In the download, find the **Admin Console MSI** and install it manually on your machine. Your +machine needs to also have the GPMC pre-installed from Microsoft. It is recommended that you have +both the Endpoint Policy Manager Admin Console and the GPMC installed on a “fake DC” exclusively for +editing purposes. See the +[How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) video for details +and how to do this. + +**Step 3 –** Install your license key or rename your example endpoint to have computer in the name. + +**NOTE:** If you got a license file back from the Netwrix sales team, you can import it to enable +computers in the locations (scope) you requested. Alternatively, you can merely rename an endpoint +have the word Computer in the name, and the computer will act fully licensed. + +Follow the [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) +video to install an MDM license file. + +Check the +[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) +topic to see how to rename a computer or perform alternative licensing. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md new file mode 100644 index 0000000000..cbd7635dd7 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md @@ -0,0 +1,20 @@ +--- +title: "Netwrix Endpoint Policy Manager Quick Start" +description: "Netwrix Endpoint Policy Manager Quick Start" +sidebar_position: 20 +--- + +# Netwrix Endpoint Policy Manager Quick Start + +Getting Started + +First, download the Netwrix Endpoint Policy Manager (formerly PolicyPak) software from the portal at +endpointpolicymanager.com. See the +[Endpoint Policy ManagerPortal: How to download Endpoint Policy Manager and get free training](/docs/endpointpolicymanager/video/gettingstarted/freetraining.md) +topic for video details on downloading. + +Next, Netwrix Endpoint Policy Manager (formerly PolicyPak) enables you to deliver settings via Group +Policy, MDM or PolicyPak Cloud. + +**_RECOMMENDED:_** Use Group Policy for your Quick Start. However, any delivery method may be used +as appropriate. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/_category_.json new file mode 100644 index 0000000000..11fc712c63 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Upgrade Guidance", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/overview.md new file mode 100644 index 0000000000..7e17527779 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/overview.md @@ -0,0 +1,53 @@ +--- +title: "Upgrade Guidance" +description: "Upgrade Guidance" +sidebar_position: 60 +--- + +# Upgrade Guidance + +How to Stay Supported + +Only the latest client-side extension (CSE) in the Portal or Netwrix Endpoint Policy Manager +(formerly PolicyPak) Cloud, the one with the most fixes and features, is fully supported. + +**NOTE:** To better understand Endpoint Policy Manager build and version numbers, see the +[What are the Endpoint Policy Manager Build and Version numbers?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/versions.md) +topic for additional information. + +Just because you are unable to stay current (or nearly current) with the Endpoint Policy Manager CSE +rollouts, does not mean that you lose support. You are always supported, regardless of the CSE +version you have on your machine. However, if you find a bug, problem, inconsistency, or other +issue, then Endpoint Policy Manager support will direct you to update (at least) one machine with +the very latest CSE on it for investigation. We will also ask for log files from that machine after +you have reproduced the issue. In other words, as a general rule, we will typically not begin to +investigate your issue unless you can reproduce it on a machine with the latest CSE. There is no +value in investigating old CSE behavior because the problem could already be fixed in the latest +version, and logging improvements could be present in the latest CSEs. Additionally, if your request +involves us investigating the log files, similarly, we will not ask for nor investigate any log +files unless the problem is reproducible on the latest CSE. + +From a practical perspective, you should attempt to have your Windows 10 machines on a CSE that was +shipped at least within the last full year. Six months is better, and three months is even better. +Upgrades should go smoothly from any CSE to any other CSE, but those are not expressly tested. We +only test the previous CSE to current CSE upgrade path. Therefore, when you stay as close to our +currently shipping CSE as possible, you're likely going to get the best experience, latest testing, +and fewest problems overall.A best practice is to stay up to date on the latest version available. + +Furthermore, because corporate PCs are typically full of applications, system software, and possibly +other unusual circumstances, we strongly recommend you have at least one clean machine for ongoing +testing. A clean machine would have the following installed: + +- Latest version of Windows 10 +- Latest version of Microsoft Edge +- Latest version of Chrome or other browsers +- Onlysoftware that Endpoint Policy Manager might be controlling, such as that required with + Endpoint Policy Manager Application Settings Manager, Endpoint Policy Manager Least Privilege + Manager, Endpoint Policy Manager Start Screen & Taskbar Manager, etc. +- Not much else, and specifically, no third-party system software or A/V software other than + Endpoint Policy Manager. + +This way you can install the latest Endpoint Policy Manager CSE by hand and do some testing of a new +CSE before you attempt to roll it out to more client machines. Then, if you encounter a bug, you can +quickly validate your bug report and collect logs from a machine that is available whenever you need +it, not just when the user is available. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/_category_.json b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/_category_.json new file mode 100644 index 0000000000..afc1d72c9a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Understanding Rings", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/activedirectory.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/activedirectory.md new file mode 100644 index 0000000000..69f2fe3ad5 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/activedirectory.md @@ -0,0 +1,110 @@ +--- +title: "Rings with Endpoint Policy Manager and Active Directory" +description: "Rings with Endpoint Policy Manager and Active Directory" +sidebar_position: 30 +--- + +# Rings with Endpoint Policy Manager and Active Directory + +There are several ways to make rings when you have machines joined to Active Directory using a +third-party software installation mechanism, or the Endpoint Policy Manager built-in CSE updater. We +describe these options in the sections that follow. + +## Third-Party Software Deployment Tools + +The first option for using rings with Endpoint Policy Manager and Active Directory is to make rings +with third-party software deployment tools. This is the recommended method for using rings. Chances +are you already have some kind of on-prem software deployment system to perform your software +updates, like, for example: + +- PDQ Deploy (recommended by us here at Endpoint Policy Manager for on-prem software installs) +- Microsoft SCCM +- KACE + +Whichever software deployment tool you are using, we recommend you make the following three rings +for your CSE rollout: + +- Allocate 2–5% of your computers to get the latest CSE update (as soon as possible). If something + goes wrong, you will know about it now and can get support. +- If all goes well, increase the percentage of computers receiving the update to 10–50%. +- If there are no issues, increase that to 50–100%. + +The idea of rings (or collections, groups, etc.) varies from tool to tool in the following ways: + +- For SCCM, you use collections and make them act like rings. The rule you create would essentially + look for no CSE or an earlier CSE version.For( more information on this, see the Microsoft article + on + [How to create collections in Configuration Manager](https://learn.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/create-collections) +- For PDQ Deploy, you use targets and make them act like rings. You can select Active Directory + groups, text files with specific computers, PDQ Inventory groups, and other group lists. For more + information on this, see PDQ's article + [Optimizing Deployment](https://documentation.pdq.com/PDQDeploy/13.0.3.0/index.html?optimize-deploy.htm) + for additional information. +- For other on-prem tools, see your corresponding documentation. + +**NOTE:** While it's possible to deploy the Endpoint Policy Manager CSE via Microsoft's Group Policy +software installation, it is not recommended. The best practice to deploy the Endpoint Policy +Manager CSE, should you have no on-prem software deployment tool, is the free version of PDQ Deploy. +For more information, see the video series at +[https://www.endpointpolicymanager.com/integration/endpointpolicymanager-and-pdq.html](https://www.endpointpolicymanager.com/integration/endpointpolicymanager-and-pdq.html). + +## Endpoint Policy Manager CSE Auto-Updater + +The second way to use rings with Endpoint Policy Manager and Active Directory is by using the +built-in Endpoint Policy Manager CSE update mechanism. This is an excellent choice when using rings +since not everyone has a third-party software deployment tool. + +**NOTE:** While it is possible to deploy the Endpoint Policy Manager CSE via Microsoft's Group +Policy software installation, it is not recommended. Our official recommended way to deploy the +client is via a tool like PDQ Deploy, SCCM, etc. + +As an alternative, you can use the Endpoint Policy Manager CSE Auto-Updater. The general idea with +this process is that if you put the CSE in the Central Store, then the CSE will automatically look +for updates, perform the update, and optionally report on the update. + +To implement the idea of rings, we have added this capability to the configurable options of the CSE +Auto-Updater. The CSE Auto-Updater will honor one of two types of rings procedures: + +- Ring Type 1: Use specific dates and times to make rings and perform a rollout. With this type, you + set specific dates and times for the machines to get the updates. +- Ring Type 2: Use a relative number of hours to make rings and perform a rollout. With this type, + you separate your rings by the number of hours between updates. + +See the +[How can I roll out the latest Endpoint Policy Manager CSE with Active Directory in a controlled manner using Rings ?](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/updatingendpointpoli/ringsupgrade.md) topic +for additional information. + +## Endpoint Policy Manager CSE Auto-Updater in Reverse + +The third option for using rings with Active Directory is to use the built-in Endpoint Policy +Manager CSE update mechanism in an alternative manner. You can use a similar technique as Option 2, +which uses an `update.config` file, but in reverse. + +**Step 1 –** Place the updated CSE in the Central Store. + +**Step 2 –** Create the `update.config` file, and specify that the technique will be disabled and +always be off. You do this with the `Enabled=False` parameter. + +**Step 3 –** Clients can only be upgraded when an admin (or system wide script) runs +`ppupdate /cseupdatenow /force`. + +**Step 4 –** This command will override the `Enabled=False` parameter and force an update on clients +with the latest CSE from the Central Store. + +**Step 5 –** You can automate this signal using a script, Endpoint Policy Manager Scripts & +Triggers, SCCM, or any other another technique, and the machine will upgrade. + +## Endpoint Policy Manager Remote Work Delivery Manager + +The last way to use rings with Active Directory is by using Endpoint Policy Manager Remote Work +Delivery Manager to specify an update. This is not strongly recommended, but could work, depending +on your situation. In this process you can create the rings using Active Directory groups or any +other targeting, and then sending a CSE update to specific machines as you see fit. + +**NOTE:** See the +[How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?](/docs/endpointpolicymanager/knowledgebase/remoteworkdeliveryma/knowledgebase/tipsandtricks/updateclientsideextension.md) +topic for additional information. + +See the +[Using Remote Work Delivery Manager to Update the Endpoint Policy Manager Client Side Extension](/docs/endpointpolicymanager/video/remoteworkdelivery/updateclientsideextension.md)video for +additional information. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/cloud.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/cloud.md new file mode 100644 index 0000000000..b77226bf23 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/cloud.md @@ -0,0 +1,37 @@ +--- +title: "Rings with Endpoint Policy Manager Cloud" +description: "Rings with Endpoint Policy Manager Cloud" +sidebar_position: 10 +--- + +# Rings with Endpoint Policy Manager Cloud + +In Endpoint Policy Manager Cloud, because the concept of groups is already used, you can consider a +Endpoint Policy Manager Cloud group like a ring. You can choose a group and manually specify to use +a particular version of the CSE on that group. You can also specify to use a particular version of +the CSE or Cloud Client everywhere (using the special "ALL" groups). Therefore, the following steps +are recommended: + +**Step 1 –** Set up a group of 2–5% of your computers. When a new CSE or Cloud Client is released, +you should opt in and use this group to start testing and verify success. If there is a problem, you +can raise it to the Endpoint Policy Manager support team and we will work with you. + +**Step 2 –** If all goes well, you can roll out the latest CSE and/or Cloud Client to more Endpoint +Policy Manager Cloud groups. It only takes one click within the group to select the CSE or Cloud +Client version. Your target rollout for the new CSE and/or Cloud Client should be around 30–50% of +your Windows machines. If an issues occurs, you can raise it to the support team and we willl work +with you. + +**Step 3 –** After you have rolled out to 50% of your machines, you should be confident enough to +roll it out to all machines. When ready, pick the remaining Endpoint Policy Manager Cloud groups and +select the latest CSE and/or Endpoint Policy Manager Cloud client to opt-in more groups. + +**Step 4 –** Alternatively, use the special **All** group to finish your upgrade and mass upgrade +the remaining PCs all at once (after completing some testing). + +See the +[Endpoint Policy Manager Cloud Groups CSE and Cloud Client Small-Scale Testing and Updates](/docs/endpointpolicymanager/video/cloud/groups.md) +topic for additional information on this process. + +**NOTE:** Update the CSE first or the Cloud Client first in the test groups and let each part of the +software update. Upgrading both at the same time is supported but is not recommended. diff --git a/docs/endpointpolicymanager/install/upgrade/rings/finalthoughts.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/finalthoughts.md similarity index 92% rename from docs/endpointpolicymanager/install/upgrade/rings/finalthoughts.md rename to docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/finalthoughts.md index 79b7fa4c9c..0616b9b9e5 100644 --- a/docs/endpointpolicymanager/install/upgrade/rings/finalthoughts.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/finalthoughts.md @@ -1,3 +1,9 @@ +--- +title: "Final Thoughts on Rings" +description: "Final Thoughts on Rings" +sidebar_position: 40 +--- + # Final Thoughts on Rings A Windows 10 rollout incorporates the concepts of rings so you can confidently roll out Windows 10 diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/mdm.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/mdm.md new file mode 100644 index 0000000000..7d6cc55ffa --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/mdm.md @@ -0,0 +1,26 @@ +--- +title: "Rings with Endpoint Policy Manager and an MDM Service" +description: "Rings with Endpoint Policy Manager and an MDM Service" +sidebar_position: 20 +--- + +# Rings with Endpoint Policy Manager and an MDM Service + +The concept of rings with regard to Windows 10 updates and upgrades is built into Microsoft Intune +(and perhaps other MDM services). You can see Microsoft Intune's example of rings here +[https://www.anoopcnair.com/software-update-patching-options-with-intune/](https://www.anoopcnair.com/software-update-patching-options-with-intune/). +However, the specific idea of using rings to deploy any other software, like the Endpoint Policy +Manager CSE, is not something native to an MDM service. Therefore, you will need to create computer +groups, then assign software to those groups. In Intune (and most other MDM services), groups can be +simple or dynamic. You might want to create the following three groups: + +- Simple group: Hand-picked machines which represent 2–5% of your estate. +- 30% dynamic group: A group you define with 30% of your Windows 10 computers. +- Dynamic group with the remainder (31-100%): A group you define with the remainder of your Windows + 10 computers. + +By making the groups dynamic, as computers get enrolled into your MDM service they will +automatically be part of the first or second dynamic group. But because the first group is a simple +group with hand-picked machines, those machines are the only ones that will get the initial rollout +of a new CSE. Then, because the Endpoint Policy Manager CSE is an MSI, you can use the MSI +deployment method with your MDM service to target to these groups. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/overview.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/overview.md new file mode 100644 index 0000000000..f2727a66f4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/rings/overview.md @@ -0,0 +1,90 @@ +--- +title: "Understanding Rings" +description: "Understanding Rings" +sidebar_position: 20 +--- + +# Understanding Rings + +The most important part of upgrading Netwrix Endpoint Policy Manager (formerly PolicyPak) is to +avoid updating of all your computers at once. You should be performing your updates and rollouts in +a controlled fashion. Endpoint Policy Manager acts as part of the operating system and helps you +manage important security and configuration items, but since no product is bug free, Endpoint Policy +Manager cannot guarantee that any updated client-side extension (CSE) will work 100% with what you +already have. As such, you should test newly provided CSEs on a small group first and verify that +they are working the way you expect before you deploy them out to all your machines. + +What we want to avoid is a situation where you mass-deploy an untested CSE to 100% of your machines +and then find that you have some problem you need to back out of since, which can be very time +consuming and difficult to do. Instead, if you test the CSE before mass rollout you avoid these +potential issues and will have increased confidence to roll it out to all your machines. + +Endpoint Policy Manager is not alone in wanting to ensure your confidence during updates. Indeed, +Microsoft also has this same concern and the same recommendation against upgrading all machines at +the same time. Ever since Windows 10 shipped, Microsoft has recommended a ring approach to updating +Windows. This is because Windows is constantly updated, every month for bug fixes and twice a year +for huge upgrades. When Windows itself gets updated, there are controls available to help you +segregate machines so you know in advance which machines will get which new software. These separate +groups are known as deployment rings, update rings, or just rings. We recommend you get familiar +with Microsoft's idea of rings using the following resources: + +- Microsoft documentation: + [Prepare a servicing strategy for Windows client updates](https://learn.microsoft.com/en-us/windows/deployment/update/waas-servicing-strategy-windows-10-updates) +- Endpoint Policy Manager's blog post: + [Windows Update for Business (WuFB): A Simplified Guide](https://www.endpointpolicymanager.com/resources/pp-blog/windows-update-business/) +- Microsoft Ignite's talk about rings: + [Strategic and tactical considerations for ring-based Windows 10 deployments](https://www.youtube.com/watch?v=omwelzp-Hlw) +- Jeremy's MDM book (Chapter 9): [MDMandGPanswers.com/book](https://www.mdmandgpanswers.com/books) + +The basic idea behind rings is the following: + +**Step 1 –** Allocate 2–5% of your computers to get the latest update (as soon as possible). If +something goes wrong, you will know about it now, and not later when you've rolled it out to your +whole estate. + +**Step 2 –** If all goes well, increase the percentage of computers with the update to 10–50%. + +**Step 3 –** If there are no issues, increase that to 51–100%. + +These segmentation blocks are what is referred to as rings. An example of this process is described +in this Microsoft's article +[Use CSPs and MDMs to configure Windows Update for Business](https://learn.microsoft.com/en-us/windows/deployment/update/waas-wufb-csp-mdm). +The basic idea is that you put a delay between your rings. + +- Initial Pilots (2-5%): No delay; machines get the Microsoft updates immediately. +- Fast Ring (10-50%): 5-day delay. +- Slow Ring (51-100%): 10-day delay. + +![71_1_hfkb-1094-img-01](/img/product_docs/endpointpolicymanager/install/71_1_hfkb-1094-img-01.webp) + +Microsoft updates can be a little complicated because they also deal with channels, or the types of +versions you want to install. Additionally, Microsoft's model is more complex than Endpoint Policy +Manager's model, because the updates are required and forced. Microsoft Quality Updates (i.e., +bugfixes) are required to be performed within 30 days (or they will be installed automatically) and +Microsoft Upgrades (i.e., new versions of Windows) are required to be performed within 365 days (or +they will be installed automatically). + +However, Endpoint Policy Manager doesn't have any of those requirements or any method to force an +update. Instead, our lifecycle is pretty simple. + +- Every 4 to 6 weeks, Endpoint Policy Manager ships a new CSE with bug fixes and new features. +- That version goes into the Endpoint Policy Manager Portal and is also available for use within + Endpoint Policy Manager Cloud. +- When the monthly update occurs, we notify all customers (primary and secondary technical + contacts). +- If some known issue occurs within the month, we will occasionally release a hotfix build and + generally make no announcement. +- Whichever is the latest CSE in the Portal or Endpoint Policy Manager Cloud, is the only version of + the Endpoint Policy Manager CSE that is supported. + +This means that you only need to keep one simple MSI up to date on your endpoints to be at the +latest build. + +Remember that when you use Endpoint Policy Manager with Active Directory (SCCM or GPO) or with your +MDM service, the latest CSE isn't magically pushed from us to your PCs. For Endpoint Policy Manager +Cloud customers, the latest CSE isn't dictated to your endpoints either. In all cases it's an +admin's choice to opt-in to use the latest CSE and specify where exactly he or she wants to get +started using it. + +In the follow sections, we'll provide our recommendations for various Endpoint Policy Manager +products on how to implement a ring policy for Endpoint Policy Manager CSE updates. diff --git a/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/settings.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/settings.md new file mode 100644 index 0000000000..ecb4a1af1c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/settings.md @@ -0,0 +1,63 @@ +--- +title: "Specific Upgrades for Application Settings Manager" +description: "Specific Upgrades for Application Settings Manager" +sidebar_position: 30 +--- + +# Specific Upgrades for Application Settings Manager + +Application Settings Manager has a few extra parts that need updating when Netwrix Endpoint Policy +Manager (formerly PolicyPak) the client-side extension (CSE) and tools are updated. We'll discuss +those specific parts in the following sections. + +For a video overview of this topic, see +[Keeping Application Settings Manager and Paks up to date](/docs/endpointpolicymanager/video/applicationsettings/uptodate.md). + +## Updating the AppSets + +Your download contains the latest pre-configured AppSets with various AppSet definition fixes and +usually even more additional AppSets. If you have any AppSets you've created yourself, you should +recompile them for the latest version. Check the video above for an overview on mass-recompilationx. + +If you're using the Central Store, first make a backup of your existing Endpoint Policy Manager DLL +AppSets for safekeeping. If you're using a local store, make a backup of your local Endpoint Policy +Manager DLL AppSet files for safekeeping. Next, follow one of the two options below to update the +AppSets: + +- Option 1: Manual. Copy over the AppSets you're using, thus overwriting the old AppSets in the + Central Store or a local store. +- Option 2: Automatic (Recommended). Use the Endpoint Policy Manager GPOTouch utility to update the + AppSets in the Central Store and local store automatically and to update each GPO (described in + more detail below). + +## Updating the Admin Console and Endpoint Policy Manager DesignStudio + +For Endpoint Policy Manager Application Settings Manager, update your Endpoint Policy Manager +DesignStudio on any machine where it is currently installed. You do not need to update the Microsoft +C++ compiler to the latest version because Endpoint Policy Manager DesignStudio can use C++ Express +Edition 2008 or later without issue. This will also update the Endpoint Policy Manager GPOTouch and +Endpoint Policy Manager GPO Exporter utilities. Update your own administrative machines with the +latest Endpoint Policy Manager Admin Console.MSI (32- or 64-bit) to update the GPMC and the Endpoint +Policy Manager Exporter and Endpoint Policy Manager GPOTouch utilities. + +## Secondary Application Settings Manager Backup + +For extra protection within each Endpoint Policy Manager Application Settings Manager definition, +you can choose to open the definition and then click the **Options** button. Then, select **Export +XML Settings Data**. + +![specific_upgrades_for_application_624x386](/img/product_docs/endpointpolicymanager/install/upgrade/specific_upgrades_for_application_624x386.webp) + +**NOTE:** This step is optional but will provide a second backup of your Endpoint Policy Manager +Application Settings Manager definitions in case of a mishap and is therefore recommended. + +## Updating Each GPO + +Every GPO contains directives with Endpoint Policy Manager Application Settings Manager data, which +must be opened and updated. If a GPO contains multiple Endpoint Policy Manager Application Settings +Manager directives, each one must be updated, or touched. You can either manually touch a GPO or use +Endpoint Policy Manager GPOTouch. It is recommended to use the Endpoint Policy Manager GPOTouch +utility to update each GPO automatically with the latest version of the AppSet DLL file. + +To see a video overview of how to manually touch a GPO, see +[GPOTouch Utility](/docs/endpointpolicymanager/video/applicationsettings/touchutility.md). diff --git a/docs/endpointpolicymanager/install/upgrade/tips.md b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/tips.md similarity index 91% rename from docs/endpointpolicymanager/install/upgrade/tips.md rename to docs/endpointpolicymanager/manuals/introductionandquick/upgrade/tips.md index 2b01e1cc34..7077492716 100644 --- a/docs/endpointpolicymanager/install/upgrade/tips.md +++ b/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/tips.md @@ -1,3 +1,9 @@ +--- +title: "Upgrading Tips" +description: "Upgrading Tips" +sidebar_position: 10 +--- + # Upgrading Tips Netwrix Endpoint Policy Manager (formerly PolicyPak) consists of several pieces of software. These @@ -25,7 +31,7 @@ You should familiarize yourself with the idea of rings, which is a Microsoft con controlled rollouts. Endpoint Policy Manager aligns with this ring philosophy and as such, getting familiar with those concepts is well advised. This idea is applicable for all delivery methods: Group Policy, MDM, SCCM, or Cloud. This manual will examine the concept of rings. See the -[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) topic +[Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/knowledgebase/allthingsinstallatio/knowledgebase/bestpracticeskeeping/rings.md) topic for additional information In general, the best route to take for upgrading from any previous version is the following: @@ -57,7 +63,7 @@ the CSE to endpoint machines gradually. be making backups from time to time. Inside the GPMC, find the Group Policy Objects node, right-click, select Backup, and then follow the prompts. For additional information on how to preform a Group Policy backup, see the -[Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem](/docs/endpointpolicymanager/video/troubleshooting/backupoptions.md) +[Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/videolearningcenter/upgradingandmaintena/backupoptions.md) and [Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) video demos. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/_category_.json new file mode 100644 index 0000000000..5c611524c4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Least Privilege Security Pak", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/_category_.json new file mode 100644 index 0000000000..947f9f740b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Least Privilege Manager (Windows)", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/_category_.json new file mode 100644 index 0000000000..4f2d7baaad --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Admin Approval", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/video/leastprivilege/adminapproval/additionaldetails.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/additionaldetails.md similarity index 83% rename from docs/endpointpolicymanager/video/leastprivilege/adminapproval/additionaldetails.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/additionaldetails.md index cbf2968540..23d0618be0 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/adminapproval/additionaldetails.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/additionaldetails.md @@ -1,3 +1,9 @@ +--- +title: "Admin Approval Additional Details" +description: "Admin Approval Additional Details" +sidebar_position: 40 +--- + # Admin Approval Additional Details Want to always force your additional details into the Email method? With this feature, what you put diff --git a/docs/endpointpolicymanager/leastprivilege/adminapproval/avoidpopups.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/avoidpopups.md similarity index 96% rename from docs/endpointpolicymanager/leastprivilege/adminapproval/avoidpopups.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/avoidpopups.md index 4b896cf860..8fa87ca3c2 100644 --- a/docs/endpointpolicymanager/leastprivilege/adminapproval/avoidpopups.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/avoidpopups.md @@ -1,3 +1,9 @@ +--- +title: "Avoid Pop-ups with Admin Approval" +description: "Avoid Pop-ups with Admin Approval" +sidebar_position: 50 +--- + # Avoid Pop-ups with Admin Approval You might find that end users report that the Admin Approval pop-up appears even if they do not diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/_category_.json new file mode 100644 index 0000000000..b2177c64fc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Started with Admin Approval", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "gettingstarted" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/gettingstarted.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/gettingstarted.md new file mode 100644 index 0000000000..de083801da --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/gettingstarted.md @@ -0,0 +1,64 @@ +--- +title: "Getting Started with Admin Approval" +description: "Getting Started with Admin Approval" +sidebar_position: 10 +--- + +# Getting Started with Admin Approval + +If there’s no Endpoint Policy ManagerLeast Privilege Manager rule to automatically elevate an +application (or allow it to bypass SecureRun™), the user is prompted with a special dialog to +request access. + +**NOTE:** See the [Admin Approval demo](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/demo.md) video for +Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager Admin Approval mode setup and +in action. + +Endpoint Policy Manager (formerly PolicyPak) Least Privilege Managerr’s Admin Approval works as if +the person with the Admin Approval Tool has a shared secret, which is a secret key that is deployed +to the computer. + +There are three parts to Admin Approval: + +- The Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager policies, which establish + Admin Approval and its secret key +- Securing the secret key (if using Group Policy method) +- The Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager Admin Approval Tool + +**NOTE:** The secret key must be delivered to the computer. You cannot deploy the key to the user. +You could have one secret key for all computers and all admins, or you could have a secret key for +only some computers and some admins. + +Admin Approval will show the user the Endpoint Policy Manager Admin Approval prompt instead of the +Windows UAC prompt when any of the following conditions are true: + +- The app is marked as requiring elevation by its developer (in the app manifest). You can see these + applications easily because they typically show a Windows shield graphic in the application’s + icon. +- The app is a legacy installer. This is defined by both Windows and Endpoint Policy Manager as a + 32-bit app without an app manifest and with one of special "setup" keywords (such as install, + setup, and so on) in its file info. +- The app is any installer and Endpoint Policy Manager ’s Admin Approval **Enforce Admin Approval + for all installers** option is enabled (explained later). +- Endpoint Policy Manager SecureRun™ is enabled, and the executable is run by someone not on the + SecureRun™ list. +- The user right-clicks a file and selects **Run with Endpoint Policy Manager**. + +For complete clarity, there are times when the user will still see a standard Windows UAC prompt and +not a PolicyPak Admin Approval prompt. These instances include: + +- When a COM interface used by the app requires elevation (for instance, the network settings + dialog). +- When one process creates another process and forces Windows to show the UAC prompt, as in one of + the following instances: + + - When a user is running Acrobat Reader as a Standard User and tries to change the upgrade + behavior. In this case, a standard Windows UAC prompt will show. + - If a user attempts to run an application like Procmon; this is because it’s attempting to load + a device driver, the standard Windows UAC prompt will show. + +- When an installer shows the standard UAC prompt. For instance, the Chrome installer doesn't + require admin rights (as it can install Chrome per user into %localappdata%). Regardless, the + Chrome installer shows a UAC prompt to see if a user can or wants to install Chrome for all users. + To help work around this issue, we provide the **Enforce Admin Approval for all installers** + option, which is explained later. diff --git a/docs/endpointpolicymanager/leastprivilege/adminapproval/secretkey.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/secretkey.md similarity index 97% rename from docs/endpointpolicymanager/leastprivilege/adminapproval/secretkey.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/secretkey.md index 4d023eb2d2..a8c9d99bdc 100644 --- a/docs/endpointpolicymanager/leastprivilege/adminapproval/secretkey.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/secretkey.md @@ -1,3 +1,9 @@ +--- +title: "Creating the Secret Key" +description: "Creating the Secret Key" +sidebar_position: 10 +--- + # Creating the Secret Key On the Computer side of the GPO, use the Endpoint Policy Manager (formerly PolicyPak) Least diff --git a/docs/endpointpolicymanager/leastprivilege/adminapproval/secretkeysecure.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/secretkeysecure.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/adminapproval/secretkeysecure.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/secretkeysecure.md index f894a0cf63..3efedbd6cc 100644 --- a/docs/endpointpolicymanager/leastprivilege/adminapproval/secretkeysecure.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/gettingstarted/secretkeysecure.md @@ -1,3 +1,9 @@ +--- +title: "Securing the Secret Key When Using the Group Policy Method" +description: "Securing the Secret Key When Using the Group Policy Method" +sidebar_position: 20 +--- + # Securing the Secret Key When Using the Group Policy Method The secret key of Admin Approval is stored within the XML inside the GPO, as seen here. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/overview.md new file mode 100644 index 0000000000..453dfebfe8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/overview.md @@ -0,0 +1,11 @@ +--- +title: "Admin Approval" +description: "Admin Approval" +sidebar_position: 40 +--- + +# Admin Approval + +Endpoint Policy Manager Admin Approval is a method that allows users to continue working if they are +offline or don’t have any predefined rules for bypassing a UAC prompt. In this way, users can +request to bypass UAC prompts from admins, allowing them to keep working. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/test.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/test.md new file mode 100644 index 0000000000..166278dd09 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/test.md @@ -0,0 +1,93 @@ +--- +title: "Testing Admin Approval" +description: "Testing Admin Approval" +sidebar_position: 20 +--- + +# Testing Admin Approval + +Now log on as a Standard User and try to run an application that requires admin rights, like +PowerPointViewer installer, provided there is not a rule in place that will elevate this +application. The user is presented with a **Request Code** (also called a Challenge Code) as shown +here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval.webp) + +The user needs to present this **Request Code**, typically over the phone, to an Admin who can +create a **Response Code**. + +**NOTE:** If you (the admin) are on the machine, you may use your credentials by clicking the +**Approve with alternate Admin Credentials**. + +The Admin Approval Tool can be run in three ways: + +- As a standalone tool in the Extras folder from the Endpoint Policy Manager download (seen below) +- Directly from a machine where the Endpoint Policy Manager MMC Admin console is installed +- Directly from within a GPO + +Here, you can see the Endpoint Policy Manager Least Privilege Manager Admin Approval Tool being run +from the Endpoint Policy Manager Extras folder. Running it for the first time on any Admin’s machine +requires you to enter in the same secret key from the GPO you used earlier. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_1.webp) + +You can save the secret key in the Registry of this Admin’s machine, secured with his own encrypted +password. You could also require that the key cannot be viewed ever again when this tool is run by +choosing **Forbidden to view secret key from previous session**. + +**NOTE:** If you ever need to fully reset and start the Endpoint Policy Manager Admin Approval Tool +from scratch, simply open the Admin machine from which the tool was run and use regedit.exe to +remove the two keys located at `HKEY_CURRENT_USER\SOFTWARE\PolicyPak` named `GlobalSecurityKey` and +`GlobalSecurityKeyChecksum`. + +Once you click **OK**, you’ll be in the main Admin Approval Tool, seen here. Here is where you can +accept the Request (Challenge) Code from the user and return a **Response Code** back. Simply type +in the **Request Code**, then pick the option that makes sense. The items you can specify are: + +- Reason - Select the reason code (of which several are hardcoded into PolicyPak). +- Uses - Decide if you want the code to be used once, 5 times, 10 times, or an unlimited number of + times. +- Apply to child processes - Decide if you want the application to be able to launch child processes + as Admin. +- Expires - Choose if this code will expire in 10 minutes, 1 hour, 12 hours, or never. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_2.webp) + +**NOTE:** The Admin Approval Tool may be branded. See the section **Branding and Customization** in +this guide. + +After filling in these options, assign a value to the **Response Code** and the application will +launch. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_3.webp) + +In our example, we specified that the code could be used one time, so if the user tries to rerun the +same application, they are prompted again. + +Remember that an admin can run the Admin Approval Tool if the Endpoint Policy Manager MMC snap-in is +installed. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval.webp) + +You can also see and launch the Admin Approval Tool from within a GPO, provided you have the secret +key inside the GPO, as seen here. + +![A computer screen shot of a computer screen + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/testing_admin_approval_4.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/adminapproval/useemail.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/useemail.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/adminapproval/useemail.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/useemail.md index fc21ac9fe4..bec5af28fa 100644 --- a/docs/endpointpolicymanager/leastprivilege/adminapproval/useemail.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/adminapproval/useemail.md @@ -1,3 +1,9 @@ +--- +title: "Using Email for Admin Approval" +description: "Using Email for Admin Approval" +sidebar_position: 30 +--- + # Using Email for Admin Approval If needed, you can use email to authorize items using Endpoint Policy Manager (formerly PolicyPak) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/_category_.json new file mode 100644 index 0000000000..c34369999f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Apply on Demand Rules and Self-Elevation Rules", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/rules/apply/ondemand.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/ondemand.md similarity index 91% rename from docs/endpointpolicymanager/leastprivilege/rules/apply/ondemand.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/ondemand.md index a771b72adf..7e9a84c8f2 100644 --- a/docs/endpointpolicymanager/leastprivilege/rules/apply/ondemand.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/ondemand.md @@ -1,3 +1,9 @@ +--- +title: "Apply on Demand Rules" +description: "Apply on Demand Rules" +sidebar_position: 10 +--- + # Apply on Demand Rules **NOTE:** See the @@ -43,7 +49,7 @@ generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/ap **NOTE:** You can change the name of the menu item from **Run with** Endpoint Policy Manager **On-Demand** via Global Settings Policy.. See the -[Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md) topic for additional +[Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md) topic for additional information on Global Settings Policy. When the user does this, the application launches, bypassing the UAC prompt. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/overview.md new file mode 100644 index 0000000000..9e559587b9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/overview.md @@ -0,0 +1,11 @@ +--- +title: "Apply on Demand Rules and Self-Elevation Rules" +description: "Apply on Demand Rules and Self-Elevation Rules" +sidebar_position: 30 +--- + +# Apply on Demand Rules and Self-Elevation Rules + +Not all of your users need to have the same privileges. You may want to give advanced users, such as +developers or first level support personnel, the ability to perform elevation whenever they need it. +In this section we will explore Apply on Demand rules, and also Self-Elevation rules. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/selfelevation.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/selfelevation.md new file mode 100644 index 0000000000..c69d3c16e0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/selfelevation.md @@ -0,0 +1,109 @@ +--- +title: "Self-Elevation Rules" +description: "Self-Elevation Rules" +sidebar_position: 20 +--- + +# Self-Elevation Rules + +**NOTE:** See the +[Endpoint Policy Manager Least Priv Manager: Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/selfelevatemode.md) +video for information on Endpoint Policy Manager Least Privilege Manager self-elevation rules. + +There is a self-elevation mode for special situations as well. Although this mode is normally not +recommended, as it makes your systems more vulnerable, there may be a special circumstance in which +you want to grant a designated user local admin-like rights, without making them an admin. + +You may have particular users which need to run EXE or MSI applications at will, but to whom you +don't want to give local admin rights. For instance: + +- Your IT personnel need the ability to install MSIs elevated and to access privileged applications + such as Process Monitor. +- Your developers constantly create and test new scripts so they need to run them elevated when + needed. +- Your HR personnel need the ability to run Java elevated in order to run the applications they + depend on. + +Self-Elevation mode can be used for these types of special circumstances. By creating targeted +policies, you can ensure that designated users receive elevation rights for what they need, when +they need them. Let's look at how self-elevation works. + +Start by creating a new self-elevation policy as seen here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules.webp) + +You can then select which types of executables you will allow for self-elevation. Here, we have +chosen EXE and MSI applications. + +![A screenshot of a computer screen + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_1.webp) + +You must specify at least one group or user for the policy, even if the policy is targeted at the +organizational unit (OU) level. Unless you choose someone to direct the policy to, the policy will +not apply to anyone. In this example, the EastSalesUsers has been chosen. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_2.webp) + +In order for a user to self-elevate an application, they have to right-click the application and +choose the self-elevation command from the context menu. You can choose to create a custom name for +this command if you wish or you can choose to use the default. You may also customize a message to +remind users that all self-elevated actions are audited, as is seen here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_3.webp) + +The final screen requires you to name the policy. You can also require justification text and/or +re-authentication to Windows (which works with Windows Hello, etc.) + +Users must then input an explanation as to why they want to run the given application and/or +re-authenticate before the application is launched. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_4.webp) + +So in this scenario, let us say that EastSalesUser1 operating as a standard user wants to run +Procmon, which requires local admin rights. While they cannot run the application normally, they can +right-click on the application and select **Run Self Elevated with Endpoint Policy Manager**. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_5.webp) + +Here you can see the Endpoint Policy Manager Self Elevation prompt that the user will see. The +customized message created earlier appears here. Because justification text was required, the user +must type a reason for why they wish to access this application. Once the user clicks **OK** the +application will open. + +![A screenshot of a computer error + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_6.webp) + +If Force Reauthentication is selected, the behavior is like what is seen here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_7.webp) + +Self-elevated application requests are audited in Windows Event Viewer. There are two Event IDs +associated with Endpoint Policy Manager Self Elevation. Note that the username and application are +included in the log information. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/apply/self_elevation_rules_8.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/tool/rulesgenerator/automatic.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/automatic.md similarity index 97% rename from docs/endpointpolicymanager/leastprivilege/tool/rulesgenerator/automatic.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/automatic.md index a33f73877c..c1f843e950 100644 --- a/docs/endpointpolicymanager/leastprivilege/tool/rulesgenerator/automatic.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/automatic.md @@ -1,3 +1,9 @@ +--- +title: "Automatic Rules Generator Tool" +description: "Automatic Rules Generator Tool" +sidebar_position: 100 +--- + # Automatic Rules Generator Tool Once you remove Admin rights, the user will not be able to run some applications. Additionally, once diff --git a/docs/endpointpolicymanager/leastprivilege/brandcustomize.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/brandcustomize.md similarity index 94% rename from docs/endpointpolicymanager/leastprivilege/brandcustomize.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/brandcustomize.md index 9a57697563..357ca38129 100644 --- a/docs/endpointpolicymanager/leastprivilege/brandcustomize.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/brandcustomize.md @@ -1,3 +1,9 @@ +--- +title: "Branding and Customization" +description: "Branding and Customization" +sidebar_position: 70 +--- + # Branding and Customization **NOTE:** See the [Branding the UI and Dialogs](/docs/endpointpolicymanager/video/leastprivilege/branding.md) video for an diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/_category_.json new file mode 100644 index 0000000000..a9372537eb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Discovery, Auditing, and Events", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/events/createpolicy/audit.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/audit.md similarity index 94% rename from docs/endpointpolicymanager/leastprivilege/events/createpolicy/audit.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/audit.md index c65968d229..f97f895226 100644 --- a/docs/endpointpolicymanager/leastprivilege/events/createpolicy/audit.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/audit.md @@ -1,3 +1,9 @@ +--- +title: "Creating Policy from Audit Event" +description: "Creating Policy from Audit Event" +sidebar_position: 40 +--- + # Creating Policy from Audit Event Once you have generated events and store them locally or forward them to a service, you can diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/_category_.json new file mode 100644 index 0000000000..23ac9e839e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Auditing Settings", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/localadmins.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/localadmins.md similarity index 87% rename from docs/endpointpolicymanager/leastprivilege/events/auditingsettings/localadmins.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/localadmins.md index 197a26d4a6..13522a8322 100644 --- a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/localadmins.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/localadmins.md @@ -1,3 +1,9 @@ +--- +title: "Discovery for Elevated Apps with Local Admins" +description: "Discovery for Elevated Apps with Local Admins" +sidebar_position: 10 +--- + # Discovery for Elevated Apps with Local Admins When your users still have admin rights, they will automatically be running many items with local diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/overview.md new file mode 100644 index 0000000000..418e5b1c54 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/overview.md @@ -0,0 +1,64 @@ +--- +title: "Auditing Settings" +description: "Auditing Settings" +sidebar_position: 20 +--- + +# Auditing Settings + +Using Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager to remove admin rights or +turn on SecureRun™ is going to make your machines more secure. However, that also means that some +users might not be able to perform some actions with these two security measures in place. To +mitigate this, you may need to do some research to find out just what privileges your users require. +Endpoint Policy Manager Global Settings Policy lets you set up auditing to find out what +applications require extra privileges from standard users. There are four choices: + +- Audit applications requiring elevation - Help you learn, in advance of a transition, which items + require rules and what items will need rules to overcome UAC prompts. +- Audit elevated applications - Help you learn, after a transition, which items still need rules to + overcome UAC prompts. +- Audit untrusted applications - Help you learn, in advance or after a transition, which items that + would be automatically blocked by SecureRun™ are, in fact, blocked by SecureRun™ and will need + rules to overcome. +- Audit unsigned applications - Help you learn, in advance or after a transition, which items that + would be automatically blocked by SecureRun™ if trapping for unsigned applications. + +To begin the discovery process you will add a New Global Settings Policy, which can be done on +either user or computer side. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/auditingsettings/auditing_settings.webp) + +When you create a Global Settings Policy, you can choose to turn on the settings shown here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/auditingsettings/auditing_settings_1.webp) + +Enabling these settings will write special events to the event logs. + +- Audit applications requiring elevation - Makes an audit log entry when a process is not elevated, + but Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager sees that it requires + elevation. We can detect Applications that specify "require elevation" in the manifest and if the + application is a Legacy Installer (that is, a 32-bit app without a manifest and with a + keyword—e.g. Install, Setup, etc.—in the file info). It should be noted that Endpoint Policy + Manager (formerly PolicyPak) Least Privilege Manager does not support detection of dynamically + elevated processes. +- Audit elevated applications - Makes audit log entries for processes that runelevated (i.e., + successful runs after applications are elevated). This creates an event, regardless of the reason + why the application runs elevated. Examples scenarios for this case could include apps that always + require elevation, apps that require elevation only when run by an admin (e.g. regedit), or + situations in which a user selected to run a file as an administrator. It should be noted that the + only time this setting will not write an event to the event log (as an AUDIT event) is when there + is a Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager rule in place to perform + the elevation, in which case it would get its own event ID type. +- Audit untrusted applications - Discovers rules needed when SecureRun™ is turned on. If an + application is attempted, but the item’s file owner is not in the SecureRun™ list, then the + application will be blocked when SecureRun is turned on. +- Audit unsigned applications - Discovers rules needed when SecureRun™ is turned on and the “Block + all unsigned” option would block unsigned applications. + +We'll discuss each of these auditing events in the next sections. diff --git a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/standardusers.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/standardusers.md similarity index 88% rename from docs/endpointpolicymanager/leastprivilege/events/auditingsettings/standardusers.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/standardusers.md index e762b0f729..1b9ac5726f 100644 --- a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/standardusers.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/standardusers.md @@ -1,3 +1,9 @@ +--- +title: "Discovery for Elevated Apps with Standard Users" +description: "Discovery for Elevated Apps with Standard Users" +sidebar_position: 20 +--- + # Discovery for Elevated Apps with Standard Users Using the Audit applications requiring elevation setting is useful after you have removed local diff --git a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/standardusersuntrusted.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/standardusersuntrusted.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/events/auditingsettings/standardusersuntrusted.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/standardusersuntrusted.md index 3633c6c89a..5ca9a20a05 100644 --- a/docs/endpointpolicymanager/leastprivilege/events/auditingsettings/standardusersuntrusted.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/auditingsettings/standardusersuntrusted.md @@ -1,3 +1,9 @@ +--- +title: "Discovery of Untrusted Standard Apps" +description: "Discovery of Untrusted Standard Apps" +sidebar_position: 30 +--- + # Discovery of Untrusted Standard Apps The goal of SecureRun™ is to block applications from running when the owner of the file is not on diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/client.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/client.md new file mode 100644 index 0000000000..fba3ddbcb3 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/client.md @@ -0,0 +1,16 @@ +--- +title: "Client Events" +description: "Client Events" +sidebar_position: 10 +--- + +# Client Events + +There is only one event ID for Endpoint Policy Manager Least Privilege Manager Client events. That +is Event 100, which describes when a User or Computer picks up new Endpoint Policy Manager Least +Privilege Manager policies. An example of this kind of event can be seen here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/client_events.webp) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/cloud.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/cloud.md new file mode 100644 index 0000000000..5a697397dd --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/cloud.md @@ -0,0 +1,44 @@ +--- +title: "Creating Policy from Endpoint Policy Manager Cloud Events" +description: "Creating Policy from Endpoint Policy Manager Cloud Events" +sidebar_position: 50 +--- + +# Creating Policy from Endpoint Policy Manager Cloud Events + +In order to receive Endpoint Policy Manager reports for events via Endpoint Policy Manager Cloud +Event Collector, you will need to complete the following steps: + +- Submit a support ticket to activate the Cloud Event Log Collector +- Trialers/Customers will only have a one-day event collection offered at no cost +- 7 Day, 14 Day, or 30 Day storage intervals for retained events + +**Step 1 –** Select the Company Group you want to push events to Endpoint Policy Manager Cloud and +select **Edit Group**. + +![creating_policy_from_policypak](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager.webp) + +**Step 2 –** Select the **Event Collector**,Refresh interval for computers time setting. + +![creating_policy_from_policypak_1](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_1.webp) + +**Step 3 –** Select the Event IDs you want to collect. + +![creating_policy_from_policypak_2](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_2.webp) + +**NOTE:** You can select the drop-down option to select the Event IDs. See the +[List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md) topic +for a list of Endpoint Policy Manager Event IDs. + +**Step 4 –** Go to the Reports section to see the events that have been generated. + +![creating_policy_from_policypak_3](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_3.webp) + +**Step 5 –** Use the Generate Rule(s) wizard to create policies from forwarded events. + +![creating_policy_from_policypak_4](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_4.webp) + +**Step 6 –** Final Result: a Rule is created and you can edit the policy name and/or change the +conditions if needed. + +![creating_policy_from_policypak_5](/img/product_docs/endpointpolicymanager/leastprivilege/events/createpolicy/creating_policy_from_endpointpolicymanager_5.webp) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/operational.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/operational.md new file mode 100644 index 0000000000..7d1f55e115 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/operational.md @@ -0,0 +1,66 @@ +--- +title: "Operational Events" +description: "Operational Events" +sidebar_position: 30 +--- + +# Operational Events + +Events in section are divided into the following categories: + +- User Action Allowed events (Event ID 1000+) +- User Action Blocked events (Event ID 2000+) +- Audit/Discovery events (Event ID 6200+) +- Admin Approval events (Event ID 6300+) + +See the [List of Endpoint Policy Manager Event Categories and IDs](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventcategories.md) +topic for all event IDs. + +Each event ID will have the following fields: + +- Path +- Command line +- Process Id +- Parent Id +- Policy Object +- Collection +- Policy + +Here is an example of Event 6310, which shows that a response code was accepted by user and an +application was given the OK to run: + +``` +Short response code verified +Dialog Guide: {68FCD989-4966-F9D4-BB1F-20630E9D5116}  +User Sid: S-1-5-21-934088035-149717768-3671783038-1116 +User Name: FABRIKAM\EastSalesUser1 Process Id: 5100 +Process Path: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe +Command Line: "C:\Users\eastsalesuser1\Desktop\Silverlight install.exe" +Task Kind: Application Installer  +Executable File: +C:\Users\eastsalesuser1\Desktop\Silverlight install.exe  +Executable File Sha256: +742F7911C4711F500867754F2D5F84A80A1B93DDC9ED07359455549E7032 C217 +File Owner Sid: S-1-5-21-934088035-149717768-3671783038- 1116 +File Owner Name: No Trusted:  No Signed: Yes +Reason: Software Installation Forced Elevation: No +Code Uses: 1/1 Expiration: Never +Apply to Child Processes: Yes + +``` + +The reason code that is written to Event 6310 is from a fixed list in the Endpoint Policy Manager +Least Privilege Manager code generator tool and is not admin- or user-definable. When the admin +chooses a reason code, as seen here, that is what is recorded within the event on the client. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/operational_events.webp) + +An example of Event 613 can be seen here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/operational_events_1.webp) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/overview.md new file mode 100644 index 0000000000..6710c49485 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/events/overview.md @@ -0,0 +1,55 @@ +--- +title: "Discovery, Auditing, and Events" +description: "Discovery, Auditing, and Events" +sidebar_position: 110 +--- + +# Discovery, Auditing, and Events + +Endpoint Policy ManagerLeast Privilege Manager uses Windows event logs to generate interesting +events that you can audit. You can use these events to audit what has occurred. + +**NOTE:** See the [Events](/docs/endpointpolicymanager/video/leastprivilege/events.md) video for a demo of the Endpoint +Policy Manager Least Privilege Manager Events in action. + +You can also use these events, before you fully roll out Endpoint Policy Manager Least Privilege +Manager, to discover what rules you would need to make when you transition from local admin rights +to SecureRun™. + +**NOTE:** See the +[Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) +video for a demo of Endpoint Policy Manager Least Privilege Manager Discovery in action. + +Events are logged on each endpoint machine and only when the interesting event occurs. You can find +Endpoint Policy Manager Least Privilege Manager events inside Event Viewer in the Application and +Services folder and under the Endpoint Policy Manager node. Once you get an understanding of +Endpoint Policy Manager Least Privilege Manager and events, you might want to set up event +forwarding to capture and forward events from multiple machines. In this way you can see what +multiple users are doing and look through the events for interesting ideas to convert into rules. + +- See the + [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md) + topic to learn more about event forwarding. +- You can also use Netwrix Auditor to capture events from endpoints to bring them to a centralized + source for investigation. See the + [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md) + topic for additional information. +- You can use Azure Log Analytics to store Endpoint Policy Manager Least Privilege Manager events. + See the + [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md) + topic for additional information. +- You can use Endpoint Policy Manager Cloud to store Endpoint Policy ManagerLeast Privilege Manager + events and make rules from stored events. See the + [Endpoint Policy Manager Cloud + PPLPM + Events: Collect Events in the Cloud](/docs/endpointpolicymanager/video/leastprivilege/cloudevents.md)video + for additional information. + +Endpoint Policy Manager Least Privilege Manager has two event sources, which can be seen in Event +Viewer. + +- Endpoint Policy Manager Least Privilege Manager Client +- Endpoint Policy Manager Least Privilege Manager Client—Operational + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/events/discovery_auditing_and_events.webp) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overview.md new file mode 100644 index 0000000000..a96b7c9cb8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overview.md @@ -0,0 +1,121 @@ +--- +title: "Least Privilege Manager (Windows)" +description: "Least Privilege Manager (Windows)" +sidebar_position: 10 +--- + +# Least Privilege Manager (Windows) + +About Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager + +Before reading this section, please ensure you have read the +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md) topics, which will help +you learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial or Licensed mode +- Set up a common OU structure + +Optionally, this manual demonstrates how to use on-prem Active Directory and Group Policy to deploy +Endpoint Policy Manager Least Privilege Manager directives. If you don't want to use Group Policy, +read the [MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md) topics for additional information on how to deploy +your directives. + +Endpoint Policy Manager Least Privilege Manager enables you to do the following: + +- Get out of the risky business of giving users local admin rights. +- Shut the door on malware, crypto-malware, and zero-day exploits. +- Let non-admins safely install software they need, on-demand. +- Elevate specific scripts to run as needed (without insecurely embedding the script password inside + the script file). +- Elevate specific Java JAR files to run in this way, as needed. + +For instance, you don’t want to block your Standard Users from running applications that throw a UAC +prompt. A Standard User doesn’t have the right permissions, and that’s where Endpoint Policy Manager +Least Privilege Manager can come in. + +**NOTE:** For more information on this issue, watch the +[Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) +video. + +The basic way to use Endpoint Policy Manager Least Privilege Manager is as follows: + +- Remove local admin rights from all users. +- Create a rule to specify which applications, Control Panel applets, or other areas a user would + need admin rights to. +- Create a Endpoint Policy Manager SecureRun™ rule to prevent all unknown applications from running + (optional, but recommended). +- Use On-Prem Group Policy to accept the Endpoint Policy Manager Least Privilege Manager policies + created. (This is what this guide will demonstrate.) +- Alternatively, export the Endpoint Policy Manager Least Privilege Manager rules and deliver them + in one of these ways: + + - Microsoft SCCM (See theDeploy Endpoint Policy Manager Settings Using SCCM or Other Management + System! video overview for additional information.) + - Microsoft Intune (See the + [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) video + overview for additional information.) + - Your own systems management software (PDQ Deploy or similar) (See the + [Deploying Apps that Require Admin Rights Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeploy.md) + video overview for additional information.) + - Endpoint Policy Manager Cloud service (See the + [Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) + video overview for additional information.) + +Then allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to +receive the directives and perform the work. + +**NOTE:** If you use an MDM service or Endpoint Policy Manager cloud service, you can deliver +Endpoint Policy Manager Least Privilege Manager settings even to non-domain-joined machines over the +Internet. + +## Endpoint Privilege Manager Moving Parts + +First thing is to understand the moving parts. + +- A management station. The Endpoint Policy Manager Admin Console MSI must be installed on the + management station where you create GPOs. Once it’s installed, you’ll see the Endpoint Policy + Manager | Endpoint Policy Manager Least Privilege Manager node, as shown below. +- The Endpoint Policy Manager CSE. This runs on the client (target) machine and is the same CSE for + all Endpoint Policy Manager components (such as Endpoint Policy Manager Least Privilege Manager, + Endpoint Policy Manager Device Manager, Endpoint Policy Manager Application Settings Manager, + etc.). +- Windows Endpoints. In order to use these, they must be licensed for Endpoint Policy Manager Least + Privilege Manager using one of the licensing methods. +- Mac Endpoints (optional). Mac endpoints must use Endpoint Policy Manager Cloud to get Endpoint + Policy Manager Least Privilege Manager directives. See more in the Endpoint Policy Manager Cloud + for MacOS Client manual. + +Also available is Endpoint Policy Manager Cloud when you purchase Endpoint Policy Manager Enterprise +or Endpoint Policy Manager SaaS. + +Endpoint Policy Manager Cloud enables you to create Endpoint Policy ManagerLeast Privilege Manager +directives using the in-cloud editors and connect endpoints (Windows and Mac) to get Endpoint Policy +Manager Least Privilege Manager directives. + +![overview1](/img/product_docs/endpointpolicymanager/leastprivilege/overview1.webp) + +While this manual mostly demonstrates concepts using the Group Policy editor, nearly everything can +be done using the in-Endpoint Policy Manager-Cloud editors. Additionally, you can take on-prem MMC +directives and upload them to Endpoint Policy Manager Cloud, and take in-cloud directives and +download them back as MMC directives. + +Additionally, you may use Endpoint Policy Manager Least Privilege Manager with any management system +you like such as SCCM, Intune, PDQ deploy or anything else. This is because Endpoint Policy Manager +Least Privilege Manager directives may be exported as XML and wrapped up using the Endpoint Policy +Manager Exporter tool. This is a free utility that lets you take Endpoint Policy Manager Admin +Templates Manager and our other products’ XML files and wrap them into a portable MSI file for +deployment using Microsoft Endpoint Manager (SCCM and Intune), or your own systems management +software. + +The [MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md) topics explain how to use the Endpoint Policy Manager +Exporter to wrap up any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint +Manager (SCCM and Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. + +In other words, you are free to use any delivery methodof your choice with Endpoint Policy Manager +Least Privilege Manager. + +This manual is designed to give you the basic concepts and operational scenarios you may encounter, +but once you get those down, you are free to use whatever delivery method is best for your +organization. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overview_1.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overview_1.md new file mode 100644 index 0000000000..0e4f191c81 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overview_1.md @@ -0,0 +1,121 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 120 +--- + +# Troubleshooting + +Endpoint Policy Manager Least Privilege Manager problems can generally be divided into three +categories: + +- Case 1: You expected a rule to bypass UAC, but it did not. +- Case 2: A rule is bypassing UAC, and it was not expected. +- Case 3: A rule is preventing an item from running when not expected. + +In all cases, you can see detailed information about the occurrence within the Endpoint Policy +Manager Least Privilege Manager log files which are found in: +`%appdata%\local\PolicyPak\PolicyPak Least Privilege Manager and %Programdata%\PolicyPak\PolicyPak Least Privilege Manager` + +First, you need to open the correct log file, based on the activity that has occurred, to see which +Endpoint Policy Manager Least Privilege Manager policies you have. There are several files to check: + +- ppUser_OnLogon.log. This log gets new data when Group Policy applies at logon, and items are set + for the User side, not the Computer side. +- ppUser_Switched.log. This log file is updated when Group Policy applies at logon, but items are + set for the Computer side. +- ppUser_OnGroupPolicy.log. This log gets new data when Group Policy applies in the background when + GPupdate is run, or when Group Policy applies in the background. +- ppUser_onPolicyChanged.log. This log file is updated when Group Policy applies in the background, + or when a non-Group Policy method is used (e.g., Microsoft Endpoint Manager (SCCM and Intune) or + Endpoint Policy Manager Cloud). + +Start troubleshooting by verifying that the following conditions (seen here) are true: + +- You have the GPO (or file). +- There is a collection within the GPO. +- The rules are within the collection. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_1.webp) + +The final log to check is the ppUser_Operational.log, which can indicate why something is denied +(blocked), allowed, or elevated. It shows what was trying to run and which GPO, collection, and +policy performed the action, along with the ultimate result. For example, this log shows a Deny +result. + +![A screenshot of a computer code + +Description automatically +generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_2.webp) + +An Allowed result can be seen here. + +![A screenshot of a computer code + +Description automatically +generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_3.webp) + +An Elevated result can be seen here. + +![A screenshot of a computer code + +Description automatically +generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_4.webp) + +Additionally, as expressed earlier, you can also see when Admin Approval dialogs are shown to end +users, when they are canceled, and which processes failed to run because they did not get +Administrator privileges. In this screenshot you can see that the dialog was canceled, which means +the end user was not permitted to perform an action which required a UAC prompt. + +![A screenshot of a computer program + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/avoid_pop_ups_with_admin_approval_1.webp) + +Additionally, Admin Approval is logged in the ppUser_Operational.log file as well, which shows when +applications require Admin privileges and when the user successfully enters in a response code from +an Admin when he or she uses the Endpoint Policy Manager Admin Approval Tool. + +**NOTE:** The Reason Code is also stored here and is a fixed list from within the Endpoint Policy +Manager Admin Approval Tool. + +``` +Admin Approval Dialog (2018/07/14, 15:55:20.312, PID: 1360, TID: 3020) +{ +    Process requires administrator privileges +    Dialog Guide: {3F8058CB-AB08-F878-D146-78312F2B7031} User Sid: S-1-5-    21-934088035-149717768-3671783038-1116 +    User Name: FABRIKAM\EastSalesUser1 Process Id: 7072 +    Process Path: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe +    Command Line: "C:\Users\eastsalesuser1\Desktop\Silverlight install.exe" +    Task Kind: ApplicationInstaller  +    Task Hash: +25AA5CA53202838E3937FCFF39B3DB34C6B5A7188D28F45D7BFEDE81CF37ED6D +    Executable: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe +    File Owner Sid: S-1-5-21-934088035-149717768-3671783038-1116 +    File Owner Name: FABRIKAM\EastSalesUser1 Trusted: No +    Signed: Yes +} // End of Admin Approval Dialog, elapsed time: 00:00:00.001 +Admin Approval Dialog (2018/07/14, 15:56:10.279, PID: 1360, TID: 2920) +{ +    Dialog success +    Dialog Guid: S-1-5-21-934088035-149717768-3671783038-1116 User Sid: S-1-5-21-934088035-149717768-3671783038-1116 +    User Name: FABRIKAM\EastSalesUser1 Process Id: 7072 +    Process Path: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe +    Command Line: "C:\Users\eastsalesuser1\Desktop\Silverlight install.exe" +    Task Kind: ApplicationInstaller  +    Task Hash: +25AA5CA53202838E3937FCFF39B3DB34C6B5A7188D28F45D7BFEDE81CF37ED6D +    Executable: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe +    File Owner Sid: S-1-5-21-934088035-149717768-3671783038-1116 +    File Owner Name: FABRIKAM\EastSalesUser1 Trusted: No +    Signed: Yes +    Reason: Application_LOB  +    Forced Elevation: No + +``` + +If requested by support, logs are automatically wrapped up and can be sent to Netwrix Support with +the PPLOGS.EXE command on any endpoint where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/_category_.json new file mode 100644 index 0000000000..982a7ef8f0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Best Practices and Miscellaneous Topics", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overviewmisc" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/acltraverse.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/acltraverse.md similarity index 92% rename from docs/endpointpolicymanager/leastprivilege/acltraverse.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/acltraverse.md index c593f118cc..d6795833f2 100644 --- a/docs/endpointpolicymanager/leastprivilege/acltraverse.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/acltraverse.md @@ -1,3 +1,9 @@ +--- +title: "Understanding ACL Manage File System and Registry (ACL Traverse)" +description: "Understanding ACL Manage File System and Registry (ACL Traverse)" +sidebar_position: 50 +--- + # Understanding ACL Manage File System and Registry (ACL Traverse) Endpoint Policy Manager Least Privilege Manager enables Standard Users to perform operations in the diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/_category_.json new file mode 100644 index 0000000000..d167ed218a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Best Practices", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/childprocesses.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/childprocesses.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/bestpractices/childprocesses.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/childprocesses.md index efc6f95e67..d8c1f7ae46 100644 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/childprocesses.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/childprocesses.md @@ -1,3 +1,9 @@ +--- +title: "When to Use \"Apply to Child Processes\"" +description: "When to Use \"Apply to Child Processes\"" +sidebar_position: 60 +--- + # When to Use "Apply to Child Processes" **NOTE:** See the diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/commandline.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/commandline.md new file mode 100644 index 0000000000..5af18ae17d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/commandline.md @@ -0,0 +1,82 @@ +--- +title: "Creating and Using Command Line Rules" +description: "Creating and Using Command Line Rules" +sidebar_position: 40 +--- + +# Creating and Using Command Line Rules + +From time to time, you may encounter a situation in which an application only runs from the command +line, or there is an application that you want to run with specific command-line arguments. This +could occur in day-to-day use or with items that must run from a logon script and perform the task +with elevated rights. + +**NOTE:** See the +[Prevent Users Running some commands with command lines](/docs/endpointpolicymanager/video/leastprivilege/preventusercommands.md) +video for an overview of using Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager +and command-line arguments. + +A good example would be enabling standard users to start and stop services with a command line, or +to run the Performance Monitor’s Resource Monitor. Both must be executed from the command line. + +A Combo rule addresses this issue, by using Path and Command-line argument rules. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command.webp) + +The first step, as shown here, is to specify the Path Condition, such as +`%SYSTEMROOT%\System32\sc.exe`. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_1.webp) + +For the command-line arguments in this example, the argument **stop wsearch**, which stops the +Windows Search Service, is specified. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_2.webp) + +For **Check Mode**, there are four choices: + +- Strict empty - Command must have no arguments. +- Strict equality - This means the Command and Rule will be elevated (or otherwise run) when the + arguments are exactly as you specify in the same order, with no variance. +- Ignore arguments order - This means the Command and Rule will be elevated (or otherwise run) when + all the arguments are in place, regardless of the order. +- Any argument from the list - This means that any argument in the Arguments box (separated by + spaces) is allowed in the command. + +**NOTE:** Ignore arguments order and **Any argument from the list** only work when the command has +slash-based switches. If the command line doesn’t have slashes, then use the **Strict equality** +method. + +On the next screen, for **Action**, select **Run with elevated privileges**. + +The net result is that **standard users** can now stop the `wsearch` service without needing +elevated rights. + +![A computer screen with a black and white text + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_3.webp) + +Another example would be to enable Standard Users to perform their own Registry merge. To do this, +make a Combo rule, which starts with the Path Condition running `%SYSTEMROOT%\System32\reg.exe` (not +shown). + +For the Command-line Arguments, select **Strict equality**, and then specify the location of the +.REG file, perhaps on a secure file server, as demonstrated here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/bestpractices/rules/creating_and_using_command_4.webp) + +Since the arguments are being specified, a user cannot add their own .REG files; they can only add +those specified by the admin (e.g., on a server where they could only read and not modify it). diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/dontelevate.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/dontelevate.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/bestpractices/dontelevate.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/dontelevate.md index d5638fdd10..b03d68256d 100644 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/dontelevate.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/dontelevate.md @@ -1,3 +1,9 @@ +--- +title: "When to Use \"Don't Elevate Open/Save Dialog\"" +description: "When to Use \"Don't Elevate Open/Save Dialog\"" +sidebar_position: 50 +--- + # When to Use "Don't Elevate Open/Save Dialog" **NOTE:** For more information see the diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/examplesavoid.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/examplesavoid.md similarity index 96% rename from docs/endpointpolicymanager/leastprivilege/bestpractices/examplesavoid.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/examplesavoid.md index c703ff7e79..78a9510531 100644 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/examplesavoid.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/examplesavoid.md @@ -1,3 +1,9 @@ +--- +title: "What Not to Do (Some Examples)" +description: "What Not to Do (Some Examples)" +sidebar_position: 10 +--- + # What Not to Do (Some Examples) Let's say you want to allow users to install Google Earth on their machines. To make it easy, you diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/rules/executablecombo.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/executablecombo.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/bestpractices/rules/executablecombo.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/executablecombo.md index 7e65a69bf8..80c34515f4 100644 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/rules/executablecombo.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/executablecombo.md @@ -1,3 +1,9 @@ +--- +title: "Creating and Using Executable Combo Rules" +description: "Creating and Using Executable Combo Rules" +sidebar_position: 30 +--- + # Creating and Using Executable Combo Rules In previous examples, we reviewed Simple rules and started to dip our toes into Combo Rules. diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/fileinfo.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/fileinfo.md similarity index 97% rename from docs/endpointpolicymanager/leastprivilege/bestpractices/fileinfo.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/fileinfo.md index 2656267cfb..08434d03c1 100644 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/fileinfo.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/fileinfo.md @@ -1,3 +1,9 @@ +--- +title: "Deeper Dive on File Info" +description: "Deeper Dive on File Info" +sidebar_position: 20 +--- + # Deeper Dive on File Info The **File Info Condition** enables you to match inner criteria of your EXE or MSI. In this example, diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/overview.md new file mode 100644 index 0000000000..408188e0ba --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/overview.md @@ -0,0 +1,21 @@ +--- +title: "Best Practices" +description: "Best Practices" +sidebar_position: 10 +--- + +# Best Practices + +**NOTE:** See the +[Best Practices for Elevating User-Based Installs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevatinguserbasedinstalls.md) +video for an overview of Endpoint Policy Manager Least Privilege Manager best practices. + +Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager’s job is to overcome UAC +prompts which normally stop users from being productive. However, you always want to make sure you +are putting Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager to work in the +ideal way, and not over-permission an application, which could be a security concern. + +When possible use the Best Practice Signature Condition alongside and File Info condition as a Combo +rule. This is because both of these items have digital signatures. + +With that in mind, let’s go over some “What not to dos” before we continue on with Best Practices. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/export.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/export.md new file mode 100644 index 0000000000..fcf9caada6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/export.md @@ -0,0 +1,27 @@ +--- +title: "Exporting Policies and Collections" +description: "Exporting Policies and Collections" +sidebar_position: 100 +--- + +# Exporting Policies and Collections + +The [MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md) topics explain how to use the Endpoint Policy Manager +Exporter to wrap up any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint +Manager (SCCM and Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. To export a +policy for later use using Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud, +right-click the collection or the policy and select **Export to XML**. This will enable you to save +an XML file, which you can use later. + +**NOTE:** For more information on how to use Endpoint Policy Manager Least Privilege Manager and +Endpoint Policy Manager Cloud, please see the +[Use Endpoint Policy Manager Cloud to deploy PP Least Privilege Manager rules](/docs/endpointpolicymanager/video/leastprivilege/cloudrules.md) +and the [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) +videos, + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/exporting_policies_and_collections.webp) + +**NOTE:** Exported collections or policies maintain any Item-Level Targeting set within them. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/itemleveltargeting.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/itemleveltargeting.md new file mode 100644 index 0000000000..eada78dedc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/itemleveltargeting.md @@ -0,0 +1,92 @@ +--- +title: "Item-Level Targeting with Collections and Policies" +description: "Item-Level Targeting with Collections and Policies" +sidebar_position: 70 +--- + +# Item-Level Targeting with Collections and Policies + +**NOTE:** For more information on Endpoint Policy Manager Least Privilege Manager and Item Level +Targeting, please see the +[Endpoint Privilege Manager: Use Item Level Targeting to hone in when rules apply.](/docs/endpointpolicymanager/video/leastprivilege/itemleveltargeting.md) +video. + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Endpoint +Policy Manager to target or filter where specific items will apply. With Endpoint Policy +ManagerLeast Privilege Manager, Item-Level Targeting can be placed on collections as well as +Endpoint Policy Manager Least Privilege Manager policies within collections. + +A collection enables you to group together Endpoint Policy Manager Least Privilege Manager policies +so they can act together. For instance, you might create a collection for only East Sales Users and +another for West Sales Users. . + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with.webp) + +Below you can see two created collections that can hold other collections or policies. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_1.webp) + +Right-click any Endpoint Policy Manager Least Privilege Manager Collection or Policy and select +**Change Item-Level Targeting**, to set filtering conditions on when the policy will apply. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_2.webp) + +The **Change Item Level Targeting** menu item brings up the Targeting Editor. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_3.webp) + +You can select any combination of characteristics you want to test for. Administrators familiar with +Group Policy Preferences’ Item-Level Targeting will be at home in this interface as it is +functionally equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically. You can also add targeting collections, which group together targeting items in much the +same way parentheses are used in an equation. In this way, you can create a complex determination +about where a policy will be applied. Collections may be set to **And**, **Or**, **Is**, or **Is +Not**. + +**NOTE:** Additionally, Endpoint Policy Manager Least Privilege Manager allows you to target users +or user groups, even if the policy is on the computer side. See the +[Link to Computer, Filter by User](/docs/endpointpolicymanager/video/leastprivilege/userfilter.md) video for details on this +superpower. + +Below are some real-world examples of how you can use Item-Level Targeting. + +- Software prerequisites. If you want to configure an application’s settings, first make sure the + application is installed on the user’s computer before configuring it. You can use File Match or + Registry Match targeting items (or both) to verify a specific version of a file, or a registry + entry is present. For an example of this, look in the Uninstall registry key. +- Mobile computers. If you want to deploy settings exclusively for users on mobile PCs, filter the + rule to apply only to mobile PCs by using the Portable Computer targeting item. +- Operating system version. You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system and then filter + each rule using the Operating System targeting item. +- Group membership. You can link the Group Policy Object (GPO) to the whole domain or organizational + unit (OU), but only members within a specific group will pick up and process the rule settings. +- IP range. You can specify different settings for various IP ranges, like different settings for + the home office and each field office. + +After editing is completed, close the editor. The policy's icon, or the collection’s icon, has now +changed to orange, which shows that it has Item-Level Targeting, as well as the Column labeled Item +Level Targeting, as seen below. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/item_level_targeting_with_4.webp) + +When Item-Level Targeting is on, the policy won’t apply unless the conditions are true. If +Item-Level Targeting is applied to a collection, then none of the items in the collection will apply +unless the Item-Level Targeting on the collection evaluates to true. diff --git a/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md similarity index 80% rename from docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md index 6dbcbfbe2d..7de3b746bb 100644 --- a/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md @@ -1,3 +1,9 @@ +--- +title: "Best Practices and Miscellaneous Topics" +description: "Best Practices and Miscellaneous Topics" +sidebar_position: 80 +--- + # Best Practices and Miscellaneous Topics In this section you will learn the following basics: diff --git a/docs/endpointpolicymanager/leastprivilege/parentprocessfilter.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/parentprocessfilter.md similarity index 86% rename from docs/endpointpolicymanager/leastprivilege/parentprocessfilter.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/parentprocessfilter.md index 7a15067533..8edfbf2888 100644 --- a/docs/endpointpolicymanager/leastprivilege/parentprocessfilter.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/parentprocessfilter.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Parent Process Filter" +description: "Understanding Parent Process Filter" +sidebar_position: 80 +--- + # Understanding Parent Process Filter You might have an application which has the ability to be called multiple ways. For instance, you diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/processorderprecedence.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/processorderprecedence.md new file mode 100644 index 0000000000..620b6d2ea8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/processorderprecedence.md @@ -0,0 +1,36 @@ +--- +title: "Processing Order and Precedence within a GPO" +description: "Processing Order and Precedence within a GPO" +sidebar_position: 90 +--- + +# Processing Order and Precedence within a GPO + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So lower-numbered collections attempt to process first, and higher-numbered collections attempt to +process last. Then, within any collection, each policy is processed in numerical order from lowest +to highest. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/processing_order_and_precedence.webp) + +Within any collection, each policy is processed in numerical order from lowest to highest. + +Policies can be delivered by Group Policy and non-Group Policy methods, such as Microsoft Endpoint +Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As +such, the Endpoint Policy Manager engine needs to make a final determination whether there is any +overlap of policies. Here is how the precedence works: + +- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. +- Policies delivered through Endpoint Policy Manager files have the next highest precedence. +- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest + precedence. + +After that, user-side policy has precedence over computer-side (Switched) policy. This occurs in +order to specify a baseline setting for various computers. Then, specific (overriding) policies can +be used when specific users log on. If SecureRun™ is enabled and performs work (i.e., blocking +processes), then user-created processes aren’t created unless expressly allowed with the Allow and +log rule. At this point, each rule is applied one by one to perform elevation (or Block or Allow and +log). diff --git a/docs/endpointpolicymanager/leastprivilege/reauthentication.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/reauthentication.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/reauthentication.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/reauthentication.md index 01a16ab915..6a6b7428ca 100644 --- a/docs/endpointpolicymanager/leastprivilege/reauthentication.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/reauthentication.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Re-authentication & Justification Text" +description: "Understanding Re-authentication & Justification Text" +sidebar_position: 20 +--- + # Understanding Re-authentication & Justification Text There might be times you want users to re-authenticate and/or provide justification text about their diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/_category_.json new file mode 100644 index 0000000000..34681e67bc --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Understanding Process Scoping & Filters", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/scopefilters/blockadmins.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockadmins.md similarity index 87% rename from docs/endpointpolicymanager/leastprivilege/scopefilters/blockadmins.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockadmins.md index 760312e606..97afd36bbe 100644 --- a/docs/endpointpolicymanager/leastprivilege/scopefilters/blockadmins.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockadmins.md @@ -1,3 +1,9 @@ +--- +title: "Scenario 3: Running or Elevating Applications or Installers, but Blocking Other Admins from Running Them" +description: "Scenario 3: Running or Elevating Applications or Installers, but Blocking Other Admins from Running Them" +sidebar_position: 40 +--- + # Scenario 3: Running or Elevating Applications or Installers, but Blocking Other Admins from Running Them **NOTE:** For an overview video of this section, see the diff --git a/docs/endpointpolicymanager/leastprivilege/scopefilters/blockapp.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockapp.md similarity index 85% rename from docs/endpointpolicymanager/leastprivilege/scopefilters/blockapp.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockapp.md index abd56f0154..f36b053055 100644 --- a/docs/endpointpolicymanager/leastprivilege/scopefilters/blockapp.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockapp.md @@ -1,3 +1,9 @@ +--- +title: "Scenario 2: Specific Rule to Block an App from Being Run, Even as Local System" +description: "Scenario 2: Specific Rule to Block an App from Being Run, Even as Local System" +sidebar_position: 20 +--- + # Scenario 2: Specific Rule to Block an App from Being Run, Even as Local System **NOTE:** For an overview of this scenario, see the diff --git a/docs/endpointpolicymanager/leastprivilege/scopefilters/blockpowershell.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockpowershell.md similarity index 81% rename from docs/endpointpolicymanager/leastprivilege/scopefilters/blockpowershell.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockpowershell.md index 78dbcd5f35..4b7a4f900d 100644 --- a/docs/endpointpolicymanager/leastprivilege/scopefilters/blockpowershell.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/blockpowershell.md @@ -1,3 +1,9 @@ +--- +title: "Scenario 2B: Block Powershell.exe Completely, but Allow Local System to Run a Specific .PS1 Script" +description: "Scenario 2B: Block Powershell.exe Completely, but Allow Local System to Run a Specific .PS1 Script" +sidebar_position: 30 +--- + # Scenario 2B: Block Powershell.exe Completely, but Allow Local System to Run a Specific .PS1 Script In the previous example, we blocked PowerShell (or PSEXEC, etc.) from all user and system processes. diff --git a/docs/endpointpolicymanager/leastprivilege/scopefilters/elevateserviceaccount.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/elevateserviceaccount.md similarity index 92% rename from docs/endpointpolicymanager/leastprivilege/scopefilters/elevateserviceaccount.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/elevateserviceaccount.md index 6cd9fe5f3c..e7d8ab5f20 100644 --- a/docs/endpointpolicymanager/leastprivilege/scopefilters/elevateserviceaccount.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/elevateserviceaccount.md @@ -1,3 +1,9 @@ +--- +title: "Scenario 4: Elevating a Service Account" +description: "Scenario 4: Elevating a Service Account" +sidebar_position: 50 +--- + # Scenario 4: Elevating a Service Account **NOTE:** For an overview of this scenario see the diff --git a/docs/endpointpolicymanager/leastprivilege/scopefilters/enhancedsecurerun.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/enhancedsecurerun.md similarity index 89% rename from docs/endpointpolicymanager/leastprivilege/scopefilters/enhancedsecurerun.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/enhancedsecurerun.md index 5a259c18ab..0c5620e494 100644 --- a/docs/endpointpolicymanager/leastprivilege/scopefilters/enhancedsecurerun.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/enhancedsecurerun.md @@ -1,3 +1,9 @@ +--- +title: "Scenario 1: Enhanced SecureRun / Prevent Untrusted Executables and Scripts from Running Even by LOCAL SYSTEM" +description: "Scenario 1: Enhanced SecureRun / Prevent Untrusted Executables and Scripts from Running Even by LOCAL SYSTEM" +sidebar_position: 10 +--- + # Scenario 1: Enhanced SecureRun / Prevent Untrusted Executables and Scripts from Running Even by LOCAL SYSTEM **NOTE:** For an overview of this scenario, see the diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/overview.md new file mode 100644 index 0000000000..44b02201b4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/scopefilters/overview.md @@ -0,0 +1,36 @@ +--- +title: "Understanding Process Scoping & Filters" +description: "Understanding Process Scoping & Filters" +sidebar_position: 30 +--- + +# Understanding Process Scoping & Filters + +The **Scope** filter section can be found in various rule types in Endpoint Policy Manager Least +Privilege Manager. For instance, it exists in every explicit rule, like this: + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/scopefilters/understanding_process_scoping.webp) + +And also in SecureRun™ rules: + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/scopefilters/understanding_process_scoping_1.webp) + +**NOTE:** The Policy Scope option for Processes is only available when used on the Computer side; on +the User side it is greyed out because this setting is only meant to express to the COMPUTER +(system) how to work with User and User and System Processes. On the User side, the processes are +always in the context of the User. However, the Scope filter for Users & Groups is available on the +User side. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/scopefilters/understanding_process_scoping_2.webp) + +In this topic, we will explore various use cases when you might use the Policy Scope option (which +again, will only be un-gray / valid on the Computer side.) diff --git a/docs/endpointpolicymanager/leastprivilege/securecopy.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/securecopy.md similarity index 94% rename from docs/endpointpolicymanager/leastprivilege/securecopy.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/securecopy.md index 85e852e01e..80896af7e0 100644 --- a/docs/endpointpolicymanager/leastprivilege/securecopy.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/securecopy.md @@ -1,3 +1,9 @@ +--- +title: "Understanding SecureCopy" +description: "Understanding SecureCopy" +sidebar_position: 40 +--- + # Understanding SecureCopy **NOTE:** See the diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/wildcards.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/wildcards.md new file mode 100644 index 0000000000..7f6cba9d2a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/wildcards.md @@ -0,0 +1,38 @@ +--- +title: "Using Wildcards with Endpoint Privilege Manager and Certificates" +description: "Using Wildcards with Endpoint Privilege Manager and Certificates" +sidebar_position: 60 +--- + +# Using Wildcards with Endpoint Privilege Manager and Certificates + +**NOTE:** See the +[Endpoint Privilege Manager and Wildcards](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/wildcards.md) video +on how to use Endpoint Policy Manager Least Privilege Manager and Certificate Wildcards. + +Applications like Zoom, GotoMeeting, Webex and others often have certificates which change from time +to time. So even if you’ve set up the best practice of Certificate + File Info rules (like we +discussed in the [Best Practices](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/overview.md) section), those automatic rules can go +out of date quickly. + +To allow Endpoint Policy Manager Least Privilege Manager to permit Wildcards in Certificate +matching, select Advanced Mode and then **Allow wildcards in Common Name**. This will flip the +certificate to be permitted to Wildcard mode. + +Now you can address the fields you need as Wildcards; in this example, we’ve specified L=\*. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_wildcards_with_endpointpolicymanager.webp) + +Endpoint Policy Manager Least Privilege Manager will continue to check all the intermediary +certificates along the way before it gets to the one you modified. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_wildcards_with_endpointpolicymanager_1.webp) + +**CAUTION:** You want to try to be as restrictive as possible when using Wildcards; the more you +open up, the less secure you will be. diff --git a/docs/endpointpolicymanager/leastprivilege/preconfiguredxmls.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/preconfiguredxmls.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/preconfiguredxmls.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/preconfiguredxmls.md index 9ddd1e7f81..53e97279b7 100644 --- a/docs/endpointpolicymanager/leastprivilege/preconfiguredxmls.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/preconfiguredxmls.md @@ -1,3 +1,9 @@ +--- +title: "Preconfigured XMLs" +description: "Preconfigured XMLs" +sidebar_position: 50 +--- + # Preconfigured XMLs Endpoint Policy Manager Least Privilege Manager comes with some preconfigured XML files that help to diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/preferences.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/preferences.md new file mode 100644 index 0000000000..b90157877c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/preferences.md @@ -0,0 +1,47 @@ +--- +title: "Using Group Policy Preferences to Manage Local Admin Groups" +description: "Using Group Policy Preferences to Manage Local Admin Groups" +sidebar_position: 130 +--- + +# Using Group Policy Preferences to Manage Local Admin Groups + +**NOTE:** See the +[Use Group Policy to remove local admin rights (then Endpoint Policy Manager to enable Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/removelocaladmin.md) +video for an overview of using Group Policy preference with Endpoint Policy Manager Least Privilege +Manager. + +Endpoint Policy ManagerLeast Privilege Manager is built on the principle of stripping local admin +rights for standard users and then giving them the exact privileges they need to do their jobs. To +fully utilize this strategy, you may need to start with a clean slate concerning the membership of +your Windows local admin groups. Before we do that, you should first confirm who the members of your +Domain Admins group are and make sure that no one is listed there who shouldn't be there. If so, +remove those accounts immediately. + +**NOTE:** Doing this will create the need to do some cleanup in the local admins group on each +computer. + +Now let's move on to local admin groups. You can easily do this by creating a GPO, going to +**Computer Configuration** > **Preferences** > **Control Panel Settings** > **Local Users and +Groups** and select **Local Group** . + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_group_policy_preferences.webp) + +Next, you’ll use the **Update** action which has been selected by default along with the check box +to **Delete all member users**.  You may also want to select **Delete all member groups** as well.  +The first check box setting will delete any existing user members, including those remnant accounts +that were left after cleaning up the domain admins group in the prior step. This cleans out +everyone, which means you have to add back the accounts you want. Remember that you don't want to +allocate local admin groups to standard users, so only the domain admins group and the local admin +user account should be members. This is achieved by clicking the **Add** button and selecting them. + +![A screenshot of a group + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/using_group_policy_preferences_1.webp) + +Once the policy is deployed, you will have removed all non-privileged users from the local admins +group of all targeted desktops. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/_category_.json new file mode 100644 index 0000000000..689014a435 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Endpoint Policy Manager & Netwrix Privilege Secure", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/client.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/client.md new file mode 100644 index 0000000000..912551a8b5 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/client.md @@ -0,0 +1,47 @@ +--- +title: "Getting Started: Client" +description: "Getting Started: Client" +sidebar_position: 20 +--- + +# Getting Started: Client + +If you already have the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE installed on your +desired endpoint, great! That’s it, you’re done. However, in the Netwrix Privilege Secure download, +you will also find the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE available within the +Netwrix Privilege Secure download as a courtesy. + +Therefore, you may use either the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE found +either within the Netwrix Privilege Secure download, or the Netwrix Endpoint Policy Manager +(formerly PolicyPak) CSE found in the Netwrix Endpoint Policy Manager (formerly PolicyPak) download. + +**NOTE:** See the +[Netwrix Privilege Secure Client - Getting Started with MMC with/without Endpoint Policy Manager ](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecure.md)video +for a demo on the relationship of the Netwrix Privilege Secure and Netwrix Endpoint Policy Manager +(formerly PolicyPak) downloads and their moving parts. + +**CAUTION:** It might be best to use the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE +download since the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE download may have +bugfixes, etc., which may not yet be available in the Netwrix Privilege Secure download due to lag +time. + +**NOTE:** The interaction between Netwrix Privilege Secure and Netwrix Endpoint Policy Manager +(formerly PolicyPak) CSE does notneed to be licensed. When you evaluate or purchase Netwrix +Privilege Secure, the major Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege +Manager management and elevation functions are automatically available to you without needing to +install any specific endpoint license. + +- The Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager directives which + are distributed as part ofNetwrix Privilege Secure server performing the brokering\*will work even + if unlicensed. +- The Netwrix Endpoint Policy Manager (formerly PolicyPak) specific items where there is no Netwrix + Privilege Secure server involved require a license. + +You can see the difference in the list view as seen here. + +![getting_started_client](/img/product_docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/getting_started_client.webp) + +In the next section we will see how to create Netwrix Endpoint Policy Manager (formerly PolicyPak) + +Netwrix Privilege Secure policies which will not need an endpoint license to work out of the box. +Again, the idea is that you are already paying for an Netwrix Privilege Secure license, and because +Netwrix Privilege Secure is involved in the policy, those policies work on the endpoint for free. diff --git a/docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/gui.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/gui.md similarity index 97% rename from docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/gui.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/gui.md index caa17f38d7..53f8e01fc7 100644 --- a/docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/gui.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/gui.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started: GUI" +description: "Getting Started: GUI" +sidebar_position: 10 +--- + # Getting Started: GUI There are two ways to get started with Endpoint Policy Manager + Netwrix Privilege Secure: diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/overview.md new file mode 100644 index 0000000000..c121f0bb89 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/overview.md @@ -0,0 +1,36 @@ +--- +title: "Endpoint Policy Manager & Netwrix Privilege Secure" +description: "Endpoint Policy Manager & Netwrix Privilege Secure" +sidebar_position: 90 +--- + +# Endpoint Policy Manager & Netwrix Privilege Secure + +The Endpoint Policy Manager CSE is the agent for Netwrix Privilege Secure. When paired together, you +get the following benefits: + +- You are able to launch applications (elevated or not) from a local desktop, and have them brokered + by the Netwrix Privilege Secure server +- Applications will launch with Netwrix Privilege Secure 2fa (built-in or 3rd party) +- Applications may launch elevated if desired +- The whole screen can be recorded and sent up to the Netwrix Privilege Secure server for + safekeeping and analysis + +Therefore, instead of relying on RDP to remote control into a server to perform a privileged +operation, maintaining a second set of credentials, and having nothing recorded for posterity, you +can use the Better Together power of Netwrix Privilege Secure and Endpoint Policy Manager CSE. + +The best part is, if you are only interested in the Endpoint Policy Manager + Netwrix Privilege +Secure Better Together story, you only have to pay for the Netwrix Privilege Secure licenses. That +is, there is no required endpoint license when Netwrix Privilege Secure is used alongside a Endpoint +Policy Manager directive (where Netwrix Privilege Secure is involved.) You will see more as we go +along but, if you are using Netwrix Privilege Secure and want to try out the power of Endpoint +Policy Manager, that is included in your Netwrix Privilege Secure license. + +**NOTE:** See the +[Netwrix Privilege Secure Client - Getting Started with MMC with/without Endpoint Policy Manager ](/docs/endpointpolicymanager/video/leastprivilege/integration/privilegesecure.md)video +for a demo on the relationship of the Netwrix Privilege Secure and Endpoint Policy Manager downloads +and moving parts. + +**NOTE:** All Netwrix Privilege Secure + Endpoint Policy Manager documentation from Netwrix +Privilege Secure can be found in [Netwrix Privilege Secure for Endpoints Documentation](https://helpcenter.netwrix.com/category/privilegesecure_endpoints). diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/_category_.json new file mode 100644 index 0000000000..e742ab586d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Credential Based Policy Match", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "policymatch" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/integration/privilegesecure/resourcebased/closingbrokeredprocesses.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/closingbrokeredprocesses.md similarity index 79% rename from docs/endpointpolicymanager/integration/privilegesecure/resourcebased/closingbrokeredprocesses.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/closingbrokeredprocesses.md index 98a54d8f4c..249c9fa559 100644 --- a/docs/endpointpolicymanager/integration/privilegesecure/resourcebased/closingbrokeredprocesses.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/closingbrokeredprocesses.md @@ -1,3 +1,9 @@ +--- +title: "Closing Brokered Processes" +description: "Closing Brokered Processes" +sidebar_position: 10 +--- + # Closing Brokered Processes When the activity / process is terminated, you get the following message. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/policymatch.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/policymatch.md new file mode 100644 index 0000000000..50631a9eb7 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/policymatch.md @@ -0,0 +1,12 @@ +--- +title: "Credential Based Policy Match" +description: "Credential Based Policy Match" +sidebar_position: 40 +--- + +# Credential Based Policy Match + +Credential Based Policy Match takes a matching process and uses Netwrix Privilege Secure to act on +another user’s behalf. In this example we will launch `NotepadP.exe` as `EastSalesUser1`, +but Netwrix Privilege Secure will broker the connection and actually launch the process as +`EastSalesAdmin9` from Active Directory. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/policymatch_1.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/policymatch_1.md new file mode 100644 index 0000000000..6beb5ce7a9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/policymatch_1.md @@ -0,0 +1,43 @@ +--- +title: "Resource Based Policy Match" +description: "Resource Based Policy Match" +sidebar_position: 50 +--- + +# Resource Based Policy Match + +Resource Based Policy Match will take a matching process and then use Netwrix Privilege Secure to +perform a whole activity set, like creating a new Domain Admin account. + +In this example we will launch MMC Active Directory Users and Computers as `EastSalesUser1`, but +Netwrix Privilege Secure will broker the connection and actually launch the process as a domain +admin. + +Resource Based Policy Matches tie back to a specific Netwrix Privilege Secure Activity Name. + +![resource_based_policy_match](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match.webp) + +Here on the Netwrix Privilege Secure server, locate the Policy and verify that the name is an exact +match. + +![resource_based_policy_match_1](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_1.webp) + +Then, to match a specific process configure the Endpoint Policy Manager Least Privilege Manager +policy as a Combo rule: + +- Path condition: %SYSTEMROOT%\System32\mmc.exe +- Command-line condition: Strict Equality for dsa.msc + +![resource_based_policy_match_2](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_2.webp) + +Now whenever mmc.exe dsa.msc is run from the command line, Endpoint Policy Manager Least Privilege +Manager will send the connection back to Netwrix Privilege Secure for processing. + +You’ll run the command as `EastSalesUser1`, and give your Active Directory credentials, Two-Factor +(brokered by Netwrix Privilege Secure), and wait for the Activity Session to be created. + +![resource_based_policy_match_3](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_3.webp) + +The result is that a new Domain Admin account is created for this one session and deleted after use. + +![resource_based_policy_match_4](/img/product_docs/endpointpolicymanager/integration/privilegesecure/resourcebased/resource_based_policy_match_4.webp) diff --git a/docs/endpointpolicymanager/integration/privilegesecure/credentialbased/releaseresults.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/releaseresults.md similarity index 91% rename from docs/endpointpolicymanager/integration/privilegesecure/credentialbased/releaseresults.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/releaseresults.md index a785ccfcca..b8cffbe7b5 100644 --- a/docs/endpointpolicymanager/integration/privilegesecure/credentialbased/releaseresults.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/releaseresults.md @@ -1,3 +1,9 @@ +--- +title: "Credential Release Results" +description: "Credential Release Results" +sidebar_position: 20 +--- + # Credential Release Results To see the action, right-click on the application and choose **Run with Netwrix Privilege Secure** diff --git a/docs/endpointpolicymanager/integration/privilegesecure/credentialbased/setuppolicy.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/setuppolicy.md similarity index 91% rename from docs/endpointpolicymanager/integration/privilegesecure/credentialbased/setuppolicy.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/setuppolicy.md index 7bcf66250f..6bf4ef1333 100644 --- a/docs/endpointpolicymanager/integration/privilegesecure/credentialbased/setuppolicy.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/setuppolicy.md @@ -1,3 +1,9 @@ +--- +title: "Setting up the Endpoint Policy Manager Policy" +description: "Setting up the Endpoint Policy Manager Policy" +sidebar_position: 10 +--- + # Setting up the Endpoint Policy Manager Policy After **Selecting Credential Based Policy**, fill in **Domain** and **User Name**. diff --git a/docs/endpointpolicymanager/integration/privilegesecure/resourcebased/storedvideos.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/storedvideos.md similarity index 80% rename from docs/endpointpolicymanager/integration/privilegesecure/resourcebased/storedvideos.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/storedvideos.md index d8262f14d9..b1d7deddd9 100644 --- a/docs/endpointpolicymanager/integration/privilegesecure/resourcebased/storedvideos.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/policymatch/storedvideos.md @@ -1,3 +1,9 @@ +--- +title: "Watching Stored Videos" +description: "Watching Stored Videos" +sidebar_position: 20 +--- + # Watching Stored Videos Only when the session is closed and a video is successfully sent back to the Netwrix Privilege diff --git a/docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/together.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/together.md similarity index 92% rename from docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/together.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/together.md index a072887879..1948aacb26 100644 --- a/docs/endpointpolicymanager/integration/privilegesecure/gettingstarted/together.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/together.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started: Netwrix Privilege Secure + Endpoint Policy Manager" +description: "Getting Started: Netwrix Privilege Secure + Endpoint Policy Manager" +sidebar_position: 30 +--- + # Getting Started: Netwrix Privilege Secure + Endpoint Policy Manager **NOTE:** See the diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/_category_.json new file mode 100644 index 0000000000..c8c981264e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Rules", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/activexitems.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/activexitems.md similarity index 90% rename from docs/endpointpolicymanager/leastprivilege/elevate/activexitems.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/activexitems.md index 1527c62446..d3d915d7d2 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/activexitems.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/activexitems.md @@ -1,3 +1,9 @@ +--- +title: "Elevating ActiveX Items" +description: "Elevating ActiveX Items" +sidebar_position: 70 +--- + # Elevating ActiveX Items **NOTE:** For an overview of Elevating ActiveX Items see the diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/com_cslidclass.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/com_cslidclass.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/elevate/com_cslidclass.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/com_cslidclass.md index ead891a0c1..d2acf3a721 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/com_cslidclass.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/com_cslidclass.md @@ -1,3 +1,9 @@ +--- +title: "Elevating COM / CSLID Class Items" +description: "Elevating COM / CSLID Class Items" +sidebar_position: 60 +--- + # Elevating COM / CSLID Class Items **NOTE:** For an overview of COM Class Policies, see the diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/controlpanelapplets.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/controlpanelapplets.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/elevate/controlpanelapplets.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/controlpanelapplets.md index 5392eca2a7..0e732d5fa7 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/controlpanelapplets.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/controlpanelapplets.md @@ -1,3 +1,9 @@ +--- +title: "Elevating Control Panel Applets" +description: "Elevating Control Panel Applets" +sidebar_position: 30 +--- + # Elevating Control Panel Applets Endpoint Policy Manager can also be used to elevate situations within Windows itself. Select diff --git a/docs/endpointpolicymanager/leastprivilege/rules/customizedtoken.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/customizedtoken.md similarity index 81% rename from docs/endpointpolicymanager/leastprivilege/rules/customizedtoken.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/customizedtoken.md index 2d43f45cf4..141844cb09 100644 --- a/docs/endpointpolicymanager/leastprivilege/rules/customizedtoken.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/customizedtoken.md @@ -1,3 +1,9 @@ +--- +title: "Run with Customized Token" +description: "Run with Customized Token" +sidebar_position: 90 +--- + # Run with Customized Token On rare occasions you might need to change some of the attributes of a process’ token instead of a @@ -18,5 +24,5 @@ The common use cases for needing to manage a customized token are: [Reduce or specify Service Account Rights](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/serviceaccountrights.md) video demonstration. - Drag-and-drop issues between applications. For ore information, see the - [I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?](/docs/endpointpolicymanager/leastprivilege/elevate/dragdrop.md) + [I elevated an application, but drag and drop between the elevated and other non-elevated applications isn't working anymore. What can I try?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/dragdrop.md) topic. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/_category_.json new file mode 100644 index 0000000000..69d1912533 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Denying Applications (Standard, UWP, and DLLs)", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/deny/dlls.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/dlls.md similarity index 78% rename from docs/endpointpolicymanager/leastprivilege/deny/dlls.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/dlls.md index de7b953699..7f2f144b4c 100644 --- a/docs/endpointpolicymanager/leastprivilege/deny/dlls.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/dlls.md @@ -1,3 +1,9 @@ +--- +title: "Denying DLLs within Applications" +description: "Denying DLLs within Applications" +sidebar_position: 30 +--- + # Denying DLLs within Applications You can deny DLLs within Applications, like PowerShell’s internal DLLs, which make it operate. @@ -20,5 +26,5 @@ generated](/img/product_docs/endpointpolicymanager/leastprivilege/deny/denying_d Then you can **Deny execution** of the DLL when it is encountered. **NOTE:** Some additional details and examples can be found in the -[How to Defend against malicious PowerShell attacks (DLLs)?](/docs/endpointpolicymanager/leastprivilege/powershell/maliciousattacks.md) +[How to Defend against malicious PowerShell attacks (DLLs)?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsforadminapproval/maliciousattacks.md) topic. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/overview.md new file mode 100644 index 0000000000..eb739d7e56 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/overview.md @@ -0,0 +1,11 @@ +--- +title: "Denying Applications (Standard, UWP, and DLLs)" +description: "Denying Applications (Standard, UWP, and DLLs)" +sidebar_position: 80 +--- + +# Denying Applications (Standard, UWP, and DLLs) + +You might have a scenario where you want to block specific EXE files, UWP applications, scripts, JAR +files, or MSIs from launching. Sometimes this is called "Application Control" or "Blacklisting." In +this section you will learn how to perform this operation for Standard and UWP applications. diff --git a/docs/endpointpolicymanager/leastprivilege/deny/standard.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/standard.md similarity index 93% rename from docs/endpointpolicymanager/leastprivilege/deny/standard.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/standard.md index d52b2e8676..180dff37f0 100644 --- a/docs/endpointpolicymanager/leastprivilege/deny/standard.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/standard.md @@ -1,3 +1,9 @@ +--- +title: "Denying Standard Applications" +description: "Denying Standard Applications" +sidebar_position: 10 +--- + # Denying Standard Applications **NOTE:** For an overview of Endpoint Policy Manager performing Application control see the diff --git a/docs/endpointpolicymanager/leastprivilege/deny/windowsuniversal.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/windowsuniversal.md similarity index 97% rename from docs/endpointpolicymanager/leastprivilege/deny/windowsuniversal.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/windowsuniversal.md index b297de6925..ec03d72b54 100644 --- a/docs/endpointpolicymanager/leastprivilege/deny/windowsuniversal.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/deny/windowsuniversal.md @@ -1,3 +1,9 @@ +--- +title: "Denying UWP Applications" +description: "Denying UWP Applications" +sidebar_position: 20 +--- + # Denying UWP Applications **NOTE:** For an overview of how to manage UWP applications, see the diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/executables.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/executables.md similarity index 89% rename from docs/endpointpolicymanager/leastprivilege/elevate/executables.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/executables.md index 8d3eac4894..d58e52f82a 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/executables.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/executables.md @@ -1,3 +1,9 @@ +--- +title: "Elevating Executables" +description: "Elevating Executables" +sidebar_position: 10 +--- + # Elevating Executables **NOTE:** For an overview of how to elevate applications that need admin rights, see the @@ -39,7 +45,7 @@ by using two conditions. You’ll then be asked if you want this policy to be related to an action within Netwrix Privilege Secure. For now, we’ll skip this (leave unchecked) and we’ll return back to it in the -[Endpoint Policy Manager & Netwrix Privilege Secure](/docs/endpointpolicymanager/integration/privilegesecure/overview.md) +[Endpoint Policy Manager & Netwrix Privilege Secure](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/overview.md) topic. Future examples will purposely omit this step until we need it. ![A screenshot of a computer @@ -92,16 +98,16 @@ These action types are: These Options are: - **Apply on demand**. Enables the elevation only when application is right-clicked. For more - information on this, see[Apply on Demand Rules](/docs/endpointpolicymanager/leastprivilege/rules/apply/ondemand.md). + information on this, see[Apply on Demand Rules](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/apply/ondemand.md). - **Do not generate events**. PolicyPak logs items in the Windows event log. Setting this item configured (checked) means that events will not be logged when this process is run. - **Do not elevate Open/Save dialog**. By default Endpoint Policy Manager will prevent child processes from gaining elevation thru the Open/Save dialogs. See the - [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md) topic for additional + [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md) topic for additional information. - **Show popup message**. Optional requirement to either force the user to reauthenticate and/or put in Justification text before the process starts. See the - [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md) for additional + [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md) for additional information. The next page provides the opportunity to enhance this policy with these final touches: @@ -109,13 +115,13 @@ The next page provides the opportunity to enhance this policy with these final t - **Name** - **Comment** - **State** (default is enabled) -- **Scope**. See the [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md) for +- **Scope**. See the [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md) for additional information. - **Item-Level Targeting**. See the - [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md) for additional + [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md) for additional information. - **Parent Process filter**. See the - [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md) for additional + [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md) for additional information. ![A screenshot of a computer diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/javajarfiles.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/javajarfiles.md similarity index 88% rename from docs/endpointpolicymanager/leastprivilege/elevate/javajarfiles.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/javajarfiles.md index 82cb6d2b45..01f7a386dc 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/javajarfiles.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/javajarfiles.md @@ -1,3 +1,9 @@ +--- +title: "Elevating Java JAR Files" +description: "Elevating Java JAR Files" +sidebar_position: 50 +--- + # Elevating Java JAR Files **NOTE:** For an overview on elevating JAR files and also preventing .JAR files from running, which diff --git a/docs/endpointpolicymanager/leastprivilege/elevate/msiinstallerfiles.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/msiinstallerfiles.md similarity index 92% rename from docs/endpointpolicymanager/leastprivilege/elevate/msiinstallerfiles.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/msiinstallerfiles.md index fd1c9beff9..e64d9d5791 100644 --- a/docs/endpointpolicymanager/leastprivilege/elevate/msiinstallerfiles.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/msiinstallerfiles.md @@ -1,3 +1,9 @@ +--- +title: "Elevating MSI Installer Files" +description: "Elevating MSI Installer Files" +sidebar_position: 20 +--- + # Elevating MSI Installer Files Endpoint Policy Manager can be used to elevate MSI applications to allow end users to install them @@ -20,7 +26,7 @@ available. For this Quick Start, we suggest you select **Hash**. **NOTE:** We realize that hash values often change for installers, but using Hash is only for the Quick Start. To learn how to authorize users to keep applications up to do date, learn about Combo -rules in [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/leastprivilege/bestpractices/overviewmisc.md). +rules in [Best Practices and Miscellaneous Topics](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/overviewmisc.md). On the next page, click **Select windows installer** and select the SkypeSetup.MSI package (previously downloaded). diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/overview.md new file mode 100644 index 0000000000..b6921d54ae --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/overview.md @@ -0,0 +1,136 @@ +--- +title: "Rules" +description: "Rules" +sidebar_position: 10 +--- + +# Rules + +Endpoint Policy ManagerLeast Privilege Manager is located within the Netwrix Privilege Secure node. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_1.webp) + +**NOTE:** You will only see all components of Endpoint Policy Manager if you download the Endpoint +Policy Manager Admin Console from Portal.endpointpolicymanager.com, but not if you are using only the Netwrix +Privilege Secure console. + +Endpoint Policy ManagerLeast Privilege Manager is within the Netwrix Privilege Secure node and not +within the Netwrix Endpoint Policy Manager (formerly PolicyPak) node to demonstrate the relationship +between Endpoint Policy Manager and Netwrix Privilege Secure. That is, you can use all of Endpoint +Policy Manager (all Endpoint Policy Manager components) or you may wish to use Endpoint Policy +Manager alongside Netwrix Privilege Secure. For more information, see the +[Endpoint Policy Manager & Netwrix Privilege Secure](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/privilegesecure/overview.md) +topic. + +Endpoint Policy Manager MMC snap-in enables you to create new Endpoint Policy Manager Least +Privilege Manager policies or collections. + +Collections are groupings of policies, and policies are the rules that perform the work. You can +create collections, and policies within collections, on the User side, the Computer side, or both. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_2.webp) + +Endpoint Policy ManagerLeast Privilege Manager can elevate (or block) the following: + +- Executable policies +- Control Panel applets +- Windows installers (MSIs) +- Scripts (BAT, CMD, PS1, JS, JSE, VBS, VBE) +- Java JAR (archive) files +- UWP applications +- COM Class Policies +- ActiveX Policies + +To test some of these scenarios, we recommend that you download some applications on your Windows +endpoint to follow along. Perform these downloads as a Standard User, such as EastSalesUser1, but +notas a local admin. + +For example, as EastSalesUser1, download an application that, when run by a Standard User, requires +UAC prompts. To view a UAC prompt on the Microsoft side as an example, try to +[download](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon) the Microsoft Process +Monitor application. + +Running the Process Monitor application as a Standard User, such as EastSalesUser1, is not +permitted. The application requires local admin rights, resulting in a prompt for UAC. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_3.webp) + +To participate in the Quick Start exercises, [download](http://go.skype.com/msi-download) Skype MSI +for Windows via their website. + +**CAUTION:** You may get a warning when downloading in Edge, but it is perfectly safe. + +When a Standard User attempts to install Skype MSI installer, they are not allowed. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_4.webp) + +The final example is downloading a portable app. A portable app is an application that can be +downloaded anytime by a user. Sometimes it requires no installation; other times, it must be +unpacked before you can run it. Here are a few examples of these apps: + +- [VLC Media Player Portable](https://portableapps.com/apps/music_video/vlc_portable) +- [Sudoku Portable](https://portableapps.com/apps/games/sudoku_portable) +- [Notepad2 Portable](https://portableapps.com/apps/development/notepad2_portable)[https://portableapps.com/apps/games/sudoku_portable](https://portableapps.com/apps/games/sudoku_portable) + +In this example, Notepad2 has been downloaded and unpacked to the user’s desktop in a folder called +Notepad2. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_5.webp) + +The Standard User can now open the folder and immediately run the EXE file and use the app. Despite +the fact that this application could be a virus or crypto-malware, the user with standard rights can +still run it. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_6.webp) + +In the Quick Start examples with Endpoint Policy Manager Least Privilege Manager, the goals are as +follows: + +- Allow Standard Users to run Process Monitor elevated but maintain Standard User rights everywhere + else. +- Allow Standard Users to install Skype Setup MSI elevated but maintain Standard User rights + everywhere else. +- Prevent the system from running unknown software, such as Notepad2, if it was not installed by the + original admin until it is determined to be safe. +- Allow Notepad2 to run normally once its safety has been determined. +- Prevent users from downloading all other unknown applications. + +The examples we will look at are: + +- Applications on the endpoint that are properly installed by the admin (leftmost column of + applications in this example). +- Applications that require elevation to run (Procmon in this example). +- Applications that are downloaded by the user, which may be unknown or harmful (Notepad2 in this + example). + +![A computer screen shot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/rules/rules_7.webp) + +For these examples, keep copies of Process Monitor and NotePad2 Portable handy to serve as a +reference from your management station. These are not installed apps; you will be attempting to run +them before and during the Quick Start to see how they are affected by PolicyPak Least Privilege +Manager. + +When you download these applications, it is ideal to store them in two places. The first copy should +be sitting on your endpoint. The second copy should be sitting on your Group Policy management +station, as these will also be required to help create the rules for these examples. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/scripts.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/scripts.md new file mode 100644 index 0000000000..035575d03e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/rules/scripts.md @@ -0,0 +1,39 @@ +--- +title: "Elevating Scripts" +description: "Elevating Scripts" +sidebar_position: 40 +--- + +# Elevating Scripts + +**NOTE:** For an overview on elevating scripts and preventing scripts from running, which could need +admin rights, see the +[Elevate (or smack down) scripts and Java JAR files](/docs/endpointpolicymanager/video/leastprivilege/elevate/scripts.md) +video. + +You might need to elevate a script that has contents that would perform admin-only functions, like +editing the Registry, turning on or off Services, and so on. You might also want to block scripts +from running to prevent attacks that originate over email or on USB flash drives. In these cases, +you can use Endpoint Policy Manager Least Privilege Manager to elevate or block scripts from +running. + +Kick off the process to create a policy for scripts by going to **Add** > **New Script Policy**. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/elevate/elevating_scripts.webp) + +The script types that are supported for elevation and for blocking are: + +- BAT +- CMD +- PS1 +- JS +- JSE +- VBS +- VBE +- JAR + +These script types can also be blocked automatically and universally by using the Endpoint Policy +Manager Least Privilege Manager SecureRun™ feature, as described in later topics. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/_category_.json new file mode 100644 index 0000000000..ff3f9a0880 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Quick Start - Using SecureRun™ to Block Threats and Unknown Software", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/leastprivilege/securerun/avoiduac.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/avoiduac.md similarity index 85% rename from docs/endpointpolicymanager/leastprivilege/securerun/avoiduac.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/avoiduac.md index a38d38618f..005fdda29a 100644 --- a/docs/endpointpolicymanager/leastprivilege/securerun/avoiduac.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/avoiduac.md @@ -1,3 +1,9 @@ +--- +title: "Creating Rules to Avoid UAC Prompts and Other Dialogs" +description: "Creating Rules to Avoid UAC Prompts and Other Dialogs" +sidebar_position: 20 +--- + # Creating Rules to Avoid UAC Prompts and Other Dialogs Over time, once SecureRun is on, you will likely still get some application attempting to update in @@ -20,7 +26,7 @@ The example below show a Combo rule enabling OneDriveSetup.exe to keep running ( and **Command-line Condition**) with the Allow and Log action. For more information on Combo rules, see -[Creating and Using Executable Combo Rules](/docs/endpointpolicymanager/leastprivilege/bestpractices/rules/executablecombo.md) +[Creating and Using Executable Combo Rules](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overviewmisc/bestpractices/executablecombo.md) ![A screenshot of a computer diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/inlinecommands.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/inlinecommands.md new file mode 100644 index 0000000000..2cfdb65c73 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/inlinecommands.md @@ -0,0 +1,30 @@ +--- +title: "SecureRun and Inline Commands" +description: "SecureRun and Inline Commands" +sidebar_position: 10 +--- + +# SecureRun and Inline Commands + +By default PolicyPak SecureRun will also block “inline commands.” + +For example, one can run something like this from the Run dialog (or in many other ways.) + +``` +cmd /c "mkdir C:\TEST & copy c:\Windows\notepad.exe C:\TEST" +``` + +![A screenshot of a computer error + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/securerun_and_inline_commands.webp) + +Normally, users don’t do this. But it could be valid during an application installation or program +setup. You can see an example of this used in the Microsoft +[Latest Astaroth living-off-the-land attacks are even more invisible but not less observable](https://www.microsoft.com/en-us/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/) +article. + +SecureRun will automatically try to block such attempts. For more information on how to deal wit +this issue, please see +[Why does Endpoint Policy Manager SecureRun block "inline commands" and what can I do to overcome or revert the behavior ?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/troubleshooting/inlinecommands.md) +for guidance and details. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/overview.md new file mode 100644 index 0000000000..0d30dbcdaa --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/securerun/overview.md @@ -0,0 +1,154 @@ +--- +title: "Quick Start - Using SecureRun™ to Block Threats and Unknown Software" +description: "Quick Start - Using SecureRun™ to Block Threats and Unknown Software" +sidebar_position: 20 +--- + +# Quick Start - Using SecureRun™ to Block Threats and Unknown Software + +**NOTE:** For an overview of how to block threats and unknown software like malware and similar +applicates, see the +[Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) +video. + +In the previous section, we established that users with Standard rights and admin rights can end up +downloading both safe portable applications or unsafe malware applications. In addition, both Admins +and Standard Users can download MSI applications, even if they wish to install them later. To avoid +having unsafe applications being downloaded and used, Endpoint Policy Manager can ensure that +applications that were not properly installed by the admin, or in-house software deployment tool +will not run without the admin's approval. In this Quick Start example, all unknown applications and +MSI applications will be blocked, while one specific application will be allowed to run (with +standard, not elevated, rights). + +## Understanding SecureRun + +Endpoint Policy ManagerLeast Privilege Manager can block all items that are not properly installed +by the admin with the Endpoint Policy Manager SecureRun™ policy. To see how this works, let's first +create a new SecureRun™ policy in the GPO. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun.webp) + +This will result in a new SecureRun™ policy editor, as displayed here. To turn on SecureRun click +**Enable** and then, if desired, , change the messaging from Default to Customized (or Silently.) + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_1.webp) + +In the SecureRun™ Members list, you can review who and what has been added, including the defaults +members: + +- Local computer administrator +- NT SERVICE\TrustedInstaller +- NT AUTHORITY\SYSTEM +- BUILTIN\Administrators + +The members on this list are the people and system processes that usually install software. For that +reason, no regular users or groups are listed here because they do not normally install software. + +**NOTE:** Add system processes or accounts to the SecureRun Members list that properly install +software, such as Microsoft Endpoint Manager (SCCM and Intune), etc., to enable the software to +deliver applications without being prevented. + +When SecureRun™ is on, Endpoint Policy ManagerLeast Privilege Manager checks to see who owns the +file executable, MSI file, script, or Java JAR file. When users download files off the Internet or +copy them from a USB flash drive, they own the file, and since they aren't on the SecureRun™ +Members list, Endpoint Policy Manager Least Privilege Manager will block all applications that they +have installed. + +In the SecureRun™ policy editor, click **Ok**. You can then see that the SecureRun™ policy is +enabled and is checking for file ownership (aka “Trusted”), as shown here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_2.webp) + +At the endpoint, run GPupdate or log on as a user who will receive the policy. The result is that +all unknown applications are blocked (like previously downloaded Notepad2), and all properly +installed applications are allowed. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_3.webp) + +Additionally, MSI files that attempt to launch are also subjected to Endpoint Policy Manager +SecureRun™. If an application already has an Allow rule in place (similar to what we saw earlier +when we enabled SkypeSetup.MSI to run via a Hash rule), then it will continue to launch. But MSI +installers that don't have an Allow rule in place will be prevented from running, as show here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_4.webp) + +This works because Endpoint Policy Manager Least Privilege Manager is enforcing the SecureRun™ +Members list. If we look at who owns the file for the properly installed application, we can see the +owner is SYSTEM. If we look at who owns the file for the unknown application downloaded from the +Internet, we can see the owner is EastSalesUser1. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_5.webp) + +If you review the list of users allowed to run applications, you will notice that EastSalesUser1 is +not on the list and, therefore, is not permitted to run Untrusted applications. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_6.webp) + +If you decide you want to enable an application, such as Notepad2, to run, create a new Executable +rule (Path, Hash, Signature, or File) as shown in the previous section. This time, select **Allow +and log**. This will run the application with Standard User rights. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_7.webp) + +The result can be seen in the MMC list view. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_8.webp) + +As a test, run GPupdate on the endpoint, and then run Notepad2, which will run with Standard User +rights and bypass SecureRun™ as seen here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/quick_start_using_securerun_9.webp) + +To recap, Endpoint Policy ManagerLeast Privilege Manager SecureRun™ operates under the following +criteria: + +- The Endpoint Policy Manager Least Privilege Manager SecureRun™ policy checks every executable and + MSI that the user attempts to run. +- If the user isn’t on the SecureRun™ Members list, they are not permitted to run it. +- Only executable applications, scripts, Java JAR files, and MSI files that have file owners on the + SecureRun™ Members list are allowed to run. +- If an application (or other type) has an **Allow and Log** rule enabling its use, it is permitted. + +The result is that Endpoint Policy Manager SecureRun™ blocks any executable or MSI that the user +downloads and tries to run but continues to let properly installed applications run. + +**NOTE:** An additional way to use Endpoint Policy Manager SecureRum™ is to also trap for anything +that is unsigned. See the +[Least Privilege Manager: Block All Unsigned with SecureRun](/docs/endpointpolicymanager/video/leastprivilege/securerun/preventunsigned.md) +video for a demonstration. + +**NOTE:** Remember, all Endpoint Policy Manager Least Privilege Manager rules, including SecureRun, +may be used with an MDM service, or your own management system like PDQ deploy For more information +on this topic, please see the +[Blocking Malware with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/leastprivilege/integration/pdqdeployblockmalware.md) +video demonstration. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/_category_.json new file mode 100644 index 0000000000..43b7880c7e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overcoming Common UAC Prompts with Helper Tools", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "uacprompts" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/admx.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/admx.md new file mode 100644 index 0000000000..10b742e09f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/admx.md @@ -0,0 +1,82 @@ +--- +title: "Using the Endpoint Privilege Manager ADMX Settings" +description: "Using the Endpoint Privilege Manager ADMX Settings" +sidebar_position: 20 +--- + +# Using the Endpoint Privilege Manager ADMX Settings + +There are two reasons you might want to configure the Endpoint Policy Manager Least Privilege +Manager Helper Tools via the included ADMX files: + +- Use it to trim what the user sees in the Printer tool. +- Use it to trim what the user sees in the Remove Programs too seen here. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least.webp) + +## ADMX Settings with the Printer Tool + +The ADMX setting prevents users from configuring Print Server Properties using the Endpoint Policy +Manager Printers tool, and will block access to the button and window highlighted here. + +![using_the_policypak_least](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least.webp) + +## ADMX Settings with the Remove Programs Tool + +By default, the Remove Programs tool (once elevated) will enable a user to remove any application +installed on the computer, except for the Endpoint Policy Manager client-side extension or other +Netwrix or Endpoint Policy Manager-signed installed applications or components. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_1.webp) + +However, using the Endpoint Policy Manager Least Privilege Manager ADMX settings you can hide or +reveal which applications are available for users to uninstall. This is possible by using one the +following policies: + +- Configure program names to include or exclude from the Endpoint Policy Manager Programs Manager + tool +- Configure publisher names to include or exclude from the Endpoint Policy Manager Programs Manager + tool + +These two settings act similarly, but when they are used together, you can do the following: + +- Hide all applications, except those from the publisher Microsoft which also contain the name + Skype. +- Show only applications published by Adobe. +- Show only one application named Java 8 update 171. + +In this example, we will show only applications published by Oracle where the name contains Java, +except Java 8 Update 171. To do this, we need to use both of the ADMX settings. + +Start out by showing only the items which are published by Oracle by using the Configure publisher +names to include or exclude from the Endpoint Policy Manager: Programs Manager tool settings that +are shown here. Specify a value name of "\*oracle\*" and a value of 1. This will pick up publishers +named Oracle and Oracle Corporation. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_1.webp) + +Next, using the same tool, you specify a value name of "\*Java\*" as the program name and a value +of 1. Since we also want to hide programs with 171 in the name, you’ll need to specify a value name +of \*171\* with a value of 0 to specifically hide programs with this value in the name. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_2.webp) + +The result of these settings can be seen here, where only a limited number of programs are available +for removal. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/leastprivilege/tool/helper/using_the_endpointpolicymanager_least_2.webp) diff --git a/docs/endpointpolicymanager/leastprivilege/tool/helper/elevate.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/elevate.md similarity index 91% rename from docs/endpointpolicymanager/leastprivilege/tool/helper/elevate.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/elevate.md index a0178cf010..c9902d6045 100644 --- a/docs/endpointpolicymanager/leastprivilege/tool/helper/elevate.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/elevate.md @@ -1,3 +1,9 @@ +--- +title: "Elevating Least Privilege Manager Helper Tools" +description: "Elevating Least Privilege Manager Helper Tools" +sidebar_position: 10 +--- + # Elevating Least Privilege Manager Helper Tools Before you can have your users take advantage of the Helper Tools, you first have to elevate them. diff --git a/docs/endpointpolicymanager/leastprivilege/tool/helper/uacprompts.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/uacprompts.md similarity index 92% rename from docs/endpointpolicymanager/leastprivilege/tool/helper/uacprompts.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/uacprompts.md index 86acfc93ec..c8a251e28a 100644 --- a/docs/endpointpolicymanager/leastprivilege/tool/helper/uacprompts.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/uacprompts/uacprompts.md @@ -1,3 +1,9 @@ +--- +title: "Overcoming Common UAC Prompts with Helper Tools" +description: "Overcoming Common UAC Prompts with Helper Tools" +sidebar_position: 60 +--- + # Overcoming Common UAC Prompts with Helper Tools **NOTE:** See the diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/_category_.json new file mode 100644 index 0000000000..08c53943f5 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Endpoint Policy Manager Cloud for MacOS Client", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/mac/applicationlaunch.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/applicationlaunch.md similarity index 87% rename from docs/endpointpolicymanager/mac/applicationlaunch.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/applicationlaunch.md index cd05d8480a..5abcb29cac 100644 --- a/docs/endpointpolicymanager/mac/applicationlaunch.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/applicationlaunch.md @@ -1,3 +1,9 @@ +--- +title: "Using MacOS + Admin Approval (aka Application Launch + Challenge)" +description: "Using MacOS + Admin Approval (aka Application Launch + Challenge)" +sidebar_position: 30 +--- + # Using MacOS + Admin Approval (aka Application Launch + Challenge) **NOTE:** See the diff --git a/docs/endpointpolicymanager/mac/installclient.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/installclient.md similarity index 93% rename from docs/endpointpolicymanager/mac/installclient.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/installclient.md index 86a4aff971..3d674184f1 100644 --- a/docs/endpointpolicymanager/mac/installclient.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/installclient.md @@ -1,3 +1,9 @@ +--- +title: "How to Install the Endpoint Policy Manager MacOS Client" +description: "How to Install the Endpoint Policy Manager MacOS Client" +sidebar_position: 10 +--- + # How to Install the Endpoint Policy Manager MacOS Client After logging into Endpoint Policy Manager Cloud, head to Company Details, locate Download PolicyPak diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/_category_.json new file mode 100644 index 0000000000..405b8fe1d8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting + Logging the Mac OS Client", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/mac/cloudlog.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/cloudlog.md similarity index 86% rename from docs/endpointpolicymanager/troubleshooting/mac/cloudlog.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/cloudlog.md index 4f13e05d4d..c3edcc0c49 100644 --- a/docs/endpointpolicymanager/troubleshooting/mac/cloudlog.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/cloudlog.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Cloud.log" +description: "Understanding Cloud.log" +sidebar_position: 30 +--- + # Understanding Cloud.log Cloud.log contains actioned items from the endpointpolicymanagerd.log file; processes that ran by the user and diff --git a/docs/endpointpolicymanager/troubleshooting/mac/eventcollectiion.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/eventcollectiion.md similarity index 92% rename from docs/endpointpolicymanager/troubleshooting/mac/eventcollectiion.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/eventcollectiion.md index 7bb3f4021f..49abd07d3d 100644 --- a/docs/endpointpolicymanager/troubleshooting/mac/eventcollectiion.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/eventcollectiion.md @@ -1,3 +1,9 @@ +--- +title: "Setting Up Endpoint Policy Manager Cloud Groups for Event Collection" +description: "Setting Up Endpoint Policy Manager Cloud Groups for Event Collection" +sidebar_position: 40 +--- + # Setting Up Endpoint Policy Manager Cloud Groups for Event Collection Having these logs locally is all well and good, put the power is in our ability to centrally store @@ -70,7 +76,7 @@ Notes on Collection Configuration: all selected IDs will be included and uploaded at the shortest interval set. **NOTE:** See the -[How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?](/docs/endpointpolicymanager/cloud/eventcollection/childgroups.md) +[How can I keep the same or specify different parameters for Event Collection for child groups? How does a computer behave if a member of multiple groups?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/eventcollection/childgroups.md) topic for more information. Forcing Event Submission diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/logs.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/logs.md new file mode 100644 index 0000000000..dd78de7586 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/logs.md @@ -0,0 +1,13 @@ +--- +title: "Understanding Log Files on the Client" +description: "Understanding Log Files on the Client" +sidebar_position: 10 +--- + +# Understanding Log Files on the Client + +The PolicyPak logs are located in `/Library/Application Support/PolicyPak/Logs`. If requested by +Support, zip up these three logs. As the customer, you can find useful information within +endpointpolicymanagerd.log and cloud.log (details later in this document). + +![A screenshot of a computer Description automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_1_6e10551394ec326177434ffc228df475.webp) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/overview.md new file mode 100644 index 0000000000..c5b1a0640b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/overview.md @@ -0,0 +1,10 @@ +--- +title: "Troubleshooting + Logging the Mac OS Client" +description: "Troubleshooting + Logging the Mac OS Client" +sidebar_position: 40 +--- + +# Troubleshooting + Logging the Mac OS Client + +Troubleshooting usually involves trying to understand why a rule isn’t applying. In this section we +will understand the log files and how to use them. diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/reports.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/reports.md new file mode 100644 index 0000000000..6fd9a78b09 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/mac/reports.md @@ -0,0 +1,28 @@ +--- +title: "Reporting on Collected Events" +description: "Reporting on Collected Events" +sidebar_position: 50 +--- + +# Reporting on Collected Events + +All the collected events can be accessed through the “Computers (Collected Events)” report on the +Reports tab and selecting “Endpoint Policy Manager Least Privilege Manager for macOS”. + +![A screenshot of a computerDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_10_2ab64dc549729d2f51cdf61ab7d88108.webp) + +Next, configure the time period you want to report on. The default is the beginning of the day, but +this can be altered to the desired start and stop time and date. Click “Show” to see the results. + +![A screenshot of a computerDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_11_7135ed6ab54692983796dd995a2517e4.webp) + +The results can be filtered to show only the desired information. For example, show only specific +computers or only Elevation events. Every column can be filtered by click on the ellipsis within the +column header. + +![A screenshot of a computerDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_12_3996f6bea2016ba07eaf96f5c05b43c0.webp) + +For offline analysis, the report can be exported to either Excel or, if very large, CSV format. This +can be done before or after filtering. + +![A screenshot of a loginDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_13_50b225886bba8747a9460411f4662cc9.webp) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/overview.md new file mode 100644 index 0000000000..0afce4fc95 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/overview.md @@ -0,0 +1,30 @@ +--- +title: "Endpoint Policy Manager Cloud for MacOS Client" +description: "Endpoint Policy Manager Cloud for MacOS Client" +sidebar_position: 30 +--- + +# Endpoint Policy Manager Cloud for MacOS Client + +Getting Started & Installation + +Endpoint Policy Manager Cloud for MacOS may be used when the Mac is connected to Endpoint Policy +Manager Cloud service. + +The Endpoint Policy Manager Cloud for MacOS supports the following functions: + +- Connect to Endpoint Policy Manager Cloud, claim a Endpoint Policy Manager Cloud license and + download new Mac-specific policies +- Remove Local admin rights and overcome admin prompts +- Block / Allow USB and DMG files + +In this section you will learn the supported versions, how to install the client, command line +options, and tips for mass installation. + +## Supported Versions of the MacOS Client + +Supported versions of the MacOS client are: + +Mac OS 13 Ventura + +Mac OS 14 Sonoma diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/_category_.json b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/_category_.json new file mode 100644 index 0000000000..c7e22b2ad6 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Supported Scenarios and Policy Types", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/mac/scenarios/conditions.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/conditions.md similarity index 96% rename from docs/endpointpolicymanager/mac/scenarios/conditions.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/conditions.md index b694b20918..89be9e9734 100644 --- a/docs/endpointpolicymanager/mac/scenarios/conditions.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/conditions.md @@ -1,3 +1,9 @@ +--- +title: "Conditions" +description: "Conditions" +sidebar_position: 30 +--- + # Conditions To make a match you need to match one or more Conditions: Path, Hash or Signature. diff --git a/docs/endpointpolicymanager/mac/scenarios/launchcontrol.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/launchcontrol.md similarity index 93% rename from docs/endpointpolicymanager/mac/scenarios/launchcontrol.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/launchcontrol.md index bf31f386a6..58e142171a 100644 --- a/docs/endpointpolicymanager/mac/scenarios/launchcontrol.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/launchcontrol.md @@ -1,3 +1,9 @@ +--- +title: "Application Launch Approval (aka Launch Control)" +description: "Application Launch Approval (aka Launch Control)" +sidebar_position: 50 +--- + # Application Launch Approval (aka Launch Control) **NOTE:** See the [Application Launch Approval](/docs/endpointpolicymanager/video/leastprivilege/mac/applicationlaunch.md) diff --git a/docs/endpointpolicymanager/mac/scenarios/macfinder.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/macfinder.md similarity index 89% rename from docs/endpointpolicymanager/mac/scenarios/macfinder.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/macfinder.md index f07d8d6d0d..58c8cdcf2d 100644 --- a/docs/endpointpolicymanager/mac/scenarios/macfinder.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/macfinder.md @@ -1,7 +1,13 @@ +--- +title: "Finder Policy" +description: "Finder Policy" +sidebar_position: 70 +--- + # Finder Policy **NOTE:** See -[Endpoint Policy Manager MacOS: Mac Finder Policies](/docs/endpointpolicymanager/video/leastprivilege/mac/finder.md) video +[Endpoint Policy Manager MacOS: Mac Finder Policies](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/finder.md) video for an overview of this section. ## Finder Install / Uninstall Overview @@ -63,5 +69,5 @@ The three action types on a rule are: - Elevate — Perform the overcome action required to perform the task See the -[Endpoint Policy Manager MacOS: Mac Finder Policies](/docs/endpointpolicymanager/video/leastprivilege/mac/finder.md) video +[Endpoint Policy Manager MacOS: Mac Finder Policies](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/finder.md) video for examples of Action types with Finder policies diff --git a/docs/endpointpolicymanager/mac/scenarios/macprivhelper.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/macprivhelper.md similarity index 91% rename from docs/endpointpolicymanager/mac/scenarios/macprivhelper.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/macprivhelper.md index 7e9b3f21c6..8567b63658 100644 --- a/docs/endpointpolicymanager/mac/scenarios/macprivhelper.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/macprivhelper.md @@ -1,7 +1,13 @@ +--- +title: "Privilege Elevation (aka Helper Policies)" +description: "Privilege Elevation (aka Helper Policies)" +sidebar_position: 80 +--- + # Privilege Elevation (aka Helper Policies) **NOTE:** See -[Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps)](/docs/endpointpolicymanager/video/leastprivilege/mac/privilege.md) +[Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps)](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/privilege.md) for a video overview of this section. ## Privilege Elevation / Helper Policies Overview diff --git a/docs/endpointpolicymanager/mac/scenarios/mountunmount.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/mountunmount.md similarity index 82% rename from docs/endpointpolicymanager/mac/scenarios/mountunmount.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/mountunmount.md index 92e7426791..8a0160b368 100644 --- a/docs/endpointpolicymanager/mac/scenarios/mountunmount.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/mountunmount.md @@ -1,9 +1,15 @@ +--- +title: "Mount / Unmount for USB and .DMG Files" +description: "Mount / Unmount for USB and .DMG Files" +sidebar_position: 60 +--- + # Mount / Unmount for USB and .DMG Files **NOTE:** See the -[Endpoint Privilege Manager for Mac: Mount / Unmount Part I](/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmountpart1.md) +[Endpoint Privilege Manager for Mac: Mount / Unmount Part I](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmountpart1.md) video and the -[Endpoint Privilege Manager for Mac: Mount / Unmount Part II](/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmounpart2.md) +[Endpoint Privilege Manager for Mac: Mount / Unmount Part II](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/mountunmounpart2.md) video for an overview of this section. You might want to manage when USB devices and/or .DMG disk files can be mounted (or unmounted). diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/overview.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/overview.md new file mode 100644 index 0000000000..49478ebe0e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/overview.md @@ -0,0 +1,22 @@ +--- +title: "Supported Scenarios and Policy Types" +description: "Supported Scenarios and Policy Types" +sidebar_position: 20 +--- + +# Supported Scenarios and Policy Types + +Endpoint Policy Manager for Mac supports a variety of scenarios: + +- Package Installer Policy — Manage (install / block) packages +- System Settings Policy — Manage System Settings rights +- SUDO Policy — Perform command line functions +- Application Launch Approval Policy — Allow / Deny / Challenge application launch +- Mount/Unmount Policy — Allow/ Block USB devices and DMG files +- Finder Policy — Elevate application installs and uninstalls +- Privilege Elevation — Elevate applications which have helper applications + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/mac/scenarios/supported_scenarios_and_policy.webp) diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/packageinstallation.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/packageinstallation.md new file mode 100644 index 0000000000..5b62280dcb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/packageinstallation.md @@ -0,0 +1,19 @@ +--- +title: "Package Installation Policy" +description: "Package Installation Policy" +sidebar_position: 20 +--- + +# Package Installation Policy + +**NOTE:** See the +[Endpoint Policy Manager Least Priv Manager for Macs Application Package Support](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/applicationpackage.md) +video for an overview of this section. + +When a standard user attempts to install a .PKG file they are not allowed to do so. In this example, +Skype for Business prompts the user for admin credentials before installing. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/mac/scenarios/package_installation_policy.webp) diff --git a/docs/endpointpolicymanager/mac/scenarios/sudo.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/sudo.md similarity index 96% rename from docs/endpointpolicymanager/mac/scenarios/sudo.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/sudo.md index d6dcb696f6..3b866da8ea 100644 --- a/docs/endpointpolicymanager/mac/scenarios/sudo.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/sudo.md @@ -1,3 +1,9 @@ +--- +title: "SUDO" +description: "SUDO" +sidebar_position: 40 +--- + # SUDO **NOTE:** See the diff --git a/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/systemsettings.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/systemsettings.md new file mode 100644 index 0000000000..45f3d13a79 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/scenarios/systemsettings.md @@ -0,0 +1,38 @@ +--- +title: "System Settings Policy" +description: "System Settings Policy" +sidebar_position: 10 +--- + +# System Settings Policy + +**NOTE:** See the +[Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/videolearningcenter/macintegration/systemsettings.md) +video for an overview of this section. + +Standard Users are prompted when they access System Settings in MacOS. For instance, trying to +modify Date&Time or Wi-Fi settings prompts standard users for admin credentials. + +![Screens screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/mac/scenarios/system_settings_policy.webp) + +System Settings Policy enables you to: + +- Deny Execution — Stop access to a System Settings +- Allow Execution —  Operates in accordance with the system configurations (Endpoint Policy Manager + client logs actions) +- Elevate — Standard user can perform the operation where it would normally not be allowed. + +In this example, we are permitting a Standard User to overcome restricted access to Date&Time and +Wi-Fi System Settings. + +![A screenshot of a computer + +Description automatically +generated](/img/product_docs/endpointpolicymanager/mac/scenarios/system_settings_policy_1.webp) + +Without Endpoint Policy Manager policy, the system asks for administrator confirmation to change +system settings for the standard user. With Endpoint Policy Manager you are able to provide the +ability to change settings without administrator involvement. diff --git a/docs/endpointpolicymanager/leastprivilege/pplpmimplementationguide.md b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/pplpmimplementationguide.md similarity index 95% rename from docs/endpointpolicymanager/leastprivilege/pplpmimplementationguide.md rename to docs/endpointpolicymanager/manuals/leastprivilegesecuri/pplpmimplementationguide.md index 2e2b6584b7..fd96c420fa 100644 --- a/docs/endpointpolicymanager/leastprivilege/pplpmimplementationguide.md +++ b/docs/endpointpolicymanager/manuals/leastprivilegesecuri/pplpmimplementationguide.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Privilege Manager Implementation QuickStart Guide" +description: "Endpoint Privilege Manager Implementation QuickStart Guide" +sidebar_position: 20 +--- + # Endpoint Privilege Manager Implementation QuickStart Guide Netwrix Endpoint Policy Manager (formerly PolicyPak) Least Privilege Manager can help you remove @@ -30,13 +36,13 @@ Portal.endpointpolicymanager.com. **NOTE:** Endpoint Policy Manager Cloud has its own URL, which is Cloud.endpointpolicymanager.com, and is considered the Endpoint Policy Manager Cloud Service. Please see the -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md) for an overview of what +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md) for an overview of what is in the download, how to download, unpack, and get organized and quick licensed. Here’s the Endpoint Policy Manager QuickStart Guide with specific steps and ideas for Endpoint Policy Manager with On-Prem Active Directory and GPOs, an MDM service like Intune or with Endpoint Policy Manager Cloud: -[Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md) +[Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md) When done you will have the Endpoint Policy Manager MMC Console installed, your endpoints prepared and be ready to go. @@ -56,7 +62,7 @@ licensing on those machines. It’s easy to put one or a few machines into Trial mode with Endpoint Policy Manager without a license. For more information on this, please see these steps: -[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) +[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) If you need to request a license, please follow the steps outlined in this video: [How to Request Licenses fromPolicyPak by Creating a "License Request Key"](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/Video/License/LicenseRequestKey.html) @@ -212,7 +218,7 @@ Endpoint Policy Manager Cloud. If you are already a Netwrix Auditor Customer, you can forward interesting Endpoint Policy Manager Least Privilege Manager events from endpoint computers to Netwrix Auditor so you can take action. This is recommended if you already own Netwrix Auditor For more information on this, please see: -[How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/integration/auditor/reports.md). +[How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md). An example of the kind of data you get back can be seen here. @@ -221,11 +227,11 @@ An example of the kind of data you get back can be seen here. You may also use the in-box Windows Event System to forward interesting Endpoint Policy Manager Least Privilege Manager events from endpoint computers to a central source. The steps to do this are found here: -[How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md) +[How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md) You may also use Azure Log Analytics if you wish to store interesting Endpoint Policy Manager Least Privilege Manager events from endpoints in Azure. For more information on this issue, please see: -[Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/tips/eventlogs.md). +[Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md). ## Removing End-Users’ Local Admin Rights (if they still have them) @@ -341,7 +347,7 @@ actions, please see [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) For general tips on how to use SecureRun™ please see -[How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md) +[How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md) ## Final Thoughts @@ -362,9 +368,9 @@ Estimated Milestone Details and Target Dates | Milestone | Details & Tasks | | | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | -| M1 Pre-Requisites | - Verify you actually want to use Endpoint Policy Manager + Group Policy method and not some other method or some kind of hybrid approach: See [PolicyPak Solution Methods: Group Policy, MDM, UEM Tools, and PolicyPak Cloud compared](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/Video/GettingStarted/SolutionMethods.html). - Identify 3 friendly developers for this project. - Identify the remaining devices for POC, but focus on first three. - Download Endpoint Policy Manager from portal.endpointpolicymanager.com and get organized. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md) . - Get the Endpoint Policy Manager Quickstart Guide. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md) . - Get familiar with Endpoint Policy Manager + Group Policy Basics . See [Endpoint Policy Manager Explained: In about two minutes](/docs/endpointpolicymanager/video/grouppolicy/explained.md) - On three developer machines perform the quick-licensing method via rename method. See [What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) or run licensing tool. After receiving your trial keys from sales, install your trial or full licenses for your on-prem Active Directory. See [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - Install the Endpoint Policy Manager CSE on the three developer stations. - Move 3 developers into Active Directory OU named “Endpoint Policy Manager Test Devs” . - Verify Endpoint Policy Manager Least Privilege Manager is working with the “Device Manager” test. See [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) - Create a Group Policy Object which turns on PPLPM Global Auditing. See [Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) . - Identify KNOWN applications for Development stations which require Admin rights. | Day 1 - 3 | +| M1 Pre-Requisites | - Verify you actually want to use Endpoint Policy Manager + Group Policy method and not some other method or some kind of hybrid approach: See [PolicyPak Solution Methods: Group Policy, MDM, UEM Tools, and PolicyPak Cloud compared](https://helpcenter.netwrix.com/bundle/endpointpolicymanager/page/Content/endpointpolicymanager/Video/GettingStarted/SolutionMethods.html). - Identify 3 friendly developers for this project. - Identify the remaining devices for POC, but focus on first three. - Download Endpoint Policy Manager from portal.endpointpolicymanager.com and get organized. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md) . - Get the Endpoint Policy Manager Quickstart Guide. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md) . - Get familiar with Endpoint Policy Manager + Group Policy Basics . See [Endpoint Policy Manager Explained: In about two minutes](/docs/endpointpolicymanager/video/grouppolicy/explained.md) - On three developer machines perform the quick-licensing method via rename method. See [What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) or run licensing tool. After receiving your trial keys from sales, install your trial or full licenses for your on-prem Active Directory. See [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - Install the Endpoint Policy Manager CSE on the three developer stations. - Move 3 developers into Active Directory OU named “Endpoint Policy Manager Test Devs” . - Verify Endpoint Policy Manager Least Privilege Manager is working with the “Device Manager” test. See [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) - Create a Group Policy Object which turns on PPLPM Global Auditing. See [Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) . - Identify KNOWN applications for Development stations which require Admin rights. | Day 1 - 3 | | M2 Install PolicyPak CSE, common scenarios and known applications | - Install Endpoint Policy Manager CSE on the remaining 27 endpoints; ensure success (NO POLICIES, just the Endpoint Policy Manager moving parts) - (Optional) Set up Common Scenarios: - Printers, Remove Programs and IP Address changes. See [Overcome Network Card, Printer, and Remove Programs UAC prompts](/docs/endpointpolicymanager/video/leastprivilege/uacprompts.md) - Second Method for Network Cards: [COM Support](/docs/endpointpolicymanager/video/leastprivilege/comsupport.md) - Create rules for KNOWN applications which require ADMIN Rights. - [Best Practices for Elevating User-Based Installs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevatinguserbasedinstalls.md) - [Security and Child Processes](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securitychildprocesses.md) - [Increase security by reducing rights on Open/Save dialogs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/opensavedialogs.md) - [Endpoint Privilege Manager and Wildcards](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/wildcards.md) - Use Endpoint Policy Manager Preconfigured rules when you can. See [Installing applications-and-Preconfigured-Rules](/docs/endpointpolicymanager/video/leastprivilege/installapplications.md) | Day 4 -6 | -| M3 Set up Event Forwarding | - Pick one (or choose another method, like Splunk, etc.) . - Event Forwarding with Netwrix Auditor. See [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/integration/auditor/reports.md) - Event Forwarding with Windows Eventing. See [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md) - Event Forwarding with Azure Log Analytics. See [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/tips/eventlogs.md) | Day 7 -9 | +| M3 Set up Event Forwarding | - Pick one (or choose another method, like Splunk, etc.) . - Event Forwarding with Netwrix Auditor. See [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md) - Event Forwarding with Windows Eventing. See [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md) - Event Forwarding with Azure Log Analytics. See [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md) | Day 7 -9 | | M4 Begin Test | - Remove local admin rights for 3 developer endpoints. One suggested method / demo is here (there are other ways to perform this task): [Use Group Policy to remove local admin rights (then Endpoint Policy Manager to enable Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/removelocaladmin.md) - Start to Generate Rules from Auditing Events. See [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md). - Set up Admin Approval (Secret / policy). See [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md) and [Admin Approval demo](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/demo.md) - Set up Endpoint Policy Manager Least Privilege Manager “Approvers” workflow (Identify APPROVER(s), get the AA tool up and going). - Optionally: Set up Endpoint Policy Manager Least Privilege Manager UI branding. See [Branding the UI and Dialogs](/docs/endpointpolicymanager/video/leastprivilege/branding.md) - Deploy Admin Approval to existing systems. - Optional: Deploy Endpoint Policy Manager Least Privilege Manager Branding to existing systems. - Look at incoming EVENTS to determine the issues to make more rules. | Day 10 | | M5 Review Events | - Turn on Self Elevate for existing 3 developers. - Create documentation for Developers on how to interact with Endpoint Policy Manager Self Elevate method. ([Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/demo.md)). - Review EVENTS to determine the issues to create rules. | Day 11 | | M6 Addition | - Add 7 more developer PCs to existing 3 and remove local admin rights using existing rules. (Don’t use Self elevate on new 7 endpoint, just the first three.) | Day 12 | @@ -379,7 +385,7 @@ Estimated Milestone Details and Target Dates | M15 Addition | Add +5 endpoints Endpoint Policy Manager Active Directory OU and remove their local admin rights. | Day 21 | | M16 Review Events | Look at EVENTS to determine the issues to make more rules. | Day 22 | | M17 Remaining | Add Remaining endpoints to Endpoint Policy Manager Active Directory OU and remove their local admin rights. | Day 23 | -| M18 SecureRun (Optional) | • Turn on Global Auditing for Untrusted and Unsigned applications. • Try turning on SecureRun for three developers. - [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) - [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md) | Day 24 | +| M18 SecureRun (Optional) | • Turn on Global Auditing for Untrusted and Unsigned applications. • Try turning on SecureRun for three developers. - [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) - [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md) | Day 24 | | M19 SecureRun Rollout (Optional) | Add +5 endpoints per day and triage incoming SecureRun blocks with “Allow and Log” rules. Repeat each day with +5 endpoints. | Day 25+ | ## Appendix B: Sample Endpoint Privilege Manager Project POC Plan for Endpoint Policy Manager Cloud, removing local admin rights for 30 Developers. @@ -388,7 +394,7 @@ Estimated Milestone Details and Target Dates | Milestone | Details & Tasks | | | ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| M1 Pre-Requisites | - Verify you actually want to use Endpoint Policy Manager + Cloud method and not some other method or some kind of hybrid approach. See [Endpoint Policy ManagerSolution Methods: Group Policy, MDM, UEM Tools, and Endpoint Policy Manager Cloud compared.](/docs/endpointpolicymanager/video/gettingstarted/solutionmethods.md) - Identify 3 friendly developers for this project. - Identify the remaining devices for POC, but focus on first three. - Get familiar with Endpoint Policy Manager Cloud Basics. See [Endpoint Policy Manager Cloud: Two minute introduction](/docs/endpointpolicymanager/video/cloud/introduction.md) - Download Endpoint Policy Manager bits from portal.endpointpolicymanager.com and Cloud MSI from cloud.endpointpolicymanager.com and get organized [Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md). - Get the Endpoint Policy Manager Quickstart Guide. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md) - Set up on prem test lab, even though we’re using Endpoint Policy Manager Cloud (Best Practice). See [Endpoint Policy Manager Cloud: What you need to get Started](/docs/endpointpolicymanager/video/cloud/testlab/start.md). - Install Endpoint Policy Manager Cloud Client which automatically installs the Endpoint Policy Manager CSE on 3 devices. - Identify the remaining devices for POC, but focus on first three. - Move 3 Endpoint Policy Manager cloud joined devices to Endpoint Policy Manager Cloud Company “GROUP1”. - Verify Endpoint Policy Manager Least Privilege Manager is working with the “Device Manager” test. See [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) - Turn on PPLPM Global Auditing for Cloud. See [Endpoint Policy Manager Cloud + PPLPM + Events: Collect Events in the Cloud](/docs/endpointpolicymanager/video/leastprivilege/cloudevents.md) - Test to make sure PPC Events are seen in Endpoint Policy Manager Cloud. - Identify KNOWN applications for Development stations which require Admin rights. | Day 1-3 | +| M1 Pre-Requisites | - Verify you actually want to use Endpoint Policy Manager + Cloud method and not some other method or some kind of hybrid approach. See [Endpoint Policy ManagerSolution Methods: Group Policy, MDM, UEM Tools, and Endpoint Policy Manager Cloud compared.](/docs/endpointpolicymanager/video/gettingstarted/solutionmethods.md) - Identify 3 friendly developers for this project. - Identify the remaining devices for POC, but focus on first three. - Get familiar with Endpoint Policy Manager Cloud Basics. See [Endpoint Policy Manager Cloud: Two minute introduction](/docs/endpointpolicymanager/video/cloud/introduction.md) - Download Endpoint Policy Manager bits from portal.endpointpolicymanager.com and Cloud MSI from cloud.endpointpolicymanager.com and get organized [Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md). - Get the Endpoint Policy Manager Quickstart Guide. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md) - Set up on prem test lab, even though we’re using Endpoint Policy Manager Cloud (Best Practice). See [Endpoint Policy Manager Cloud: What you need to get Started](/docs/endpointpolicymanager/video/cloud/testlab/start.md). - Install Endpoint Policy Manager Cloud Client which automatically installs the Endpoint Policy Manager CSE on 3 devices. - Identify the remaining devices for POC, but focus on first three. - Move 3 Endpoint Policy Manager cloud joined devices to Endpoint Policy Manager Cloud Company “GROUP1”. - Verify Endpoint Policy Manager Least Privilege Manager is working with the “Device Manager” test. See [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) - Turn on PPLPM Global Auditing for Cloud. See [Endpoint Policy Manager Cloud + PPLPM + Events: Collect Events in the Cloud](/docs/endpointpolicymanager/video/leastprivilege/cloudevents.md) - Test to make sure PPC Events are seen in Endpoint Policy Manager Cloud. - Identify KNOWN applications for Development stations which require Admin rights. | Day 1-3 | | M2 Install PPC | - Install Endpoint Policy Manager CSE on the remaining 27 endpoints; ensure success. (NO POLICIES, just the Endpoint Policy Manager moving parts.). - (Optional) Set up Common Scenarios for Printers, Remove Programs and IP Address changes. - [Overcome Network Card, Printer, and Remove Programs UAC prompts](/docs/endpointpolicymanager/video/leastprivilege/uacprompts.md) - [COM Support](/docs/endpointpolicymanager/video/leastprivilege/comsupport.md) - Create rules for KNOWN applications which require ADMIN Rights. - [Best Practices for Elevating User-Based Installs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevatinguserbasedinstalls.md) - [Security and Child Processes](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securitychildprocesses.md) - [Increase security by reducing rights on Open/Save dialogs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/opensavedialogs.md) - [Endpoint Privilege Manager and Wildcards](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/wildcards.md) - Use Endpoint Policy Manager Preconfigured rules when you can. See [Installing applications-and-Preconfigured-Rules](/docs/endpointpolicymanager/video/leastprivilege/installapplications.md) | Day 4-6 | | M3 Begin Test | - Remove local admin rights for 3 developer endpoints. One suggested method / demo is here (there are other ways to perform this task): [Use Group Policy to remove local admin rights (then Endpoint Policy Manager to enable Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/removelocaladmin.md) - Start to Generate Rules from Auditing Events [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md) - Set up Admin Approval (Secret / policy): [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md) and [Admin Approval demo](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/demo.md) - Set up Endpoint Policy Manager Least Privilege Manager “Approvers” workflow (Identify APPROVER(s), get the AA tool up and going.) - Optionally: Set up Endpoint Policy Manager Least Privilege Manager UI branding: [Branding the UI and Dialogs](/docs/endpointpolicymanager/video/leastprivilege/branding.md) - Deploy Admin Approval to existing systems. - Optional: Deploy Endpoint Policy Manager Least Privilege Manager Branding to existing systems. - Look at incoming EVENTS in Endpoint Policy Manager Cloud to determine the issues to make more rules. | Day 7-8 | | M4 Review Events | - Turn on Self Elevate for existing 3 developers. - Create documentation for Developers on how to interact with Endpoint Policy Manager Self Elevate method. See [Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/demo.md) - Review EVENTS to determine the issues to create rules. | Day 9 | @@ -404,7 +410,7 @@ Estimated Milestone Details and Target Dates | M14 Addition | Add +5 endpoints to Endpoint Policy Manager Cloud and remove their local admin rights. | Day 19 | | M15 Review Events | Look at EVENTS to determine the issues to make more rules. | Day 20 | | M16 Remaining | Add Remaining endpoints to Endpoint Policy Manager Cloud and remove their local admin rights. | Day 21 | -| M17 SecureRun Setup | - Turn on Global Auditing for Untrusted and Unsigned applications. - Try turning on SecureRun for three developers. - [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) - [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md) | Day 22 | +| M17 SecureRun Setup | - Turn on Global Auditing for Untrusted and Unsigned applications. - Try turning on SecureRun for three developers. - [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) - [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md) | Day 22 | | M18+ SecureRun Rollout | Add +5 endpoints per day and triage incoming SecureRun blocks with “Allow and Log” rules. Repeat each day with +5 endpoints. | Day 23+ | ## Appendix C: Sample Endpoint Privilege Manager Project POC Plan for Endpoint Policy Manager with an MDM service like Intune, removing local admin rights for 30 Developers. @@ -413,9 +419,9 @@ Estimated Milestone Details and Target Dates | Milestones | Details & Tasks | | | ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| M1 Pre-Requisites | - Verify you actually want to use Endpoint Policy Manager + Cloud method and not some other method or some kind of hybrid approach. See [Endpoint Policy ManagerSolution Methods: Group Policy, MDM, UEM Tools, and Endpoint Policy Manager Cloud compared.](/docs/endpointpolicymanager/video/gettingstarted/solutionmethods.md) - Identify 3 friendly developers for this project. - Identify the remaining devices for POC, but focus on first three. - Download Endpoint Policy Manager bits from portal.endpointpolicymanager.com and Cloud MSI from cloud.endpointpolicymanager.com and get organized. See the [Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md). - Get the Endpoint Policy Manager Quickstart Guide. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overview.md) - On ONE machine (any machine) perform the MDM “Walk before you run” test. See [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) - On three developer machines perform the quick-licensing method via rename (see[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/license/trial.md) or run licensing tool and after receiving your trial keys from sales, install your trial or full licenses for your MDM licenses. See [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - Install the Endpoint Policy Manager CSE on the three developer stations. - Move 3 developers into an Azure/MDM group named “Endpoint Policy Manager Test Devs”. - Target deploy the Endpoint Policy Manager CSE to the group. - Get to understand Endpoint Policy Manager Least Privilege Manager + MDM Service (Exporting policies, then wrapping up XMLs into MSIs). See [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) - Verify Endpoint Policy Manager Least Privilege Manager is working wit the “Device Manager” test. See [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) - Create a policy which turns on PPLPM Global Auditing, export as XML and wrap up as MSI for deployment via MDM. See [Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) - Identify KNOWN applications for Development stations which require Admin rights. | Day 1-3 | +| M1 Pre-Requisites | - Verify you actually want to use Endpoint Policy Manager + Cloud method and not some other method or some kind of hybrid approach. See [Endpoint Policy ManagerSolution Methods: Group Policy, MDM, UEM Tools, and Endpoint Policy Manager Cloud compared.](/docs/endpointpolicymanager/video/gettingstarted/solutionmethods.md) - Identify 3 friendly developers for this project. - Identify the remaining devices for POC, but focus on first three. - Download Endpoint Policy Manager bits from portal.endpointpolicymanager.com and Cloud MSI from cloud.endpointpolicymanager.com and get organized. See the [Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md). - Get the Endpoint Policy Manager Quickstart Guide. See [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md) - On ONE machine (any machine) perform the MDM “Walk before you run” test. See [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) - On three developer machines perform the quick-licensing method via rename (see[What is the fastest way to get started in an Endpoint Policy Manager trial, without running the License Request Tool?](/docs/endpointpolicymanager/knowledgebase/allthingslicensing/knowledgebase/requestinglicensesfa/trial.md) or run licensing tool and after receiving your trial keys from sales, install your trial or full licenses for your MDM licenses. See [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - Install the Endpoint Policy Manager CSE on the three developer stations. - Move 3 developers into an Azure/MDM group named “Endpoint Policy Manager Test Devs”. - Target deploy the Endpoint Policy Manager CSE to the group. - Get to understand Endpoint Policy Manager Least Privilege Manager + MDM Service (Exporting policies, then wrapping up XMLs into MSIs). See [Using Least Privilege Manager with your MDM service](/docs/endpointpolicymanager/video/leastprivilege/mdm.md) - Verify Endpoint Policy Manager Least Privilege Manager is working wit the “Device Manager” test. See [Kill Local Admin Rights (Run applications with Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/localadminrights.md) - Create a policy which turns on PPLPM Global Auditing, export as XML and wrap up as MSI for deployment via MDM. See [Use Discovery to know what rules to make as you transition from Local Admin rights](/docs/endpointpolicymanager/video/leastprivilege/discovery.md) - Identify KNOWN applications for Development stations which require Admin rights. | Day 1-3 | | M2 Install Endpoint Policy Manager CSE, common scenarios and known applications | - Install Endpoint Policy Manager CSE on the remaining 27 endpoints; ensure success. (NO POLICIES, just the PolicyPak moving parts). - (Optional) Set up Common Scenarios for Printers, Remove Programs and IP Address changes. See [Overcome Network Card, Printer, and Remove Programs UAC prompts](/docs/endpointpolicymanager/video/leastprivilege/uacprompts.md) and [COM Support](/docs/endpointpolicymanager/video/leastprivilege/comsupport.md) - Create rules for KNOWN applications which require ADMIN Rights. - [Best Practices for Elevating User-Based Installs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/elevatinguserbasedinstalls.md) - [Security and Child Processes](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/securitychildprocesses.md) - [Increase security by reducing rights on Open/Save dialogs](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/opensavedialogs.md) - [Endpoint Privilege Manager and Wildcards](/docs/endpointpolicymanager/video/leastprivilege/bestpractices/wildcards.md) - Use Endpoint Policy Manager Preconfigured rules when you can. See [Installing applications-and-Preconfigured-Rules](/docs/endpointpolicymanager/video/leastprivilege/installapplications.md) | Day 4-6 | -| M3 Set up Event Forwarding | - Pick one (or choose another method, like Splunk, etc.) - Event Forwarding with Netwrix Auditor. See [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/integration/auditor/reports.md) - Event Forwarding with Windows Eventing. See [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md) - Event Forwarding with Azure Log Analytics (likely best scenario for MDM environments). See [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/tips/eventlogs.md) | Day 7-9 | +| M3 Set up Event Forwarding | - Pick one (or choose another method, like Splunk, etc.) - Event Forwarding with Netwrix Auditor. See [How to use Netwrix Auditor to Report on Endpoint Policy Manager events](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/reports.md) - Event Forwarding with Windows Eventing. See [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md) - Event Forwarding with Azure Log Analytics (likely best scenario for MDM environments). See [Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/tipstricksandfaqs/eventlogs.md) | Day 7-9 | | M4 Begin Test | - Remove local admin rights for 3 developer endpoints. One suggested method / demo is here (there are other ways to perform this task): [Use Group Policy to remove local admin rights (then Endpoint Policy Manager to enable Least Privilege)](/docs/endpointpolicymanager/video/leastprivilege/removelocaladmin.md) - Start to Generate Rules from Auditing Events. See [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md). - Set up Admin Approval (Secret / policy). See [Auto-Create Policy from Global Audit event](/docs/endpointpolicymanager/video/leastprivilege/globalauditevent.md) and [Admin Approval demo](/docs/endpointpolicymanager/video/leastprivilege/adminapproval/demo.md) - Optionally: Set up Endpoint Policy Manager Least Privilege Manager UI branding. See [Branding the UI and Dialogs](/docs/endpointpolicymanager/video/leastprivilege/branding.md) - Deploy Admin Approval to existing systems. - Optional: Deploy Endpoint Policy Manager Least Privilege Manager Branding to existing systems. - Look at incoming EVENTS to determine the issues to make more rules. | Day 10 | | M5 Review Events | - Turn on Self Elevate for existing 3 developers. - Create documentation for Developers on how to interact with Endpoint Policy Manager Self Elevate method. See [Self Elevate Mode](/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/demo.md) - Review EVENTS to determine the issues to create rules. | Day 11 | | M6 Addition | Add 7 more developer PCs to existing 3 and remove local admin rights using existing rules. (Don’t use Self elevate on new 7 endpoint, just the first three.) | Day 12 | @@ -430,5 +436,5 @@ Estimated Milestone Details and Target Dates | M15 Addition | Add +5 endpoints to Endpoint Policy Manager group and remove their local admin rights. | Day 21 | | M16 Review Events | Look at EVENTS to determine the issues to make more rules. | Day 22 | | M17 Remaining | Add Remaining endpoints to Endpoint Policy Manager group and remove their local admin rights. | Day 23 | -| M18 SecureRun Setup | - Turn on Global Auditing for Untrusted and Unsigned applications. - Try turning on SecureRun for three developers. - [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) - [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/leastprivilege/securerun/allowinlinecommands.md) | Day 24 | +| M18 SecureRun Setup | - Turn on Global Auditing for Untrusted and Unsigned applications. - Try turning on SecureRun for three developers. - [Using Least Privilege Manager's SecureRun Feature](/docs/endpointpolicymanager/video/leastprivilege/securerun/feature.md) - [How can I allow "Inline commands" blocked by SecureRun when a random path or filename is created each time?](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/tipsandsecureruntm/allowinlinecommands.md) | Day 24 | | M19 SecureRun Rollout | Add +5 endpoints per day and triage incoming SecureRun blocks with “Allow and Log” rules. Repeat each day with +5 endpoints. | Day 25+ | diff --git a/docs/endpointpolicymanager/manuals/manuals.md b/docs/endpointpolicymanager/manuals/manuals.md new file mode 100644 index 0000000000..b5065e1f70 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/manuals.md @@ -0,0 +1,61 @@ +--- +title: "Netwrix Endpoint Policy Manager (formerly PolicyPak) User Manuals" +description: "Netwrix Endpoint Policy Manager (formerly PolicyPak) User Manuals" +sidebar_position: 30 +--- + +# Netwrix Endpoint Policy Manager (formerly PolicyPak) User Manuals + +The following topics provide information on using Endpoint Policy Manager: + +- Introduction & Quick Start Manuals + + - [Introduction and Basic Concepts](/docs/endpointpolicymanager/manuals/introductionandquick/basicconcepts/basicconcepts.md) + - [Netwrix Endpoint Policy Manager Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/overview.md) + - [Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md) + - [Endpoint Policy Manager Cloud Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/overview.md) + - [MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md) + - [Upgrade Guidance](/docs/endpointpolicymanager/manuals/introductionandquick/upgrade/overview.md) + +- Least Privilege Security Pak + + - [Least Privilege Manager (Windows)](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/leastprivilege/overview.md) + - [Endpoint Privilege Manager Implementation QuickStart Guide](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/pplpmimplementationguide.md) + - [Endpoint Policy Manager Cloud for MacOS Client](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/mac/overview.md) + +- Device Management Pak + + - [Device Manager](/docs/endpointpolicymanager/manuals/devicemanagementpak/devicemanager/overview.md) + +- Apps, Browsers, & Java Security Pak + + - [Application Settings Manager ](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/applicationsettings/overview.md) + - [Browser Router](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/browserrouter/overview.md) + - [Java Enterprise Rules Manager](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/javaenterpriserules/overview.md) + - [Security Settings Manager](/docs/endpointpolicymanager/manuals/appsbrowsersandjavas/securitysettings/overview.md) + +- GPO Compliance Pak + + - [Group Policy Compliance Reporter](/docs/endpointpolicymanager/manuals/gpocompliancepak/grouppolicycomplianc/overview.md) + +- Windows 10 & 11 Management Pak + + - [File Associations Manager](/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/overview.md) + - [Feature Manager for Windows](/docs/endpointpolicymanager/manuals/windows10and11manage/feature/overview.md) + - [Start Screen & Taskbar Manager](/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/overview.md) + +- GPO Reduction and Transitions Pak + + - [Administrative Templates Manager](/docs/endpointpolicymanager/manuals/gporeductionandtrans/adminstrativetemplat/overview.md) + - [Preferences Manager](/docs/endpointpolicymanager/manuals/gporeductionandtrans/preferences/overview.md) + +- App Delivery & Patching Pak + + - [Remote Work Delivery Manager](/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/remoteworkdelivery/overview.md) + - [Software Package Manager](/docs/endpointpolicymanager/manuals/appdeliveryandpatchi/softwarepackage/overview.md) + +- Desktop Automation & Connectivity Pak + + - [Scripts & Triggers Manager](/docs/endpointpolicymanager/manuals/desktopautomationand/scriptstriggers/overview.md) + - [Remote Desktop Protocol Manager](/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/overview.md) + - [Endpoint Policy Manager Network Security Manager](/docs/endpointpolicymanager/manuals/desktopautomationand/networksecuritymanager.md) diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/_category_.json new file mode 100644 index 0000000000..4d1ea719ba --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Windows 10 And 11 Management Pak", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/_category_.json new file mode 100644 index 0000000000..9dfddb11dd --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Feature Manager for Windows", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/_category_.json new file mode 100644 index 0000000000..bd63c41141 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Quick Start - Adding and Removing Features", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/collections.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/collections.md new file mode 100644 index 0000000000..72952dc1b8 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/collections.md @@ -0,0 +1,24 @@ +--- +title: "Getting Started with Collections" +description: "Getting Started with Collections" +sidebar_position: 10 +--- + +# Getting Started with Collections + +Endpoint Policy Manager Feature Manager for Windows policies may be contained in the root of the +GPO, or within collections. We recommend that you start out by creating a collection that will +contain the policies. If you put the policies in a collection, it will be easier to manage the +settings. + +Start out by going to **Add** > **New Collection**. From there you can configure the collection +settings. + +![quickstart_adding_and_removing_1](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_1.webp) + +The only item you might want to change regularly is the **Reboot Mode**. For now, change it to +**Asks User**. In your own environment, you might want to select **Prevent**, but don't do this now. + +You can see your collection added. + +![quickstart_adding_and_removing_2](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_2.webp) diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/overview.md new file mode 100644 index 0000000000..dcf5f2a950 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/overview.md @@ -0,0 +1,38 @@ +--- +title: "Quick Start - Adding and Removing Features" +description: "Quick Start - Adding and Removing Features" +sidebar_position: 20 +--- + +# Quick Start - Adding and Removing Features + +**NOTE:** For some video overviews of Netwrix Endpoint Policy Manager (formerly PolicyPak) Feature +Manager for Windows, see +[https://www.endpointpolicymanager.com/products/feature-manager-for-windows.html](https://www.endpointpolicymanager.com/products/feature-manager-for-windows.html). + +In this example we will uninstall and install the following: + +- **Features**: + + - Uninstall the Microsoft XPS Document Writer + - Uninstall SMB 1.0 + - Install .Net 3.5 (including .Net 2.0 and 3.0) Framework + - Install Telnet Client + +- **Optional Features**: + + - Uninstall the XPS Viewer + - Install the Graphics Tools + - Install the GPMC RSAT tools (Optional RSAT Feature; works only with Windows 1809+) + +To begin, log on as a local admin on an test computer and verify that none of the items in the +bullet lists above are currently installed. Then, create and link a group policy object (GPO) to a +location that contains computers. In the example below, created a GPO and linked it to the East +Sales Desktops. + +![quickstart_adding_and_removing](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing.webp) + +Then click **Edit** to edit the GPO. + +**NOTE:** Even if you're using Endpoint Policy Manager Cloud or MDM edition, you still need to +create the policies within a GPO first. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/policies.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/policies.md new file mode 100644 index 0000000000..d6ba942e95 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/policies.md @@ -0,0 +1,101 @@ +--- +title: "Creating Policies within Collections" +description: "Creating Policies within Collections" +sidebar_position: 20 +--- + +# Creating Policies within Collections + +Double-click to go into your collection, where you can now create policies. Go to **Add** > **New +Policies**. Once there you are prompted by the Endpoint Policy Manager Feature Manager for Windows +wizard. + +![quickstart_adding_and_removing_3](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_3.webp) + +Here you can select an install rule, an uninstall rule, or a mixed rule. + +- Install Rule provides a method to install features or optional features. +- Uninstall Rule provides a method to uninstall features or optional features. +- Mixed Rule provides methods both installing and uninstalling. + +For this example, select **Install Rule**, which brings you to the **Select package type** page. + +![quickstart_adding_and_removing_4](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_4.webp) + +The next screen allows you to turn on Windows features. Select the items you want, such as .Net +Framework 3.5 (either, both, or neither of the sub-options) as well as the Telnet Client. +Additionally you should take note of some special items: + +- Supported on - Explains which versions of Windows 10 and Windows Server this item will apply to. +- Feature details - Explains which features depend on the selected feature (and will automatically + be installed), as well as whether a reboot is required or possible. + +![quickstart_adding_and_removing_5](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_5.webp) + +Click **Next** to continue. Then, click on **Add policies to the existing collection**. + +![quickstart_adding_and_removing_6](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_6.webp) + +In The Policies settings window shows which policy items you are about to create. You can optionally +add Item-Level Targeting to any item, so that item will only be installed when the conditions are +true. In the example below you can see that the Telnet Client will only be installed on portable +computers. + +![quickstart_adding_and_removing_7](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_7.webp) + +**NOTE:** You do not need to add Item-Level Targeting for this example, it is just shown here for +future reference. + +The final page of the wizard displays:. + +![quickstart_adding_and_removing_8](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_8.webp) + +Click **Finish**. Thee two items are added to your collection. + +![quickstart_adding_and_removing_9](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_9.webp) + +Now, repeat the process again, this time selecting: + +- **Install Rule** +- **Windows Optional Feature** + +The **Turn Windows optional features ON** page appears. **Select** **Graphics Tools**. + +![quickstart_adding_and_removing_10](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_10.webp) + +Scroll down and find the RSAT category and select **RSAT: Group Policy Management Tools**. + +![quickstart_adding_and_removing_11](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_11.webp) + +Continue, leaving the remainder of the default settings. You can see the policies added to the +collection. + +![quickstart_adding_and_removing_12](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_12.webp) + +Now, let's remove some features and optional features. + +We will add more policies, this time selecting: + +- **Uninstall rule** +- **Windows Features** + +Select the items to uninstall, like Microsoft XPS Document Writer and SMB 1.0. + +![quickstart_adding_and_removing_13](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_13.webp) + +Click **Next** through the remainder of the wizard, accepting the defaults. + +Run through the wizard one more time, selecting: + +- **Uninstall Rule** +- **Windows Optional Feature** + +Then you can select to turn off XPS Viewer. + +![quickstart_adding_and_removing_14](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_14.webp) + +Click **Next** through the remainder of the wizard, accepting the defaults. + +At this point you should have seven policies. + +![quickstart_adding_and_removing_15](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_15.webp) diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/test.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/test.md new file mode 100644 index 0000000000..9582b9c81b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/addremove/test.md @@ -0,0 +1,26 @@ +--- +title: "Testing Your GPO" +description: "Testing Your GPO" +sidebar_position: 30 +--- + +# Testing Your GPO + +Next, make sure your endpoint is in an organizational unit (OU) to which the GPO would apply. Then +log on as any user. Run GPupdateto push the computer-side GPO changes. This would normally happen in +the background between 90 and 120 minutes later. After the computer gets the GPO, the user is +prompted to reboot. + +![quickstart_adding_and_removing_16](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_16.webp) + +The reboot prompt only occurs because of the setting within the collection. The computer will finish +installing or uninstalling the features upon reboot. + +![quickstart_adding_and_removing_17](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_17.webp) + +Now you can go back and verify those items are added or removed. Below are examples of the final +result. + +![quickstart_adding_and_removing_18](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_18.webp) + +![quickstart_adding_and_removing_19](/img/product_docs/endpointpolicymanager/feature/addremove/quickstart_adding_and_removing_19.webp) diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/_category_.json new file mode 100644 index 0000000000..c3fed943e9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Advanced Manipulations of Policies and Collections", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/feature/advanced/createcollection.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/createcollection.md similarity index 78% rename from docs/endpointpolicymanager/feature/advanced/createcollection.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/createcollection.md index 71897e0b33..cab5e84b6c 100644 --- a/docs/endpointpolicymanager/feature/advanced/createcollection.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/createcollection.md @@ -1,3 +1,9 @@ +--- +title: "Creating a Collection within the Wizard" +description: "Creating a Collection within the Wizard" +sidebar_position: 50 +--- + # Creating a Collection within the Wizard As you work through the Feature Manager for Windows wizard, you will be asked to **Add policies to diff --git a/docs/endpointpolicymanager/feature/advanced/deletepolicies.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/deletepolicies.md similarity index 83% rename from docs/endpointpolicymanager/feature/advanced/deletepolicies.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/deletepolicies.md index 751a22aaab..223a78dc08 100644 --- a/docs/endpointpolicymanager/feature/advanced/deletepolicies.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/deletepolicies.md @@ -1,3 +1,9 @@ +--- +title: "Deleting Policies" +description: "Deleting Policies" +sidebar_position: 10 +--- + # Deleting Policies You can delete a policy by right-clicking it and selecting **Delete Policy**. diff --git a/docs/endpointpolicymanager/feature/advanced/editcollection.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/editcollection.md similarity index 95% rename from docs/endpointpolicymanager/feature/advanced/editcollection.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/editcollection.md index 72fe765c67..b4d4d7c9f2 100644 --- a/docs/endpointpolicymanager/feature/advanced/editcollection.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/editcollection.md @@ -1,3 +1,9 @@ +--- +title: "Editing a Collection" +description: "Editing a Collection" +sidebar_position: 30 +--- + # Editing a Collection Collections can be edited as well and their properties changed. diff --git a/docs/endpointpolicymanager/feature/advanced/editpolicy.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/editpolicy.md similarity index 89% rename from docs/endpointpolicymanager/feature/advanced/editpolicy.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/editpolicy.md index 4f695b1635..e5d297eb85 100644 --- a/docs/endpointpolicymanager/feature/advanced/editpolicy.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/editpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Editing a Policy" +description: "Editing a Policy" +sidebar_position: 20 +--- + # Editing a Policy You can edit a policy by right-clicking the policy and selecting **Edit policy**. diff --git a/docs/endpointpolicymanager/feature/advanced/mixedrule.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/mixedrule.md similarity index 85% rename from docs/endpointpolicymanager/feature/advanced/mixedrule.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/mixedrule.md index 2183d3ba21..32b87ca722 100644 --- a/docs/endpointpolicymanager/feature/advanced/mixedrule.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/mixedrule.md @@ -1,3 +1,9 @@ +--- +title: "The Mixed Rule Wizard Path" +description: "The Mixed Rule Wizard Path" +sidebar_position: 40 +--- + # The Mixed Rule Wizard Path In the Quickstart, we went over the **Install Rule** and **Uninstall Rule**. You might also want to diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/overview.md new file mode 100644 index 0000000000..3e797454ae --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/advanced/overview.md @@ -0,0 +1,12 @@ +--- +title: "Advanced Manipulations of Policies and Collections" +description: "Advanced Manipulations of Policies and Collections" +sidebar_position: 30 +--- + +# Advanced Manipulations of Policies and Collections + +In this section we cover a few advanced topics. First, we explore some areas where you can +manipulate policies without the wizard. For instance, we'll start out by showing you how you can +delete policies, edit policies, and edit collections without the wizard. Then, we will also explore +the idea of **Mixed Rule** along with how to create collections within the wizard. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/_category_.json new file mode 100644 index 0000000000..9f3d281f3b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/events.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/events.md new file mode 100644 index 0000000000..6bc3a44e3a --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/events.md @@ -0,0 +1,59 @@ +--- +title: "Events" +description: "Events" +sidebar_position: 20 +--- + +# Events + +Endpoint Policy Manager Feature Manager for Windows places events in the Endpoint Policy Manager log +(within Applications and Services log), as shown in Figure 47. All events will have the Endpoint +Policy Manager Feature Manager for Windows client source type. In Figure 47, you can see an example +of a feature attempting to be installed. This is Event ID 600. + +![troubleshooting_5](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/avoid_pop_ups_with_admin_approval_1.webp) + +Figure 47. Endpoint Policy Manager Feature Manager for Windows events can be found in the Endpoint +Policy Manager node within Application and Services. + +Then, after it is successfully installed, it shows Event ID 602, as shown in Figure 48. + +![troubleshooting_6](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_6.webp) + +Figure 48. Logged events in Endpoint Policy Manager event log for Endpoint Policy Manager Feature +Manager for Windows. + +You might want to trigger or look for certain events to know what's going on. Endpoint Policy +Manager is compatible with Event Forwarding, if that's something you wish to do. Here is the list of +events in each category: + +General + +- Event 300: The system will reboot to complete installation of Windows Features. +- Event 301: The system reboot is pending. + +Windows Feature Category + +- Event 600: Windows feature is being installed. +- Event 601: Installing Windows feature was canceled. +- Event 602: Windows feature was installed. +- Event 603: Installing Windows feature progress is - \*. +- Event 604: Installing Windows feature failed. +- Event 650: Windows feature is being removed. +- Event 651: Removing Windows feature was canceled. +- Event 652: Windows feature was removed. +- Event 653: Removing Windows feature progress is - \*. +- Event 654: Removing Windows feature failed. + +Windows Optional Feature Category + +- Event 700: Optional feature is being installed. +- Event 701: Installing optional feature was canceled. +- Event 702: Installing optional feature was completed. +- Event 703: Installing optional feature progress is - \*. +- Event 704: Installing Windows feature failed. +- Event 750: Optional feature is being removed. +- Event 751: Removing optional feature was canceled. +- Event 752: Removing optional feature was completed. +- Event 753: Optional feature progress is - \*. +- Event 754: Removing optional feature failed. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/logs.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/logs.md new file mode 100644 index 0000000000..5b9729c88b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/logs.md @@ -0,0 +1,68 @@ +--- +title: "Logging Locations" +description: "Logging Locations" +sidebar_position: 10 +--- + +# Logging Locations + +The most common problem users experience with Netwrix Endpoint Policy Manager (formerly PolicyPak) +Feature Manager for Windows is that they don't see a feature installed or uninstalled as expected. +Here are some tips when trying to troubleshoot Endpoint Policy Manager Feature Manager for Windows. + +The log files for Endpoint Policy Manager Feature Manager for Windows's are found in the following +folder: + +`%Programdata%\PolicyPak\PolicyPak Feature Manager for Windows`. This is because Endpoint Policy +Manager Feature Manager for Windows affects the Computer side (and all users on that computer). It's +also possible there might be some user-side logins in the following folder: + +`%appdata%\local\PolicyPak\PolicyPak Feature Manager for Windows.` But they will not be useful +because all work related to Endpoint Policy Manager Feature Manager for Windows happens on the +Computer side. + +There are several files to check in the folder. These files are as follows: + +- `ppComputerOperational.log`. This is the log where you can see exactly what Endpoint Policy + Manager Feature Manager for Windows believes it has accomplished, any error conditions, and if the + computer has a pending reboot or not. +- `ppUser_OnLogon.log`. New data is added to this log when Group Policy applies at the time of logon + (and items are set for the User, not the Computer). +- `ppUser_Switched.log`. New data is added to this log when Group Policy applies at the time of + logon (but items are set for the Computer). +- `ppUser_OnGroupPolicy.log`. New data is added to this log when Group Policy applies in the + background (or on GPupdate). +- `ppUser_onPolicyChanged.log`. New data is added to this log when Group Policy applies in the + background or when a non–Group Policy method is used (Microsoft Endpoint Manager [SCCM and + Intune], Endpoint Policy Manager Cloud, and so on). + +Start troubleshooting by verifying that you are set up with the following scenarios: + +- You have the group policy object (GPO) or file. +- You have a collection within the GPO. +- You have the policies within the collection. + +Figure 45 shows an example of a Endpoint Policy Manager Feature Manager for Windows log with some +annotations during a single run/GPupdate. + +![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting.webp) + +![troubleshooting_1](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_1.webp) + +![troubleshooting_2](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_2.webp) + +Figure 45. An example of a Endpoint Policy Manager Feature Manager for Windows log. + +Then, to see details of what Endpoint Policy Manager Feature Manager for Windows is trying to do, +you can open up the PPComputerOperational.log (see Figure 46) located at +`Programdata\PolicyPak\PolicyPak Feature Manager for Windows`. + +![troubleshooting_3](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_3.webp) + +![troubleshooting_4](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_4.webp) + +Figure 46. Log files showing when a policy installs and uninstalls items. + +If needed, logs are automatically wrapped up and can be sent to +[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) using the `PPLOGS.EXE` command on any endpoint +where the client-side extension (CSE) is installed. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/overview.md new file mode 100644 index 0000000000..15d480b158 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/feature/overview.md @@ -0,0 +1,9 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 60 +--- + +# Troubleshooting + +In this section, we will talk about a few tips and troubleshooting methods. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/gettoknow.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/gettoknow.md new file mode 100644 index 0000000000..65a05a37a0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/gettoknow.md @@ -0,0 +1,24 @@ +--- +title: "Getting to Know Feature Manager for Windows" +description: "Getting to Know Feature Manager for Windows" +sidebar_position: 10 +--- + +# Getting to Know Feature Manager for Windows + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Feature Manager for Windows is contained within +the Endpoint Policy Manager node. Endpoint Policy Manager Feature Manager for Windows MMC snap-in +allows you to create new Endpoint Policy Manager Feature Manager collections or policies. + +**NOTE:** You will only see the Endpoint Policy Manager Feature Manager for Windows node when the +latest Admin Console MSI is installed on the management station. + +![getting_to_know_feature_manager](/img/product_docs/endpointpolicymanager/feature/getting_to_know_feature_manager.webp) + +The functions of collections and policies are as follows: + +- Policies are the rules that perform the work. +- Collections are groupings of policies. + +Both collections and policies may have Item-Level Targeting, which is explained later, but you can +target policies based upon the criteria that you specify. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/_category_.json new file mode 100644 index 0000000000..245bc0a1f0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Item-Level Targeting with Collections and Policies", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/exportcollections.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/exportcollections.md new file mode 100644 index 0000000000..e024458629 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/exportcollections.md @@ -0,0 +1,36 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 20 +--- + +# Exporting Collections + +In +[Using Item-Level Targeting with Collections and Policies](/docs/endpointpolicymanager/manuals/desktopautomationand/remotedesktopprotoco/itemleveltargeting/overview.md) +we explain how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager +directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, your own MDM +service, or Endpoint Policy Manager Cloud. To export a policy for later use using Endpoint Policy +Manager Exporter or Endpoint Policy Manager Cloud, right-click the collection or the policy and +select Export to XML. This will enable you to save an XML file for later use. + +**NOTE:** For a video demonstrating the use of Endpoint Policy Manager Feature Manager for Windows +with Endpoint Policy Manager MDM see +[https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows-mdm.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows-mdm.html). + +Remember that Endpoint Policy Manager Feature Manager for Windows policies can be created and then +exported on the Computer side. For instance, below, you can see a setting being exported. You can +also do this for an entire collection (not shown). + +![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_5.webp) + +**NOTE:** For a video showing how to export policies and use Endpoint Policy Manager Exporter, watch +[https://www.endpointpolicymanager.com/video/deploying-endpointpolicymanager-directives-without-group-policy-endpointpolicymanager-exporter-utility.html](https://www.endpointpolicymanager.com/video/deploying-endpointpolicymanager-directives-without-group-policy-endpointpolicymanager-exporter-utility.html). + +**NOTE:** Exported collections or policies maintain any Item-Level Targeting set within them. If +you've used items that represent Group Membership in Active Directory, then those items will only +function when the machine is domain-joined. + +For more information on how to use exported policies with Endpoint Policy Manager Cloud or Endpoint +Policy Manager MDM see +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md). diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/overview.md new file mode 100644 index 0000000000..d7ed8b45ab --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/overview.md @@ -0,0 +1,65 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 50 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix +Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. +With Endpoint Policy Manager Feature Manager for Windows, Item-Level Targeting can be placed on +collections, as well as policies within collections. + +A collection enables you to group together Endpoint Policy Manager Feature Manager for Windows +policies so they can act together. For instance, you might create a collection for only East Sales +Computers and another for West Sales Computers. Or you might create one for Windows Server 2016 +servers with Exchange, and one for Windows 10 laptops in Sales. + +![using_item_level_targeting](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_1.webp) + +You can also right-click any Endpoint Policy Manager Feature Manager for Windows policy, and select +**Edit Item Level Targeting**. + +![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_1.webp) + +You can also select Item-Level Targeting when a policy is created using the wizard. + +The **Edit Item Level Targeting** menu item brings up the **Targeting Editor**. You can select any +combination of characteristics you want to test for. Administrators familiar with Group Policy +Preferences' Item-Level Targeting will be at home in this interface as it is functionally +equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically. You can also add targeting collections, which group together targeting items in much the +same way parentheses are used in an equation. In this way, you can create a complex determination +about where a policy will be applied. Collections may be set to **And**, **Or** **Is**, or **Is +Not**. + +![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_2.webp) + +Below are some real-world examples of how you can use Item-Level Targeting. + +- Software prerequisites - If you want to configure an application's settings, first make sure the + application is installed on the user's computer before configuring it. You can use File Match or + Registry Match targeting items (or both) to verify a specific version of a file, or a registry + entry is present. (For an example of this, look in the Uninstall registry key.) +- Mobile computers - If you want to deploy settings exclusively for users on mobile PCs, filter the + rule to apply only to mobile PCs by using the **Portable Computer** targeting item. +- Operating system version - You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system. Then, filter each + rule using the **Operating System** targeting item. +- Group membership - You can link the Group Policy Object (GPO) to the whole domain or + organizational unit (OU), but only members within a specific group will pick up and process the + rule settings. +- IP range - You can specify different settings for various IP ranges, like different settings for + the home office and each field office. + +After you're done editing, close the editor. Note that the icon of the policy or collection has +changed to orange, which shows that it now has Item-Level Targeting. + +![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_3.webp) + +When Item-Level Targeting is on, the policy won't apply unless the conditions are **True**. If +Item-Level Targeting is on a collection, then none of the items in the collection will apply unless +the Item-Level Targeting on the collection evaluates to **True**. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/processorderprecedence.md new file mode 100644 index 0000000000..9cec1dc0f0 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/itemleveltargeting/processorderprecedence.md @@ -0,0 +1,41 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 10 +--- + +# Understanding Processing Order and Precedence + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So, lower-numbered collection attempt to process first, and higher-numbered collections attempt to +process last. Then, within any collection, each policy is processed in numerical order from lowest +to highest. Below we can see a potential conflict within a collection. Item #4 is installing the +Telnet Client, while Item #11 is uninstalling it. + +![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/feature/itemleveltargeting/using_item_level_targeting_4.webp) + +The net effect of this scenario would be that the Telnet Client would be uninstalled because it is +processed later. + +Not shown but also important are multiple collections and nested collections. Within any collection, +there may be other nested collections, as well as policies. As such, each policy and collection is +also processed in numerical order, starting at each level with the lowest-numbered policies and +collections. + +## Merging and Conflicts + +Endpoint Policy Manager Feature Manager for Windows will merge all policies that come from the Group +Policy method (and policies deployed from methods other than Group Policy methods and/or +collections), unless there is a conflict. If there is a conflict, the last policy wins. + +## Precedence + +Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint +Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As +such, the Endpoint Policy Manager engine needs to make a final determination whether there is any +overlap of policies. Here is how the precedence works: + +- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. +- Policies delivered through Endpoint Policy Manager files have the next highest precedence. +- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest + precedence. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/feature/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/overview.md new file mode 100644 index 0000000000..6d3f0d0a72 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/overview.md @@ -0,0 +1,122 @@ +--- +title: "Feature Manager for Windows" +description: "Feature Manager for Windows" +sidebar_position: 20 +--- + +# Feature Manager for Windows + +**NOTE:** Before reading this section, please ensure you have read +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +with the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section on +[MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md)[MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md). + +Endpoint Policy Manager Feature Manager for Windows allows you to perform the following operations +on Windows 10 or Windows Server (2016 and later): + +- Add features to existing Windows machines +- Remove features from existing Windows machines +- Add optional features to existing Windows machines +- Remove optional features from existing Windows machines +- Limit which machines get policies via Item-Level Targeting +- Specify how to handle reboot requests when features need them + +**NOTE:** Watch this video for an overview of Endpoint Policy Manager Feature Manager for Windows: +[https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-feature-manager-for-windows.html) + +Endpoint Policy Manager Feature Manager for Windows allows you to do the following: + +- Export the Endpoint Policy Manager Feature Manager for Windows rules and deliver them in one of + these four ways: + + - Microsoft Endpoint Manager (SCCM and Intune) + - Your own systems management software + - A mobile device management (MDM) service + - Endpoint Policy Manager Cloud service + +- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace + the directives and perform the work. + +**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy +settings even to non-domain-joined machines over the Internet. + +## Moving Parts + +- A management station: The Endpoint Policy Manager Admin Console MSI must be installed on the + management station where you create group policy objects (GPOs). Once it is installed, you'll see + the `PolicyPak | PolicyPak Feature Manager` for Windows node. +- The Endpoint Policy Manager CSE: This runs on the client (target) machine and is the same CSE for + all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint + Policy Manager CSE must be present in order to accept Endpoint Policy Manager Feature Manager for + Windows directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and Intune), + KACE, MDM, or similar utilities. +- Endpoints: In order to use these, they must be licensed for Endpoint Policy Manager Feature + Manager for Windows using one of the licensing methods. +- Endpoint Policy Manager Exporter (optional): A free utility that lets you take Endpoint Policy + Manager Admin Templates Manager and our other products' XML files and wrap them into a portable + MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM service, or + your own systems management software. + +## Ins and Outs + +Endpoint Policy Manager Feature Manager for Windows solves several important Windows 10 issues. Its +basic goal is to turn on and off Windows features and optional features. Many IT admins will preset +the features and optional features they want into their workstation and server images, only to find +out later they need to pull back from them, or add another feature or an optional feature. Once your +systems are deployed, it is very difficult to change your mind later and add features, languages, +or, starting with Windows 10 (build 1809), add tools from the Remote Server Admin Toolkit (RSAT). +Endpoint Policy Manager File Delivery Manager automates the process by allowing you to add or remove +whatever features or optional features you want with a few clicks. + +There is an in-box method of managing features and optional features on each machine, which requires +you to address each feature one by one. On any given machine, you can manage features and optional +features. + +![about_policypak_feature_manager](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager.webp) + +There are two ways to manage features: with the Windows Features Control Pane, or the Windows +Settings page . These options can be accessed through the Start Menu. + +![about_policypak_feature_manager_1](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_1.webp) + +![about_policypak_feature_manager_2](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_2.webp) + +With optional features, you can add or subtract the feature you want. Below is an example of what +this looks like. + +![about_policypak_feature_manager_3](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_3.webp) + +An alternate way to perform similar functions is via the DISM command on the command line. For +example, to install the Hyper-V feature on a machine, you would use the DISM command. + +![about_policypak_feature_manager_4](/img/product_docs/endpointpolicymanager/feature/about_endpointpolicymanager_feature_manager_4.webp) + +This process can be scripted, but the challenge is that the system will typically reboot when it +wants to, perhaps during a user's session. Additionally, scripts will typically run over and over +again, which is not great, and could cause undesired reboots. This is why Endpoint Policy Manager +Feature Manager for Windows eliminates the need to use scripts to add or remove features. Also, +Endpoint Policy Manager Feature Manager for Windows gives you time back, so you don't have to deal +with adding or removing features and optional features from the build process. So, instead of +presetting these into your image or just dealing with it later, Endpoint Policy Manager Feature +Manager for Windows enables you to manage these settings with policies. + +## Advantages of Using Feature Manager for Windows + +With Endpoint Policy Manager Feature Manager for Windows, the advantages you get are based upon the +policy method you already employ. + +- For those using Group Policy: + + - You can add or remove features for any number of computers (desktops or servers). + - You can use Item-Level Targeting to determine which computers should get which features. + +- For those using Endpoint Policy Manager Cloud and Endpoint Policy Manager MDM: Because your + machines might be roaming, you can use Endpoint Policy Manager to deliver a new policy to install + or uninstall a required feature. diff --git a/docs/endpointpolicymanager/feature/windowsservers.md b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/windowsservers.md similarity index 90% rename from docs/endpointpolicymanager/feature/windowsservers.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/feature/windowsservers.md index e435d0a5c6..08a9c8eb78 100644 --- a/docs/endpointpolicymanager/feature/windowsservers.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/feature/windowsservers.md @@ -1,3 +1,9 @@ +--- +title: "Using Feature Manager for Windows with Servers" +description: "Using Feature Manager for Windows with Servers" +sidebar_position: 40 +--- + # Using Feature Manager for Windows with Servers Netwrix Endpoint Policy Manager (formerly PolicyPak) Feature Manager for Windows works great with diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/_category_.json new file mode 100644 index 0000000000..1f63d727ac --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "File Associations Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/fileassociations/applymode.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/applymode.md similarity index 93% rename from docs/endpointpolicymanager/fileassociations/applymode.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/applymode.md index 658efb10f1..2ad5b0fdbe 100644 --- a/docs/endpointpolicymanager/fileassociations/applymode.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/applymode.md @@ -1,3 +1,9 @@ +--- +title: "Apply Mode or \"Apply Once and Drift\"" +description: "Apply Mode or \"Apply Once and Drift\"" +sidebar_position: 60 +--- + # Apply Mode or "Apply Once and Drift" You can also create policies that will enforce a given file association one time so that users can diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/_category_.json new file mode 100644 index 0000000000..590917c135 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/logs.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/logs.md new file mode 100644 index 0000000000..52e07329bb --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/logs.md @@ -0,0 +1,48 @@ +--- +title: "Logging Locations" +description: "Logging Locations" +sidebar_position: 20 +--- + +# Logging Locations + +Endpoint Policy Manager File Associations Manager log files are found in +`%Programdata%\PolicyPak\PolicyPak File Associations Manager.` This is because Endpoint Policy +Manager File Associations Manager affects the computer (and all users on that computer).It's also +possible there might be some user-side logins in +`%appdata%\local\PolicyPak\PolicyPak File Associations Manager`, but they will not be useful since +all Endpoint Policy Manager File Associations Manager work happens on the Computer side. + +There are several files to check in the folder +`%Programdata%\PolicyPak\PolicyPak File Associations Manager.` These files are: + +- `ppUser_OnLogon.log`: This log file is updated when Group Policy applies at the time of login (and + items are set for the User side, not the Computer side). +- `ppUser_Switched.log`: This log file is updated when Group Policy applies at the time of login + (and items are set for the Computer side). +- `ppUser_OnGroupPolicy.log`: This log file is updated when Group Policy applies in the background + (when you run GPupdate or Group Policy applies in the background). +- `ppUser_onPolicyChanged.log`: This log file is updated when Group Policy applies in the background + or when a method other than the Group Policy method is used (e.g., Microsoft Endpoint Manager + [SCCM and Intune] and Endpoint Policy Manager Cloud). + +Start troubleshooting by verifying that the following conditions are true: + +- You have the Group Policy Object (GPO) (or file). +- You have a collection within the GPO. +- You have the rules within the collection. + +Figure 55 and Figure 56 are examples of Endpoint Policy Manager File Associations Manager logs with +some important items highlighted. + +![troubleshooting_1](/img/product_docs/endpointpolicymanager/troubleshooting/fileassociations/troubleshooting_1.webp) + +Figure 55. An example of a Endpoint Policy Manager File Associations Manager log. + +![troubleshooting_2](/img/product_docs/endpointpolicymanager/troubleshooting/fileassociations/troubleshooting_2.webp) + +Figure 56. Highlights from the Endpoint Policy Manager k File Associations Manager log. + +If needed, logs can be automatically wrapped up and sent to +[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) with the `PPLOGS.EXE` command on any endpoint +where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/overview.md new file mode 100644 index 0000000000..23789dd918 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/overview.md @@ -0,0 +1,19 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 100 +--- + +# Troubleshooting + +The most common problem users encounter with Netwrix Endpoint Policy Manager (formerly PolicyPak) +File Associations Manager occurs during initial use when trying to make associations. Here are some +tips when trying to troubleshoot Endpoint Policy Manager File Associations Manager: + +- Do not try to use Microsoft's method and Endpoint Policy Manager's method for managing file + associations on the same Windows 10 endpoints. Only one method will win. +- If deploying policies on the computer side, then Endpoint Policy Manager File Associations Manager + will attempt to map file associations if any user has the registered application you specify (not + only the logged-on user at the moment)>.This is a risk if the program exists at all on the + endpoint, but the user logging on at that moment (say on a Terminal Server/RDS machine) doesn't + have access to that application. diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/xmlfile.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/xmlfile.md similarity index 88% rename from docs/endpointpolicymanager/troubleshooting/fileassociations/xmlfile.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/xmlfile.md index 5b169d8dad..f87ecb4f3a 100644 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/xmlfile.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/fileassociations/xmlfile.md @@ -1,3 +1,9 @@ +--- +title: "Inspecting the FileAssociations.XML File" +description: "Inspecting the FileAssociations.XML File" +sidebar_position: 10 +--- + # Inspecting the FileAssociations.XML File Endpoint Policy Manager File Associations Manager will dynamically write the file that Windows needs diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/helperutility.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/helperutility.md new file mode 100644 index 0000000000..da620e3310 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/helperutility.md @@ -0,0 +1,56 @@ +--- +title: "Using the Helper Utility" +description: "Using the Helper Utility" +sidebar_position: 90 +--- + +# Using the Helper Utility + +In the Netwrix Endpoint Policy Manager (formerly PolicyPak) File Associations Manager Quickstart +examples, we recommended that your management station have the same applications as your target +computers. However, that is not always practical. There are likely instances where you do not want +to install an application on your machine just for the sake of making a File Association. For +instance, someone in the Sales department may be the only one who has "Sales Application 123" +installed. + +That's where the Endpoint Policy Manager File Associations Manager Helper utility comes in. Run the +Endpoint Policy Manager File Associations Manager Helper on an example endpoint with the application +already installed and to which you want to make a policy association with later. + +**NOTE:** For a video overview demonstrating how to use the Endpoint Policy Manager File +Associations Manager Helper utility, watch this video: +[Endpoint Policy Manager File Associations Manager: Helper Application](/docs/endpointpolicymanager/video/fileassociations/helperapplication.md). + +The Endpoint Policy Manager File Associations Manager Helper is found in the Endpoint Policy Manager +ISO or ZIP download in the Endpoint Policy Manager Extras folder. + +![using_the_helper_utility](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility.webp) + +Follow these steps to setup the Endpoint Policy ManagerPolicyPak File Associations Manager Helper +utility: + +**Step 1 –** Launch the 11,000 kB EXE. When you do, the Endpoint Policy Manager File Associations +Manager Export wizard appears. + +![using_the_helper_utility_1](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_1.webp) + +**Step 2 –** Find a particular file association that already exists on the machine, such as 3mf, and +the application it is already associated with. The application must be registered in order to see it +in the list. + +![using_the_helper_utility_2](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_2.webp) + +**Step 3 –** Select **Include icons in the file (Can dramatically increase file size)**. This +setting is recommended even though the XML might be bigger. You must also choose to **Show file in +folder after finished** and **Open XML in Notepad when save is complete** for examination. + +![using_the_helper_utility_3](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_3.webp) + +**Step 4 –** Take the exported file and import it into a Endpoint Policy Manager File Associations +Manager Group Policy Object (GPO). Note that the option to import from an XML is available when you +create a new entry and click **Select Program**. + +![using_the_helper_utility_4](/img/product_docs/endpointpolicymanager/fileassociations/using_the_helper_utility_4.webp) + +To import the exported file into a Endpoint Policy Manager File Associations Manager GPO, pull up +the Select Program Association window, and then click on **From XML file** under Import. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/_category_.json new file mode 100644 index 0000000000..cd9b53d08f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Ins and Outs", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/advantages.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/advantages.md new file mode 100644 index 0000000000..2f7ae52b42 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/advantages.md @@ -0,0 +1,50 @@ +--- +title: "Advantages of Using File Associations Manager" +description: "Advantages of Using File Associations Manager" +sidebar_position: 30 +--- + +# Advantages of Using File Associations Manager + +With Endpoint Policy Manager File Associations Manager, you don't have to build the perfect +workstation and then export all the file associations at one time, making sure to get it all correct +the first time, or rebuilding the perfect workstation over and over again. Additionally, if your +organization makes a change, for example, to 7-Zip instead of WinZip, and wants to quickly change +your .zip associations, you don't have to rebuild your perfect workstation and repeat the process +over and over. + +With Endpoint Policy Manager File Associations Manager, you only need to: + +- deploy your application as you normally would, using Microsoft Endpoint Manager (SCCM and Intune) + or PDQ Deploy, and +- use Endpoint Policy Manager File Associations Manager to make the association between the + extension the application. + +In addition, it is very easy to have different associations for each computer group by making simple +policies for your associations using Endpoint Policy Manager File Associations Manager. Because +Group Policy creation is distributed (that is, different people can create different GPOs), you can +leverage Endpoint Policy Manager File Associations Manager when different people have different +needs. In the case of a conflict of two associations, the rules of Group Policy precedence will take +effect. + +Endpoint Policy Manager File Associations Manager uses the same basic method and policy settings +that the in-box Microsoft method uses. That is, Endpoint Policy Manager File Associations Manager +will create its own associations XML file (one per computer). It works with Microsoft's method +(using the XML file and corresponding Group Policy setting), but adds functionality. + +However, both methods have some known limitations. First, after the associations are set, users can +still work around these methods and try to associate different applications to file extensions. +However, those user-created associations will be wiped out the next time they log on and the policy +is applied again. Next, both methods only take effect when the Group Policy is set on the computer +and the user is required to log off and then log on again. Additionally, both methods only work when +the machine is domain-joined. So even though Endpoint Policy Manager MDM and Endpoint Policy Manager +Cloud can deliver a wide variety of settings to non-domain-joined machines, neither the in-box +Microsoft method, nor Endpoint Policy Manager File Associations Manager, can configure machines +unless the machine is domain-joined. Finally, both methods will not affect a user logging onto the +computer the first time. The policy will take effect on the second login after the computer gets the +Group Policy update. + +**NOTE:** For a video demonstrating how neither Endpoint Policy Manager File Associations Manager +nor Microsoft's method can affect a user until the second login, see the +[Endpoint Policy Manager File Associations Manager: Understanding the First Login](/docs/endpointpolicymanager/video/fileassociations/firstlogin.md) +topic for additional information.. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/overview.md new file mode 100644 index 0000000000..c9f9302857 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/overview.md @@ -0,0 +1,13 @@ +--- +title: "Ins and Outs" +description: "Ins and Outs" +sidebar_position: 10 +--- + +# Ins and Outs + +Endpoint Policy Manager File Associations Manager solves several important Windows 10 issues, but +the basic goal is to map a file extension, like .pdf, to an application, like Adobe Acrobat Reader. +This sounds easy to do, but it is actually very difficult. In this section, we'll examine the +history around file associations, explain Microsoft's way to perform file associations, and explain +how Endpoint Policy Manager File Associations Manager works and what its limitations are. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/windows10.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/windows10.md new file mode 100644 index 0000000000..a26c5e37bd --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/windows10.md @@ -0,0 +1,62 @@ +--- +title: "Managing Windows 10 File Associations with the In-Box Method" +description: "Managing Windows 10 File Associations with the In-Box Method" +sidebar_position: 20 +--- + +# Managing Windows 10 File Associations with the In-Box Method + +If you did not 't have Endpoint Policy Manager File Associations Manager, you could still manage +file associations on Windows 10 and later. However, the process can be difficult and is not +particularly user-friendly. + +**NOTE:** The following steps outline what you could do without Endpoint Policy Manager File +Associations Manager. Do not perform these steps with Endpoint Policy Manager File Associations +Manager because this will result in conflicts. + +The following is the Microsoft-sanctioned way to establish file associations for Windows 8.1 and +Windows 10: + +**Step 1 –** Create machine with all applications you might need. + +**Step 2 –** Correctly set all of the file associations. + +**Step 3 –** Use the built-in command `DISM` and export the associations to an XML file. The command +would be something like: + +``` +Dism /Online /Export-DefaultAppAssociations:\AppAssoc.xml +``` + +**Step 4 –** Use Group Policy to ensure that specific computers use this XML file. + +The exported file from this process might look something like this: + +![about_policypak_file_associations_2](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations_2.webp) + +**Step 5 –** Next, you would use the Group Policy setting called **Set a default associations +configuration file**. + +![about_policypak_file_associations_3](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations_3.webp) + +The disadvantages of using the in-box method for Windows 10 are as follows: + +- You need a perfectly set machine for each new application deployment +- You will likely need different exported XML files, one for each different machine or organization + type +- You might need to segment your computers into different organizational units (OUs) if you have + different associations +- You need to follow this process even if you have just one or two applications you want to map +- To get the best experience, you need to do this for all associations a user is ever going to click + on +- The entire XML file must be perfect and not have any variations + +In summary, + +- When your needs change, there is nothing dynamic about the process +- This process is entirely manual +- This process requires a lot of effort to build the perfect machine for each different computer + group, export the files one by one for each group, and ensure all computers get the correct file + +All this becomes time consuming every time you update and roll out an application that will be the +registered extension or protocol. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/windows7.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/windows7.md new file mode 100644 index 0000000000..bcef3c4469 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/insouts/windows7.md @@ -0,0 +1,29 @@ +--- +title: "Managing Windows 7 File Associations with Group Policy Preferences" +description: "Managing Windows 7 File Associations with Group Policy Preferences" +sidebar_position: 10 +--- + +# Managing Windows 7 File Associations with Group Policy Preferences + +Several years ago, managing file associations with Group Policy used to be quite easy. Group Policy +Preferences had a specific item type that dynamically set which extensions would open in which +applications. This is still available within the Microsoft Group Policy Editor by going to **User +Configuration** > **Preferences** > **Control Panel Settings** > **Folder Options** > **New** > +**Open With**. + +![about_policypak_file_associations](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations.webp) + +This older method of setting file associations is still available in the Microsoft Group Policy +Editor on the User side with Windows 7 and 8. + +Next, select the file extension and the associated program. You can also choose to **Set as +Default**. + +![about_policypak_file_associations_1](/img/product_docs/endpointpolicymanager/fileassociations/insouts/about_endpointpolicymanager_file_associations_1.webp) + +This method worked well on Windows XP to Windows 8, but stopped working with Windows 8.1. + +Endpoint Policy Manager File Associations Manager fills in this gap. If you are already accustomed +to using Group Policy (with Group Policy Preferences) to manage file associations, then Endpoint +Policy Manager File Associations Manager will be a familiar way to perform that work. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/_category_.json new file mode 100644 index 0000000000..5423db039b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Item-Level Targeting with Collections and Policies", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/fileassociations/itemleveltargeting/exportcollection.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/exportcollection.md similarity index 92% rename from docs/endpointpolicymanager/fileassociations/itemleveltargeting/exportcollection.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/exportcollection.md index 1e05f252fe..9de1b26466 100644 --- a/docs/endpointpolicymanager/fileassociations/itemleveltargeting/exportcollection.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/exportcollection.md @@ -1,6 +1,12 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 20 +--- + # Exporting Collections -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) explains how to use +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) explains how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, you own MDM service, or Endpoint Policy Manager Cloud. However, we recommend NOT using Endpoint Policy Manager File Associations diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/overview.md new file mode 100644 index 0000000000..7b078fb29e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/overview.md @@ -0,0 +1,80 @@ +--- +title: "Using Item-Level Targeting with Collections and Policies" +description: "Using Item-Level Targeting with Collections and Policies" +sidebar_position: 70 +--- + +# Using Item-Level Targeting with Collections and Policies + +Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix +Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. +With Endpoint Policy Manager File Associations Manager, Item-Level Targeting can be used on +collections, as well as Endpoint Policy Manager File Associations Manager policies within +collections. + +A collection enables you to group together Endpoint Policy Manager File Associations Manager +policies so they can act together. For instance, you might want to create one collection that +targets only your East Sales computers, and another collection that targets your West Sales +computers. Or you might want to create a collection for Windows 10 machines and one for Windows +Server 2016 RDS. + +![using_item_level_targeting](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting.webp) + +![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_1.webp) + +Below you can see the two collections that we have created that can hold other collections or +policies. It also shows how you can apply Item-Level Targeting for a collection. + +![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_2.webp) + +To change the Item-Level Targeting, right-click any Endpoint Policy Manager File Associations +Manager policy, and select **Edit Item Level Targeting**. + +![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_3.webp) + +The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select any +combination of characteristics you want to test for. Administrators familiar with Group Policy +Preferences' Item-Level Targeting will be at home in this interface as it is functionally +equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically. You can also add targeting collections, which group together targeting items in much the +same way parentheses are used in an equation. In this way, you can create a complex determination +about where a policy will be applied. Collections may be set to **And**, **Or**, **Is**, or **Is +Not**. + +The screenshot below demonstrates the basic capabilities of the Targeting Editor. Also, note that +Endpoint Policy Manager File Associations Manager cannot filter by user group since the node is only +available on the Computer side, and Endpoint Policy Manager File Associations Manager is only valid +for Windows 8.1 and later. + +![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_4.webp) + +In this example, the Pak would only apply to Windows 10 machines when the machine is portable, and +the user is in the FABRIKAM\Traveling Sales Users group. + +Below are some real-world examples of how you can use Item-Level Targeting. + +- Software prerequisites — If you want to configure an application's settings, first make sure the + application is installed on the user's computer before configuring it. You can use File Match or + Registry Match targeting items (or both) to verify a specific version of a file or a registry + entry is present. (For an example of this, look in the Uninstall registry key.) +- Mobile computers — If you want to deploy settings exclusively for users on mobile PCs, then filter + the rule to apply only to mobile PCs by using the **Portable Computer** targeting item. +- Operating system version — You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system. Then filter each + rule using the **Operating System** targeting item. +- Group membership — You can link the Group Policy Object (GPO) to the whole domain or + organizational unit (OU), but only members within a specific group will pick up and process the + rule settings. +- IP range — You can specify different settings for various IP ranges, like different settings for + the home office and each field office. + +Close the editor when you are done. Note that the icon for the policy or collection has changed to +orange, which shows that it now has Item-Level Targeting. + +![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_5.webp) + +When Item-Level Targeting is on, the policy won't apply unless the conditions evaluate to True, and +if Item-Level Targeting is on for a collection, then none of the items in the collection will apply +unless the Item-Level Targeting on the collection evaluates to True. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/processorderprecedence.md new file mode 100644 index 0000000000..912992664f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/itemleveltargeting/processorderprecedence.md @@ -0,0 +1,48 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 10 +--- + +# Understanding Processing Order and Precedence + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So lower-numbered collections attempt to process first, and higher-numbered collections attempt to +process last. Then, within any collection, each policy is processed in numerical order from lowest +to highest. + +![using_item_level_targeting_6](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_6.webp) + +![using_item_level_targeting_7](/img/product_docs/endpointpolicymanager/fileassociations/itemleveltargeting/using_item_level_targeting_7.webp) + +## Merging and Conflicts + +Endpoint Policy Manager File Associations Manager will merge all GPOs (or non-Group Policy methods) +and collections, unless there is a conflict. This is especially important because, instead of having +one flat file that everyone must use and agree upon, you can distribute the directives across +Endpoint Policy Manager collections or GPOs. Then, everything that doesn't conflict will merge +perfectly. + +For example, let's consider that you have two GPOs (or collections) that look like the following: + +- `GPO1/Collection1: "TXT -> Notepad.exe", "LOG -> Notepad.exe"` +- `GPO2/Collection2: "TXT -> Sublime.exe", "CFG -> Sublime.exe"` + +Assuming GPO 2 or Collection 2 is processed last (based upon natural GP precedence), the result will +be the following association list: + +- `TXT -> Sublime.exe` (because GPO2 "wins" in the conflict) +- `LOG -> Notepad.exe` (because there are no conflicts) +- `CFG -> Sublime.exe` (because there are no conflicts) + +## Precedence + +Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint +Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As +such, the Endpoint Policy Manager engine needs to make a final determination whether there is any +overlap of policies. Here is how the precedence works: + +- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. +- Policies delivered through Endpoint Policy Manager files have the next highest precedence. +- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest + precedence. diff --git a/docs/endpointpolicymanager/fileassociations/mapextensions.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/mapextensions.md similarity index 96% rename from docs/endpointpolicymanager/fileassociations/mapextensions.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/mapextensions.md index f0f737a8b0..5b96278114 100644 --- a/docs/endpointpolicymanager/fileassociations/mapextensions.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/mapextensions.md @@ -1,3 +1,9 @@ +--- +title: "Quick Start - Mapping Extensions to Applications" +description: "Quick Start - Mapping Extensions to Applications" +sidebar_position: 30 +--- + # Quick Start - Mapping Extensions to Applications **NOTE:** For some video overviews of Endpoint Policy Manager File Associations Manager, see the diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/overview.md new file mode 100644 index 0000000000..b29e9d1137 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/overview.md @@ -0,0 +1,76 @@ +--- +title: "File Associations Manager" +description: "File Associations Manager" +sidebar_position: 10 +--- + +# File Associations Manager + +**CAUTION:** Even though Endpoint Policy Manager MDM and Endpoint Policy Manager Cloud can deliver a +wide variety of Endpoint Policy Manager and Group Policy settings to non-domain-joined machines, +neither the in-box Microsoft method, nor Endpoint Policy Manager File Associations Manager, can +configure machines unless the machine is domain-joined. + +This is a self-imposed limitation by Microsoft on this Windows 10 feature. + +## About File Associations Manager + +**NOTE:** Before reading this section, please ensure you have read +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section on Advanced Concepts on Group +Policy and non–Group Policy methods (MEMCM, KACE, and MDM service or Netwrix Endpoint Policy Manager +(formerly PolicyPak) Cloud), located in the +[Endpoint Privilege Manager Implementation QuickStart Guide](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/pplpmimplementationguide.md) +to deploy your directives. + +Endpoint Policy Manager File Associations Manager enables you to perform the following operations in +Windows 10: + +- Set up file associations for extensions such as .pdf with Acrobat Reader or FoxIT Pro Reader, or + .zip with WinZip or 7-Zip +- Set up protocol associations like MAILTO: or FTP: to specific applications +- Map an entire category of Windows 10 items +- Map a file extension to a Windows 10 "universal" application, such as Universal Windows Platform + (UWP)/Metro applications + +**NOTE:** For an overview of Endpoint Policy Manager File Associations Manager, see +[https://www.endpointpolicymanager.com/products/endpointpolicymanager-file-associations-manager.html](https://www.endpointpolicymanager.com/products/endpointpolicymanager-file-associations-manager.html). + +The basic way to use Endpoint Policy Manager File Associations Manager is as follows: + +- Create rules to express which file extensions should launch which applications. +- Export the Endpoint Policy Manager File Associations Manager rules and deliver them using: + + - Microsoft Endpoint Manager (SCCM and Intune) or your own on-prem systems management software + - A mobile device management (MDM) service + - Endpoint Policy Manager Cloud service + +- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace + the directives and perform the work. + +**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can even deliver Group Policy +settings to non-domain-joined machines over the Internet. + +## Moving Parts + +- A management station: The Endpoint Policy Manager Admin Console MSI must be installed on the + management station where you create Group Policy Objects (GPOs). Once installed, you'll see the + Endpoint Policy Manager | Endpoint Policy Manager File Associations Manager node. +- The Endpoint Policy Manager CSE: This runs on the client (target) machine and is the same CSE for + all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint + Policy Manager CSE must be present in order to accept Endpoint Policy Manager File Associations + Manager directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and Intune), + KACE, MDM, or similar utilities. +- Endpoints: In order to use these, they must be licensed for Endpoint Policy Manager File + Associations Manager using one of the licensing methods. +- The Endpoint Policy Manager Exporter (optional): A free utility that lets you take Endpoint Policy + Manager Admin Templates Manager and our other products' XML files and wrap them into a "portable" + MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM service, or + your own systems management software. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/policies.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/policies.md new file mode 100644 index 0000000000..0d111dc8fa --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/policies.md @@ -0,0 +1,94 @@ +--- +title: "Collections and Policies" +description: "Collections and Policies" +sidebar_position: 20 +--- + +# Collections and Policies + +Endpoint Policy Manager File Associations Manager is contained within the Endpoint Policy Manager +node. Endpoint Policy Manager File Associations Manager MMC snap-in enables you to create a new +Endpoint Policy Manager File Associations Manager policy or collection. You can create policies on +the Computer side or User side. + +**NOTE:** You will only see the Endpoint Policy Manager File Associations Manager node when the +latest Admin Console MSI is installed on the management station. + +The functions of collections and policies are as follows: + +- Collections are groupings of policies. +- Policies are the rules that perform the work. + +Below you can see how to add a new collection or policy. + +![about_policypak_file_associations_4](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_4.webp) + +If you want to follow along with the Quickstart for Endpoint Policy Manager File Associations +Manager in the next section, we suggest you download some applications on your Windows 10 management +station and on your endpoint. + +On the endpoint, add some common file types to the Windows 10 Desktop. We suggest adding the +following files: + +- A PDF file +- An MP4 file +- An XML file +- A Wordpad document with a `MAILTO:` command in it + +Below is an example of all four types of files on the sample Desktop. + +![about_policypak_file_associations_5](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_5.webp) + +Endpoint Policy Manager File Associations Manager is the quickest way to set up, test, and manage +file associations on your machine (the Group Policy Editor machine) if it has the same applications +as the target machines. It is recommended you install the following applications twice, once on your +management station and another on your Windows 10 endpoint. + +- Adobe Acrobat DC (11 or 10) — We suggest the offline MSI installer package, which can be found at + Adobe's [MSI Installer Package](https://get.adobe.com/reader/enterprise/) download. +- A mail program such as Outlook — If that's too much to download and install, you can use something + smaller such as Claws Mail for a quick test. Claws Mail can be downloaded at + [Download Claws Mail](http://www.claws-mail.org/win32/). +- The UWP version of Metro Media Player from the Windows store. + +Acrobat Reader asks if it can be the default PDF viewe. Yet, after the installation occurs, the PDF +is not associated with Acrobat Reader. Instead, Windows 10 Edge is typically the default program to +open PDF files, or Edge is recommended, and the user must make a choice. + +![about_policypak_file_associations_6](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_6.webp) + +When installing Adobe Acrobat Reader DC, the installer asks to be the default PDF viewer. + +![about_policypak_file_associations_7](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_7.webp) + +Edge generally becomes the default when a user opens a PDF file. + +The same problem occurs when you install Outlook or Claws Mail. Outlook and Claws Mail try to +register themselves as a provider for the `MAILTO: protocol`. But after Claws Mail or Outlook is +installed, it is not actually correctly set as the default for `MAILTO: emails`. You can quickly +test this by opening up Wordpad and typing `MAILTO:you@email.com`, . Click the link, and you will +see that it will launch the Windows 10 default mail application instead of Outlook or Claws Mail. + +![about_policypak_file_associations_8](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_8.webp) + +After installing Claws Mail, the program tries to make itself the default for opening emails. + +![about_policypak_file_associations_9](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_9.webp) + +Opening Wordpad and typing `MAILTO:you@email.com` shows that Outlook or Claws Mail is not actually +the default email program. + +The UWP (Windows Universal App in the Windows store) for Metro Media Player Pro is shown below. + +![about_policypak_file_associations_10](/img/product_docs/endpointpolicymanager/fileassociations/collections/about_endpointpolicymanager_file_associations_10.webp) + +In order to successfully complete the Quickstart with Endpoint Policy Manager File Associations +Manager in the next section, make sure you have the following machines set up with the programs and +files listed here: + +- Your machine with the GPMC should have Acrobat Reader, Claws Mail (or Outlook), and the UWP + version of Metro Media Player. +- An example endpoint machine with the Endpoint Policy Manager CSE should have Acrobat Reader, Claws + Mail (or Outlook), and the UWP version of Metro Media Player. +- An example endpoint machine with a PDF file, a MP4 file, a MAILTO: example, and an XML file loaded + on the Desktop. diff --git a/docs/endpointpolicymanager/fileassociations/collections/preconfigured.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/preconfigured.md similarity index 95% rename from docs/endpointpolicymanager/fileassociations/collections/preconfigured.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/preconfigured.md index 0c2b0503f6..be5aacf96f 100644 --- a/docs/endpointpolicymanager/fileassociations/collections/preconfigured.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/preconfigured.md @@ -1,3 +1,9 @@ +--- +title: "Using Preconfigured Collections and File Associations" +description: "Using Preconfigured Collections and File Associations" +sidebar_position: 80 +--- + # Using Preconfigured Collections and File Associations Netwrix Endpoint Policy Manager (formerly PolicyPak) File Associations Manager ships with several diff --git a/docs/endpointpolicymanager/fileassociations/productwizard.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/productwizard.md similarity index 93% rename from docs/endpointpolicymanager/fileassociations/productwizard.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/productwizard.md index dc8cb53e53..bd9616ab03 100644 --- a/docs/endpointpolicymanager/fileassociations/productwizard.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/productwizard.md @@ -1,3 +1,9 @@ +--- +title: "Add Policies for Product Wizard" +description: "Add Policies for Product Wizard" +sidebar_position: 50 +--- + # Add Policies for Product Wizard Sometimes an application has dozens of associations. For instance, Acrobat Reader doesn't just open diff --git a/docs/endpointpolicymanager/fileassociations/registeredextensions.md b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/registeredextensions.md similarity index 95% rename from docs/endpointpolicymanager/fileassociations/registeredextensions.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/registeredextensions.md index 4e7a633ccf..338df242bc 100644 --- a/docs/endpointpolicymanager/fileassociations/registeredextensions.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/fileassociations/registeredextensions.md @@ -1,3 +1,9 @@ +--- +title: "Registered Extensions Versus Custom Application Mappings" +description: "Registered Extensions Versus Custom Application Mappings" +sidebar_position: 40 +--- + # Registered Extensions Versus Custom Application Mappings In the previous section, we mapped three file extensions to three different applications. As you diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/_category_.json new file mode 100644 index 0000000000..389a32685e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Start Screen & Taskbar Manager", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/_category_.json new file mode 100644 index 0000000000..86265a3334 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Collections, Policy Settings, and Item-Level Targeting", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "collectionssettingsilt" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/startscreentaskbar/collectionssettingsilt.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/collectionssettingsilt.md similarity index 87% rename from docs/endpointpolicymanager/startscreentaskbar/collectionssettingsilt.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/collectionssettingsilt.md index 68bcd153fe..f6f0005f88 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/collectionssettingsilt.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/collectionssettingsilt.md @@ -1,3 +1,9 @@ +--- +title: "Collections, Policy Settings, and Item-Level Targeting" +description: "Collections, Policy Settings, and Item-Level Targeting" +sidebar_position: 50 +--- + # Collections, Policy Settings, and Item-Level Targeting Policies are the actual items that perform work. Earlier you created policies to make a new Windows diff --git a/docs/endpointpolicymanager/startscreentaskbar/expectedbehavior.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/expectedbehavior.md similarity index 83% rename from docs/endpointpolicymanager/startscreentaskbar/expectedbehavior.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/expectedbehavior.md index b53a5f8899..5073f18fb0 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/expectedbehavior.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/expectedbehavior.md @@ -1,3 +1,9 @@ +--- +title: "Expected Behavior When Policies No Longer Apply" +description: "Expected Behavior When Policies No Longer Apply" +sidebar_position: 40 +--- + # Expected Behavior When Policies No Longer Apply When Endpoint Policy Manager Start Screen & Taskbar Manager policies apply, users cannot work around diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/exportcollections.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/exportcollections.md new file mode 100644 index 0000000000..d386ed516f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/exportcollections.md @@ -0,0 +1,45 @@ +--- +title: "Exporting Collections" +description: "Exporting Collections" +sidebar_position: 50 +--- + +# Exporting Collections + +Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md) explains how +to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager directive and +deliver it using Microsoft Endpoint Manager (SCCM and Intune), KACE, your own MDM service, or +Endpoint Policy Manager Cloud. For Endpoint Policy Manager Cloud, you should automatically acquire a +license as seen in Figure 50. For Endpoint Policy Manager with an MDM service, the license should +come in your MSI license bundle. + +![collections_policy_settings_17](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_17.webp) + +Figure 50. Endpoint Policy Manager Cloud customers are licensed for Endpoint Policy Manager Start +Screen & Taskbar Manager. + +**NOTE:** For a video demonstrating the use of Endpoint Policy Manager Cloud with Endpoint Policy +Manager Start Screen & Taskbar Manager, see +[Endpoint Policy ManagerStart Screen & Taskbar Manager: Manage non-domain joined machines using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/startscreentaskbar/nondomainjoined.md). + +To export a policy for later use with Endpoint Policy Manager Exporter or Endpoint Policy Manager +Cloud, right-click the Start Screen Manager node, or a collection, and select "Export Collections as +XML," as demonstrated in Figure 51 and Figure 52. + +**NOTE:** For a video of exporting Endpoint Policy Manager Start Screen & Taskbar Manager and using +Endpoint Policy Manager Exporter with an MDM service, watch +[Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md). + +![collections_policy_settings_18](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_18.webp) + +Figure 51. Exporting all collections for later use. + +![collections_policy_settings_19](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_19.webp) + +Figure 52. Exporting the policy for later use. + +Note that exported collections or policies maintain any Item-Level Targeting set within them. If +you've used items that represent Group Membership in Active Directory, then those items will only +function when the machine is domain-joined. For more information about exporting settings and using +Endpoint Policy Manager Exporter utility, see Appendix A: +[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md). diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/processorderprecedence.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/processorderprecedence.md new file mode 100644 index 0000000000..318dba58de --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/processorderprecedence.md @@ -0,0 +1,81 @@ +--- +title: "Understanding Processing Order and Precedence" +description: "Understanding Processing Order and Precedence" +sidebar_position: 30 +--- + +# Understanding Processing Order and Precedence + +Within a particular GPO (Computer or User side), the processing order is counted in numerical order. +So lower-numbered collections attempt to process first, and higher-numbered collections attempt to +process last as shown in Figure 46. Then, within any collection, each policy is processed in +numerical order from lowest to highest, as seen in Figure 47. + +![collections_policy_settings_13](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_13.webp) + +Figure 46. The order in which collections are processed. + +![collections_policy_settings_14](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_14.webp) + +Figure 47. Within collections, group policies are processed in order, starting with the lowest +number. + +Then finally, within a Group, all the icons are placed according to their position (column followed +by row). Note the final placement might not be exactly as expected because of the icons sizes. You +might need to adjust the Position fields to get it to look precisely how you want (as shown in +Figure 48). + +![collections_policy_settings_15](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_15.webp) + +Figure 48. The processing order of multiple policy items within a group contained within a +collection. + +## Merging and Conflicts + +Endpoint Policy Manager Start Screen & Taskbar Manager will merge all GPOs and collections, unless +there is a conflict. That means that instead of having one flat Start Menu and Taskbar XML file that +everyone must use and agree upon, you can distribute the directives across Endpoint Policy Manager +collections or GPOs, and everything that doesn't conflict will merge perfectly. + +For example, consider that you have the following two GPOs: + +- GPO1—Browser Apps Group: Chrome, Firefox, Internet Explorer +- GPO2—Office Apps: Word, Excel, PowerPoint + +You will get two unique groups on the Start Menu: Browser App Group and Office Apps. This works the +same for multiple collections (within a GPO or between GPOs). However, you still need to be aware of +conflicts between Endpoint Policy Manager Start Screen policies and Endpoint Policy Manager Taskbar +Manager policies. + +For Endpoint Policy Manager Start Screen policies, the following general rules apply: + +- If you are using "Partial (Preserve)" or "Merge" mode and you create a group with the same name as + a user group (or a pre-created operating system default group, like Play, Create, and so on), your + group will end up removing the existing group. +- If you are using "Partial (Preserve)" and "Merge" mode, and you specify an icon in a group, your + icon placement will end up removing the icon from the existing group. +- When using a GPO, multiple policies can affect the machine due to natural Group Policy precedence. + When a conflict occurs, the general rule is that the GPO that was applied last will have highest + precedence. Then after that, the mode of the group ("Create," "Replace," "Update," or "Delete") + will be evaluated. +- You can have multiple GPOs with Endpoint Policy Manager Start Screen contents (and also get + Endpoint Policy Manager policies from other sources like MDM, Microsoft Endpoint Manager [SCCM and + Intune], etc.) and these policies will all be merged together, unless there is a conflict. See the + next section "Precedence" for details. + +For Endpoint Policy Manager Taskbar Manager, the following general rule applies: in "Merge" mode, +all items are merged together. That means that the operating system defaults, the user-pinned items, +and the items you've pinned will all be merged together. In the case of a conflict, the policy +written last wins. + +## Precedence + +Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint +Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As +such, the Endpoint Policy Manager engine needs to make a final determination whether there is any +overlap of policies. Here is how the precedence works: + +- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. +- Policies delivered through Endpoint Policy Manager files have the next highest precedence. +- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest + precedence. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/_category_.json new file mode 100644 index 0000000000..89f4a0d09d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Start Screen Manager Settings", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/groupaction.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/groupaction.md similarity index 95% rename from docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/groupaction.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/groupaction.md index 2464a39f6c..ae984c8650 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/groupaction.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/groupaction.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Group Action Modes" +description: "Understanding Group Action Modes" +sidebar_position: 10 +--- + # Understanding Group Action Modes In the Start Screen Tile Group Editor, there are various values that can be selected for the Action diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/overview.md new file mode 100644 index 0000000000..e1d6edb4f2 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/overview.md @@ -0,0 +1,120 @@ +--- +title: "Start Screen Manager Settings" +description: "Start Screen Manager Settings" +sidebar_position: 10 +--- + +# Start Screen Manager Settings + +In the Quickstart, we created a collection by right-clicking within Endpoint Policy Manager Start +Screen Manager or Endpoint Policy Manager Taskbar Manager and selecting Add | New Collection as seen +in Figure 32. + +![collections_policy_settings](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings.webp) + +Figure 32. Creating collections with Endpoint Policy Manager Start Screen & Taskbar Manager. + +For Endpoint Policy Manager Start Screen Manager, collections have two functions. As mentioned +previously, they hold policies that create Windows 10 groups. But a Endpoint Policy Manager Start +Screen Manager collection also defines how those groups will react. The two options for a Endpoint +Policy Manager Start Screen Manager collection can be seen in Figure 33. + +![quickstart_start_screen_manager_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/quickstart_start_screen_manager_3.webp) + +Figure 33. Collections hold policies and specify the layout mode. + +There are two layout modes for a Endpoint Policy Manager Start Screen Manager collection. One is +"Partial (Preserve)," which will maintain a user's existing groups, as well as any default groups, +while adding your new groups to theirs. Users will not be able to modify the groups you assign. The +other layout mode is "Full (Replace)," which will remove any existing groups and replace them with +your new groups. Users will not be able to modify the groups you assign. + +There are two layout size options for a Endpoint Policy Manager Start Screen Manager collection as +shown in Figure 34. If you do not specify a layout size, the default will be Medium (Two Columns). + +![collections_policy_settings_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_1.webp) + +Figure 34. Choosing a layout size. + +You can also select the Item-Level Targeting button to specify when this collection will apply. For +instance, you might choose "Partial (Preserve)" on Windows 10 desktops and you might choose to have +another collection with "Full (Replace)" on Windows 10 laptops. + +The "Edit Item Level Targeting" menu item brings up the Targeting Editor, which is shown in +Figure 35. You can select any combination of characteristics you want to test for. Administrators +familiar with Group Policy Preferences' Item-Level Targeting will be at home in this interface as it +is functionally equivalent. + +You can apply one or more targeting items to a policy, which enables targeting items to be joined +logically, also shown in Figure 35. You can also add targeting collections, which group together +targeting items in much the same way parentheses are used in an equation. In this way, you can +create a complex determination about where a policy will be applied. Collections may be set to +"And", "Or", "Is", or "Is Not." + +There are a few things to note about Figure 35. It is representative of the basic capabilities of +the Targeting Editor. Endpoint Policy Manager Start Screen & Taskbar Manager cannot filter by user +group since the node is only available on the Computer side. In addition, Endpoint Policy Manager +Start Screen & Taskbar Manager is only valid for Windows 8.1 and later. + +![collections_policy_settings_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_2.webp) + +Figure 35. In this example, the Pak would only apply to Windows 10 machines when the machine is +portable and the user is in the FABRIKAM\Traveling Sales Users group. + +Below are some real-world examples of of how you can use Item-Level Targeting. + +- Software prerequisites. If you want to configure an application's settings, first make sure the + application is installed on the user's computer before configuring it. You can use File Match or + Registry Match targeting items (or both) to verify a specific version of a file or a registry + entry is present. (For an example of this, look in the Uninstall registry key.) +- Mobile computers. If you want to deploy settings exclusively for users on mobile PCs, then filter + the rule to apply only to mobile PCs by using the "Portable Computer" targeting item. +- Operating system version. You can specify different settings for applications based on the + operating system version. To do this, create one rule for each operating system. Then filter each + rule using the "Operating System" targeting item. +- Group membership. You can link the Group Policy Object (GPO) to the whole domain or organizational + unit (OU), but only members within a specific group will pick up and process the rule settings. +- IP range. You can specify different settings for various IP ranges, like different settings for + the home office and each field office. + +Close the editor when you are done. Note in Figure 36 that the icon for the policy or collection has +changed to orange, which shows that it now has Item-Level Targeting. + +![collections_policy_settings_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_3.webp) + +Figure 36. When the icon is orange, the entry has Item-Level Targeting. + +When Item-Level Targeting is on, the policy won't apply unless the conditions are True. If +Item-Level Targeting is on a collection, then none of the items in the collection will apply unless +the Item-Level Targeting on the collection evaluates to True. + +Inside Endpoint Policy Manager Start Screen Manager collections are policies for groups. You created +a Group Policy earlier called "My Important Apps." You can select "Change Group Level Targeting" to +jump right into the Item-Level Targeting Editor, or click "Edit Group," as shown in Figure 37 to see +all Group options (including Item-Level Targeting). + +![collections_policy_settings_4](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_4.webp) + +Figure 37. Clicking on "Edit Group" will enable you to see all group level options. + +The group level options can be seen in Figure 38. + +![collections_policy_settings_5](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_5.webp) + +Figure 38. Endpoint Policy Manager Start Screen Manager groups have various options you can +configure. + +The fields inside the Group Editor are as follows: + +- Group Name: The name of the actual Windows 10 group that you'll be manipulating on the computer. +- Comment: Space for optional comments to be added. +- State: Determines if the policy should apply or not. +- Action: Default settings are "Update" and "Create if not present." This will be described in more + detail in the next section. +- Update Mode: Determines where new icons will be added. "Add to the Tail" will add new icons from + the end and "Insert at the top" will insert new icons from the front of the group. +- Placeholder: This is needed when an application is absent, but you want to make a pointer or + reference to them anyway. In this case, you can make a "gap" (which puts in a black, empty gap + tile) or you can insert an "Edge link" (which will explain what was missing). This will be + described in more detail in an upcoming section. +- Item-Level Targeting: This was described above. diff --git a/docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/placeholder.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/placeholder.md similarity index 95% rename from docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/placeholder.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/placeholder.md index d7155c8cbf..bf2c615d82 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/placeholder.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/startscreen/placeholder.md @@ -1,3 +1,9 @@ +--- +title: "Understanding Placeholder Modes" +description: "Understanding Placeholder Modes" +sidebar_position: 20 +--- + # Understanding Placeholder Modes In the Start Screen Tile Group Editor, there are two values that can be selected for the Placeholder diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/taskbar.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/taskbar.md new file mode 100644 index 0000000000..b45e59a93b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/collectionssettingsi/taskbar.md @@ -0,0 +1,42 @@ +--- +title: "Taskbar Manager Settings" +description: "Taskbar Manager Settings" +sidebar_position: 20 +--- + +# Taskbar Manager Settings + +Collections are also present (and required) for Endpoint Policy Manager Taskbar Manager. In the +Quickstart, we created a collection by right-clicking within Endpoint Policy Manager Start Screen +Manager or Endpoint Policy Manager Taskbar Manager and selecting Add | New Collection. To see the +collection options, you can right-click on the name of the collection and select "Edit Collection," +as seen in Figure 43. + +![collections_policy_settings_10](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/collections_policy_settings_10.webp) + +Figure 43. Editing collections for Taskbar Manager. + +The Endpoint Policy Manager Taskbar Manager Pinned Collection Editor can be seen in Figure 44. + +![collections_policy_settings_11](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/collections_policy_settings_11.webp) + +Figure 44. Endpoint Policy Manager Taskbar Manager Pinned Collection Editor options. + +The fields inside the Taskbar Manager Pinned Collection Editor are as follows: + +- Collection Name: The name of the collection you'll be creating, which isn't displayed on the + endpoint. +- Comment: Space for optional comments to be added. +- State: Determines if the collection should apply or not. +- Action: Can be set to "Merge" or "Replace." Selecting "Merge" maintains OS defaults and anything a + user has manually pinned to the Taskbar while adding your new items. Selecting "Replace" removes + OS defaults and anything a user has manually pinned while replacing them with your new items. +- Use custom advertisement tile: When desktop items are pinned, they must also be contained in a + Start Menu advertisement tile. The default behavior can be seen in Figure 45, but this can be + changed. If no pinned applications are also in Start Menu groups, then a URL is used as a fallback + display. The icon is then simply a URL within an advertised group. + +![collections_policy_settings_12](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/collections_policy_settings_12.webp) + +Figure 45. Pinned desktop icons will appear in the Endpoint Policy Manager Start Screen Manager +advertisement group, or a group of your choice. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/gettoknow.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/gettoknow.md new file mode 100644 index 0000000000..abf6c6920d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/gettoknow.md @@ -0,0 +1,34 @@ +--- +title: "Getting to Know Start Screen & Taskbar Manager" +description: "Getting to Know Start Screen & Taskbar Manager" +sidebar_position: 20 +--- + +# Getting to Know Start Screen & Taskbar Manager + +Endpoint Policy Manager Start Screen & Taskbar Manager is contained within two nodes inside the User +and Computer sides: one for Start Screen settings and one for Taskbar settings, as seen in Figure 3. +Start Screen & Taskbar Manager MMC snap-in enables you to create a new Start Screen Manager or +Taskbar Manager policy or collection. + +**NOTE:** You will only see the Start Screen Manager and Taskbar Manager nodes when the latest Admin +Console MSI is installed on the management station. + +![about_policypak_start_screen_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/about_endpointpolicymanager_start_screen_2.webp) + +Figure 3. The Start Screen Manager and Taskbar Manager nodes. + +The functions of policies, collections, and groups are as follows: + +- Policies are the rules that perform the work (adding or deleting the icons and so on) +- Collections are groupings of policies +- Groups are the actual Windows 10 Start Menu groups that end users will see in the user interface + +To see how to add new collections and policies, see Figure 4. + +![about_policypak_start_screen_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/about_endpointpolicymanager_start_screen_3.webp) + +Figure 4. Adding collections and policies. + +The next sections provide a Quickstart to using the Start Screen Manager node and the Taskbar +Manager node. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/helperutility.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/helperutility.md new file mode 100644 index 0000000000..f514e0728d --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/helperutility.md @@ -0,0 +1,61 @@ +--- +title: "Using the Helper Utility" +description: "Using the Helper Utility" +sidebar_position: 60 +--- + +# Using the Helper Utility + +In the Start Screen & Taskbar Manager Quickstart examples, we recommended that your management +station have the same applications as your target computers, but sometimes that is not practical. +For instance, someone in the Sales department may be the only one who has the "Sales Application +123" desktop application or "Mega Player" UWP installed. Or there could be other instances where you +don't want to install an application on your machine just for the sake of getting it into the Start +Screen or Taskbar. That's where the Start Screen & Taskbar Manager Helper utility comes in. You can +run the Start Screen & Taskbar Manager utility on an endpoint with the application already +installed; however, you should make sure it is one you want to associate a policy with later. + +**NOTE:** For a video overview demonstrating the use of the Start Screen & Taskbar Manager Helper +utility, watch this video: +[Endpoint Policy Manager Start Screen and Taskbar Manager Helper Utility](/docs/endpointpolicymanager/video/startscreentaskbar/helperutility.md) + +The Start Screen & Taskbar Manager Helper utility is found in the Netwrix Endpoint Policy Manager +(formerly PolicyPak) ISO or ZIP download in the PolicyPak Extras folder, as seen in Figure 53. + +![using_the_helper_utility](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility.webp) + +Figure 53. The Start Screen & Taskbar Manager Helper utility is located in the Extras folder. + +**Step 1 –** When you run the wizard you can choose whether to export registered (desktop) +applications or universal (UWP) applications, as shown in Figure 54. + +![using_the_helper_utility_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_1.webp) + +Figure 54. The PolicyPak Start Screen & Taskbar Manager Helper utility lets you export registered +and UWP applications. + +**Step 2 –** Then on the "Select registered programs" page, shown in Figure 55, you can leave the +default settings as they are and click "Next." + +![using_the_helper_utility_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_2.webp) + +Figure 55. The default settings to select all registered applications on the endpoint. + +**Step 3 –** Then on the next screen, shown in Figure 56, you can export the IDs for all the UWP +applications on a machine and click "Next." + +![using_the_helper_utility_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_3.webp) + +Figure 56. The defaults to select all UWP applications on the endpoint. + +**Step 4 –** Finally, you can export the XML to a file to be used on your management station/GPMC +machine. On your GPMC machine, as you're creating new PolicyPak Start Screen or PolicyPak Taskbar +Manager policies, you can then import from the XML file, as shown in Figure 57. + +![using_the_helper_utility_4](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_4.webp) + +Figure 57. On the management station you can import from the XML file. + +At this point, your list will change to what was imported from the XML file. This process means you +don't need to install the actual application on your machine to deliver Endpoint Policy Manager +Start Screen or Endpoint Policy Manager Taskbar Manager policies. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/_category_.json new file mode 100644 index 0000000000..cd9b53d08f --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Ins and Outs", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/advantages.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/advantages.md new file mode 100644 index 0000000000..4882c31aa9 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/advantages.md @@ -0,0 +1,34 @@ +--- +title: "Advantages of Using Start Screen & Taskbar Manager" +description: "Advantages of Using Start Screen & Taskbar Manager" +sidebar_position: 20 +--- + +# Advantages of Using Start Screen & Taskbar Manager + +With Endpoint Policy Manager Start Screen & Taskbar Manager, you don't have to build the perfect +workstation and then export all the Start Screen and Taskbar settings at one time, making sure to +get it all correct the first time or rebuilding the perfect workstation over and over again. +Additionally, if your organization makes a change, for example, to implement 7-Zip instead of +WinZip, you don't have to rebuild your perfect workstation and repeat the process over and over. + +With Endpoint Policy Manager Start Screen & Taskbar Manager you can do the following: + +- Deploy your application as you normally would, using Microsoft Endpoint Manager (SCCM and Intune) + or PDQ Deploy +- Use Endpoint Policy Manager Start Screen & Taskbar Manager to add the application to your desired + Windows 10 Start Screen Group +- Use Endpoint Policy Manager Start Screen & Taskbar Manager to add the application to the Taskbar + +In addition, it's very easy to have different associations for each computer group by making simple +policies for your associations using Endpoint Policy Manager Start Screen & Taskbar Manager. Because +Group Policy creation is distributed (that is, different people can create different GPOs) you can +leverage Endpoint Policy Manager Start Screen & Taskbar Manager when different people have different +needs. In the case of a conflict of two associations, the rules of Group Policy precedence will take +effect. + +Endpoint Policy Manager Start Screen & Taskbar Manager uses the same basic method and policy +settings that the in-box Microsoft method uses. That is Endpoint Policy Manager Start Screen & +Taskbar Manager will create its own XML file (one per computer when computer-side Group Policy is +used and one per user when user-side Group Policy is used). It works with Microsoft's method (using +the XML file and corresponding Group Policy setting), but adds functionality. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/overview.md new file mode 100644 index 0000000000..c86908d87c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/overview.md @@ -0,0 +1,17 @@ +--- +title: "Ins and Outs" +description: "Ins and Outs" +sidebar_position: 10 +--- + +# Ins and Outs + +Start Screen & Taskbar Manager consists of two parts: Start Screen Manager and Taskbar Manager. +Together they have two goals: + +- Create Windows 10 Start Menu groups and place specific applications' icons within them +- Pin applications to the Windows 10 Taskbar + +In this manual, we will walk through examples of how to perform these functions. We'll start out by +understanding the need to manage Start Screen and Taskbar settings and the use of the in-box method +from Microsoft; then, we'll learn how Endpoint Policy Manager can make the whole process easier. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/windows10.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/windows10.md new file mode 100644 index 0000000000..d53583918e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/insouts/windows10.md @@ -0,0 +1,56 @@ +--- +title: "Managing Windows 10 Start Screen and Taskbar with the In-Box Method" +description: "Managing Windows 10 Start Screen and Taskbar with the In-Box Method" +sidebar_position: 10 +--- + +# Managing Windows 10 Start Screen and Taskbar with the In-Box Method + +If you didn't have Start Screen & Taskbar Manager, you could still manage Start Screen and Taskbar +settings on Windows 10, but it would be difficult and not very user-friendly. + +The following is a Microsoft-sanctioned way to establish the Start Screen and Taskbar for Windows +8.1 and Windows 10: + +1. Create a "perfect machine," fully installed with all applications. +2. Correctly configure all the Start Screen settings by putting them into the groups you want and + pinning any items to the Taskbar. +3. Use the Powershell command to export the Start Screen layout XML file. The command would be + something like `export-startlayout –path .xml`. +4. Use Group Policy to ensure that specific computers use this XML file. + +The exported file from this process might look something like what's seen in Figure 1. + +![about_policypak_start_screen](/img/product_docs/endpointpolicymanager/startscreentaskbar/insouts/about_endpointpolicymanager_start_screen.webp) + +Figure 1. An exported XML file using the Microsoft-sanctioned way to establish the Start Screen and +Taskbar for Windows 10. + +Next, you would configure the Group Policy setting called "Start Layout," seen in Figure 2. + +![about_policypak_start_screen_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/insouts/about_endpointpolicymanager_start_screen_1.webp) + +Figure 2. Configuring Group Policy settings after establishing the Start Screen and Taskbar using +the in-box, Microsoft-sanctioned way. + +The disadvantages of using this in-box method for Windows 10 are as follows: + +- You need a perfect machine for each new application deployment. +- You will likely need different associations files for different machines. +- You might need to segment your computers into different organizational units (OUs) if you have + different Start Menu groups for each group. +- You need to follow this process, even if you have just one or two applications you want to add to + the Start Screen or Taskbar. +- To get the best experience, you need to do this for all applications a user is going to ever need + on the Start Menu or Taskbar. +- The entire XML file must be "perfect" and not have any variations. + +In summary: + +- When your needs change, there is nothing dynamic about this process. +- This process is all manual. +- This process requires a lot of effort to build the "perfect machine" for each different computer + group, export the files one by one for each group, and ensure all computers get the correct file. + +All of this becomes time consuming and will quickly get out of hand every time you must update and +roll out an application that will be the registered extension or protocol. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/overview.md new file mode 100644 index 0000000000..65f65ab294 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/overview.md @@ -0,0 +1,68 @@ +--- +title: "Start Screen & Taskbar Manager" +description: "Start Screen & Taskbar Manager" +sidebar_position: 30 +--- + +# Start Screen & Taskbar Manager + +**NOTE:** Before reading this section, please ensure you have read +[Installation Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/overviewinstall.md), which will help you +learn to do the following: + +- Install the Admin MSI on your GPMC machine +- Install the CSE on a test Windows machine +- Set up a computer in Trial mode or Licensed mode +- Set up a common OU structure + +Optionally, if you don't want to use Group Policy, read the section in Appendix A: Advanced Concepts +on Group Policy and non-Group Policy methods (MEMCM, KACE, and MDM service or Endpoint Policy +Manager Cloud) ([Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/uemtools/uemtools.md)) to +deploy your directives. + +Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager enables you to +perform the following operations on Windows 10: + +- Place specific tiles for Desktop Edge and Universal Windows Platform (UWP) applications into your + own desired Start Menu groups +- Remove all existing Start Menu groups (created by users or default from Microsoft) +- Configure the Start Menu to enable users to create their own groups +- Pin applications to the Taskbar or remove user-pinned applications from the Taskbar + +**NOTE:** For an overview of Endpoint Policy Manager Start Screen & Taskbar Manager, watch the +videos at +[https://www.endpointpolicymanager.com/products/endpointpolicymanager-start-screen-taskbar-manager.html](https://www.endpointpolicymanager.com/products/endpointpolicymanager-start-screen-taskbar-manager.html). + +The basic way to use Start Screen & Taskbar Manager is as follows: + +- Create rules to express which applications should appear in which Start Menu group +- Export the Start Screen & Taskbar Manager rules and deliver them using: + + - Microsoft Endpoint Manager (SCCM and Intune) + - Your own systems management software + - A mobile device management (MDM) service + - Endpoint Policy Manager Cloud service + +- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace + the directives and perform the work. + +**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy +settings even to non-domain-joined machines over the Internet. + +## Moving Parts + +- A management station. The Endpoint Policy Manager Admin Console MSI must be installed on your + management station where you create group policy objects (GPOs). Once it's installed, you'll see + the Endpoint Policy Manager | Start Screen Manager node and Endpoint Policy Manager | Taskbar + Manager node. +- The Endpoint Policy Manager CSE. This runs on the client (target) machine and is the same CSE for + all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint + Policy Manager CSE must be present in order to accept Endpoint Policy Manager Start Screen & + Taskbar Manager directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and + Intune), KACE, MDM, or similar utilities. +- Endpoints. In order to use these, they must be licensed for Endpoint Policy Manager Start Screen & + Taskbar Manager using one of the licensing methods. +- Endpoint Policy Manager Exporter (optional). A free utility that lets you take Endpoint Policy + Manager Admin Templates Manager and our other products' XML files and wrap them into a "portable" + MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM service, or + your own systems management software. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/_category_.json new file mode 100644 index 0000000000..3f972afea4 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Quick Start - Start Screen Manager", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/startscreentaskbar/startscreen/desktopapplications.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/desktopapplications.md similarity index 96% rename from docs/endpointpolicymanager/startscreentaskbar/startscreen/desktopapplications.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/desktopapplications.md index 125879c899..9660dadae2 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/startscreen/desktopapplications.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/desktopapplications.md @@ -1,3 +1,9 @@ +--- +title: "Adding Desktop Applications" +description: "Adding Desktop Applications" +sidebar_position: 30 +--- + # Adding Desktop Applications Next, you'll add a desktop application. diff --git a/docs/endpointpolicymanager/startscreentaskbar/startscreen/edgetiles.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/edgetiles.md similarity index 95% rename from docs/endpointpolicymanager/startscreentaskbar/startscreen/edgetiles.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/edgetiles.md index 7fceca4a94..9da8344b50 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/startscreen/edgetiles.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/edgetiles.md @@ -1,3 +1,9 @@ +--- +title: "Adding Edge Tiles" +description: "Adding Edge Tiles" +sidebar_position: 40 +--- + # Adding Edge Tiles Next, you'll add an Edge tile. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/overview.md new file mode 100644 index 0000000000..93958147db --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/overview.md @@ -0,0 +1,33 @@ +--- +title: "Quick Start - Start Screen Manager" +description: "Quick Start - Start Screen Manager" +sidebar_position: 30 +--- + +# Quick Start - Start Screen Manager + +**NOTE:** For some video overviews of Start Screen & Taskbar Manager, see Start Screen & Task Bar +Manager > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). + +If you want to follow along with this Quickstart guide for Start Screen Manager, we suggest you +first download some applications on your Windows 10 management station and your endpoint. Start +Screen & Taskbar Manager is the best and quickest way to set up, test, and manage the Start Screen +and Taskbar from your machine (the Group Policy Editor machine) if you have the same applications as +the target machines. Therefore, we recommend you install Adobe Acrobat Reader twice—once on your +management station and once on your Window 10 endpoint. We suggest the offline MSI installer +package, which can be found at +[https://get.adobe.com/reader/enterprise/](https://get.adobe.com/reader/enterprise/). Make sure, for +the purposes of this Quickstart, you install the same version on your management station as on your +endpoint. + +You should be able to see Acrobat Reader in the Start Menu, as shown in Figure 5. + +![quickstart_start_screen_manager](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager.webp) + +Figure 5. Adobe Reader is installed on the GPMC machine and the Windows 10 Endpoint. + +After Adobe Reader is installed, we can see that it is not automatically assigned to any group in +the Start Menu. Using Start Screen & Taskbar Manager, we want to place all of our newly installed +applications into a single group called "My Important Apps." In this Quickstart, we will create a +group policy object (GPO) and link it to your sample users. (You could also create and link a GPO to +your computers, but we will not be doing that in this Quickstart.) diff --git a/docs/endpointpolicymanager/startscreentaskbar/startscreen/uwpapplications.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/uwpapplications.md similarity index 95% rename from docs/endpointpolicymanager/startscreentaskbar/startscreen/uwpapplications.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/uwpapplications.md index d37e824e86..1ddcad7d16 100644 --- a/docs/endpointpolicymanager/startscreentaskbar/startscreen/uwpapplications.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/uwpapplications.md @@ -1,3 +1,9 @@ +--- +title: "Adding UWP Applications" +description: "Adding UWP Applications" +sidebar_position: 20 +--- + # Adding UWP Applications **Step 1 –** First, you'll add a UWP application, Windows Calculator. To do this, right-click the diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/windows10.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/windows10.md new file mode 100644 index 0000000000..b896665a0e --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreen/windows10.md @@ -0,0 +1,94 @@ +--- +title: "Creating a Windows 10 Screen Collection and Group" +description: "Creating a Windows 10 Screen Collection and Group" +sidebar_position: 10 +--- + +# Creating a Windows 10 Screen Collection and Group + +**Step 1 –** To start out, assume that we have a GPO named "PP Start Screen & Taskbar Policies," +which is linked to the Sales OU, which contains user accounts. Now, in User Configuration | Endpoint +Policy Manager | Start Screen Manager for Windows 10, select Add | New Collection, as seen in +Figure 6. + +![quickstart_start_screen_manager_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_1.webp) + +Figure 6. Creating a new collection using Endpoint Policy Manager Start Screen Manager. + +**Step 2 –** Next, you'll see the "Add new collection" dialog, as shown in Figure 7. + +![quickstart_start_screen_manager_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_2.webp) + +Figure 7. Endpoint Policy Manager Start Screen Manager collections are used to group together +policies and configure the layout mode of all the groups. + +There are two layout modes for a Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen +Manager collection. One is "Partial (Preserve)," which will maintain a user's existing groups, as +well as any default groups, while adding your new groups to theirs. Users will not be able to modify +the groups you assign. The other layout mode is "Full (Replace)," which will remove any existing +groups and replace them with your new groups. Users will not be able to modify the groups you +assign. + +**Step 3 –** Let's select the "Partial (Preserve)" layout mode and click "OK" as shown in Figure 8. + +![quickstart_start_screen_manager_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/quickstart_start_screen_manager_3.webp) + +Figure 8. Selecting the "Partial (Preserve)" layout mode. + +You'll see the collection created in both panels in Figure 9. + +![quickstart_start_screen_manager_4](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_4.webp) + +Figure 9. A Endpoint Policy Manager Start Screen Manager collection can be seen in both MMC pane +views. + +**Step 4 –** Double-click "Collection 1" to enter it. Then, right-click and select Add | New Group, +as shown in Figure 10. + +![quickstart_start_screen_manager_5](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_5.webp) + +Figure 10. Endpoint Policy Manager Start Screen groups must be added to collections. + +**Step 5 –** Next, you'll see the Start Screen Tile Group Editor, shown in Figure 11. + +![quickstart_start_screen_manager_6](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_6.webp) + +Figure 11. The Start Screen Tile Group Editor is used to edit the Windows 10 Start Screen group. + +The Group Editor enables you to create or update a Windows 10 Start Menu Group. + +**NOTE:** The Group Editor only applies to groups you make using Endpoint Policy Manager, and +doesn't effect Windows 10 built-in, pre-made groups. + +The fields inside the Group Editor are as follows: + +- Group Name: The name of the actual item you'll be creating (or changing) on the Windows 10 target + machine. +- Comment: Space for optional comments to be added. +- State: Determines if the policy should apply or not. +- Action: Default settings are "Update" and "Create if not present." This will be described in more + detail in an upcoming section. +- Update Mode: Determines where new icons will be added. "Add to the Tail" will add new icons from + the end and "Insert at the top" will insert new icons from the front of the group. +- Placeholder: This is needed when an application is absent, but you want to make a pointer or + reference to them anyway. In this case, you can make a "gap" (which puts in a black, empty gap + tile) or you can insert an "Edge link" (which will explain what was missing). This will be + described in more detail in an upcoming section. +- Item-Level Targeting: This will be described in more detail in an upcoming section. + +**Step 6 –** For now, input the Group Name "My Important Apps" as seen in Figure 10. Then, keeping +the remainder of the details as shown, click "OK" to continue. Now you'll see a policy entry for the +group "My important apps" as shown in Figure 12. + +![quickstart_start_screen_manager_7](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_7.webp) + +Figure 12. A Start Screen group called "My important apps" is created on the end user's machine. + +**Step 7 –** Double-click "My important apps" to go inside the Group. In the next three sections, +you'll add one of each of the icon types (universal [UWP] application tile, desktop application +tile, and Edge tile), by right-clicking and selecting "Add to Group," as seen in Figure 13. + +![quickstart_start_screen_manager_8](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_8.webp) + +Figure 13. Use the MMC editor to add a new universal (UWP) application tile, desktop application +tile, and new Edge tile. diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/_category_.json b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/_category_.json new file mode 100644 index 0000000000..d17aafd894 --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logsusercomputerside.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/logsusercomputerside.md similarity index 87% rename from docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logsusercomputerside.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/logsusercomputerside.md index f74bc72055..509b8bda94 100644 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logsusercomputerside.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/logsusercomputerside.md @@ -1,3 +1,9 @@ +--- +title: "User-Side and Computer-Side Logs" +description: "User-Side and Computer-Side Logs" +sidebar_position: 10 +--- + # User-Side and Computer-Side Logs Endpoint Policy Manager Start Screen & Taskbar Manager settings can be delivered on the User side, diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/overview.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/overview.md new file mode 100644 index 0000000000..4a066b501c --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/overview.md @@ -0,0 +1,21 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 70 +--- + +# Troubleshooting + +The most common problem with Start Screen & Taskbar Manager is getting it to work the first time. +Here are some tips when trying to troubleshoot Start Screen & Taskbar Manager: + +- Do not try to use Microsoft's method and Netwrix Endpoint Policy Manager (formerly PolicyPak)'s + method for managing the Start Screen and Taskbar on the same Windows 10 endpoints. Only one method + can be used at a time, and multiple methods are not supported. +- Do not try to use a built-in OMA-DM/MDM method and Endpoint Policy Manager's method for managing + the Start Screen and Taskbar on the same Windows 10 endpoints. Only one method can be used at a + time, and multiple methods are not supported. +- Taskbar Manager policies only take effect after the user has received a Group Policy update and + then logs on again. +- Start Screen & Taskbar Manager's policies may not work the very first time a user logs onto a + Windows 10 machine, but will take effect in the background a bit later. diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/xmlfiles.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/xmlfiles.md similarity index 91% rename from docs/endpointpolicymanager/troubleshooting/startscreentaskbar/xmlfiles.md rename to docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/xmlfiles.md index 8df3562451..6a4b6fd389 100644 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/xmlfiles.md +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/startscreentaskbar/xmlfiles.md @@ -1,3 +1,9 @@ +--- +title: "Inspecting the XML Files" +description: "Inspecting the XML Files" +sidebar_position: 20 +--- + # Inspecting the XML Files Start Screen & Taskbar Manager will dynamically write the file that Windows needs to make the Start diff --git a/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/taskbar.md b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/taskbar.md new file mode 100644 index 0000000000..22c3408f8b --- /dev/null +++ b/docs/endpointpolicymanager/manuals/windows10and11manage/startscreentaskbar/taskbar.md @@ -0,0 +1,60 @@ +--- +title: "Quick Start - Taskbar Manager" +description: "Quick Start - Taskbar Manager" +sidebar_position: 40 +--- + +# Quick Start - Taskbar Manager + +Now you're ready to create Netwrix Endpoint Policy Manager (formerly PolicyPak) Taskbar policies. + +**NOTE:** For a video overview of Taskbar Manager, see +[](https://www.endpointpolicymanager.com/products/endpointpolicymanager-start-screen-manager.html)[Endpoint Policy Taskbar Manager: Quick Demo](/docs/endpointpolicymanager/video/startscreentaskbar/demotaskbar.md). + +Like the Endpoint Policy Manager Start Menu policies, Endpoint Policy Manager Taskbar Manager +policies also must reside within collections. + +**Step 1 –** First, find the Taskbar Manager for Windows 10 node within the User | Endpoint Policy +Manager nodes in the Group Policy Editor. Then right-click to open the Taskbar Manager to create +your first Endpoint Policy Manager Taskbar Manager collection, as shown in Figure 28. + +![quickstart_taskbar_manager](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager.webp) + +Figure 28. The Endpoint Policy Manager Taskbar Manager Collection Editor. + +**Step 2 –** For this Quickstart, we recommend you set the Action field to "Replace." For reference, +the Action field values are the following: + +- Merge: Will keep and maintain OS defaults and anything a user has manually pinned to the Taskbar + while adding your new items. +- Replace: Will remove OS defaults and anything a user has manually pinned while replacing with your + new items. + +**Step 3 –** Next, within the collection, you can add items like those shown in Figure 29. + +![quickstart_taskbar_manager_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager_1.webp) + +Figure 29. Adding universal (UWP) or desktop application policies. + +**Step 4 –** You can add any registered application using the same process you used earlier in the +"Adding Desktop Applications" section. For this Quickstart, select Adobe Reader. Then add a UWP +application. For testing purposes, you should select Calculator or Alarms & Clock. When you do, +you'll see the two items inside the Endpoint Policy Manager Taskbar Manager collection shown in +Figure 30. + +![quickstart_taskbar_manager_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager_2.webp) + +Figure 30. Taskbar policies are contained within collections. + +**Step 5 –** On the endpoint, run GPUpdate and then log off and log on again to get the policy +settings. The result can be seen in Figure 31. + +![quickstart_taskbar_manager_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager_3.webp) + +Figure 31. Policy settings applied after using PolicyPak Taskbar Manager "Replace" mode. + +Since "Replace" mode was used, all Taskbar defaults have been removed and the settings you selected +are implemented. + +This ends the Endpoint Policy Manager Start Screen & Taskbar Manager Quickstart sections. Next, +we'll dive into more detail about the Endpoint Policy Manager Start Screen & Taskbar Manager. diff --git a/docs/endpointpolicymanager/mdm/gettingstarted.md b/docs/endpointpolicymanager/mdm/gettingstarted.md deleted file mode 100644 index d2de54f62f..0000000000 --- a/docs/endpointpolicymanager/mdm/gettingstarted.md +++ /dev/null @@ -1,73 +0,0 @@ -# MDM and UEM Tools Quick Start - -You might want to use Endpoint Policy Manager along with the following UEM tools: - -- MEMCM (formerly known as SCCM) (video: - [Perform Desktop Lockdown using Microsoft SCCM and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/sccmsoftwarecenter.md)) -- Microsoft Intune (video: - [Endpoint Policy Manager and Microsoft Intune](/docs/endpointpolicymanager/video/mdm/microsoftintune.md)) -- Symantec Altiris -- Dell KACE -- LabTech -- PDQ Deploy (videos: - [Deploy and Manage Firefox with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeployfirefox.md) - and - [Deploy and Manage WinZip with PDQ Deploy and Endpoint Policy Manager ](/docs/endpointpolicymanager/video/applicationsettings/integration/pdqdeploy.md)) -- Specops Deploy -- Microsoft Group Policy Software Installation -- Manual installation (when running with admin privileges) - -The wrapped up MSI files from Endpoint Policy Manager should work with just about any other software -distribution tool as well. Therefore, you can quickly deploy Endpoint Policy Manager directives -without needing to use Group Policy to deploy your settings. Just create the XML data file, use -Endpoint Policy Manager Exporter to make an MSI, and then use your software deployment tool of -choice to deploy the MSI. Once the MSI is delivered to the target machines, the users will pick up -the XML files in their own directories (or the Computers folder), and Endpoint Policy Manager -components will receive their directives. We've provided a handful of XML files you can use. You can -find them in the Endpoint Policy Manager Portal in the "Latest Manuals" section, as shown in -Figure 1. - -![deploying_policypak_directives](/img/product_docs/endpointpolicymanager/mdm/deploying_endpointpolicymanager_directives.webp) - -Figure 1. The list of XML files in the Endpoint Policy Manager Portal. - -Once unpacked, you should see a list of example XML files, displayed in Figure 2, which are wrapped -into an example MSI. - -![deploying_policypak_directives_1](/img/product_docs/endpointpolicymanager/mdm/deploying_endpointpolicymanager_directives_1.webp) - -Figure 2. The wrapped XML file example. - -The provided Endpoint Policy Manager -XML-`Examples.msi` can be used immediately and contains a -wrapped-up version of the provided XML files. Below is a summary of what each XML example does: - -- `Ppam-winzip.xml` changes settings in the Password tab of WinZip 14.0 and 14.5. -- `Ppatm-screensaver-settings.xml` sets the Windows screensaver to 17 minutes and forces the machine - to be locked when it is powered back on. -- `Ppbr-examples` makes some sample Endpoint Policy Manager Browser Router routes. Specifically, it - will route endpointpolicymanager.com to Internet Explorer, GPanswers.com to Chrome, and Mozilla.org to - Firefox, and it will block Facebook.com. -- `Pplpm-run-procmon-elevated.xml` enables Process Monitor to bypass UAC prompts and run elevated. -- P`pprefs-shortcut.xml` shows a Endpoint Policy Manager shortcut item on the desktop. -- `Ppsm-rename-guest-account.xml` renames the local Guest account to ppGuest. - -By starting your journey with our pre-configured examples, we can help you troubleshoot a lot faster -than if you try other items, so we suggest you start with these examples. - -## Quick Start with MSI files and a UEM Tool - -Below are two videos you can use to get familiar with how to export settings and then use them with -a UEM tool. - -- [Deploy Real Group Policy using SCCM or Other Management System!](/docs/endpointpolicymanager/video/methods/sccmgrouppolicy.md) -- Deploy Endpoint Policy Manager Settings Using SCCM or Other Management System! - -## Quick Start with MSI files and an MDM Tool - -To get started quickly with our sample MSI files and an MDM tool, we recommend watching the -following video: - -- [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) - -Then, you can learn more about how to use Endpoint Policy Manager with your own MDM tool on this -page: Getting Started with MDM > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). diff --git a/docs/endpointpolicymanager/mdm/overview.md b/docs/endpointpolicymanager/mdm/overview.md deleted file mode 100644 index 88326cc6e0..0000000000 --- a/docs/endpointpolicymanager/mdm/overview.md +++ /dev/null @@ -1,56 +0,0 @@ -# MDM & UEM Tools - -Deploying PolicyPak Directives without Group Policy - -If you're reading this section, you're likely interested in using Netwrix Endpoint Policy Manager -(formerly PolicyPak) in conjunction with Microsoft Endpoint Configuration Manager (MEMCM) (formerly -known as SCCM), Microsoft Intune, KACE, or your own systems management utility. The bullet points -below give the general idea of how you can use PolicyPak with these utilities. - -- All Endpoint Policy Manager components can export their settings as XML files. -- Those XML files can be imported into the Endpoint Policy Manager Exporter. -- The Endpoint Policy Manager Exporter makes MSI files. -- Those MSI files can be delivered using any technique you want: - - - Using an mobile device management (MDM) provider like: Microsoft Intune, VMware Workspace ONE, - etc. - - Using an unified endpoint management (UEM) tool like: SCCM, KACE, and so on. - -Therefore, you can deliver your settings to any machine with all the Endpoint Policy Manager -components (Endpoint Policy Manager Least Privilege Manager, Endpoint Policy Manager Application -Settings Manager, Endpoint Policy Manager Browser Router, Endpoint Policy Manager File Associations -Manager, Endpoint Policy Manager Preferences Manager, Endpoint Policy Manager Security Settings -Manager, and all the others) without using Group Policy as the delivery mechanism. - -**NOTE:** For an overview of using Endpoint Policy Manager Exporter with the Endpoint Policy Manager -components, please see the following video: -[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/methods/exporterutility.md). - -**CAUTION:** Note that non-domain-joined machines are not supported with Endpoint Policy Manager -products, unless you are using the MDM method. That is, the machine must have been previously -domain-joined and be in an organizational unit (OU) that is licensed (or will be licensed from a -licensing file). To deliver settings to non-domain-joined machines, you must use Endpoint Policy -Manager Cloud. - -In the next sections, we're going to work through the following procedures: - -- Exporting settings from each Endpoint Policy Manager application as an XML file -- Using the Endpoint Policy Manager Exporter utility to make an MSI file -- Learning what happens after the MSI file is delivered - -## Reasons to Use XML Data Files to Deliver Settings - -There are a variety of scenarios in which you might not> want to use Group Policy to deliver -Endpoint Policy Manager directives, including the following: - -- You are using MEMCM, LANDesk, KACE, or similar software for software deployment, and your team - doesn't want to use Group Policy, but wants to use the components and functionality of Endpoint - Policy Manager. -- You are using a mobile device management (MDM) service such as Microsoft Intune, MobileIron, or - VMware Workspace ONE (formerly known as AirWatch). -- You have clients who have a domain-joined account but haven't been to the office to get the Group - Policy settings. -- You have a special machine that is domain-joined, but you don't want it to get Group Policy. - Instead, you want it to get some Endpoint Policy Manager directives. -- You are using Microsoft Intune or another remote management system to manage machines, and you - want to add Group Policy functionality, but that utility doesn't have Group Policy functionality. diff --git a/docs/endpointpolicymanager/mdm/overview/knowledgebase.md b/docs/endpointpolicymanager/mdm/overview/knowledgebase.md deleted file mode 100644 index 2527708cfb..0000000000 --- a/docs/endpointpolicymanager/mdm/overview/knowledgebase.md +++ /dev/null @@ -1,7 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for getting started with MDM. - -## Troubleshooting & Tips and Tricks - -- [How can I "stack" Endpoint Policy Manager MSIs so the XML items inside the MSI execute in a predictable order?](/docs/endpointpolicymanager/mdm/stackmsi.md) diff --git a/docs/endpointpolicymanager/mdm/overview/videolearningcenter.md b/docs/endpointpolicymanager/mdm/overview/videolearningcenter.md deleted file mode 100644 index 359a268316..0000000000 --- a/docs/endpointpolicymanager/mdm/overview/videolearningcenter.md +++ /dev/null @@ -1,29 +0,0 @@ -# Video Learning Center - -See the following Video topics for getting started with MDM. - -## Getting Started - -- [Deploying Real Group Policy (and Extra Endpoint Policy Manager Settings) Overview](/docs/endpointpolicymanager/video/mdm/realgrouppolicy.md) -- [How to create a DC for editing purposes](/docs/endpointpolicymanager/video/cloud/testlab/createdc.md) -- [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) -- [Endpoint Policy Manager and Microsoft Intune](/docs/endpointpolicymanager/video/mdm/microsoftintune.md) -- [Endpoint Policy Manager and MobileIron MDM](/docs/endpointpolicymanager/video/mdm/mobileiron.md) -- [Endpoint Policy Managerand Workspace One (Airwatch) MDM: Deploy Group Policy and Endpoint Policy Manager superpowers today](/docs/endpointpolicymanager/video/mdm/workspaceone.md) -- [Endpoint Policy Managerand Citrix Endpoint Manager: Deploy real Group Policy and Endpoint Policy Manager settings via CEM](/docs/endpointpolicymanager/video/mdm/citrixendpointmanager.md) - -## Exporting, Tips, and Tricks - -- [Reduce GPOs (and/or export them for use with Endpoint Policy Manager Cloud or with MDM)](/docs/endpointpolicymanager/video/mdm/exportgpos.md) -- [Deliver Group Policy Admin Templates Using Your MDM Service](/docs/endpointpolicymanager/video/mdm/admintemplates.md) -- [Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md) - -## Troubleshooting - -- [Testing and Troubleshooting By Renaming an endpoint Computer](/docs/endpointpolicymanager/video/grouppolicy/renameendpoint.md) - -## ILT (with Scripts) - -- [Determine the Azure AAD Group Membership for User or Computers](/docs/endpointpolicymanager/video/mdm/itemleveltargeting/entraid.md) -- [Use Endpoint Policy Manager cloud + Azure AAD Group Membership for User or Computers](/docs/endpointpolicymanager/video/mdm/itemleveltargeting/entraidgroupmembership.md) -- [Use PP MDM to determine the Azure AAD Group Membership for User or Computers](/docs/endpointpolicymanager/video/mdm/itemleveltargeting/entraidgroupdetermine.md) diff --git a/docs/endpointpolicymanager/mdm/service/overview.md b/docs/endpointpolicymanager/mdm/service/overview.md deleted file mode 100644 index 9e9be91ee1..0000000000 --- a/docs/endpointpolicymanager/mdm/service/overview.md +++ /dev/null @@ -1,75 +0,0 @@ -# Using Endpoint Policy Manager with any MDM Service - -You can use Endpoint Policy Manager with any MDM service you already have, like Intune, VMware -Workspace ONE (formerly Airwatch), MobileIron, etc. Below we see a systems hierarchical breakdown -when using Endpoint Policy Manager with any MDM system. - -![using_policypak_with_mdm_and_1](/img/product_docs/endpointpolicymanager/mdm/service/using_endpointpolicymanager_with_mdm_and_1.webp) - -**NOTE:** -[Deploying Real Group Policy (and Extra Endpoint Policy Manager Settings) Overview](/docs/endpointpolicymanager/video/mdm/realgrouppolicy.md)a -video overview of Endpoint Policy Manager and MDM. - -The ultimate goal is to upload the following Endpoint Policy Manager items to your MDM service and -then have them downloaded: - -- Endpoint Policy Manager MSI client -- Endpoint Policy Manager MDM license MSI -- Endpoint Policy Manager example MSI (or your own MSIs) - -However, we strongly recommend you first verify that the license and MSI files are working perfectly -before actually performing all these steps. Therefore, our recommendation would be as follows: - -On one machine proceed in the following manner: - -**Step 1 –** Join MDM. - -**Step 2 –** Install Endpoint Policy Manager MSI by hand. - -**Step 3 –** Install Endpoint Policy Manager licenses MSI by hand. - -**Step 4 –** Install Endpoint Policy Manager example policies MSI by hand. - -This will ensure all the correct parts are working in concert before you attempt to use an MDM -service to deliver these components. - -**NOTE:** See [Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md) a -video of this process. - -Once you've completed these procedures, you're ready to actually perform the steps needed to get the -files deployed using your MDM service. The ultimate result and goal will be that the Endpoint Policy -Manager MSI client, the Endpoint Policy Manager MDM license MSI, and the Endpoint Policy Manager -examples (or your own wrapped up examples) are downloaded from your MDM service and installed on the -system. - -Optionally, you can view or hide these components by using the Add/Remove Programs applet in the -Control Panel. An example of a final deployment would look something like this: - -![using_policypak_with_mdm_and_2](/img/product_docs/endpointpolicymanager/mdm/service/using_endpointpolicymanager_with_mdm_and_2.webp) - -The typical command you want your MDM service to run for each component would be something like -this: - -``` -msiexec /i "PolicyPak Client-side extension x64.msi" /qn ARPSYSTEMCOMPONENT=1 -``` - -``` -msiexec /i "endpointpolicymanager-Exported-Settings.msi" /qn ARPSYSTEMCOMPONENT=1 -``` - -``` -msiexec /i "Fabrikam-License1.msi" /qn ARPSYSTEMCOMPONENT=1 -``` - -It should be noted that: - -- The `/qn` flag runs the MSI silently. -- The `/ARPSYSTEMCOMPONENT=1` is optional and will hide the deployed MSI from Add/Remove Programs so - users or admins won't see it installed or try to remove it. - -**NOTE:** The name of the actual license file you get might be somewhat different. - -The next three sections discuss a few setup tips and tricks for Microsoft Intune MDM, MobileIron -MDM, and VMware Workspace ONE MDM. The setup steps may vary a little from what is listed in the next -few sections, but they are the basic steps for each of the major services. diff --git a/docs/endpointpolicymanager/mdm/tips/manual.md b/docs/endpointpolicymanager/mdm/tips/manual.md deleted file mode 100644 index ee70920232..0000000000 --- a/docs/endpointpolicymanager/mdm/tips/manual.md +++ /dev/null @@ -1,47 +0,0 @@ -# Manually Placing XML Data and Licensing Files on Target Computers - -You might want to manually place XML data files or Endpoint Policy Manager licensing files on your -computers by including them within your system build, or using a script to copy them. Or you might -be curious about what the Endpoint Policy Manager Exporter utility is doing and what it is -delivering. - -Endpoint Policy Manager licenses and Endpoint Policy Manager XML data files need to be included in -the `%programdata%\PolicyPak\XMLdata` directory of the target machine (on Windows 7 and later). This -is typically `c:\ProgramData\PolicyPak\XMLdata`. In the directory, you'll see three subdirectories: -Users, Groups, and Computer. - -**NOTE:** There is also a Cloud directory that may or may not be present. It is used in conjunction -with Endpoint Policy Manager Cloud delivery and is not shown in this example. - -Within the Users subdirectory, you will see a subdirectory with the name SID for every domain user -who has logged on to that machine. Within Groups, you will see a subdirectory with the name SID for -every group of every user who has logged on to that machine (both local and Active Directory -groups). - -![policypak_exporter_tips_tricks_8](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_8.webp) - -To license (or extend the license) of an existing machine that is domain-joined, place the license -file you received from Endpoint Policy Manager in the computer folder. To make the client computer -use the XML data file, place the file you created in the previous step in one of these folders: the -Computer folder (which affects all users on the machine), the `Groups\ folder`, or the -`Users\ folder`. - -If you are unsure which SID is meant for which user (or which group your users belong to), you can -use a variety of tools to perform a SID-to-user lookup. A very easy way to look up a user is to -use` OBJ::SID`, which can be downloaded for free at -[https://petri.com/obj_sid](https://petri.com/obj_sid). Once you've downloaded the `OBJ::SID` file, -copy and paste the SID folder name into the OBJ::SID tool, which is automatically generated. The -output will reveal the name: - -![policypak_exporter_tips_tricks_9](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_9.webp) - -Alternatively, you can type in the user or group name to receive the SID name: - -![policypak_exporter_tips_tricks_10](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_10.webp) - -![policypak_exporter_tips_tricks_11](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_11.webp) - -The reason Endpoint Policy Manager uses the SID and not the actual user or group name is because -SIDs are permanent, whereas the underlying name in Active Directory can be changed. Once the -exported XML data files are in the directory, the Endpoint Policy Manager engine will pick up the -change within 10 seconds and perform the function. diff --git a/docs/endpointpolicymanager/mdm/tips/modify.md b/docs/endpointpolicymanager/mdm/tips/modify.md deleted file mode 100644 index 07cd30aef7..0000000000 --- a/docs/endpointpolicymanager/mdm/tips/modify.md +++ /dev/null @@ -1,43 +0,0 @@ -# Modifying Existing MSI Files with Endpoint Policy Manager Exporter - -Endpoint Policy Manager Exporter enables you to quickly open and edit previously created MSI files. -To do this, select "Open an existing MSI installer previously generated by this tool for editing," -as shown in Figure 51, when running Endpoint Policy Manager Exporter. - -![policypak_exporter_tips_tricks](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks.webp) - -Figure 51. Endpoint Policy Manager Exporter allows the user to open and edit existing MSI files. - -After choosing this option, specify the MSI file that you previously created using Endpoint Policy -Manager Exporter. When you do this, you'll be able to instantly see the XML data files you -previously placed inside the MSI along with the users you specified to receive the XML data files. - -You can manually add or delete users and add or replace XML data files and Endpoint Policy Manager -licensing files. In Figure 52, we've added another user to Winzip01.xml, added the file -Winzip03.xml, and specified a set of users for that file. - -![policypak_exporter_tips_tricks_1](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_1.webp) - -Figure 52. In this example, the user has specified which users can access the Winzip01.xml and -Winzip03.xml files. - -When you click "Next", you'll be able to update your MSI information, as shown in Figure 53. - -![policypak_exporter_tips_tricks_2](/img/product_docs/endpointpolicymanager/mdm/tips/endpointpolicymanager_exporter_tips_tricks_2.webp) - -Figure 53. In the Installer Properties, the user can edit the specific MSI files they are working -on. - -The MSI product code is always preserved when the MSI files are opened, updated, and saved. -Additionally, in Figure 52 you can see that the upgrade code is copied from the original MSI file. -This enables you to perform MSI upgrades using your software deployment tool. However, in order to -do this, you will also need to specify a higher number for the product version. This is performed -automatically for you. You're welcome to change the New Product Version field to whatever you like. - -**NOTE:** You can learn more about how the product version attribute is used within MSI files in -this technical note from Microsoft: -[http://msdn.microsoft.com/en-us/library/windows/desktop/aa370579(v=vs.85).aspx](). - -In short, when you open and utilize the MSI, save it again (using the same name or a different -name), and update the product version, the resulting MSI will correctly remove any old references -and correctly update any new references. diff --git a/docs/endpointpolicymanager/mdm/tips/overview.md b/docs/endpointpolicymanager/mdm/tips/overview.md deleted file mode 100644 index 53f05593fb..0000000000 --- a/docs/endpointpolicymanager/mdm/tips/overview.md +++ /dev/null @@ -1,11 +0,0 @@ -# Endpoint Policy Manager Exporter Tips, Tricks, and Notes - -In this section, you'll learn some Netwrix Endpoint Policy Manager (formerly PolicyPak) Exporter -tips and tricks. Below are the tips we will be exploring: - -- Modifying existing MSI files -- Cutting and pasting XML directives instead of importing them as a file -- Recycling user lists that you create -- Enabling Priority Mode -- Understand how XML data files are processed when they are delivered -- Manually placing XML data files on target computers (advanced topic) diff --git a/docs/endpointpolicymanager/mdm/tips/processorder.md b/docs/endpointpolicymanager/mdm/tips/processorder.md deleted file mode 100644 index def5c660c6..0000000000 --- a/docs/endpointpolicymanager/mdm/tips/processorder.md +++ /dev/null @@ -1,38 +0,0 @@ -# Understanding Processing Order of XML Data Files - -Once a Endpoint Policy Manager license XML file or Endpoint Policy Manager XML data file is -delivered to a machine, it takes only seconds (up to 10 seconds) for the Endpoint Policy Manager -client-side extension (CSE) to process the files. You can add multiple XML data files in any -configuration. For instance, you might want to have the following scenario: - -- WestSalesUser1 gets an XML data file stating that WinZip's password length must be 11. -- WestSalesUser2 gets an XML data file stating that WinZip's password length must be 12. -- WestSalesUser2 gets an XML data file dictating Acrobat Reader's JavaScript settings. -- WestSalesUsers Active Directory group gets an XML data file stating that Acrobat cannot be - updated. -- Everyone on the computer gets the same Firefox settings. -- Everyone on the computer is locked out of the WinZip Cameras tab. - -Files are processed in the following order: - -**Step 1 –** All XML data files for groups are processed first. In the case where multiple XML data -files are specified for a particular group, they are processed in alphabetical order. - -**Step 2 –** All XML data files specific to the user are processed next. In the case where multiple -XML data files are specified for a particular user, they are processed in alphabetical order. - -**Step 3 –** All XML data files specific to the computer are processed last. In the case where -multiple XML data files are specified to a particular computer, they are processed in alphabetical -order. - -If there is a conflict between settings within multiple XML data files, the last written XML data -file wins. Therefore, groups have the least precedence, and computer has the most precedence. - -**NOTE:** XML data files processed on a certain computer affect all users on that computer. - -Lastly, if there's a conflict between Endpoint Policy Manager XML data files and Endpoint Policy -Manager Active Directory Group Policy directives, the Active Directory Group Policy directives are -written last; therefore, they win. - -**NOTE:** Log files for the automatic application of XML data settings are found in -`%appdata%\local\PolicyPak` in a file called ppUser_onXMLdata.log. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/browserrouter.md b/docs/endpointpolicymanager/mdm/xmldatafiles/browserrouter.md deleted file mode 100644 index f209025d3b..0000000000 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/browserrouter.md +++ /dev/null @@ -1,11 +0,0 @@ -# XML Data Files from Endpoint Policy Manager Browser Router - -Endpoint Policy Manager Browser Router settings can be exported as an XML file. -Right-click` Computer Configuration | PolicyPak | Browser Router` or -`User Configuration | PolicyPak | Browser Router`, and pick the collection you wish to export, as -shown in Figure 13. For full details on the Endpoint Policy Manager Browser Router, see Book 5: -[Browser Router](/docs/endpointpolicymanager/browserrouter/overview.md). - -![deploying_policypak_directives_12](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_12.webp) - -Figure 13. Exporting a collection as an XML file via Endpoint Policy Manager Browser Router. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/feature.md b/docs/endpointpolicymanager/mdm/xmldatafiles/feature.md deleted file mode 100644 index 941231045c..0000000000 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/feature.md +++ /dev/null @@ -1,19 +0,0 @@ -# XML Data Files from Endpoint Policy Feature Manager - -Endpoint Policy Manager Feature Manager settings can be exported as an XML file. You can export a -single policy, a collection, or the whole node. Feature Manager only supports computer rules. In -this example, we have created an install rule and an uninstall rule, and we are exporting the entire -collection by right-clicking `Computer Configuration | PolicyPak | Feature Manager` for Windows 10 -and Windows Server and picking the collection we wish to export. - -![deploying_policypak_directives_28](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_28.webp) - -Figure 28. Exporting a whole collection using Endpoint Policy Manager Feature Manager. - -Alternatively, we could select a designated setting to export as well. Right-click -`Computer Configuration | PolicyPak | Security Manager`, and select the setting that is available in -the menu, as shown in Figure 29. - -![deploying_policypak_directives_29](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_29.webp) - -Figure 29. Exporting a single Endpoint Policy Manager Feature Manager entry. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/overview.md b/docs/endpointpolicymanager/mdm/xmldatafiles/overview.md deleted file mode 100644 index 08bd31615f..0000000000 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/overview.md +++ /dev/null @@ -1,141 +0,0 @@ -# Exporting Directives as XML Data Files - -Creating Endpoint Policy Manager XML data files is easy. But each Endpoint Policy Manager component -has a slightly different way to make and export XML data files. The XML data files you export can -then be used with Endpoint Policy Manager Exporter (with MEMCM, KACE, Microsoft Intune, etc.) or -with Endpoint Policy Manager Cloud. We will discuss these processes in the following sections. Note -that instructions are not included for all components. We've provided a representative sample of -most of the components, and most will export in a similar way. All the exceptions are noted here, -however, like Admin Templates Manager, Application Settings Manager, and Security Settings manager, -which are somewhat different than the others. - -**NOTE:** For a video overview of how to wrap up XML data and license files into MSI files, see the -following link: -[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md). - -Now that you have your XML data files, you're ready to bundle them up and make them into an MSI for -easy deployment using any software distribution utility, such as Microsoft Endpoint Configuration -Manager (MEMCM), Microsoft Intune, MobileIron, VMware Workspace ONE, KACE, LANDesk, or anything else -that uses MSI files. - -**Step 1 –** When you install the Endpoint Policy Manager Admin Console MSI, you automatically -install the Endpoint Policy Manager Exporter utility. In order to launch it, locate the utility's -icon in the Start menu within Endpoint Policy Manager Application Settings Manager, as shown in -Figure 3. - -![deploying_policypak_directives_2](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_2.webp) - -Figure 3. The Endpoint Policy Manager Exporter utility icon in the Start menu. - -This utility enables you to do any of the following: - -- Create new Endpoint Policy Manager Application Settings Manager XML data files -- Use existing XML data files from all Endpoint Policy Manager products -- Use Endpoint Policy Manager licensing files -- Map which XML data files should be installed for which users on target machines -- Open existing MSI files you previously created and quickly edit and enable modifications and - upgrades - -In this demonstration of Endpoint Policy Manager Exporter, we'll assume you have a collection of -Endpoint Policy Manager XML data files or a Endpoint Policy Manager licensing file you want to wrap -up into an MSI file for easy deployment. Let's assume you had the following XML data files (as shown -in Table 1) and wanted to ensure that the following users received the directives when logging on to -specific machines. - -Table 1: Example files. - -| File Name | File Type | Users Receiving the File | -| ----------------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------ | -| WinZip1.xml | Endpoint Policy Manager Application Settings Manager XML data file | EastSalesUser1, EastSalesUser2, Active Directory users | -| FireFox1.xml | Endpoint Policy Manager Application Settings Manager XML data file | Computer (All Users) | -| Enforce Default Browser.xml | Endpoint Policy Manager Browser Router Manager XML data file | Computer (All Users) | -| Control Panel Settings.xml | Endpoint Policy Manager Admin Templates Manager XML data file | Computer (All Users) | -| Important Security Settings.xml | Endpoint Policy Manager Security Settings Manager XML data file | Computer (All Users), forced | -| Fabrikam.Local-License-Key-file.xml | Endpoint Policy Manager license file | Computer (All Users), forced | - -When Endpoint Policy Manager Exporter is launched, you'll be able to perform the actions shown in -Figure 4. - -![deploying_policypak_directives_3](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_3.webp) - -Figure 4. The Endpoint Policy Manager Exporter tool helps the user create XML data files and package -the files into an MSI installer. - -**Step 2 –** Endpoint Policy Manager Exporter will create MSIs from your existing XML data files and -Endpoint Policy Manager licensing files or open up an existing MSI that you created earlier using -this tool. For now, select "Create a new MSI installer." Then, you'll see the option, "Add Existing -Files," as shown in Figure 5. - -![deploying_policypak_directives_4](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_4.webp) - -Figure 5. The option to add existing files. - -The "Add Existing Files" button lets you bring in the following types of files: - -- Any Endpoint Policy Manager XML data files (such as from Endpoint Policy Manager Application - Settings Manager, Endpoint Policy Manager Browser Router, Endpoint Policy Manager Least Privilege - Manager, etc.) -- Microsoft Group Policy Preferences XML data files -- Microsoft Security Group Policy settings exported as XML data files using Endpoint Policy Manager - Security Settings Manager -- Microsoft Admin Template settings exported using Endpoint Policy Manager Admin Templates Manager -- Endpoint Policy Manager licensing files for Endpoint Policy Manager and the Endpoint Policy - Manager Group Policy Compliance Reporter - -With Endpoint Policy Manager Exporter you can wrap these up into an MSI. In Figure 6, we have added -a variety of exported XML settings. - -![deploying_policypak_directives_5](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_5.webp) - -Figure 6. Exported XML settings. - -**NOTE:** You cannot add more than one licensing file of the same product type to an MSI project. - -**Step 3 –** Next, you can dictate which files will be delivered to which users, or to Computer (All -Users). - -**NOTE:** For MDM and Endpoint Policy Manager Cloud scenarios, it's common to specify the settings -affecting Computer (All Users), so you can guarantee that whoever is on the machine will get the -settings. - -**Step 4 –** By default, newly added XML data files will be delivered to all users, as shown in -Figure 7. This means the settings get delivered to the Computer side, and the result is that all -users must receive the settings. However, in our example, we want the WinZip1.xml file to be -delivered to EastSalesUser1 and EastSalesUser2. Therefore, use the dropdown menu under "Install -For," and change it from "Computer" to "Users & Groups." After you do this, the Target column -populates with "0 Users," as illustrated in Figure 7. - -![deploying_policypak_directives_6](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_6.webp) - -Figure 7. Selecting which group will get the XML data files. - -**Step 5 –** Click on "0 Users" to specify the users you want the WinZip1.xml file to work with. In -the Select Users or Groups dialog, click "Add Users / Groups," and specify the users (or groups) you -want this XML data file to apply to (see Figure 8). Then click "OK." - -![deploying_policypak_directives_7](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_7.webp) - -Figure 8. Selecting the targeted users. - -Notice that `theWinZip1.xml` file is now set to be delivered to two users (see Figure 9). You can -also specify Active Directory groups instead of just users. To help specify these types of users, -the Target column will express how many users and how many groups are being targeted. - -![deploying_policypak_directives_8](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_8.webp) - -Figure 9. The Target column shows how many users and how many groups are being targeted. - -**NOTE:** Licensing files are always set to deliver to all users. - -**Step 6 –** You can repeat the process by clicking on "Create New PPAM XMLdata File" or "Add -Existing Files" and then specifying which users you want the directives to apply to. When you are -done, click "Next" to continue. This will initiate the Installer Properties page where you can name -the MSI and manufacturer however you wish (as shown in Figure 10). - -![deploying_policypak_directives_9](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_9.webp) - -Figure 10. Naming the MSI. - -**Step 7 –** When you click "Next" in the Installer Properties page, you will be prompted to save -your MSI file. If you need it later, the MSI file can be opened and edited again (see the section -"Modifying Existing MSI files with Endpoint Policy Manager Exporter"). diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/preferences.md b/docs/endpointpolicymanager/mdm/xmldatafiles/preferences.md deleted file mode 100644 index 8e67850c20..0000000000 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/preferences.md +++ /dev/null @@ -1,22 +0,0 @@ -# XML Data Files from Endpoint Policy Preferences Manager - -To make an XML file from a Group Policy Preference item, first create the item. Be sure to embed any -Group Policy Preference Item-Level Targeting within your item to limit when the item will apply. For -instance, you may want to limit by operating system, IP address range, the presence of a file, and -so on. Refer to Book 9: [Preferences Manager](/docs/endpointpolicymanager/preferences/overview.md), for more details. -Then, drag the Group Policy Preference item from the MMC console to create the XML data file. You -can drag this file to a folder or your desktop, as shown in Figure 19. - -![deploying_policypak_directives_19](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_19.webp) - -Figure 19. Dragging the the Group Policy Preference item from the MMC console to the desktop in -order to create a XML data file. - -Alternatively, the Endpoint Policy Manager management console can also export existing Group Policy -Preference items from within an existing GPO (without you needing to drag and drop items one by -one). You can see an example of this in Figure 20. - -![deploying_policypak_directives_20](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_20.webp) - -Figure 20. The user can export an existing GPO through the Endpoint Policy Manager management -console. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/scripts.md b/docs/endpointpolicymanager/mdm/xmldatafiles/scripts.md deleted file mode 100644 index 0ceb9d7a86..0000000000 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/scripts.md +++ /dev/null @@ -1,14 +0,0 @@ -# XML Data Files from Endpoint Policy Scripts Manager - -You can export a single Endpoint Policy Manager Script Manager entry, as shown in Figure 26. - -![deploying_policypak_directives_26](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_26.webp) - -Figure 26. Exporting a single Endpoint Policy Manager Scripts Manager entry. - -Alternatively, you can export a whole collection, as shown in Figure 27, by right-clicking -`Computer Configuration | PolicyPak | Browser Router` and picking the collection you wish to export. - -![deploying_policypak_directives_27](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_27.webp) - -Figure 27. Exporting a whole collection using Endpoint Policy Manager Scripts Manager. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/securitysettings.md b/docs/endpointpolicymanager/mdm/xmldatafiles/securitysettings.md deleted file mode 100644 index 49f4d94998..0000000000 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/securitysettings.md +++ /dev/null @@ -1,11 +0,0 @@ -# XML Data Files from Endpoint Policy Manager Security Settings Manager - -Endpoint Policy Manager Security Settings Manager will export the computer-side security within a -GPO as an XML file. Right-click `Computer Configuration | PolicyPak | Security Manager`, and select -the only setting that is available in the menu, as shown in Figure 21. For full details on the -Endpoint Policy Manager Security Settings Manager Export Wizard, see Book 10: -[Security Settings Manager](/docs/endpointpolicymanager/securitysettings/overview.md). - -![deploying_policypak_directives_21](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_21.webp) - -Figure 21. Exporting the computer-side security within a GPO as an XML file. diff --git a/docs/endpointpolicymanager/mdm/xmldatafiles/taskbar.md b/docs/endpointpolicymanager/mdm/xmldatafiles/taskbar.md deleted file mode 100644 index 26fdc2b61b..0000000000 --- a/docs/endpointpolicymanager/mdm/xmldatafiles/taskbar.md +++ /dev/null @@ -1,18 +0,0 @@ -# XML Data Files from Endpoint Policy Taskbar Manager - -Endpoint Policy Manager Taskbar Manager settings can be exported as an XML file. You can export a -single policy, a collection, or the whole node. For example, right-click -`Computer Configuration | PolicyPak | Taskbar Manager` for Windows 10 or -`User Configuration | PolicyPak | Taskbar Manager` for Windows 10, and pick the root node or -collection you wish to export, as shown in Figure 24. - -![deploying_policypak_directives_24](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_24.webp) - -Figure 24. Exporting a whole collection using Endpoint Policy Manager Taskbar Manager. - -You can also export a single Endpoint Policy Manager Taskbar Manager entry, as as shown in -Figure 25. - -![deploying_policypak_directives_25](/img/product_docs/endpointpolicymanager/mdm/xmldatafiles/deploying_endpointpolicymanager_directives_25.webp) - -Figure 25. Exporting a single Endpoint Policy Manager Taskbar Manager entry. diff --git a/docs/endpointpolicymanager/overview.md b/docs/endpointpolicymanager/overview.md deleted file mode 100644 index 3904b849c7..0000000000 --- a/docs/endpointpolicymanager/overview.md +++ /dev/null @@ -1,12 +0,0 @@ -# Netwrix Endpoint Policy Manager (formerly PolicyPak) Documentation - -Netwrix Endpoint Policy Manager (formerly PolicyPak) allows you to secure end users wherever they -work and make them more productive with Netwrix endpoint management software. - -In today's hybrid work environment, users need to access their desktops, laptops and other devices -at the office, at home, while traveling, through kiosks and virtually. But many organizations are -struggling to manage and secure their IT ecosystem because not all Windows endpoint management -software systems were designed for modern distributed scenarios. Netwrix Endpoint Policy Manager -(formerly PolicyPak) enables you to solve your endpoint management and endpoint protection -challenges wherever users get work done, modernizing and extending the power of your existing -enterprise technology assets. diff --git a/docs/endpointpolicymanager/overview/_category_.json b/docs/endpointpolicymanager/overview/_category_.json new file mode 100644 index 0000000000..bec9f27fe1 --- /dev/null +++ b/docs/endpointpolicymanager/overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Endpoint Policy Manager (formerly PolicyPak) Documentation", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/overview/gettingstarted/_category_.json b/docs/endpointpolicymanager/overview/gettingstarted/_category_.json new file mode 100644 index 0000000000..ff379f3cc2 --- /dev/null +++ b/docs/endpointpolicymanager/overview/gettingstarted/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Started", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "gettingstarted" + } +} \ No newline at end of file diff --git a/docs/endpointpolicymanager/gettingstarted/fastest.md b/docs/endpointpolicymanager/overview/gettingstarted/fastest.md similarity index 87% rename from docs/endpointpolicymanager/gettingstarted/fastest.md rename to docs/endpointpolicymanager/overview/gettingstarted/fastest.md index 2e05d4cd78..c87420c5b5 100644 --- a/docs/endpointpolicymanager/gettingstarted/fastest.md +++ b/docs/endpointpolicymanager/overview/gettingstarted/fastest.md @@ -1,3 +1,9 @@ +--- +title: "Endpoint Policy Manager Support and Resources" +description: "Endpoint Policy Manager Support and Resources" +sidebar_position: 10 +--- + # Endpoint Policy Manager Support and Resources This topic provides information about the various support resources at Netwrix Endpoint Policy @@ -50,35 +56,35 @@ Endpoint Policy Manager has a few Quick start topics to provide specific guidanc Quick tart topics for delivery method of policies you plan to use: -- [Group Policy Delivery Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/grouppolicy.md) -- [MDM / Intune Delivery Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/mdm.md) -- [Endpoint Policy Manager Cloud Delivery Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/cloud.md) +- [Group Policy Delivery Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/grouppolicy.md) +- [MDM / Intune Delivery Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/mdm.md) +- [Endpoint Policy Manager Cloud Delivery Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/quickstart/cloud.md) A detailed Installation Guide for On-Prem scenarios that takes you from download to verified. -- [Step 1: Get the download and inspect its contents](/docs/endpointpolicymanager/gettingstarted/quickstart/downloadcontents.md) +- [Step 1: Get the download and inspect its contents](/docs/endpointpolicymanager/manuals/introductionandquick/overviewinstall/downloadcontents.md) A detailed topic is available if you're in a hurry to get started with Endpoint Policy Manager Cloud. -- [Endpoint Policy Manager Cloud Quick Start](/docs/endpointpolicymanager/cloud/overview.md) +- [Endpoint Policy Manager Cloud Quick Start](/docs/endpointpolicymanager/manuals/introductionandquick/cloud/overview.md) A detailed MDM & UEM tools (like Intune) topic can be found here: -- [MDM & UEM Tools](/docs/endpointpolicymanager/mdm/overview.md) +- [MDM & UEM Tools](/docs/endpointpolicymanager/manuals/introductionandquick/mdm/overview.md) A detailed PolicyPak Least Privilege Manager Implementation Quickstart Guide that is project oriented to get you to the success line quickly. -[Endpoint Privilege Manager Implementation QuickStart Guide](/docs/endpointpolicymanager/leastprivilege/pplpmimplementationguide.md) +[Endpoint Privilege Manager Implementation QuickStart Guide](/docs/endpointpolicymanager/manuals/leastprivilegesecuri/pplpmimplementationguide.md) ## Refer to Documentation in the Netwrix Technical Knowledge Center Endpoint Policy Manager has an extensive library of detailed manuals and Knowledge Base and Videos. Consider bookmarking these important pages: -- [Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles](/docs/endpointpolicymanager/knowledgebase.md) -- [Netwrix Endpoint Policy Manager (formerly PolicyPak) User Manuals](/docs/endpointpolicymanager/knowledgebase.md) +- [Netwrix Endpoint Policy Manager (formerly PolicyPak) Knowledge Base Articles](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) +- [Netwrix Endpoint Policy Manager (formerly PolicyPak) User Manuals](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md) Finding what youare looking for comes down to Knowledge Base & Videos and User Manuals. Here is a way to get oriented on the navigation. diff --git a/docs/endpointpolicymanager/overview/gettingstarted/gettingstarted.md b/docs/endpointpolicymanager/overview/gettingstarted/gettingstarted.md new file mode 100644 index 0000000000..549a558f51 --- /dev/null +++ b/docs/endpointpolicymanager/overview/gettingstarted/gettingstarted.md @@ -0,0 +1,126 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 10 +--- + +# Getting Started + +To help get you started, this topic points you towards videos that will get you on the road and +working with Netwrix Endpoint Policy Manager (formerly PolicyPak) quickly. + +## The Portal and Downloads + +In order to get the latest Endpoint Policy Manager downloads, you need access to the Endpoint Policy +Manager Customer Portal (shown in Figure 1). You can only get access to the portal from a Endpoint +Policy Manager sales associate. + +![getting_started_right_away](/img/product_docs/endpointpolicymanager/getting_started_right_away.webp) + +Figure 1. Inside the Endpoint Policy Manager Customer Portal. + +**NOTE:** Video: For an overview on how to use the Endpoint Policy Manager Customer Portal and +understand subscriptions, please watch the following video: +[https://www.endpointpolicymanager.com/video/endpointpolicymanager-portal-how-to-download-endpointpolicymanager-and-get-free-training.html](https://www.endpointpolicymanager.com/video/endpointpolicymanager-portal-how-to-download-endpointpolicymanager-and-get-free-training.html) + +Go to the Download section and select "Download Everything (Bits, Paks, Manuals but not Advice)," +and you will get a ZIP file with manuals. You will also receive the following: + +- A ZIP file containing all pre-configured AppSets for Endpoint Policy Manager Application Settings + Manager +- An ISO or ZIP file with the Endpoint Policy Manager installation files and licensing utility + +The Endpoint Policy Manager installation files are delivered as both ZIP and ISO so you can use +Endpoint Policy Manager in virtual environments (which can easily mount ISO files) or burn a CD of +the contents. + +You may also want to utilize the free 7-Zip program to open ZIP or ISO downloads and extract the +files. Download 7-Zip from [http://www.7-zip.org/](http://www.7-zip.org/). In Figure 2, you can see +the list of files and directories that are inside the Endpoint Policy Manager ZIP or ISO download. + +![getting_started_right_away_1](/img/product_docs/endpointpolicymanager/getting_started_right_away_1.webp) + +Figure 2. The folders that are inside the download. + +Following is a description of what each folder contains and where it should be installed. + +### Licensing for All On-Premise Products + +The licensing for All On-Premise Products contains the licensing utility needed to request and +implement Endpoint Policy Manager license keys. We will be discussing the utility (LT.exe) later. + +### Admin Console MSI for all On-Premise Products + +The Admin Console MSI for all On-Premise Products is installed on your management stations (wherever +you have the GPMC) or in the location where you wish to create Endpoint Policy Manager directives. +This installation also has the Endpoint Policy Manager Exporter and Group Policy Object (GPO) touch +utility (both are explained later). Once this is installed, you'll see a Endpoint Policy Manager +node whenever you edit a GPO. You can choose between a 32-bit and a 64-bit file. + +### Client-Side Extension (CSE) for All On-Premise Products + +The Client-Side Extension (CSE) for All On-Premise Products is installed on every client machine +(Windows 7 and later, Terminal Services (RDS), and Citrix). You can choose between a 32-bit and a +64-bit file. + +### PolicyPak ADMX (Troubleshooting) + +Endpoint Policy Manager ADMX (Troubleshooting) is meant to be used in conjunction with minor +configuration changes or working with tech support. These are ADMX files that can be placed in your +local or central Group Policy store to provide configurable options. + +### PolicyPak Application Manager Extras + +Endpoint Policy Manager Application Manager Extras contains the Endpoint Policy Manager DesignStudio +installer, which is used to create your own AppSets for Endpoint Policy Manager Application Settings +Manager. + +### PolicyPak Extras + +Endpoint Policy Manager Extras contains some miscellaneous utilities and helper tools. + +### PolicyPak Group Policy Compliance Reporter + +Endpoint Policy Manager Group Policy Compliance Reporter contains the Endpoint Policy Manager Group +Policy Compliance Reporter console and Endpoint Policy Manager Group Policy Compliance Reporter +server (optional) for Group Policy reporting. Note that the Compliance Reporter must be specifically +licensed. + +## Get Licensed + +With the exception of Endpoint Policy Manager Cloud (which is self licensed), Endpoint Policy +Manager requires the endpoint to be licensed to work with the components you wish to use. Therefore, +for Endpoint Policy Manager to work after you download everything from the portal, you need to do +the following: + +**Step 1 –** Request a license and send that key to Sales for processing. You can watch a video on +how to request a license at the following link: +[How to Request Licenses from Endpoint Policy Manager by Creating a "License Request Key"](/docs/endpointpolicymanager/video/license/licenserequestkey.md). + +**Step 2 –** Receive a license and install it. You can watch a video on how to install the license +you receive at the following +link:[How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md). + +## Get Started with the GPO Method + +Most customers want to use Endpoint Policy Manager with Group Policy. You can watch the getting +started video on how to install and run some initial tests at the following link: +[Endpoint Policy Manager with Group Policy Method: Getting Started](/docs/endpointpolicymanager/video/grouppolicy/gettingstarted.md). + +## GetStarted with the Endpoint Policy Manager Cloud Method + +If you want to get started right away with Endpoint Policy Manager Cloud, watch this video for a +quick overview: [Endpoint Policy Manager Cloud: QuickStart](/docs/endpointpolicymanager/video/cloud/quickstart.md). + +## Get Started with Your MDM Provider or UEM Tool + +Getting started with your mobile device management (MDM) provider or UEM tool takes a few more steps +than is covered in one video. In this case, instead of a single video, we recommend you watch each +of the videos at the links below in order to get prepared to use Endpoint Policy Manager with your +MDM provider. + +- For video overviews of using Endpoint Policy Manager with an MDM service see: Getting Started with + MDM > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). +- For video overviews of using Endpoint Policy Manager with a UEM tool like SCCM see: Getting + Started with Endpoint Policy Manager (Misc) > + [Knowledge Base](/docs/endpointpolicymanager/knowledgebase/knowledgebase.md). diff --git a/docs/endpointpolicymanager/overview/overview.md b/docs/endpointpolicymanager/overview/overview.md new file mode 100644 index 0000000000..a8a401dc89 --- /dev/null +++ b/docs/endpointpolicymanager/overview/overview.md @@ -0,0 +1,18 @@ +--- +title: "Netwrix Endpoint Policy Manager (formerly PolicyPak) Documentation" +description: "Netwrix Endpoint Policy Manager (formerly PolicyPak) Documentation" +sidebar_position: 10 +--- + +# Netwrix Endpoint Policy Manager (formerly PolicyPak) Documentation + +Netwrix Endpoint Policy Manager (formerly PolicyPak) allows you to secure end users wherever they +work and make them more productive with Netwrix endpoint management software. + +In today's hybrid work environment, users need to access their desktops, laptops and other devices +at the office, at home, while traveling, through kiosks and virtually. But many organizations are +struggling to manage and secure their IT ecosystem because not all Windows endpoint management +software systems were designed for modern distributed scenarios. Netwrix Endpoint Policy Manager +(formerly PolicyPak) enables you to solve your endpoint management and endpoint protection +challenges wherever users get work done, modernizing and extending the power of your existing +enterprise technology assets. diff --git a/docs/endpointpolicymanager/preferences/gettingstarted.md b/docs/endpointpolicymanager/preferences/gettingstarted.md deleted file mode 100644 index f8fd31a06a..0000000000 --- a/docs/endpointpolicymanager/preferences/gettingstarted.md +++ /dev/null @@ -1,68 +0,0 @@ -# Quick Start - -This Quickstart of Netwrix Endpoint Policy Manager (formerly PolicyPak) Preferences Manager will -introduce the following: - -- Deploying Microsoft Group Policy Preference items without Group Policy by using your own on-prem - deployment system, such as Microsoft Endpoint Manager (SCCM and Intune), KACE, and so on. -- Keeping Microsoft Group Policy Preferences settings compliant even when the computer goes offline - (regardless of how they are deployed). - -**NOTE:** See Appendix E: -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md) and User Guide for -additoinal information on Endpoint Policy Manager Preferences Manager in use with Endpoint Policy -Manager Cloud - -**NOTE:** To perform these demonstrations, Microsoft Group Policy Preference items must be -available. You can use some of our preconfigured items from the Endpoint Policy Manager Portal, or -you can create your own using the Group Policy Preferences Editor. - -## Option 1 - Downloading Microsoft Group Policy Preference Example Items - -Some easy-to-use Microsoft Group Policy Preference items have been previously created and are -available inside the Endpoint Policy Manager Portal for download in the Latest Manuals section. -Currently the file is called `ppprefs-shortcut.xml`.  You can get to it by accessing the customer -portal and navigating to Latest Manuals.  Then, click on Endpoint Policy Manager Examples (to be -used with PP Cloud-MDM-SCCM-etc).zip. - -![quickstart_using_policypak](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager.webp) - -Inside the download of the Endpoint Policy Manager preferences and Endpoint Policy Manager Cloud XML -examples, you'll see a file named `ppprefs-shortcut.xml`. - -![quickstart_using_policypak_1](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager_1.webp) - -Remove the file from the ZIP archive, and put it in a handy place for the deployment step. - -The Group Policy Preference item has a simple goal: to place a shortcut for www.endpointpolicymanager.com on the -desktop. If you wish to create a Group Policy Preference item from scratch, see the next section. - -## Option 2 - Using Microsoft Group Policy Preferences Editor - -While you can use any combination of Group Policy Preference items, we strongly recommend that you -use the Group Policy Preference item shown below, which puts an icon for www.endpointpolicymanager.com on the -desktop. - -These are the settings used to make the Group Policy Preference item: - -- Name: www.endpointpolicymanager.com -- Target Type: URL -- Location: Desktop -- Target URL: www.endpointpolicymanager.com -- Icon file path: `%SystemRoot%\system32\SHELL32.dll` -- Icon index: 47 - -![quickstart_using_policypak_2](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager_2.webp) - -When you click **OK**, it will save the data within the Group Policy Object (GPO). However, you can -drag and drop a Group Policy Preference item to the desktop or a folder, which makes an XML file. -Another way to do this is to right-click either the Endpoint Policy Manager or Endpoint Policy -Manager Preferences Manager node, as seen below, and use the Group Policy Preference Export wizard, -which will export the Group Policy Preference items from the GPO. - -**NOTE:** The Group Policy Preference Export wizard will only export settings for the User side or -Computer side, depending on which side on are on. - -![quickstart_using_policypak_3](/img/product_docs/endpointpolicymanager/preferences/quickstart_using_endpointpolicymanager_3.webp) - -Keep the Group Policy Preference item file you created handy for the next step. diff --git a/docs/endpointpolicymanager/preferences/itemleveltargeting.md b/docs/endpointpolicymanager/preferences/itemleveltargeting.md deleted file mode 100644 index 5af9f05043..0000000000 --- a/docs/endpointpolicymanager/preferences/itemleveltargeting.md +++ /dev/null @@ -1,72 +0,0 @@ -# Item-Level Targeting - -One of the best features of Microsoft Group Policy Preferences is its Item-Level Targeting. It -enables you to filter where a particular Group Policy Preference item will take effect. - -**NOTE:** See [Group Policy Preferences: Item Level Targeting](/docs/endpointpolicymanager/archive/itemleveltartgeting.md) -for a video of Group Policy Preferences and Item-Level targeting - -If you followed the Quickstart guide in the previous section, then you deployed a Group Policy -Preferences shortcut item to the desktop for every user. With Netwrix Endpoint Policy Manager -(formerly PolicyPak) Preferences Manager, there are two ways you can limit or target which users and -computers will receive Group Policy Preferences directives by doing the following: - -- Use Endpoint Policy Manager Exporter and specify certain users and groups instead of computer/all - users -- Modify Group Policy Preference items in such a way that they have Item-Level Targeting that - describes the conditions under which they should apply - -Additionally, you can choose to use both methods together if you prefer. For instance, you might: - -- Use the Group Policy Preferences Editor and make a Group Policy Preferences Power Settings item to - configure power settings -- Continue to use the Group Policy Preferences Editor Item-Level Targeting to specify that the item - should only apply to Windows 10 laptops that are in a particular IP address range - (192.168.2.0–192.168.3.0) -- Use Endpoint Policy Manager Exporter to specify that only the Sales group within Active Directory - should process this policy - -In this example, the net result of using these methods is that your Group Policy Preference item -will only apply to Windows 10 machines that are laptops and within a specific IP address range -(192.168.2.0–192.168.3.0), and when the user is a member of the Sales Active Directory group. - -![group_policy_preferences_item](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item.webp) - -You can then choose which item you want to target: - -![group_policy_preferences_item_1](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_1.webp) - -You can apply one or more targeting items to a Microsoft Group Policy Preference item, which enables -targeting items to be joined logically. You can also add targeting collections, which group together -targeting items in much the same way parentheses are used in an equation. In this way, you can -create a complex determination about where a policy will be applied. Collections may be set to And, -Or, Is, or Is Not. - -![group_policy_preferences_item_2](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_2.webp) - -In the example above the Pak would only apply to (1) Windows 10 machines when (2) the machine is -portable and (3) the user is in the FABRIKAM\Traveling Sales Users group. - -Here are some real-world examples of how you can use Item-Level Targeting with Group Policy -Preferences: - -- Mobile computers — If you want to deploy settings for users on mobile PCs, filter the Group Policy - Preference item to deploy to only mobile PCs by using the Portable Computer targeting item. -- Operating system version — You can specify different settings for applications based on the - operating system version. To do this, create two Group Policy Preference items, one for each - operating system. Then filter each AppSet using the Operating System targeting item. -- Group membership — You can specify a Group Policy Preference item that would normally apply to all - users on the computer and, instead, filter by members within a specific group to pick up and - process the Group Policy Preference item. -- IP range — You can specify different settings for various IP ranges, like different browser - settings for the home office and each field office. - -When Item-Level Targeting is used, it can be seen and verified in the XML view of the Group Policy -Preference item by choosing the Display Xml option. The Item-Level Targeting is highlighted in the -Filters section. - -![group_policy_preferences_item_3](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_3.webp) - -![group_policy_preferences_item_4](/img/product_docs/endpointpolicymanager/preferences/group_policy_preferences_item_4.webp) - -The XML of the Group Policy Preference item verifies that Item-Level Targeting is being used. diff --git a/docs/endpointpolicymanager/preferences/overview.md b/docs/endpointpolicymanager/preferences/overview.md deleted file mode 100644 index 83ad3f526a..0000000000 --- a/docs/endpointpolicymanager/preferences/overview.md +++ /dev/null @@ -1,99 +0,0 @@ -# Preferences Manager - -**NOTE:** Before reading this section, please ensure you have read Book 2: -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure -- Optionally, if you don't want to use Group Policy, read the section in Appendix A: - [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) on Group Policy and - non–Group Policy methods (MEMCM, KACE, and MDM service or Netwrix Endpoint Policy Manager - (formerly PolicyPak) Cloud) to deploy your directives. - -Microsoft Group Policy Preferences are great because they let you configure 21 categories of items, -including the following a,nd many more. - -- Printers -- Shortcuts -- Drive maps -- VPN settings -- Device lock-down -- Regional settings - -![about_policypak_gpo_export](/img/product_docs/endpointpolicymanager/preferences/about_endpointpolicymanager_gpo_export.webp) - -Despite these advantages, Microsoft's Group Policy Preferences have some issues that cannot be -overcome without a little help. That's where Endpoint Policy Manager Preferences Manager comes in. - -## Main Concepts - -Endpoint Policy Manager Preferences Manager does the following jobs: - -- It maintains the compliance of a Group Policy Preference item even when the computer is offline. -- It enables a Group Policy Preference item to be delivered without using Active Directory Group - Policy. Therefore, with Endpoint Policy Manager Preferences Manager, you may now use Microsoft - Endpoint Manager (SCCM and Intune), LANDesk, or KACE to deliver Group Policy Preferences without - the inbox Group Policy mechanism being involved. -- In conjunction with the Endpoint Policy Manager Cloud service, or your own mobile device - management (MDM) service, you can deliver Group Policy Preference items to computers over the - Internet (to both domain-joined and non-domain-joined machines). For more information on Endpoint - Policy Manager Cloud, see Appendix E: - [Setup, Download, Install, and Verify](/docs/endpointpolicymanager/cloud/quickstart.md) and User Guide. For more - information about using Endpoint Policy Manager with an MDM service, see Appendix A: - [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md). - -**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy -Preferences directives even to non-domain-joined machines. - -**NOTE:** See -[Which settings can be managed with the Preferences Manager component?](/docs/endpointpolicymanager/preferences/settings.md)for additional -information on Endpoint Policy Manager Preferences Manager used with SCCM, Endpoint Policy Manager -Cloud, or an MDM service, - -The basic way to use Endpoint Policy Manager Preferences Manager is to perform the following -procedures: - -- Create a Microsoft Group Policy Preferences directive on your Windows administrative machine using - the Microsoft GPMC and Group Policy Preferences Editor. -- Deliver the directive to the client machines. If you use Group Policy as the delivery mechanism, - the directive is received via client machines. You can also use Endpoint Policy Manager - Preferences Manager to deliver it via the following ways: - - - Microsoft Endpoint Manager (SCCM and Intune) - - Your own systems management software - - Endpoint Policy Manager Cloud service - -- Allow the client machine to embrace the directives and perform the work. - -This way you are not required to use the Group Policy mechanism as the transport to deploy Group -Policy Preferences directives. - -## Moving Parts - -Endpoint Policy Manager Preferences Manager has the following main components: - -- A management station — Start out by creating a standard Group Policy Preference item using the - GPMC you use every day. Then export the settings using the Endpoint Policy Manager Preferences - Manager Export wizard. You can export these settings for use with Endpoint Policy Manager Cloud, - or deploy these settings using methods other than Group Policy methods. -- The Endpoint Policy Manager client-side extension (CSE) — This runs on the client (target) - machine. It is the same CSE for all Endpoint Policy Manager products. There isn't anything - separate to install. -- Endpoints — Endpoints must be licensed for Endpoint Policy Manager Preferences Manager using one - of the licensing methods. -- Endpoint Policy Manager Exporter (optional) — A free utility that lets you take Microsoft Group - Policy Preferences and our other Endpoint Policy Manager XML data files and wrap them into a - portable MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), or your own - systems management software. - -![about_policypak_gpo_export_1](/img/product_docs/endpointpolicymanager/preferences/about_endpointpolicymanager_gpo_export_1.webp) - -Endpoint Policy Manager Preferences Manager does not require any particular type of domain -controllers (DCs). Nothing is installed on any DC, and you don't need to extend the Active Directory -schema. Additionally, you do not need to install any server components, upgrade any servers or DCs, -or buy any server-side infrastructure. There is no requirement for domain mode or functional level. -To be clear, every client computer (Windows 7 and higher) or Terminal Services (RDS)/Citrix machine -(Windows Server 2008 or higher) must have the Endpoint Policy Manager CSE installed and licensed. diff --git a/docs/endpointpolicymanager/preferences/passwords.md b/docs/endpointpolicymanager/preferences/passwords.md deleted file mode 100644 index 97b23cf608..0000000000 --- a/docs/endpointpolicymanager/preferences/passwords.md +++ /dev/null @@ -1,68 +0,0 @@ -# How do I use passwords with Group Policy Preferences items within Endpoint Policy Manager Cloud? - -Neither the Microsoft MMC nor Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud enables you -to enter in passwords. This is because when the GPOs are housed in the domain, it can be used by -attackers to reverse engineer passwords stored in the GPOs. - -In Endpoint Policy Manager Cloud this is less of a concern, because those fields are not readable by -everyone, only admins who log on to the console. That being said, this procedure is not guaranteed -to be safe, because the final cPassword values are transmitted to the endpoint and could be reverse -engineered there. So you will have to use your judgment to see if this procedure is worth it for -you. - -**Step 1 –** If you want to use a Group Policy Preferences item along with a password field, start -by populating your Preferences item (on-prem recommended) with as much data as you can, noting that -the Connect as (or other fields) are not changeable in the MMC editor. Below are two examples. - -![916_1_image001](/img/product_docs/endpointpolicymanager/preferences/916_1_image001.webp) - -![916_2_image003](/img/product_docs/endpointpolicymanager/preferences/916_2_image003.webp) - -**Step 2 –** Once you have the item, drag it to the desktop and open it for editing.  The goal is to -enter the missing details by hand, typically the cPassword field. - -![916_3_image004](/img/product_docs/endpointpolicymanager/preferences/916_3_image004.webp) - -**Step 3 –** To do get a cPassword, you need to provide an encrypted value in quotes. - -**Step 4 –** Utilize this code and replace the data string with your intended password. - -``` -require 'rubygems' -require 'openssl' -require 'base64' -data = " abc123" -def encrypt(data) -  key = "\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b" -  cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC") -  cipher.encrypt -  cipher.key = key -  repacked = data.unpack('C*').pack('v*') -  encrypted_data = cipher.update(repacked) + cipher.final -  encrypted_data = Base64.encode64(encrypted_data) -  encrypted_data = encrypted_data[0, encrypted_data.index('=')] -end -encrypted_data = encrypt(data) -puts encrypted_data -``` - -You can test ithere: -[https://onecompiler.com/ruby/3y33cr579](https://onecompiler.com/ruby/3y33cr579) - -Examples: - -- Encrypting `Local*P4ssword!` provides `j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw` -- Encrypting `abc123` gives `Uz2Lr4XKoAyUj1HhrWbTLA` - -**Step 5 –** Once you have the well-formed XML you should be able to drag it back into the MMC -editor and test it (if you want). - -Or you can upload the XML to Endpoint Policy Manager Cloud. - -All well-formed XML will be accepted and should process on the endpoint. - -**NOTE:** Endpoint Policy Manager Preferences will need to be licensed for Endpoint Policy Manager -Cloud. In domain-joined scenarios that component is automatically disabled until expressly enabled. - -See -[Why is Endpoint Policy Manager Preferences (original version) "forced disabled" by default?](/docs/endpointpolicymanager/license/unlicense/forceddisabled.md) diff --git a/docs/endpointpolicymanager/preferences/settings.md b/docs/endpointpolicymanager/preferences/settings.md deleted file mode 100644 index 33ce39774a..0000000000 --- a/docs/endpointpolicymanager/preferences/settings.md +++ /dev/null @@ -1,8 +0,0 @@ -# Which settings can be managed with the Preferences Manager component? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Preferences Manager handles every single one of -the Group Policy Preferences, with more than twenty configurable options. - -![626_1_pppm-gpme-user_299x531](/img/product_docs/endpointpolicymanager/preferences/626_1_pppm-gpme-user_299x531.webp) - -![626_2_pppm-gpme-comp_297x472](/img/product_docs/endpointpolicymanager/preferences/626_2_pppm-gpme-comp_297x472.webp) diff --git a/docs/endpointpolicymanager/preferences/setup.md b/docs/endpointpolicymanager/preferences/setup.md deleted file mode 100644 index b97e6224e4..0000000000 --- a/docs/endpointpolicymanager/preferences/setup.md +++ /dev/null @@ -1,29 +0,0 @@ -# Getting Set Up - -In the next section, you'll learn more about Netwrix Endpoint Policy Manager (formerly PolicyPak) -Preferences Manager and how to ensure that everything works the way you expect it to. - -The goals of the Endpoint Policy Manager Preferences Manager Quickstart in the next section are as -follows: - -- Create a simple Group Policy Preference item and get its XML. -- Make an MSI from the Group Policy Preferences XML file. -- Manually copy the MSI file to a target computer. This simulates deploying the MSI using your own - management system such as Microsoft Endpoint Manager [SCCM and Intune], KACE, LANDesk, PDQ Deploy, - Specops Deploy, etc. -- Install the MSI and see the Group Policy Preference item appear. -- See compliance for Group Policy Preference items be maintained by Endpoint Policy Manager - Preferences Manager. -- Log on as any user and see the Group Policy Preference item appear. - -At this point, you should have the following ready: - -- A client system (Windows 7 or later preferred) with "computer" in the name for Trial mode, or - fully licensed. -- The Endpoint Policy Manager 32-bit or 64-bit client-side extension on your client machine. -- A management station with the GPMC and Endpoint Policy Manager Admin Console.MSI (MMC snap-in) - installed on the machine where you have the GPMC installed (32-bit or 64-bit machines, as - appropriate). -- The Endpoint Policy Manager Exporter utility on the management station. - -Now you're ready to test Endpoint Policy Manager Preferences Manager. diff --git a/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/exportcollections.md b/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/exportcollections.md deleted file mode 100644 index d3691387ce..0000000000 --- a/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/exportcollections.md +++ /dev/null @@ -1,15 +0,0 @@ -# Exporting Collections - -Appendix A: Advanced Concepts explains how to use the Endpoint Policy Manager Exporter to wrap up -any Endpoint Policy Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and -Intune), KACE, your own MDM service, or Endpoint Policy Manager Cloud. To export a policy for later -use using Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud, right-click the -collection or the policy and select **Export to XML**. This will enable you to save an XML file, -which you can use later. - -![using_item_level_targeting_7](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_7.webp) - -Remember that Endpoint Policy Manager RDP policies can be created and exported on the User or -Computer side. For instance, below we have a collection being exported. - -![using_item_level_targeting_8](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_8.webp) diff --git a/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/overview.md b/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/overview.md deleted file mode 100644 index a88560adb4..0000000000 --- a/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/overview.md +++ /dev/null @@ -1,48 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix -Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. -With Endpoint Policy Manager RDP Manager, Item-Level Targeting can be placed on collections, as well -as policies within collections. - -A collection enables you to group together Endpoint Policy Manager RDP Manager policies so they can -act together. For instance, you might create a collection for only East Sales users and another for -HR Users. - -![using_item_level_targeting](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting.webp) - -Below you can see the two collections we have created which can hold other collections or policies. -You can also see how you can apply Item-Level Targeting for a collection. - -![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_1.webp) - -To change the Item-Level Targeting, right-click any Endpoint Policy Manager RDP Manager policy, and -select **Edit Item Level Targeting**. - -![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_2.webp) - -The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select any -combination of characteristics you want to test for. Administrators familiar with Group Policy -Preferences' Item-Level Targeting will be at home in this interface, as it is functionally -equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically. You can also add targeting collections, which group together targeting items in much the -same way parentheses are used in an equation. In this way, you can create a complex determination -about where a policy will be applied. Collections may be set to And, Or, Is, or Is Not. - -When targeting policies and collections for Endpoint Policy Manager RDP Manager policies, it is a -good idea to target portable computers and mobile user security groups. You can also require that -users not be on the corporate LAN as well. - -![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_3.webp) - -In this example, the Pak would only apply to Windows 10 machines when the machine is portable and -not on the corporate LAN subnet, and the user is in the FABRIKAM\Traveling Sales Users group. - -When using Item-level Targeting and conditional settings, you can check the **Remove RDP file when -policy no longer applies** option to delete the RDP file when the policy no longer applies. For -example, using the example below, the policy would no longer apply whenever the computer obtains an -address from the corporate LAN. - -![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_4.webp) diff --git a/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/processorderprecedence.md deleted file mode 100644 index b83fbc934a..0000000000 --- a/docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/processorderprecedence.md +++ /dev/null @@ -1,10 +0,0 @@ -# Understanding Processing Order and Precedence - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So, lower-numbered collections attempt to process first, and higher-numbered collections attempt to -process last. Then, within any collection, each policy is processed in numerical order from lowest -to highest. - -![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_5.webp) - -![using_item_level_targeting_6](/img/product_docs/endpointpolicymanager/remotedesktopprotocol/itemleveltargeting/using_item_level_targeting_6.webp) diff --git a/docs/endpointpolicymanager/remotedesktopprotocol/overview.md b/docs/endpointpolicymanager/remotedesktopprotocol/overview.md deleted file mode 100644 index d72271230f..0000000000 --- a/docs/endpointpolicymanager/remotedesktopprotocol/overview.md +++ /dev/null @@ -1,14 +0,0 @@ -# Remote Desktop Protocol Manager - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Desktop Protocol (RDP) Manager enables -you to perform the following operations in Windows 10 in order to optimize remote work and VDI -scenarios: - -- Manage RDP connections using an intuitive GUI just like RDP Connection Manager -- Create, replace, update, and delete RDP files on user desktops -- Configure and deliver the complete gamut of RDP settings and keep them up to date -- Specify which RDP files should go on which machines based on conditional settings - -**NOTE:** See -[Create and update .RDP files for end-users for Remote Work and VDI scenarios](/docs/endpointpolicymanager/video/remotedesktopprotocol/vdiscenarios.md) -for an overview of Endpoint Policy Manager Remote Desktop Protocol Manager diff --git a/docs/endpointpolicymanager/remoteworkdelivery/collections.md b/docs/endpointpolicymanager/remoteworkdelivery/collections.md deleted file mode 100644 index 4855d586e5..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/collections.md +++ /dev/null @@ -1,21 +0,0 @@ -# Using Collections for Groupings and Advanced Configuration - -When you make a Endpoint Policy Manager Remote Work Delivery Manager collection, it enables you to -group together policy settings for the sake of organization, perform Item-Level Targeting (discussed -next), and specify advanced options. - -![getting_to_know_policypak_35](/img/product_docs/endpointpolicymanager/remoteworkdelivery/getting_to_know_endpointpolicymanager_35.webp) - -By default, Endpoint Policy Manager Remote Work Delivery Manager will attempt to process policies at -the root node, or within any collection, at the same time, without letting one job finish before -another job starts. In some situations, this is undesired. For instance, you might want to ensure -one file copy is definitely finished and its script running before starting another file copy and -letting that script run. - -As such, you can use a collection to: - -- Process policies sequentially – This will ensure that policies are processed in the order shown in - the MMC console, i.e., 1, 2, and so on. When this option is unchecked, policies may process in any - order. -- Process policies synchronously — When checked, this will ensure that each individual policy is - finished processing before the next one starts. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/computerside.md b/docs/endpointpolicymanager/remoteworkdelivery/computerside.md deleted file mode 100644 index 29d61e6392..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/computerside.md +++ /dev/null @@ -1,37 +0,0 @@ -# Using Remote Work Delivery Manager on the Computer Side - -In the Quickstart example, we delivered a file to users, but Endpoint Policy Manager can also -deliver scripts on the Computer side. - -There are two options when you create a script policy from the Computer side. - -![getting_to_know_policypak_34](/img/product_docs/endpointpolicymanager/remoteworkdelivery/getting_to_know_endpointpolicymanager_34.webp) - -The two options to select from are: - -- Apply this policy to computer — This is the default option and will apply the files to the - computer in the System context. This is best used when you're trying to do things that only the - system should do, like deliver files, such as program files, system files, and so on, to protected - Windows folders. The policy only applies when the Computer context is used. -- Apply this policy to all users who log into the computer (switched mode) — This setting will - deliver files either as System (default behavior) or run in the User context. This gives you the - ability to deliver files any time a user logs onto the computer, and specify the context (System - or User). - -**NOTE:** Scripts placed on the Computer side, but run in the User context can be run interactively. -But scripts run in the System context cannot be run interactively. - -The main advantage to delivering files on the Computer side, but running in the User context -(switched mode), is that you do not need loopback in order to deliver files to each user who logs -on. In this way, you can target specific scripts for the collections of computers that you might -find in training rooms, free seating areas, VDI, and similar situations, and ensure that the same -script runs for everyone who sits down at these computers. - -Also, note some subtle differences about when policies are set to Always apply: - -- Switched policies apply to Users (even though they're targeted to Computers). As such, all - Switched policies apply on logon and anytime the Group Policy service updates (in the background - and manually when you run `GPupdate `and `PPupdate`). -- All policies with **Always run** selected will reapply when policy changes are made. -- All policies with **Always run** selected will reapply when the Endpoint Policy Manager service - starts up. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/exportcollections.md b/docs/endpointpolicymanager/remoteworkdelivery/exportcollections.md deleted file mode 100644 index 2c213687a2..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/exportcollections.md +++ /dev/null @@ -1,45 +0,0 @@ -# Exporting Collections - -In Appendix A:[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md), you can -learn how to use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Exporter to wrap up -Endpoint Policy Manager directives and deliver them using Endpoint Policy Manager Cloud, an MDM -service, or a non-Group Policy method such as MEMCM, KACE, and so on. - -**NOTE:** For a video demonstrating the use of Endpoint Policy Manager Remote Work Delivery Manager -with Endpoint Policy Manager MDM see -[Copy files and keep them up to date with your MDM service](/docs/endpointpolicymanager/video/remoteworkdelivery/mdm.md). - -Remember that Endpoint Policy Manager Remote Work Delivery Manager policies can be created and -exported on the User side or Computer side. In the example below you can see an export from the User -side. - -![exporting_collections](/img/product_docs/endpointpolicymanager/remoteworkdelivery/exporting_collections.webp) - -Choosing this option from the User side will allow the user to export the policy or collection for -later use with Endpoint Policy Manager Cloud or an MDM service. - -Below you can see an Export of Endpoint Policy Manager Remote Work Delivery Manager XML from the -Computer side. - -![exporting_collections_1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/exporting_collections_1.webp) - -Choosing this option from the Computer side will allow the user to export the Policy or collection -for later use with Endpoint Policy Manager Cloud or an MDM service. - -Here are some helpful tips to decide which side to use: - -- When you export a user-side policy and deploy it using Endpoint Policy Manager Cloud or MDM, it - will apply to every user on the machine (like switched mode). -- When you export a computer-side policy (which affects the system) and deploy it using Endpoint - Policy Manager Cloud or MDM, it will apply to the computer as System. -- When you export a computer-side policy (which affects all users on the machine), and deploy it - using Endpoint Policy Manager Cloud or MDM, it will apply to every user on the machine (like - switched mode). - -**NOTE:** See -[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md) -for additional information on how to export policies and use Endpoint Policy Manager Exporter - -Note that exported collections or policies maintain any Item-Level Targeting set within them. If -you've used items that represent Group Membership in Active Directory, then those items will only -function when the machine is domain-joined. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/overview.md b/docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/overview.md deleted file mode 100644 index 99ba2e16ce..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/gettingstarted/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Quick Start - Using Remote Work Delivery Manager to Copy and Install a Single File - -This is a two-part Quickstart example. In Part 1, we're going to copy the installer file for -Notepad++ from an SMB share, and then run it silently after the install. In Part 2, we're going to -copy a file from an HTTP(S) webserver like Dropbox. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/gettoknow.md b/docs/endpointpolicymanager/remoteworkdelivery/gettoknow.md deleted file mode 100644 index d7cb61dc32..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/gettoknow.md +++ /dev/null @@ -1,19 +0,0 @@ -# Getting to Know Remote Work Delivery Manager - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager is contained -within the Endpoint Policy Manager node. Endpoint Policy Manager Remote Work Delivery Manager MMC -snap-in enables you to create a new Endpoint Policy Manager Remote Work Delivery Manager standard -policy, web policy, or collection. - -**NOTE:** You will only see the Endpoint Policy Manager Remote Work Delivery Manager node when the -latest Admin Console MSI is installed on the management station. - -![getting_to_know_policypak](/img/product_docs/endpointpolicymanager/remoteworkdelivery/getting_to_know_endpointpolicymanager.webp) - -The functions of collections and policies are as follows: - -- Collections are groupings of policies -- Policies are the rules that perform the work. - -Both collections and policies may have Item-Level Targeting (explained in more detail later), which -enables you to target policies based on criteria that you specify. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/insouts.md b/docs/endpointpolicymanager/remoteworkdelivery/insouts.md deleted file mode 100644 index 0406fcc53e..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/insouts.md +++ /dev/null @@ -1,38 +0,0 @@ -# Ins and Outs of Remote Work Delivery Manager - -Endpoint Policy Manager Remote Work Delivery Manager (PPRWDM) solves several huge Windows 10 issues. -Its basic goal is to deliver files and folders from either SMB shares or HTTP(S) sources, and if the -connection is unstable or breaks and comes back, the file(s) will continue to be downloaded. You can -think of PPRWDM as Robocopy on steroids for Group Policy and the web. And as a bonus, after the file -is copied, you can run a script to perform an action, such as install an application you just -copied. - -## Managing File Copies with Group Policy without Endpoint Policy Manager - -There is an in-box method of copying files with Group Policy Preferences but it does have some -limitations. - -The File Copy settings are found in the Group Policy Editor under User Configuration > Preferences > -Files node and Computer Configuration > Preferences > Files node. - -![about_policypak_remote_work](/img/product_docs/endpointpolicymanager/remoteworkdelivery/about_endpointpolicymanager_remote_work.webp) - -Using Group Policy Preferences will copy exactly one file and place it where you want it. You can -also add an asterisk (\*) in the source file entry, which changes the Destination File field to a -Destination folder field. - -![about_policypak_remote_work_1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/about_endpointpolicymanager_remote_work_1.webp) - -When you add the asterisk (\*), Group Policy Preferences will attempt to copy all the files from -that source folder down to the client. Note that this file copy is not recursive, making it a common -problem that administrators would like to overcome. There's also no way to copy only changed files, -or to make other exceptions. - -## Delivering Files with an MDM Service without Endpoint Policy Manager - -On any MDM service, there is no way to easily push files. The only current way to do this is to wrap -up your files into an MSI with a third party MSI tool (like AdvancedInstaller or similar) and then -use the MDM service's MSI file deployment ability. Even though it works, and would copy the file one -time, this is not a great system when you need to update one or more files on a regular basis, -because the process becomes tedious and error-prone. With Endpoint Policy Manager, you'll see how to -quickly copy files to endpoints and keep them updated on a regular basis. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/itemleveltargeting.md b/docs/endpointpolicymanager/remoteworkdelivery/itemleveltargeting.md deleted file mode 100644 index baba496f18..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/itemleveltargeting.md +++ /dev/null @@ -1,59 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix -Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. -With Endpoint Policy Manager Remote Work Delivery Manager, Item-Level Targeting can be used with -collections as well as Endpoint Policy Manager Remote Work Delivery Manager policies within -collections. A collection enables you to group together Endpoint Policy Manager Remote Work Delivery -Manager policies so they can act together. For instance, you might create a collection for only East -Sales computers and another for West Sales computers. - -![using_item_level_targeting](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting.webp) - -You can also right-click any Endpoint Policy Manager Remote Work Delivery Manager policy, and select -**Edit Item Level Targeting**. - -![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_1.webp) - -You can also select Item-Level Targeting when a policy is created using the wizard. - -The Edit Item Level Targeting function brings up the Targeting Editor. In the Targeting Editor, -select any combination of characteristics to test for. Administrators familiar with Group Policy -Preferences' Item-Level Targeting will be at home in this interface, since it is functionally -equivalent. - -Apply one or more targeting items to a policy. This enables a logical joining together of targeting -items. Adding targeting collections equates to enclosing equations in parentheses. In other words, -it allows you to group together targeting items. In this way, a fairly complex determination can be -created for the computers the policy applies to. Collections may be set to And or Or, as well as Is -or Is Not. - -![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_2.webp) - -Here are some real-world examples of Item-Level Targeting used with Endpoint Policy Manager Remote -Work Delivery Manager: - -- Software prerequisites — To configure an application's settings, make sure the application is - first installed on the user's computer before configuring it. Use either File Match, MSI Match, or - Registry Match targeting items to verify if a specific version of a file or a Registry entry is - present. For instance, you can look in the Uninstall Registry key. -- Mobile computers — To deploy settings exclusively for users on mobile PCs, filter the rule by - using the Portable Computer targeting item. -- Operating system version — You might want to specify different settings for applications based on - the operating system. for example, you might want different settings for those running Windows 10. - In this case, simply create one rule for each operating system. Then, filter each rule using the - Operating System targeting item. -- Group membership — Group membership can be used to link the GPO to the whole domain or - organizational unit (OU), but only specific computer members within a certain group will pick up - and process the rule settings. -- IP range — IP range can be used to specify different settings for various IP ranges, like, for - example, different browser settings for the home office and field office. - -After editing is completed, close the editor. Note that the policy or collection's icon has changed -to orange, which shows that it now has Item-Level Targeting. - -![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_3.webp) - -**NOTE:** When Item-Level Targeting is on, the policy won't apply unless the conditions are True. If -Item-Level Targeting is applied to a collection, then none of the items in the collection will apply -unless the Item-Level Targeting on the collection evaluates to True. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/overview.md b/docs/endpointpolicymanager/remoteworkdelivery/overview.md deleted file mode 100644 index 027c865b84..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/overview.md +++ /dev/null @@ -1,61 +0,0 @@ -# Remote Work Delivery Manager - -**NOTE:** Before reading this section, please ensure you have read Book 2: -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section in Appendix A: -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) to deploy your -directives. - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager (PPRWDM) enables -you to perform the following operations on Windows: - -- Copy files from a server to a client -- Copy files recursively within SMB (standard file share) folders -- Keep files up to date between an SMB share and a desktop or laptop -- Copy files from an HTTP(S) source, like OneDrive, Dropbox, Amazon S3, and some other services, to - a desktop - -**NOTE:** See [Install software with SMB (standard share)](/docs/endpointpolicymanager/video/remoteworkdelivery/smb.md)for an -overview of PolicyPak Remote Work Delivery Manager. - -Endpoint Policy Manager Remote Work Delivery Manager allows you to do the following: - -- Create a rule to express which files, directory, or patterns, should be copied from which SMB - share to a client. -- Create a rule to express which file should be copied from an HTTP(s) source to a client. -- Instead of using the Group Policy method, you can export the Endpoint Policy Manager Remote Work - Delivery Manager rules and deliver them in one of four ways: - - - MEMCM - - Your own systems management software - - An MDM service - - Endpoint Policy Manager Cloud service - -- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace - the directives and perform the work. - -**NOTE:** If you use theEndpoint Policy Manager Cloud service, you can deliver Group Policy settings -even to non-domain-joined machines over the Internet. - -## Moving Parts - -- A management station — The Endpoint Policy Manager Admin Console MSI must be installed on the - management station where you create GPOs. Once it is installed, you'll see the Endpoint Policy - Manager | Endpoint Policy Manager Remote Work Delivery Manager node. -- The Endpoint Policy Manager CSE — This runs on the client (target) machine and is the same CSE for - all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint - Policy Manager CSE must be present in order to accept Endpoint Policy Manager Remote Work Delivery - Manager directives via Group Policy, or when using MEMCM, KACE, MDM, or similar utilities. -- Endpoints — In order to use these, they must be licensed for Endpoint Policy Manager Remote Work - Delivery Manager using one of the licensing methods, which are described in Book 1: - [Introduction and Basic Concepts](/docs/endpointpolicymanager/basicconcepts.md). -- PolicyPak Exporter (optional) — A free utility that lets you take Endpoint Policy Manager Admin - Templates Manager and our other products' XML files and wrap them into a portable MSI file for - deployment using MEMCM, an MDM service, or your own systems management software. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/overview/knowledgebase.md b/docs/endpointpolicymanager/remoteworkdelivery/overview/knowledgebase.md deleted file mode 100644 index 1922b47219..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/overview/knowledgebase.md +++ /dev/null @@ -1,15 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Remote Work Delivery Manager. - -## Tips and Tricks - -- [How can I make applications install sequentially / in order (and how does it work?)](/docs/endpointpolicymanager/remoteworkdelivery/installsequentially.md) -- [How to Install UWP applications using Endpoint Policy Manager Remote Work Delivery Manager](/docs/endpointpolicymanager/remoteworkdelivery/installuwp.md) -- [How do I use Endpoint Policy Manager Remote Work Delivery Manager to update the Client Side Extension?](/docs/endpointpolicymanager/remoteworkdelivery/updateclientsideextension.md) -- [What variables can I use in place for source or destination in Remote Work Delivery Manager?](/docs/endpointpolicymanager/remoteworkdelivery/variables.md) -- [How To deploy a TCP/IP Printer using Endpoint Policy Manager Remote Work Delivery Manager](/docs/endpointpolicymanager/remoteworkdelivery/printers.md) - -## Troubleshooting - -- [My Dropbox link won't verify in Remote Work Delivery Manager](/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/dropboxlink.md) diff --git a/docs/endpointpolicymanager/remoteworkdelivery/overview/videolearningcenter.md b/docs/endpointpolicymanager/remoteworkdelivery/overview/videolearningcenter.md deleted file mode 100644 index b1c0749288..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/overview/videolearningcenter.md +++ /dev/null @@ -1,21 +0,0 @@ -# Video Learning Center - -See the following Video topics for Remote Work Delivery Manager. - -## Getting Started - -- [Install software with SMB (standard share)](/docs/endpointpolicymanager/video/remoteworkdelivery/smb.md) -- [Install software using web-based shares](/docs/endpointpolicymanager/video/remoteworkdelivery/webbasedshares.md) -- [Mass copy folders and files (with filters and recursion)](/docs/endpointpolicymanager/video/remoteworkdelivery/masscopy.md) -- [Automatic Patching and Updates](/docs/endpointpolicymanager/video/remoteworkdelivery/patching.md) - -## Methods: Cloud, MDM, SCCM, etc. - -- [Deploy software with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/remoteworkdelivery/cloud.md) -- [Copy files and keep them up to date with your MDM service](/docs/endpointpolicymanager/video/remoteworkdelivery/mdm.md) - -## Tips and Tricks - -- [Endpoint Policy Manager: Remote Work Delivery Manager Local File Copy Magic](/docs/endpointpolicymanager/video/remoteworkdelivery/localfilecopy.md) -- [Endpoint Policy Manager: Use Azure Blob Storage to Deploy and Patch your software](/docs/endpointpolicymanager/video/remoteworkdelivery/azureblobstorage.md) -- [Using Remote Work Delivery Manager to Update the Endpoint Policy Manager Client Side Extension](/docs/endpointpolicymanager/video/remoteworkdelivery/updateclientsideextension.md) diff --git a/docs/endpointpolicymanager/remoteworkdelivery/printers.md b/docs/endpointpolicymanager/remoteworkdelivery/printers.md deleted file mode 100644 index 6a8e4a136b..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/printers.md +++ /dev/null @@ -1,77 +0,0 @@ -# How To deploy a TCP/IP Printer using Endpoint Policy Manager Remote Work Delivery Manager - -**Step 1 –** Zip up the Printer setup files and store on a network share that is accessible to the -users that need to have the printer installed. - -For Example: - -![571_1_image-20210320020022-1](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_1_image-20210320020022-1.webp) - -**NOTE:** This zip should contain the driver INF file for the printer to be installed. - -![571_2_image-20210320020022-2](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_2_image-20210320020022-2.webp) - -**Step 2 –** Using the Microsoft Group Policy Management Console (GPMC), create a new Netwrix -Endpoint Policy Manager (formerly PolicyPak) RWDM Standard Policy on either the Computer side (using -Switched-Mode), or the User side. - -![571_3_image-20210320020022-3](/img/product_docs/endpointpolicymanager/remoteworkdelivery/722_3_image-20201105183910-3.webp) - -**Step 3 –** At the Welcome screen select Copy a single file, and click **Next**. - -![571_4_image-20210320020022-4](/img/product_docs/endpointpolicymanager/remoteworkdelivery/722_4_image-20201105183910-4.webp) - -**Step 4 –** Select Apply this policy to all users who log on to the computer (switched mode), then -click **Next**. - -![571_5_image-20210320020022-5](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_5_image-20210320020022-5.webp) - -**Step 5 –** Enter the UNC path to the printer zip file from step 1 above, then click **Next**. - -![571_6_image-20210320020022-6](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_6_image-20210320020022-6.webp) - -**Step 6 –** Specify the target folder on the endpoint(s) where you would like the zip to be -downloaded to, provide the file name for the destination, then click **Next**.  - -**NOTE:** The target folder will be created if it does not exist - -![571_7_image-20210320020022-7](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_7_image-20210320020022-7.webp) - -**Step 7 –** Accept the default values and click **Next**. - -![571_8_image-20210320020022-8](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_8_image-20210320020022-8.webp) - -**Step 8 –** Select **Once** then click **Next**. - -![571_9_image-20210320020022-9](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_9_image-20210320020022-9.webp) - -At the Post-copy actions screen select the **Run PowerShell script**, and **Run process or script as -user** options, then add/edit the command lines below as needed to reflect what is needed for your -specific printer model, then click **Next**. - -TIP:[ Go to https://www.pdq.com/blog/using-powershell-to-install-printers/ for more information on this topic.](https://www.pdq.com/blog/using-powershell-to-install-printers/) - -``` -Expand-Archive -LiteralPath 'c:\temp\canon.zip' -DestinationPath C:\Temp    pnputil.exe /a "C:\Temp\Canon\Driver\CNS30MA64.INF"    Start-Sleep -s 10    Add-PrinterDriver -Name "Canon Generic Plus PS3"    Add-PrinterPort -Name "IP Port" -PrinterHostAddress "192.168.1.27"    Add-Printer -DriverName "Canon Generic Plus PS3" -Name "Canon Generic Plus PS3" -PortName "IP Port"  -``` - -![571_10_image-20210320020022-10](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_10_image-20210320020022-10.webp) - -**Important**: The Add-PrinterDriver -Name section above the name specified (i.e., "Canon Generic -Plus PS3" in this example) must match one of the names in the INF file! - -![571_11_image-20210320020022-11](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_11_image-20210320020022-11.webp) - -**Step 9 –** Skip the Revert actions screen unless you wish to add a revert action. - -**Step 10 –** At the Policy settings screen give the policy a descriptive name, then click -**Finish**. - -![571_12_image-20210320020022-12](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_12_image-20210320020022-12.webp) - -**Step 11 –** Run GPUPDATE on an endpoint that receives this policy to test, then verify under -Printers & Scanners that you see the printer installed. - -**NOTE:** The printer may take around 30 seconds to install. - -![571_13_image-20210320020022-13](/img/product_docs/endpointpolicymanager/remoteworkdelivery/571_13_image-20210320020022-13.webp) diff --git a/docs/endpointpolicymanager/remoteworkdelivery/processorderprecedence.md b/docs/endpointpolicymanager/remoteworkdelivery/processorderprecedence.md deleted file mode 100644 index 1b12989fb4..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/processorderprecedence.md +++ /dev/null @@ -1,33 +0,0 @@ -# Understanding Processing Order and Precedence within a GPO - -Within a particular GPO (User side or Computer side), policies and collections process in numerical -order. So, lower-numbered policies attempt to process first, and higher-numbered policies attempt to -process last. Then, lower-numbered collections attempt to process first, and higher-numbered -collections attempt to process last. - -![understanding_processing_order](/img/product_docs/endpointpolicymanager/remoteworkdelivery/understanding_processing_order.webp) - -Within any collection, there may be other collections, as well as policies. As such, each policy and -collection is also processed in numerical order, starting at each level with the lowest-numbered -policies and collections. - -## Understanding Merging and Conflicts - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote Work Delivery Manager will simply merge -all Endpoint Policy Manager Remote Work Delivery Manager policies that come from the Group Policy -method (and policies deployed from the non-Group Policy methods and collections), unless there is a -conflict. If there is a conflict, the last policy wins. - -## Precedence Between Delivery Types - -Endpoint Policy Manager Remote Work Delivery Manager policies can be delivered by Group Policy and -non-Group Policy methods such as MEMCM (via Endpoint Policy Manager Exporter or Endpoint Policy -Manager MDM) or Endpoint Policy Manager Cloud. As such, the Endpoint Policy Manager Remote Work -Delivery Manager engine needs to make a final determination regarding whether there is any conflict -between Endpoint Policy Manager Remote Work Delivery Manager policies (which are essentially rules). -Here is how precedence works: - -- Polices delivered by Endpoint Policy Manager Cloud have the lowest precedence. -- Endpoint Policy Manager file-based policies (including those delivered from an MDM service) have - the next highest precedence. -- Endpoint Policy Manager Group Policy policies have the highest precedence. diff --git a/docs/endpointpolicymanager/remoteworkdelivery/variables.md b/docs/endpointpolicymanager/remoteworkdelivery/variables.md deleted file mode 100644 index 3fb76767b4..0000000000 --- a/docs/endpointpolicymanager/remoteworkdelivery/variables.md +++ /dev/null @@ -1,53 +0,0 @@ -# What variables can I use in place for source or destination in Remote Work Delivery Manager? - -The following variables are honored in Netwrix Endpoint Policy Manager (formerly PolicyPak) Remote -Work Delivery Manager. - -Using the list below you can use these variables as sources or destinations. - -For instance to copy files from `\\server2016\share` to `%DesktopDir%` simply put in `%DesktopDir%` -in the Destination slo: - -![806_1_img](/img/product_docs/endpointpolicymanager/remoteworkdelivery/806_1_img.webp) - -The acceptable variables are below. Be sure to encapsulate them all with %, like %DestopDir% - -``` -AppDataDir -CommonAppdataDir -CommonDesktopDir -CommonFavoritesDir -CommonProgramsDir -CommonStartMenuDir -CommonStartUpDir -Desktop -DesktopDir -Documents -DocumentsDir -Downloads -DownloadsDir -Favorites -FavoritesDir -Links -LinksDir -Music -MusicDir -NetPlacesDir -Pictures -PicturesDir -ProgramFilesDir -ProgramFilesX86Dir -ProgramFilesX64Dir -ProgramsDir -RecentDocumentsDir -SendToDir -StartMenuDir -StartUpDir -SystemDir -SystemX86Dir -Videos -VideosDir -DestinationDir -Destination -DestinationFile -``` diff --git a/docs/endpointpolicymanager/requirements/cloud.md b/docs/endpointpolicymanager/requirements/cloud.md deleted file mode 100644 index 9541544743..0000000000 --- a/docs/endpointpolicymanager/requirements/cloud.md +++ /dev/null @@ -1,6 +0,0 @@ -# What are the OS requirements for Endpoint Policy Manager Cloud? - -All PolicyPak products are supported only on existing supported versions of Microsoft Windows. For -Microsoft's supported list, see this list: - -[https://docs.microsoft.com/en-us/windows/release-health/release-information](https://docs.microsoft.com/en-us/windows/release-health/release-information) diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/applicationvirtualization.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/applicationvirtualization.md deleted file mode 100644 index 7a03c7a635..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/applicationvirtualization.md +++ /dev/null @@ -1,8 +0,0 @@ -# Which application virtualization platforms are supported? - -Microsoft App-V, VMware Thinapp, Citrix XenApp Streaming, Novell ZENWorks Application -Virtualization, Spoon.Net, and Symantec Workspace Virtualization are all supported with Netwrix -Endpoint Policy Manager (formerly PolicyPak). - -To see videos on these solutions watch go to Application Manager > -[Video Learning Center](/docs/endpointpolicymanager/video/index.md). diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/appvsequences.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/appvsequences.md deleted file mode 100644 index 52a3b02af3..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/appvsequences.md +++ /dev/null @@ -1,5 +0,0 @@ -# Do I need to do anything special to get Application Manager to deploy settings to Microsoft App-V Sequences? - -No. Netwrix Endpoint Policy Manager (formerly PolicyPak) treats App-V sequences like other installed -applications. This means if you have real installed applications and also App-V applications the -transition is very smooth. diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudioadditional.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudioadditional.md deleted file mode 100644 index 2f8fecaf95..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudioadditional.md +++ /dev/null @@ -1,5 +0,0 @@ -# Besides the installation of Design Studio, are there any additional components I need on my computer in order to create my own AppSets? - -You will need to install the free Visual C++ 2008 SP1, 2010 or 2012, 2015 or 2017 Express Edition as -well as any applications you wish to manage with Netwrix Endpoint Policy Manager (formerly -PolicyPak) Design Studio. This is a free download from Microsoft. diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudiowindows7.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudiowindows7.md deleted file mode 100644 index dfd61cf758..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/designstudiowindows7.md +++ /dev/null @@ -1,8 +0,0 @@ -# I installed Design Studio on a Windows 7 Laptop but there are still some XP and Vista stations in our network. Will the Paks I create work for all three operating system? - -It is best policy to create the Netwrix Endpoint Policy Manager (formerly PolicyPak) s from the same -operating systems as the client computers. In this case, you may want to install Design Studio on an -XP and Vista machine as well and create the designated Endpoint Policy Manager s. Or, you can first -create the paks on one machine type and then re-capture the AppLock codes on the second machine -type. See the section "How to Merge Endpoint Policy Manager s using the pXML Merge Wizard" in the -Endpoint Policy Manager Design Studio guide. diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/esr.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/esr.md deleted file mode 100644 index 9a85338139..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/esr.md +++ /dev/null @@ -1,6 +0,0 @@ -# Firefox: Is Endpoint Policy Manager compatible with Firefox ESR? - -Yes, Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager and Endpoint Policy -Manager Browser Router are only compatible with Firefox ESR.  Firefox RR is not compatible. -[See this blog article](https://www.endpointpolicymanager.com/pp-blog/endpointpolicymanager-will-soon-only-support-firefox-esr) -for more details. diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/frontmotion.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/frontmotion.md deleted file mode 100644 index d2be6331a3..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/frontmotion.md +++ /dev/null @@ -1,4 +0,0 @@ -# Firefox: Is Endpoint Policy Manager compatible with the Frontmotion packaged MSI version of Firefox? - -Yes, Netwrix Endpoint Policy Manager (formerly PolicyPak) is compatible with the Frontmotion -packaged MSI version of Firefox. diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/version.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/version.md deleted file mode 100644 index d3f0cc5497..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/version.md +++ /dev/null @@ -1,11 +0,0 @@ -# Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox? - -Here is a table to help you understand what is supported. - -Note that Firefox versions not listed on this table are not yet tested and may or may not work - -![image001](/img/product_docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/image001.webp) - -The reason you need to upgrade the CSE to support the various levels of Firefox is because the -Firefox methods for accepting certificates changed, and therefore we changed with them to support -the changes. diff --git a/docs/endpointpolicymanager/requirements/support/applicationsettings/xenapp.md b/docs/endpointpolicymanager/requirements/support/applicationsettings/xenapp.md deleted file mode 100644 index bd5dfef32f..0000000000 --- a/docs/endpointpolicymanager/requirements/support/applicationsettings/xenapp.md +++ /dev/null @@ -1,8 +0,0 @@ -# Are there any additional steps required to integrate Endpoint Policy Manager Software with XenAPP applications? - -If you want to control user access or sessions, or manage applications that reside on the XenAPP -server, you only need to: - -- Ensure the XenAPP server is licensed like any other computer, and -- Apply the GPO settings to the user, or -- Apply the GPO setting to the server itself. diff --git a/docs/endpointpolicymanager/requirements/support/javaenterpriserules/versionjava.md b/docs/endpointpolicymanager/requirements/support/javaenterpriserules/versionjava.md deleted file mode 100644 index fa9ff8be16..0000000000 --- a/docs/endpointpolicymanager/requirements/support/javaenterpriserules/versionjava.md +++ /dev/null @@ -1,6 +0,0 @@ -# What is the earliest version / what versions of Java are required for Java Rules Manager to work with? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Java Rules Manager will work when Java 7 U 40 -or later is on the machine. Then you can make maps to any version of Java higher or lower. - -Keep in mind that PPJRM will not work without at LEAST Java 7 U 40 installed on the machine. diff --git a/docs/endpointpolicymanager/requirements/support/scriptstriggers/vpnsolutions.md b/docs/endpointpolicymanager/requirements/support/scriptstriggers/vpnsolutions.md deleted file mode 100644 index f940dcc9cf..0000000000 --- a/docs/endpointpolicymanager/requirements/support/scriptstriggers/vpnsolutions.md +++ /dev/null @@ -1,9 +0,0 @@ -# Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers? - -The following VPNs are currently supported for use in Scripts Manager VPN Triggers: - -1. Anything in the box from Microsoft -2. Cisco AnyConnect -3. Fortinet -4. OpenVPN (GUI) -5. OpenVPN (Connect) diff --git a/docs/endpointpolicymanager/requirements/support/startscreentaskbar/mappeddrives.md b/docs/endpointpolicymanager/requirements/support/startscreentaskbar/mappeddrives.md deleted file mode 100644 index a5617cf985..0000000000 --- a/docs/endpointpolicymanager/requirements/support/startscreentaskbar/mappeddrives.md +++ /dev/null @@ -1,10 +0,0 @@ -# Does Endpoint Policy Manager Start Screen Manager support pinning application icons in Windows Start Screen or Taskbar from a network location, i.e. Mapped Drives or UNC Paths? - -Yes, Endpoint Policy Manager Start Screen Manager fully supports pinning applications from a network -location, however, the network location must be a UNC path. - -If you receive a text message similar to the one below when clicking on the application icon from -the Start Screen, then it means that either the Application is not present at the physical path, or -it is configured with a Mapped Drive instead of the UNC Path. - -![841_1_image-20201201090844-1](/img/product_docs/endpointpolicymanager/requirements/support/startscreentaskbar/841_1_image-20201201090844-1.webp) diff --git a/docs/endpointpolicymanager/requirements/support/startscreentaskbar/windowserver.md b/docs/endpointpolicymanager/requirements/support/startscreentaskbar/windowserver.md deleted file mode 100644 index 966dc08d48..0000000000 --- a/docs/endpointpolicymanager/requirements/support/startscreentaskbar/windowserver.md +++ /dev/null @@ -1,11 +0,0 @@ -# When does Endpoint Policy Manager Start Screen & Taskbar Manager work on Server 2019, 2016, 2012 R2? - -There are two parts of Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar -Manager: - -- Endpoint Policy Manager Start Screen Manager — Works on Server 2016 with (Desktop Experience) and - later (as it does with Windows 1703 and later). -- Endpoint Policy Manager Taskbar Manager — Will not work on Server 2016; but will work on Server - 2019 and later. - -Neither component will work on Server 2012 R2 (with Desktop Experience). diff --git a/docs/endpointpolicymanager/requirements/support/windows.md b/docs/endpointpolicymanager/requirements/support/windows.md deleted file mode 100644 index 56c56835dc..0000000000 --- a/docs/endpointpolicymanager/requirements/support/windows.md +++ /dev/null @@ -1,17 +0,0 @@ -# Which Windows Client and Server are currently supported by Endpoint Policy Manager? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) supports all current versions of Windows -clients and Servers as listed on the Microsoft chart below that have not reached end of service with -Microsoft: - -Clients: -[https://learn.microsoft.com/en-us/windows/release-health/supported-versions-windows-client](https://learn.microsoft.com/en-us/windows/release-health/supported-versions-windows-client) - -Servers: [https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info](https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info) - -Any exceptions, if any, to the above will be noted in the RELEASE-NOTES in the Endpoint Policy -Manager Portal. - -**NOTE:**   For complete clarity, Endpoint Policy Manager is not supported on Server 2012 R2, -Windows 7, and so on. The final build with best effort support is 23.8, and no more builds will be -produced after that. diff --git a/docs/endpointpolicymanager/requirements/support/windows11.md b/docs/endpointpolicymanager/requirements/support/windows11.md deleted file mode 100644 index 19216a0cb4..0000000000 --- a/docs/endpointpolicymanager/requirements/support/windows11.md +++ /dev/null @@ -1,121 +0,0 @@ -# How does Endpoint Policy Manager support (and not support) Windows 11? - -For the best compatibility, you should use Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE -version 3068 and later when you use Windows 11. - -Here's the breakdown of some specific Endpoint Policy Manager components which you might want to -learn about with regard to Windows 11. - -## Endpoint Policy Manager Browser Router (with Windows 11) - -Internet Explorer is absent in Windows 11, but there is IE Mode within Windows 11 and Edge. - -IE mode still generally supports the following constructs and ideas (which you may be using with -Endpoint Policy Manager ): - -- Document Modes (which you can implement via Endpoint Policy Manager Browser Router) -- ActiveX Controls (which you can permit installation via Endpoint Policy Manager Least Privilege - Manager) -- Java support (which you can implement using Endpoint Policy Manager Java Rules Manager) -- Browser Helper Objects (which you can implement using Endpoint Policy Manager Application Settings - Manager) -- Most IE Group Policy Settings which affect zone settings and protected mode settings (which you - can dictate via GPO, Endpoint Policy Manager, and MDM or Endpoint Policy Manager Cloud.) - -Before CSE version 3068, Endpoint Policy Manager Browser Router isn't aware when Internet Explorer -(the full application) is absent. After CSE version 3068, Endpoint Policy Manager Browser Router is -aware when Internet Explorer (the full application) is absent, and only IE Mode within Edge remains. - -The updated behavior with Windows 11 and CSE version 3068 and later is that routes requested to go -to IE should go to IE in Edge mode when possible. - -The general rules are as follows: - -## Example 1: Explicit URL specifying Internet Explorer. - -If you have an explicit route to a URL and specify Internet Explorer, Endpoint Policy Manager -Browser Router will attempt to invoke IE in Edge mode. An explicit route could be something like -https://www.endpointpolicymanager.com/webinar. - -An example can be seen below. Note it doesn't matter if the pulldown is set for **Open in standalone -IE** or **Open as IE in Edge tab** is set. Those settings only matter for Windows 10 and are ignored -in Windows 11. - -![736_1_image-20220128125242-1](/img/product_docs/endpointpolicymanager/requirements/support/736_1_image-20220128125242-1.webp) - -## Example 2: Using Wildcards (or RegEx or Internet Security Zone) and attempting to set the browser to Internet Explorer - -Since there is no IE 11 in Windows 11, existing routes set like what's seen here cannot work as -expected. - -Starting with Endpoint Policy Manager CSE 3068 on Windows 11, Endpoint Policy Manager Browser Router -will route these to the Default Browser. - -![736_2_image-20220128125242-2](/img/product_docs/endpointpolicymanager/requirements/support/736_2_image-20220128125242-2.webp) - -## How are Default Browser Policies handled (With Windows 11)? - -Note there is a Endpoint Policy Manager Browser Router policy to set Default Browser which you might -have already set. Windows 11 and Endpoint Policy Manager CSE version 3068 and later will see this -and make a decision accordingly if you've set this to Internet Explorer. - -**NOTE:** Windows 10 will honor the Internet explorer setting, but Windows 11 needs to have a plan. - -![736_3_image-20220128125242-3](/img/product_docs/endpointpolicymanager/requirements/support/736_3_image-20220128125242-3.webp) - -- If you use Endpoint Policy Manager Browser Router to specify a Default Browser (Edge, Chrome, - Firefox, Custom, or User Selectable), you will get what you expect. -- If you have selected nothing (that is, you have no Endpoint Policy Manager Browser Router Default - Browser policy) then the default will be the User's selected browser. -- If you select Internet Explorer as your Default Browser, then CSE version 3068 and later on - Windows 11 will choose Edge automatically. -- If you select a Default Browser (like Firefox or Chrome) but the browser is absent on the machine, - Endpoint Policy Manager CSE version 3068 and later on Windows 11 will choose Edge automatically. - -## Endpoint Policy Manager Start Screen & Taskbar Manager (with Windows 11) - -Managing the Taskbar with Endpoint Policy Manager for Windows 10 and 11 is exactly the same. You can -use Endpoint Policy Manager Start Screen & Taskbar manager today to manage the Windows 11 Taskbar. - -However, managing the Windows 11 Start Screen is another story. - -For Windows 11, there is not currently a good way to manage the Start Screen with Endpoint Policy -Manager.  While we could build something here, Windows 11 itself only supports the following very -specific scenario: - -- We could enable you to craft the Windows 11 Start Menu. -- That Start Menu could be delivered to the machine. -- All users on the machine would pick up the exact same Start Menu. -- Only users who have no profile would pick up this new Start Menu. Users who have already logged on - before would not be able to get any changes dictated by Endpoint Policy Manager. - -This is obviously in sharp contrast to the way Windows 10 Start Menu works and what Endpoint Policy -Manager can deliver with Windows 10. In Windows 10 Endpoint Policy Manager can: - -- Enable you to craft the Windows 10 Start Menu. -- Start Menu can be delivered Per Machine or Per user. -- Any user could have a different Start Menu. -- Users who have logged on before could get the Start Menu to be adjusted. - -These differences are hardcoded into Windows 11 vs. Windows 10. As such we don't see a lot of value -in creating a Endpoint Policy Manager for Windows 11 Start Screen Manager because of the -limitations. In short, if existing users' Start Screens cannot be manipulated (again, hardcoded by -Windows 11) it obviates the need for a Start Screen Manager. Again, and equally important, if all -users on Windows 11 must get the same Start Screen (programmatic, built into Windows 11) then this -would not be useful for customers. - -So we would love to build this, if and when the internals of the Windows 11 Start Screen are changed -to be programmatically manipulatable. - -## Endpoint Policy Feature Manager (for Windows 11) - -Windows 11 features are available to manage in Endpoint Policy Manager CSE and MMC version 3068 and -later. - -## Endpoint Privilege Manager, Endpoint Policy Manager Application Settings Manager, Endpoint Policy Manager Device Manger and all others not listed (For Windows 11) - -No particular Windows 11 changes or incompatibilities. - -If you were to use an older CSE you shouldn't see any incompatibilities or any differences. - -That being said, we always recommend you use the latest CSE, as fixes and updates occur regularly. diff --git a/docs/endpointpolicymanager/requirements/support/windows7.md b/docs/endpointpolicymanager/requirements/support/windows7.md deleted file mode 100644 index a8385a70cb..0000000000 --- a/docs/endpointpolicymanager/requirements/support/windows7.md +++ /dev/null @@ -1,41 +0,0 @@ -# How does Endpoint Policy Manager support (and not support) Windows 7? - -First, Windows 7, Server 2008 R2, Windows 8 and Server 2012 R2 are not supported by Microsoft and -not supported with Netwrix Endpoint Policy Manager (formerly PolicyPak) installed. - -Endpoint Policy Manager only supports versions of the operating system which are actively supported -by Microsoft. This is covered in this -FAQ:[Which Windows Client and Server are currently supported by Endpoint Policy Manager?](/docs/endpointpolicymanager/requirements/support/windows.md) - -That being said, Endpoint Policy Manager and unsupported operating systems are BEST EFFORT. - -However, thefinal buildwe produced that is expected to install (at all) on unsupported operating -systems is 23.8. - -Additionally Endpoint Policy Manager requires drivers which are signed and work only with Windows 10 -and later. As such, the following features are EXPECTED to be non-functional even if the CSE -installs properly on unsupported operating systems: - -- Endpoint Policy Manager Least Privilege Manager : Block DLLs -- Endpoint Policy Manager Least Privilege Manager: Open/Save Dialog with Low User Rights -- Endpoint Policy Manager Least Privilege Manager: COM Elevation -- Endpoint Policy Manager Device Manager: All of it. - -There could be more pieces which are expected not to work in Endpoint Policy Manager, but these are -the known items. - -Note for best functionality you should add some additional Microsoft .Net software. - -There are basically two major versions of .Net CLR: v2 and v4. - -- The latest version of v2 is 3.5. -- The latest of v4 is 4.8 - -It is recommended to have both installed (3.5 + 4.8). - -**NOTE:** there is never any reason to install outdated versions of .Net, so we recommend clients -continue to have the most recent .NET installed with all security updates, and keep installing and -updated all the time. - -More details about .Net framework versions can be found here: -[https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies](https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies) diff --git a/docs/endpointpolicymanager/requirements/windows7.md b/docs/endpointpolicymanager/requirements/windows7.md deleted file mode 100644 index 98e830c7e4..0000000000 --- a/docs/endpointpolicymanager/requirements/windows7.md +++ /dev/null @@ -1,15 +0,0 @@ -# What must I install on Windows 7 to make Endpoint Policy Manager work as expected? - -Windows 7 and Netwrix Endpoint Policy Manager (formerly PolicyPak) may not have all functions work. -This is because all Endpoint Policy Manager binaries are digitally signed, but with a newer hash -algorithm that un-patched Windows 7 doesn't understand. - -So to get Endpoint Policy Manager Application Settings Manager Re-apply on Launch to work, Group -Policy Preferences Scheduled Tasks, and Endpoint Policy Manager - [https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html](https://www.endpointpolicymanager.com/products/endpointpolicymanager-least-privilege-manager.html) to -work as expected, Windows 7 requires and updated patch. - -For Endpoint Policy Manager to work as expected on Windows 7, Windows 7 -requires [https://www.microsoft.com/en-us/download/details.aspx?id=46148](https://www.microsoft.com/en-us/download/details.aspx?id=46148) for -64-bit and requires -32-bit [https://www.microsoft.com/en-pk/download/details.aspx?id=46078](https://www.microsoft.com/en-pk/download/details.aspx?id=46078) diff --git a/docs/endpointpolicymanager/scriptstriggers/advantages.md b/docs/endpointpolicymanager/scriptstriggers/advantages.md deleted file mode 100644 index 0f098cf3e7..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/advantages.md +++ /dev/null @@ -1,27 +0,0 @@ -# Advantages of Using Scripts & Triggers Manager - -With Endpoint Policy Manager Scripts & Triggers Manager, the advantages you get are based on the -policy method you already employ. - -- For those using Group Policy: - - - You can deploy scripts to users or computers. - - Use can use Item-Level Targeting to determine whether the script should run. - - You can apply the script always, once, or when forced manually. - -- For those using Endpoint Policy Manager Cloud: - - - You can deploy scripts to your non-domain-joined machines. - - You can deploy scripts to your Windows 7 and 10 Home machines, which allows you to do - interesting things that were once only possible using Group Policy Preferences, for example, - delivering a shortcut to the Desktop of your non-domain-joined Windows 10 Home device. - -- For those using an MDM solution: - - - If your MDM solution has no scripting ability (or you have to pay extra for it) then Endpoint - Policy Manager provides the solution. - - You can use Item-Level Targeting to determine whether the script should run. - - - You can apply the script always, once, or when forced manually. - - - You can write your script in most common languages; not just PowerShell. diff --git a/docs/endpointpolicymanager/scriptstriggers/cylance.md b/docs/endpointpolicymanager/scriptstriggers/cylance.md deleted file mode 100644 index 67474e36b2..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/cylance.md +++ /dev/null @@ -1,11 +0,0 @@ -# What must I do in Cylance such that it will run Powershell scripts via Endpoint Policy Scripts Manager? - -If you want to use Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts AND Cylance together -to run Powershell scripts.. then.. - -Log into the Cylance console. Select Protection from the menu, then click Script control. - -Select one or more scripts from the list. Click SAFE. These scripts are added to the Global -Safelist, and Endpoint Policy Manager Scripts will run PowerShell scripts as expected. - -**NOTE:** This note came from Cylance and is not validated by Endpoint Policy Manager. diff --git a/docs/endpointpolicymanager/scriptstriggers/gettoknow/computerside.md b/docs/endpointpolicymanager/scriptstriggers/gettoknow/computerside.md deleted file mode 100644 index 56ec4cdd14..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/gettoknow/computerside.md +++ /dev/null @@ -1,38 +0,0 @@ -# Using Endpoint Policy Manager Scripts on the Computer Side - -In the Quickstart example, we delivered scripts to users, but Endpoint Policy Manager can also -deliver scripts on the Computer side. There are two options when you create a scripts policy from -the Computer side, which can be seen in Figure 17. - -![getting_to_know_scripts_triggers_13](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_13.webp) - -Figure 17. Using Endpoint Policy Manager Scripts & Triggers Manager Wizard on the Computer side. - -The two options to select from are: - -- Apply this policy to computer (default):  This will apply the settings to the computer in the - System context. This is best when you're trying to do things that only the system should do, like - manipulate the Registry with HKLM keys or system files, and so on. The policy only applies when - the Computer context is used. -- Apply this policy to all users who log into the computer (switched mode): This setting will run - the script either as System (default behavior) or in the User context. This gives you the ability - to run a script anytime a user logs into the computer, and then also specify the context (System - or User.) - -**NOTE:** Scripts placed on the Computer side, but run in the User context can be run interactively. -But scripts run in the System context cannot be run interactively. - -The main advantage to applying scripts on the Computer side, but running in User context, is that -you do not need Loopback in order to deliver user-side scripts to computers. In this way, you can -target specific scripts for collections of computers like training rooms, free seating areas, VDI, -and similar situations, and ensure that the same script runs for everyone who sits down at these -computers. - -Note some subtle differences about when policies are set to "Always apply": - -- Switched policies apply to users (even though they're targeted to computers.) As such, all - switched policies apply on login and anytime the Group Policy service updates (in the background, - and manually when you run GPupdate and PPupdate). -- All policies with "Always apply" selected will reapply when policy changes are made. -- All policies with "Always apply" selected will reapply when the Endpoint Policy Manager service - starts up. diff --git a/docs/endpointpolicymanager/scriptstriggers/gettoknow/overview.md b/docs/endpointpolicymanager/scriptstriggers/gettoknow/overview.md deleted file mode 100644 index 18cfb0899a..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/gettoknow/overview.md +++ /dev/null @@ -1,35 +0,0 @@ -# Getting to Know Scripts & Triggers Manager - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts & Triggers Manager is contained within -the PolicyPak node, as demonstrated in Figure 4. Endpoint Policy Manager Scripts & Triggers Manager -MMC snap-in enables you to create a new Endpoint Policy Manager Scripts & Triggers Manager policy or -collection. - -**NOTE:** You will only see the Endpoint Policy Manager Scripts & Triggers Manager node when the -latest Admin Console MSI is installed on the management station. - -![getting_to_know_scripts_triggers](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers.webp) - -Figure 4. The location of the Endpoint Policy Manager Scripts & Triggers Manager. - -The functions of collections and policies are as follows: - -- Policies are the rules that perform the work. -- Collections are groupings of policies. - -The next section provides a Quickstart to using Endpoint Policy Manager Scripts & Triggers Manager. -We suggest you download the sample scripts that we've provided on our website to your management -station and follow along. Select the Guidance XMLs and Scripts category, then download them, as seen -in Figure 5. - -![getting_to_know_scripts_triggers_1](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_1.webp) - -Figure 5. Download the Endpoint Policy Manager scripts from the Guidance XMLs location in the -Endpoint Policy Manager Portal. - -Before continuing, make sure you have the downloaded script examples unpacked and ready to go. You -should have a folder that looks similar to what's seen in Figure 6. - -![getting_to_know_scripts_triggers_2](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_2.webp) - -Figure 6. Endpoint Policy Manager script examples unpacked. diff --git a/docs/endpointpolicymanager/scriptstriggers/gettoknow/usage.md b/docs/endpointpolicymanager/scriptstriggers/gettoknow/usage.md deleted file mode 100644 index 4d23cea104..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/gettoknow/usage.md +++ /dev/null @@ -1,61 +0,0 @@ -# Using Endpoint Policy Manager Scripts and Triggers - -You may want to map a drive on a remote machine whenever it connects to the network through VPN or -map a printer whenever a user opens a designated application and then unmap the drive or printer -once the VPN connection or application is closed. You can do this through the use of Endpoint Policy -Manager scripts and triggers. - -**NOTE:** For an overview of Endpoint Policy Manager scripts and triggers see -[Endpoint Policy Manager Scripts + Triggers: Map a printer or drive when a process runs and un-map it when closed.](/docs/endpointpolicymanager/video/scriptstriggers/mapdrivetriggers.md). - -**Step 1 –** Let's use an example in which you want to map a printer for your users whenever they -use Acrobat Reader. There are a couple of script options we can use to map a printer. It is highly -recommended that you manually test your scripts first in order to make sure they work properly. This -will prevent you from having to troubleshoot issues down the road when you deploy your policies. In -Figure 18 we are using a simple PowerShell script to map the printer. (If the PowerShell script -doesn't work for your environment then you can use a traditional batch script to map it.) - -![getting_to_know_scripts_triggers_14](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_14.webp) - -Figure 18. Using a PowerShell script to map a printer. - -**Step 2 –** There are no revert scripts when using triggers so this section is not applicable as -shown in Figure 19. - -![getting_to_know_scripts_triggers_15](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_15.webp) - -Figure 19. There are no revert scripts when using triggers. - -**Step 3 –** You then need to select your desired trigger type. In Figure 20 we are selecting -"Process start."  Notice the other trigger options available. - -![getting_to_know_scripts_triggers_16](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_16.webp) - -Figure 20. Choosing the desired trigger type. - -**Step 4 –** You must then select the process. You can either point to the application file or point -to the application process itself if it is currently running. In Figure 21 we have selected the -Acrobat Reader file. - -![getting_to_know_scripts_triggers_17](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_17.webp) - -Figure 21. Selecting the application file. - -**Step 5 –** You can then configure Item-level Targeting if desired. - -**Step 6 –** Now you need to create another policy that will remove the printer mapping once the -user closes Acrobat Reader. To do this, we will use a PowerShell script, shown in Figure 22. - -![getting_to_know_scripts_triggers_18](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_18.webp) - -Figure 22. Using a PowerShell script to remove a printer connection. - -**Step 7 –** Now you need to select "Process close" for the trigger type, as shown in Figure 23. - -![getting_to_know_scripts_triggers_19](/img/product_docs/endpointpolicymanager/scriptstriggers/gettoknow/getting_to_know_scripts_triggers_19.webp) - -Figure 23. Choosing "Process close" as the trigger type to remove the printer when the user closes -Acrobat Reader. - -**Step 8 –** Finally, point to the application file or open process and configure Item-level -Targeting if desired. diff --git a/docs/endpointpolicymanager/scriptstriggers/insouts.md b/docs/endpointpolicymanager/scriptstriggers/insouts.md deleted file mode 100644 index c7cebb8fe3..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/insouts.md +++ /dev/null @@ -1,108 +0,0 @@ -# Ins and Outs - -Endpoint Policy Manager Scripts & Triggers Manager solves several huge Windows 10 issues. Its basic -goal is to deliver scripts using whatever delivery mechanism you might want. For on-prem machines, -you already have some good, but not great, options for running the occasional script. With Endpoint -Policy Manager Cloud, Endpoint Policy Manager Scripts & Triggers Manager brings a method to deploy -scripts that didn't exist before. For those using an MDM solution, there is built-in script -deployment, but it has many restrictions. In this section, we'll examine how scripts have worked -with the in-box Group Policy method and with MDM solutions (without Endpoint Policy Manager ). - -### Managing Scripts with Group Policy - -Deploying scripts with Group Policy is not hard, but it does have some limitations. We'll go through -the process below. - -There are Startup and Shutdown script settings, which are found under the Computer Configuration | -Policies node in the Windows Settings | Scripts (Startup/Shutdown) branch. You can get your proposed -script into the proper GPO in many ways; however, we propose the following as the ideal way: - -**Step 1 –** In the Group Policy Management Editor, drill down to the Scripts (Startup/Shutdown) -node and double-click "Startup." The Startup Properties dialog box will appear. - -**Step 2 –** Click the Add button to open the "Add a Script" dialog box. - -**Step 3 –** In the Script Name field, you can enter a file name or click "Browse" to open the -Browse dialog box, shown in Figure 1. - -**Step 4 –** To create a new file, right-click in the Browse dialog box, and choose New| Text -Document, for example. - -**Step 5 –** Enter a name for the file, such as myscript.bat. - -![about_policypak_scripts_triggers](/img/product_docs/endpointpolicymanager/scriptstriggers/about_endpointpolicymanager_scripts_triggers.webp) - -Figure 1. Adding a script. - -Next, it's important to understand that Startup and Shutdown scripts run in the LocalSystem context. -If you want to connect to resources across the network, you'll need to ensure that those resources -allow for computer access across the network (not just user access), because the script will run in -the context of the computer account when it accesses network resources (such as the Domain Computers -group). - -The Logon and Logoff script settings are under the User Configuration | Policies node in the Windows -Settings | Scripts (Logon/Logoff) branch. Logon and logoff scripts run in the User context. Remember -that a user is just a mere mortal and might not be able to manipulate Registry keys that you may run -in a logon or logoff script. - -You can also run PowerShell-based scripts. You can find these settings in User Configuration | -Policies | Windows Settings | Scripts (Logon/Logoff). Similar settings for the computer are found in -Computer Configuration | Policies | Windows Settings | Scripts (Startup/Shutdown). The dialog can be -seen in Figure 2. - -![about_policypak_scripts_triggers_1](/img/product_docs/endpointpolicymanager/scriptstriggers/about_endpointpolicymanager_scripts_triggers_1.webp) - -Figure 2. Using the in-box Group Policy method to deploy PowerShell scripts. - -These processes are perfectly fine, but do not suit every case. The primary problems with the in-box -Group Policy method are: - -- Scripts can only run at Startup/Shutdown and Logon/Logoff and are only run once, despite the fact - that there may be other times when you want a script to run. -- Scripts are "all or nothing"; that is, the script cannot determine whether or not it should apply - based on certain conditions. -- To make a script run interactively, you must create a global setting (to the machine) within Group - Policy by going to User Configuration | Policies | Administrative Templates | System | Scripts, - and selecting either "Run logon scripts visible" or "Run logoff scripts visible." For Startup and - Shutdown scripts you must go to Computer Configuration | Policies | Administrative Templates | - System | Scripts, and select either "Run startup scripts visible" or "Run shutdown scripts - visible." However, you cannot make a specific script run interactively. -- You cannot make a script that would apply to all users who log into the computer (without using - loopback). - -### Managing Scripts with an MDM service - -On Microsoft Endpoint Manager, the ability to run PowerShell scripts is handled by the Intune -Management extension. For more information on this extension see -[https://docs.microsoft.com/en-us/intune/intune-management-extension](https://docs.microsoft.com/en-us/intune/intune-management-extension). -Figure 3 shows the available options for adding a PowerShell script with Intune. - -![about_policypak_scripts_triggers_2](/img/product_docs/endpointpolicymanager/scriptstriggers/about_endpointpolicymanager_scripts_triggers_2.webp) - -Figure 3. Deploying a PowerShell script using Microsoft Endpoint Manager. - -The MDM script deployment mechanism leaves a lot to be desired, however. The following are the -typical problems with built-in MDM scripts that you may find when using Microsoft Endpoint Manager -(Intune), VMware Workspace ONE (AirWatch), or MobileIron (although the problems might be different -on any given MDM solution, since they are all very different). - -- Some MDM solutions do not enable you to run any scripts at all for any reason. -- For MobileIron customers, enabling scripting costs extra with their MobileIron Bridge add-on. -- Depending on the vendor, the scripts might be restricted to one specific type. For instance, on - Microsoft Endpoint Manager the only script type that may be used is PowerShell. -- Typically, the scripts are applied and run only once (unless the script itself is updated). -- Scripts can only be targeted to computers, not to users. -- The scripts can be targeted to a group of computers, but have no way to determine if conditions - are true on the machine or not. (All the logic for when a script will apply has to be baked into - the script). -- Scripts can take up to an hour to run (that's the nature of MDM, anyway). -- There is no way to trigger the script to re-run manually for quick testing purposes. You need to - manually update the script and wait for MDM to re-deploy it. -- The following restrictions apply on Intune: - - - Scripts must be less than 10 KB (ASCII) or 5 KB (Unicode). - - Scripts can only call the 32-bit version of PowerShell, so 64-bit PowerShell cmdlets cannot be - used. - - The scripts only run when a computer is associated with a user; so with kiosk devices, using - the MDM scripting is often not possible. - - The scripts will not run with hybrid scenarios (domain-joined and Azure registered devices.) diff --git a/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/exportcollections.md b/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/exportcollections.md deleted file mode 100644 index 69902e7b97..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/exportcollections.md +++ /dev/null @@ -1,52 +0,0 @@ -# Exporting Collections - -Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) explains -how to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager directive and -deliver it using an MDM service such as Microsoft Endpoint Manager (SCCM and Intune), KACE, and so -on, as well as via Endpoint Policy Manager Cloud. - -**NOTE:** For a video demonstrating the use of Endpoint Policy Manager scripts with Endpoint Policy -Manager Cloud and an MDM service see -[Endpoint Policy ManagerScripts .. Deploy Software via VPN or with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/scriptstriggers/cloud.md) -and -[Endpoint Policy Manager Scripts and YOUR MDM service: Un-real power](/docs/endpointpolicymanager/video/scriptstriggers/mdm.md) - -Remember that Endpoint Policy Manager Scripts & Triggers Manager policies can be created and -exported on the User or Computer side. For instance, in Figure 30, you can see an export from the -User side. - -![using_item_level_targeting_6](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_6.webp) - -Figure 30. Exporting a policy from the User side. - -In Figure 31, you can see an export of a Endpoint Policy Manager Scripts & Triggers Manager XML file -from the Computer side. - -![using_item_level_targeting_7](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_7.webp) - -Figure 31. Exporting a collection from the Computer side. - -Here are some helpful tips to decide which side to use: - -- When you export a user-side policy, and deploy it using Endpoint Policy Manager Cloud or MDM, it - will apply to every user on the machine (like switched mode). -- When you export a computer-side policy that affects the system, and deploy it using Endpoint - Policy Manager Cloud or MDM, it will apply to the computer as system. -- When you export a computer-side policy that affect all users on the machine, and deploy it using - Endpoint Policy Manager Cloud or MDM, it will apply to every user on the machine (like switched - mode). - -To export a policy for later use with Endpoint Policy Manager Exporter or Endpoint Policy Manager -Cloud, right-click the collection or the policy and select "Export as XML," as demonstrated in -Figure 32. - -**NOTE:** For a video showing how to export policies and use Endpoint Policy Manager Exporter, watch -[Deploying Endpoint Policy Managerdirectives without Group Policy (Endpoint Policy Manager Exporter Utility)](/docs/endpointpolicymanager/video/mdm/exporterutility.md). - -![using_item_level_targeting_8](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_8.webp) - -Figure 32. Choosing this option will allow the user to export the policy for later use. - -Note that exported collections or policies maintain any Item-Level Targeting set within them. If -you've used items that represent Group Membership in Active Directory, then those items will only -function when the machine is domain-joined. diff --git a/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/overview.md b/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/overview.md deleted file mode 100644 index d826720dfc..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/overview.md +++ /dev/null @@ -1,67 +0,0 @@ -# Using Item-Level Targeting with Collections and Policies - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix -Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. -With Endpoint Policy Manager Scripts & Triggers Manager, Item-Level Targeting can be placed on -collections, as well as Endpoint Policy Manager Scripts & Triggers Manager policies within -collections. - -A collection enables you to group together Endpoint Policy Manager Scripts & Triggers Manager -policies so they can act together. For instance, you might create a collection for only East Sales -computers and another for West Sales computers. Or you might create a collection for Windows 10 -machines and one for Windows Server 2016 RDS, as seen in Figure 24. - -![using_item_level_targeting](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting.webp) - -Figure 24. Scripts & Triggers Manger allows the user to create collections and then set Item-Level -Targeting upon the collections. - -Right-click any Endpoint Policy Manager Scripts & Triggers Manager policy, and select "Edit Item -Level Targeting," as demonstrated in Figure 25. - -![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_1.webp) - -Figure 25. Setting Item-Level Targeting for policy entries themselves. - -The "Edit Item Level Targeting" menu item brings up the Targeting Editor, which is shown in -Figure 26. You can select any combination of characteristics you want to test for. Administrators -familiar with Group Policy Preferences' Item-Level Targeting will be at home in this interface as it -is functionally equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically, also shown in Figure 26. You can also add targeting collections, which group together -targeting items in much the same way parentheses are used in an equation. In this way, you can -create a complex determination about where a policy will be applied. Collections may be set to -"And", "Or", "Is", or "Is Not." - -![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_2.webp) - -Figure 26. In this example, the Pak would only apply to Windows 10 machines when the machine is -portable and the user is in the FABRIKAM\Traveling Sales Users group. - -Below are some real-world examples of of how you can use Item-Level Targeting. - -- Software prerequisites. If you want to configure an application's settings, first make sure the - application is installed on the user's computer before configuring it. You can use File Match or - Registry Match targeting items (or both) to verify a specific version of a file or a registry - entry is present. (For an example of this, look in the Uninstall registry key.) -- Mobile computers. If you want to deploy settings exclusively for users on mobile PCs, then filter - the rule to apply only to mobile PCs by using the "Portable Computer" targeting item. -- Operating system version. You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system. Then filter each - rule using the "Operating System" targeting item. -- Group membership. You can link the Group Policy Object (GPO) to the whole domain or organizational - unit (OU), but only members within a specific group will pick up and process the rule settings. -- IP range. You can specify different settings for various IP ranges, like different settings for - the home office and each field office. - -After editing is completed, close the editor. Note that the icon for the policy or collection has -changed to orange, which shows that it now has Item-Level Targeting, as seen in Figure 27. - -![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_3.webp) - -Figure 27. When the policy or collection's icon is orange, the entry has Item-Level Targeting. - -When Item-Level Targeting is on, the policy won't apply unless the conditions are true. If -Item-Level Targeting is on a collection, then none of the items in the collection will apply unless -the Item-Level Targeting on the collection evaluates to True. diff --git a/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/processorderprecedence.md b/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/processorderprecedence.md deleted file mode 100644 index c3501b79e2..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/processorderprecedence.md +++ /dev/null @@ -1,32 +0,0 @@ -# Understanding Processing Order and Precedence - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So lower-numbered collections attempt to process first, and higher-numbered collections attempt to -process last as shown in Figure 28. Then, within any collection, each policy is processed in -numerical order from lowest to highest, as seen in Figure 29. - -![using_item_level_targeting_4](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_4.webp) - -Figure 28. The order collections are processed in. - -![using_item_level_targeting_5](/img/product_docs/endpointpolicymanager/scriptstriggers/itemleveltargeting/using_item_level_targeting_5.webp) - -Figure 29. The order policies are processed in. - -## Merging and Conflicts - -Endpoint Policy Manager Scripts & Triggers Manager will merge all policies that come from the Group -Policy method (and/or policies and collections deployed from methods other than Group Policy), -unless there is a conflict. - -## Precedence - -Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint -Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As -such, the Endpoint Policy Manager engine needs to make a final determination whether there is any -overlap of policies. Here is how the precedence works: - -- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. -- Policies delivered through Endpoint Policy Manager files have the next highest precedence. -- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest - precedence. diff --git a/docs/endpointpolicymanager/scriptstriggers/mappeddrives/powershell.md b/docs/endpointpolicymanager/scriptstriggers/mappeddrives/powershell.md deleted file mode 100644 index 31ab931b62..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/mappeddrives/powershell.md +++ /dev/null @@ -1,57 +0,0 @@ -# How to deliver network drive mappings with PowerShell using Scripts Manager - -**Step 1 –** Create a new GPO and link it to the User OU or Domain that contains the users that will -need to receive the drive mapping. - -**Step 2 –** Edit the GPO and expand the User Configuration > Netwrix Endpoint Policy Manager -(formerly PolicyPak) > Scripts Manager Section. - -![216_1_image-20200220185019-1](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_1_image-20200220185019-1.webp) - -**Step 3 –** With the Scripts Manager section selected click "ADD NEW COLLECTION" then give the -collection a descriptive name, and click OK. - -**Step 4 –** Next either select the collection name under the left side of the screen or -double-click on the collection name to open the collection. - -**Step 5 –** With the collection name selected click "ADD NEW POLICY". - -![216_3_image-20200220185019-2](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_3_image-20200220185019-2.webp) - -**Step 6 –** Click Next to get to the "On apply action" screen, then choose "PowerShell script" from -the dropdown menu. - -**Step 7 –** Next, paste in the script below to the text window, and ensure that "Run script as -user" is the only option checked. - -``` -if (-not(get-psdrive -name "Z" -ErrorAction SilentlyContinue)) {    New-PSDrive -name "Z" -PSProvider FileSystem -Root \\server\share -Persist    } -``` - -Remember to edit the script to match what is needed for your environment, replacing "Z" with the -drive letter you wish to map, for example if you want to map H: then replace "Z" with "H". Also, -replace \\server\share with the UNC path of the share you wish to map. - -The "On apply action" screen should look similar to below: - -![216_5_image-20200220185019-3](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_5_image-20200220185019-3.webp) - -**Step 8 –** Then click Next, then Next again (skipping the "On revert action"screen) until you get -to the "Specify process mode" screen. Ensure that the "Always" radio button is selected then click -Next, give the policy a descriptive name, then click Finish. - -**Step 9 –** Test the policy by logging into a domain-joined computer with a domain user account -from the (User) OU or Domain where this GPO is linked then run `"gpupdate"`, afterward open File -Explorer and verify that you see the new drive mapping. - -![216_7_image-20200220185019-9](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_7_image-20200220185019-9.webp) - -**NOTE:** If using Endpoint Policy Manager Scripts Manager VPN Triggers to map drives on VPN connect -you may need to add a delay to allow DNS to be updated before the drives are mapped, (i.e. to wait -15 seconds use "Start-Sleep -s 15" for PowerShell, or "Timeout /T 15 >nul" for Batch files. - -If you do not see the drive mapping in File Explorer but can see the drive mapping when running "Net -Use" from the CMD prompt try enabling the "Launch folder windows in a separate process" option (see -image below) to see if that resolves the issue. - -![216_9_image-20210204105234-1](/img/product_docs/endpointpolicymanager/scriptstriggers/mappeddrives/216_9_image-20210204105234-1.webp) diff --git a/docs/endpointpolicymanager/scriptstriggers/onapplyscript.md b/docs/endpointpolicymanager/scriptstriggers/onapplyscript.md deleted file mode 100644 index cbb7b3e48f..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/onapplyscript.md +++ /dev/null @@ -1,20 +0,0 @@ -# What is the expected behavior after an Endpoint Policy Manager Script "ON/APPLY" script is modified? - -Here is the expected behavior when you modify a script: - -- If a REVERT script is present, it is run. -- Then, the newly changed ON/APPLY script is run. - -These two actions will occur in the same (next) Group Policy, MDM or Netwrix Endpoint Policy Manager -(formerly PolicyPak) Cloud  process. - -As an example: - -- You have an ON/APPLY script which deploys 7zip from `\\server\share` and -- You have an OFF/REVERT script which UNINSTALLS 7Zip .. THEN -- You change ON/APPLY script to change the location to `\\server123\share123` - -Then the expected behavior we should see is: - -- 7zip uninstall (REVERT script is run.) -- 7zip reinstall (Changed on script is run.) diff --git a/docs/endpointpolicymanager/scriptstriggers/overview.md b/docs/endpointpolicymanager/scriptstriggers/overview.md deleted file mode 100644 index ac13ed00b3..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/overview.md +++ /dev/null @@ -1,57 +0,0 @@ -# Scripts & Triggers Manager - -**NOTE:** Before reading this section, please ensure you have read Book 2: -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section in Appendix A: -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) to deploy your -directives. - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts & Triggers Manager enables you to -perform the following operations on Windows 10: - -- Deliver scripts of most usual types (Batch, Powershell, VB and JavaScript) -- Deliver scripts to both User and Computer sides -- Deliver an "On" script when conditions are true, and an "Off" script when conditions are false. - -**NOTE:** Watch this video for an overview of Endpoint Policy Manager Scripts & Triggers Manager: -[Use with on-prem Group Policy](/docs/endpointpolicymanager/video/scriptstriggers/gettingstarted/onpremise.md) - -The basic way to use Scripts & Triggers Manager is as follows: - -- Create a rule to express which file extensions should launch which applications. -- Export the Scripts & Triggers Manager rules and deliver them using: - - - Microsoft Endpoint Manager (SCCM and Intune) - - Your own systems management software - - A mobile device management (MDM) service - - Endpoint Policy Manager Cloud service - -- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace - the directives and perform the work. - -**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy -settings even to non-domain-joined machines over the Internet. - -## Moving Parts - -- A management station. The Endpoint Policy Manager Admin Console MSI must be installed on the - management station where you create group policy objects (GPOs). Once it's installed, you'll see - the Endpoint Policy Manager | Endpoint Policy Manager Scripts & Triggers Manager node. -- The Endpoint Policy Manager CSE. This runs on the client (target) machine and is the same CSE for - all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint - Policy Manager CSE must be present in order to accept Endpoint Policy Manager Scripts & Triggers - Manager directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and Intune), - KACE, MDM, or similar utilities. -- Endpoints. In order to use these, they must be licensed for Endpoint Policy Manager Scripts & - Triggers Manager using one of the licensing methods. -- Endpoint Policy Manager Exporter (optional). A free utility that lets you take Endpoint Policy - Manager Scripts & Triggers Manager and our other products' XML files and wrap them into a - "portable" MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM - service, or your own systems management software. diff --git a/docs/endpointpolicymanager/scriptstriggers/overview/knowledgebase.md b/docs/endpointpolicymanager/scriptstriggers/overview/knowledgebase.md deleted file mode 100644 index 93e8134b37..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/overview/knowledgebase.md +++ /dev/null @@ -1,36 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Scripts and Triggers Manager. - -## Troubleshooting - -- [What must I do in Cylance such that it will run Powershell scripts via Endpoint Policy Scripts Manager?](/docs/endpointpolicymanager/scriptstriggers/cylance.md) -- [What is the expected behavior after an Endpoint Policy Manager Script "ON/APPLY" script is modified?](/docs/endpointpolicymanager/scriptstriggers/onapplyscript.md) -- [Where do scripts run? How are they protected from unauthorized access? How can I change the location of where scripts are stored?](/docs/endpointpolicymanager/scriptstriggers/scriptlocation.md) -- [Which VPN Solutions are currently supported for use with Scripts Manager VPN Triggers?](/docs/endpointpolicymanager/requirements/support/scriptstriggers/vpnsolutions.md) -- [How do Endpoint Policy Scripts Manager PowerShell Scripts behave when PowerShell is blocked or disabled using the following methods?](/docs/endpointpolicymanager/scriptstriggers/powershellscripts.md) -- [Why don't Batch and PowerShell scripts get blocked when SYSTEM processes are blocked](/docs/endpointpolicymanager/troubleshooting/scriptstriggers/systemprocesses.md) -- [How do I update Windows 7 machines to TLS 1.2 such that they work with Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/scriptstriggers/windows7tls.md) -- [Upgrading MS Teams to latest version displays prompts for Admin Approval](/docs/endpointpolicymanager/troubleshooting/scriptstriggers/adminapproval.md) - -## Tip and Tricks - -- [How to import a WLAN / 802.11 / Wireless profile from a Network Share using Endpoint Policy Scripts Manager?](/docs/endpointpolicymanager/scriptstriggers/wlannetwork.md) -- [How to import a WLAN / 802.11 / Wireless profile from Dropbox using Endpoint Policy Scripts Manager](/docs/endpointpolicymanager/scriptstriggers/wlandropbox.md) -- [How to silently install Firefox ESR, Chrome and WinZip 14.5 using Endpoint Policy Scripts Manager](/docs/endpointpolicymanager/scriptstriggers/silentbrowserinstall.md) -- [How to create a shortcut under the Public Desktop using Endpoint Policy Scripts Manager](/docs/endpointpolicymanager/scriptstriggers/shortcutpublicdesktop.md) -- [How to deliver network drive mappings with PowerShell using Scripts Manager](/docs/endpointpolicymanager/scriptstriggers/mappeddrives/powershell.md) -- [How do I use Scripts Manager to update the Registry on end-user workstations](/docs/endpointpolicymanager/scriptstriggers/updateregistry.md) -- [How to Reset Secure Channel for computers that have fallen out of sync with domain while working remotely by using Scripts Manager in Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/scriptstriggers/resetsecurechannel.md) -- [How-to change Temperature Unit from Fahrenheit to Celsius in Microsoft Outlook Calendar via Group Policy?](/docs/endpointpolicymanager/scriptstriggers/temperatureunit.md) -- [How do I automate BitLocker deployment for my enterprise with Group Policy and Endpoint Policy Manager?](/docs/endpointpolicymanager/scriptstriggers/bitlockerdeployment.md) -- [What is the expected behavior on Windows 10 when you MODIFY an existing Endpoint Policy Manager Scripts script?](/docs/endpointpolicymanager/scriptstriggers/windows10modifyscript.md) -- [How to run Microsoft Teams minimized to systray using PPScripts and PPAM](/docs/endpointpolicymanager/scriptstriggers/teamsminimized.md) -- [How does Endpoint Policy Manager Scripts & Triggers know when the VPN connection is made or lost?](/docs/endpointpolicymanager/scriptstriggers/vpnconnection.md) -- [How to use Scripts Manager Event Log Triggers to Map Network Drives when a VPN is Connected](/docs/endpointpolicymanager/scriptstriggers/mappeddrives/eventlogtriggers.md) -- [How to Set the Password for a Local Account using Scripts Manager](/docs/endpointpolicymanager/scriptstriggers/localaccountpassword.md) -- [How to use Scripts Manager Triggers to Map Network Drives when a VPN is Connected](/docs/endpointpolicymanager/scriptstriggers/mappeddrives/vpn.md) -- [How do I user Endpoint Policy Manager to set the screensaver to a custom slideshow?](/docs/endpointpolicymanager/scriptstriggers/screensavers.md) -- [Can I get more details on how Endpoint Policy Scripts Manager processes run?](/docs/endpointpolicymanager/scriptstriggers/processesdetails.md) -- [How to Run Microsoft Edge Once at a User's 1st Logon using Scripts and Triggers Manager](/docs/endpointpolicymanager/scriptstriggers/edgefirstlogon.md) -- [How to Create a Local Scheduled Task to Reboot a PC every day at 9 AM](/docs/endpointpolicymanager/scriptstriggers/localscheduledtask.md) diff --git a/docs/endpointpolicymanager/scriptstriggers/overview/videolearningcenter.md b/docs/endpointpolicymanager/scriptstriggers/overview/videolearningcenter.md deleted file mode 100644 index 434195fdec..0000000000 --- a/docs/endpointpolicymanager/scriptstriggers/overview/videolearningcenter.md +++ /dev/null @@ -1,39 +0,0 @@ -# Video Learning Center - -See the following Video topics for Scripts and Triggers Manager. - -## Getting Started - -- [Use with on-prem Group Policy](/docs/endpointpolicymanager/video/scriptstriggers/gettingstarted/onpremise.md) -- [Deploy any script via the Cloud to domain joined and non-domain joined machines](/docs/endpointpolicymanager/video/scriptstriggers/gettingstarted/cloud.md) - -## Tips and Tricks - -- [Endpoint Policy Manager Scripts: Automate Software deployments with PP Scripts and Chocolaty.org](/docs/endpointpolicymanager/video/scriptstriggers/integration/chocolaty.md) -- [Replace the Windows 10 PRO Professional Lock screen](/docs/endpointpolicymanager/video/scriptstriggers/windows10prolockscreen.md) -- [Policy Scripts Manager: Set Custom Default File Associations in Windows 10](/docs/endpointpolicymanager/video/scriptstriggers/customdefaultfileassociations.md) -- [Removing Unwanted Windows Apps Using Endpoint Policy Manager Scripts & Triggers Manager](/docs/endpointpolicymanager/video/scriptstriggers/unwantedapps.md) -- [Shared Printers without Loopback: Use Endpoint Policy Manager Scripts and PowerShell to deploy and remove printers](/docs/endpointpolicymanager/video/scriptstriggers/printers.md) -- [Implementing BitLocker through Group Policy Using Endpoint Policy Scripts Manager and Administrative Templates Manager](/docs/endpointpolicymanager/video/scriptstriggers/bitlocker.md) - -## Scripts & Triggers with Cloud - -- [Endpoint Policy Manager Cloud Scripts Manager: Distribute and Import X.509 certificates](/docs/endpointpolicymanager/video/scriptstriggers/x509certificates.md) -- [Endpoint Policy ManagerScripts .. Deploy Software via VPN or with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/scriptstriggers/cloud.md) -- [Endpoint Policy Manager Cloud TCP/IP Printer setup using Scripts Manager](/docs/endpointpolicymanager/video/scriptstriggers/printersetup.md) -- [Using Endpoint Policy Manager Cloud and Auditpol.exe to enable Advanced Auditing on non-domain joined computers](/docs/endpointpolicymanager/video/scriptstriggers/integration/auditpol.md) - -## Triggers Specific Examples - -- [Endpoint Policy Manager Scripts and Triggers: Get to understand login script trigger with GP and MDM systems !](/docs/endpointpolicymanager/video/scriptstriggers/scripttriggers.md) -- [Endpoint Policy Manager Scripts + Triggers: Map a printer or drive when a process runs and un-map it when closed.](/docs/endpointpolicymanager/video/scriptstriggers/mapdrivetriggers.md) -- [Endpoint Policy Manager Scripts + Triggers: Perform actions at LOCK and UNLOCK of session](/docs/endpointpolicymanager/video/scriptstriggers/lockunlocksession.md) -- [Endpoint Policy Manager Scripts + Triggers: Shutdown scripts on computer side](/docs/endpointpolicymanager/video/scriptstriggers/shutdownscripts.md) -- [Endpoint Policy Manager Scripts & Triggers: Perform Scripts on VPN Connect and VPN Disconnect](/docs/endpointpolicymanager/video/scriptstriggers/vpnconnect.md) -- [Endpoint Policy Manager Scripts and AnyConnect: Run a script after you connect via VPN](/docs/endpointpolicymanager/video/scriptstriggers/integration/anyconnect.md) -- [Endpoint Policy Manager Scripts & Triggers: Events !](/docs/endpointpolicymanager/video/scriptstriggers/events.md) - -## Methods: MDM, PDQ, etc. - -- [Endpoint Policy Manager Scripts and YOUR MDM service: Un-real power](/docs/endpointpolicymanager/video/scriptstriggers/mdm.md) -- [Removing Unwanted Windows Apps Using Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/scriptstriggers/integration/pdqdeploy.md) diff --git a/docs/endpointpolicymanager/securitysettings/gettoknow.md b/docs/endpointpolicymanager/securitysettings/gettoknow.md deleted file mode 100644 index 957608017c..0000000000 --- a/docs/endpointpolicymanager/securitysettings/gettoknow.md +++ /dev/null @@ -1,15 +0,0 @@ -# Getting to Know Endpoint Policy Manager Security Settings Manager - -Endpoint Policy Manager Security Settings Manager is a node you see within every GPO you create. -While Endpoint Policy Manager Security Settings Manager is listed on both the Computer and User -sides, it only functions on the the computer side. Below you can see the export option available. - -![about_policypak_security_settings_1](/img/product_docs/endpointpolicymanager/securitysettings/about_endpointpolicymanager_security_settings_1.webp) - -The only job of the Endpoint Policy Manager Security Settings Manager node is to export the -computer-side security settings as an XML file. This XML file can be used with Endpoint Policy -Manager Exporter (with Microsoft Endpoint Manager [SCCM and Intune], KACE, etc.) or uploaded to -Endpoint Policy Manager Cloud. - -**NOTE:** Additionally, if you use the PolicyPak Cloud service, you can even deliver these Group -Policy security settings to non-domain-joined machines over the Internet. diff --git a/docs/endpointpolicymanager/securitysettings/overview.md b/docs/endpointpolicymanager/securitysettings/overview.md deleted file mode 100644 index 7cbc349cc6..0000000000 --- a/docs/endpointpolicymanager/securitysettings/overview.md +++ /dev/null @@ -1,49 +0,0 @@ -# Security Settings Manager - -**NOTE:** Before reading this section, please ensure you have read Book 2: -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section in Appendix A: -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) to deploy your -directives. - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Security Settings Manager enables -administrators to harness the power of Microsoft's existing security settings and deliver those -settings without Group Policy (via Microsoft Endpoint Manager [SCCM], KACE, or Endpoint Policy -Manager Cloud). The supported Microsoft security settings can be seen below.  Red lines indicate -these items are not supported by Endpoint Policy Manager. - -![about_policypak_security_settings](/img/product_docs/endpointpolicymanager/securitysettings/about_endpointpolicymanager_security_settings.webp) - -**NOTE:** The following items are NOT supported by Endpoint Policy Manager Security Settings -Manager: - -- IP Security -- Wired network (IEEE 802.3) policies -- Wireless network (IEEE 802.11) policies -- Advanced audit policies - -## Moving Parts - -Endpoint Policy Manager Security Settings Manager has the following components: - -- A management station — To start, create a standard Group Policy Object (GPO), editing it with the - security settings you want (**Computer Configuration** **>** **Policies | Security**). Then use - the **Endpoint Policy Manager** **>** **Endpoint Policy Manager Security Settings Manager** node. -- The Endpoint Policy Manager client-side extension (CSE) — This runs on the client (target) - machine. It is the same CSE for all Endpoint Policy Manager products. There isn't anything - separate to install, and the Endpoint Policy Manager CSE must be present in order to accept - Endpoint Policy Manager Security Settings Manager directives when using Microsoft Endpoint Manager - (SCCM and Intune), KACE, similar utilities, or Endpoint Policy Manager Cloud. -- Endpoints — Endpoints must be licensed for Endpoint Policy Manager Security Settings Manager using - one of the licensing methods. -- Endpoint Policy Manager Exporter (optional) — This is a free utility that lets you take Endpoint - Policy Manager Admin Templates Manager and other Endpoint Policy Manager products' XML files and - wrap them into a portable MSI file for deployment using Microsoft Endpoint Manager (SCCM and - Intune), a mobile device management service, or your own systems management software. diff --git a/docs/endpointpolicymanager/softwarepackage/appx/helpertool.md b/docs/endpointpolicymanager/softwarepackage/appx/helpertool.md deleted file mode 100644 index 3c4aeef2ad..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/appx/helpertool.md +++ /dev/null @@ -1,41 +0,0 @@ -# Helper Tool - -It is not possible to remove built-in AppX applications within Windows 10 with Endpoint Policy -Manager, and it can be quite difficult to know which applications are built-in, versus which ones -were added from the Microsoft Store. For this reason, you can use our Software Package Manager -Helper tool to determine which packages on a machine could be removed by Endpoint Policy Manager -Software Package Manager (AppX) policies. The tool is found in the Endpoint Policy Manager Extras -folder within the download. - -![appx_policies_and_settings_11](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_11.webp) - -When you run the Helper tool, you can see all available packages for removal and the publisher -names. - -![appx_policies_and_settings_12](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_12.webp) - -**NOTE:** You can generate this same list via PowerShell by using the following command.: - -Get-AppxPackage | Where-Object -Property 'Publisher' -NE -Value 'CN=Microsoft Windows, O=Microsoft -Corporation, L=Redmond, S=Washington, C=US' | Where-Object -Property 'Publisher' -NE -Value -'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' | Where-Object --Property 'Publisher' -NE -Value 'CN=PolicyPak Software, Inc.,O=PolicyPak Software, -Inc.,L=Media,S=Pennsylvania,C=US' | Format-Table -Property Name, Publisher -AutoSize - -You can see the list in PowerShell is the same as the list from the Helper tool, as shown below. - -![appx_policies_and_settings_13](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_13.webp) - -You can right-click on the Publisher ID and copy it to the clipboard. Then, you can paste the value -into the publisher field after selecting **Remove Package**. - -![appx_policies_and_settings_14](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_14.webp) - -The Helper tool also enables you to export one or more applications' details to XML. Once you've -done this, you can then use the Import button in the Remove Package Policy Mode. - -![appx_policies_and_settings_15](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_15.webp) - -Next, select an application from the list to be populated into the policy. - -![appx_policies_and_settings_16](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_16.webp) diff --git a/docs/endpointpolicymanager/softwarepackage/appx/overview.md b/docs/endpointpolicymanager/softwarepackage/appx/overview.md deleted file mode 100644 index 6a0d12247e..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/appx/overview.md +++ /dev/null @@ -1,26 +0,0 @@ -# AppX Policies and Settings - -In the example below, we're going to deliver a AppX (Microsoft Store app) to a selection of users. -The shortcut will appear when the policy applies, and it will disappear when the policy no longer -applies (i.e., when it falls out of scope). - -**Step 1 –** Start out on your GPMC management station to create a group policy object (GPO) and -link it to your users. In this example, we have a GPO created and linked it to the East Sales Users -organizational unit (OU). - -**Step 2 –** Next, within the GPO Editor, go to User Configuration > Endpoint Policy Manager > App -Delivery & Patching Pak > Software Package Manager. Right-click on New Windows Store (AppX) Policy. - -![appx_policies_and_settings](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings.webp) - -**Step 3 –** Next, you will need to choose if you want to install a package or remove a package. -These options will be explained further in the "AppX: Install Package" and "AppX: Remove Package" -sections. - -![appx_policies_and_settings_1](/img/product_docs/endpointpolicymanager/softwarepackage/appx/appx_policies_and_settings_1.webp) - -Get-AppxPackage | Where-Object -Property 'Publisher' -NE -Value 'CN=Microsoft Windows, O=Microsoft -Corporation, L=Redmond, S=Washington, C=US' | Where-Object -Property 'Publisher' -NE -Value -'CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US' | Where-Object --Property 'Publisher' -NE -Value 'CN=PolicyPak Software, Inc.,O=PolicyPak Software, -Inc.,L=Media,S=Pennsylvania,C=US' | Format-Table -Property Name, Publisher -AutoSize diff --git a/docs/endpointpolicymanager/softwarepackage/exportcollections.md b/docs/endpointpolicymanager/softwarepackage/exportcollections.md deleted file mode 100644 index 4eef382751..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/exportcollections.md +++ /dev/null @@ -1,17 +0,0 @@ -# Exporting Collections - -Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) explains how -to use the Netwrix Endpoint Policy Manager (formerly PolicyPak) Exporter to wrap up any Endpoint -Policy Manager directives and deliver them using Microsoft Endpoint Manager (SCCM and Intune), KACE, -your own MDM service, or Endpoint Policy Manager Cloud. - -To export a policy for later use using Endpoint Policy Manager Exporter or Endpoint Policy Manager -Cloud, right-click the collection or the policy and select **Export to XML**. This will enable you -to save an XML file, which you can use later. - -![exporting_collections](/img/product_docs/endpointpolicymanager/softwarepackage/exporting_collections.webp) - -Remember that Endpoint Policy Manager RDP policies can be created and exported on the User or -Computer side. For instance, below you can see an item being exported from the Computer side. - -![exporting_collections_1](/img/product_docs/endpointpolicymanager/softwarepackage/exporting_collections_1.webp) diff --git a/docs/endpointpolicymanager/softwarepackage/itemleveltargeting.md b/docs/endpointpolicymanager/softwarepackage/itemleveltargeting.md deleted file mode 100644 index cf3797b28b..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/itemleveltargeting.md +++ /dev/null @@ -1,41 +0,0 @@ -# Using Item-Level Targeting with Policies and Collections - -Item-Level Targeting is used in Microsoft Group Policy Preferences and other areas of Netwrix -Endpoint Policy Manager (formerly PolicyPak) to target or filter where specific items will apply. -With Endpoint Policy Manager Software Package Manager, Item-Level Targeting can be placed on -collections, as well as policies within collections. To do this, select Add > New Collection. - -A collection enables you to group together Endpoint Policy Manager Software Package Manager policies -so they can act together. For instance, you might create a collection for only East Sales users, and -another for HR Users. - -![using_item_level_targeting](/img/product_docs/endpointpolicymanager/softwarepackage/using_item_level_targeting.webp) - -Below you can see the two collections we have created. These collections can hold other collections -or policies. Next we will apply Item-Level Targeting for a collection. - -![using_item_level_targeting_1](/img/product_docs/endpointpolicymanager/softwarepackage/using_item_level_targeting_1.webp) - -To change the Item-Level Targeting, right-click any Endpoint Policy Manager Software Package Manager -policy, and select **Edit Item Level Targeting**. - -![using_item_level_targeting_2](/img/product_docs/endpointpolicymanager/softwarepackage/using_item_level_targeting_2.webp) - -The Edit Item Level Targeting menu item brings up the Targeting Editor. You can select any -combination of characteristics you want to test for. Administrators familiar with Group Policy -Preferences' Item-Level Targeting will be at home in this interface, as it is functionally -equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically. You can also add targeting collections, which group together targeting items in much the -same way parentheses are used in an equation. In this way, you can create a complex determination -about where a policy will be applied. Collections may be set to And, Or, Is, or Is Not. - -When targeting policies and collections for Endpoint Policy Manager Software Package Manager, it is -a good idea to target portable computers and mobile user security groups. You can also require that -users not be on the corporate LAN. - -![using_item_level_targeting_3](/img/product_docs/endpointpolicymanager/remoteworkdelivery/using_item_level_targeting_3.webp) - -In this example, the Pak would only apply to Windows 10 machines when the machine is portable and -not on the corporate LAN subnet, and the user is in the FABRIKAM\Traveling Sales Users group. diff --git a/docs/endpointpolicymanager/softwarepackage/overview.md b/docs/endpointpolicymanager/softwarepackage/overview.md deleted file mode 100644 index 815cd23f7d..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/overview.md +++ /dev/null @@ -1,17 +0,0 @@ -# Software Package Manager - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Software Package Manager enables you to deliver -or remove pre-packaged software. The only type of supported software you can deliver or remove is -Microsoft Store applications, also known as UWP (Universal Windows Platform applications), or AppX -packages. - -For AppX packages, you can do the following with Software Package Manager: - -- Remove unwanted games like Candy Crush Saga or some built-in applications like Skype. -- Deploy applications from the Microsoft Store like Slack, Netflix, or Power BI. -- Work with Endpoint Policy Manager Least Privilege Manager to tighten down specifically which - Windows applications can and cannot run. - -Watch this video for an overview of See Endpoint Policy Manager Software Package Manager: -[Endpoint Policy Manager Software Package Manager: AppX Manager](/docs/endpointpolicymanager/video/softwarepackage/appxmanager.md) -for additional information. diff --git a/docs/endpointpolicymanager/softwarepackage/overview/knowledgebase.md b/docs/endpointpolicymanager/softwarepackage/overview/knowledgebase.md deleted file mode 100644 index 06b680457f..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/overview/knowledgebase.md +++ /dev/null @@ -1,7 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base article for Software Package Manager. - -## Getting Started - -- [How to install WinGet on a server that you are using as a management station (unsupported)?](/docs/endpointpolicymanager/softwarepackage/winget.md) diff --git a/docs/endpointpolicymanager/softwarepackage/overview/videolearningcenter.md b/docs/endpointpolicymanager/softwarepackage/overview/videolearningcenter.md deleted file mode 100644 index 8a7c01a69f..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/overview/videolearningcenter.md +++ /dev/null @@ -1,22 +0,0 @@ -# Video Learning Center - -See the following Video topics for Software Package Manager. - -## AppX policies Items for AppX - -- [Endpoint Policy Manager Software Package Manager: AppX Manager](/docs/endpointpolicymanager/video/softwarepackage/appxmanager.md) -- [Endpoint Policy Manager: Remove built-in Windows 10 / 11 apps (including those in-the-box) included with Windows!](/docs/endpointpolicymanager/video/softwarepackage/removeapps.md) -- [Endpoint Policy Manager Software Package Manager PLUS Least Privilege Manager: Block any unwanted store apps !](/docs/endpointpolicymanager/video/softwarepackage/blockapps.md) - -## WinGet policies - -- [Software Package Manager + Deploying Applications via WinGet](/docs/endpointpolicymanager/video/softwarepackage/winget/deployapplications.md) -- [Endpoint Policy Manager and WinGet-Run](/docs/endpointpolicymanager/video/softwarepackage/winget/run.md) - -## Tips and Tricks - -- [Software Package Manager - Extras Tool](/docs/endpointpolicymanager/video/softwarepackage/extrastool.md) - -## Using with other METHODS (Cloud, MDM, etc.) - -- [Endpoint Policy Package Manager (AppX Policies): Add or Remove Microsoft Store using your MDM service.](/docs/endpointpolicymanager/video/softwarepackage/mdm.md) diff --git a/docs/endpointpolicymanager/softwarepackage/processorderprecedence.md b/docs/endpointpolicymanager/softwarepackage/processorderprecedence.md deleted file mode 100644 index a2fe2b1207..0000000000 --- a/docs/endpointpolicymanager/softwarepackage/processorderprecedence.md +++ /dev/null @@ -1,13 +0,0 @@ -# Understanding Processing Order and Precedence - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -This means that lower-numbered collections attempt to process first, and higher-numbered collections -attempt to process last. Then, within any collection, each policy is processed in numerical order -from lowest to highest. - -![understanding_processing_order](/img/product_docs/endpointpolicymanager/softwarepackage/understanding_processing_order.webp) - -Therefore, you might want to organize your policies such that removal policies come first, since -those operations are faster. Then, order the installation policies by length of installation time, -with the items with the shortest install times first and the items with the longest install times -last. diff --git a/docs/endpointpolicymanager/startscreentaskbar/addlink.md b/docs/endpointpolicymanager/startscreentaskbar/addlink.md deleted file mode 100644 index baf8a08eb7..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/addlink.md +++ /dev/null @@ -1,8 +0,0 @@ -# How can I add a link to the Control Panel to the Start Screen or Taskbar using Endpoint Policy Manager Start Screen Manager? - -The answer is to make a custom application. Use the values as seen here for Target Application, then -we recommend you choose a Shortcut Icon from Shell32.DLL. - -The other fields may be left blank. - -![914_1_image001](/img/product_docs/endpointpolicymanager/startscreentaskbar/914_1_image001.webp) diff --git a/docs/endpointpolicymanager/startscreentaskbar/explorer.md b/docs/endpointpolicymanager/startscreentaskbar/explorer.md deleted file mode 100644 index 3c8f84f176..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/explorer.md +++ /dev/null @@ -1,3 +0,0 @@ -# How do I add Explorer.exe to the taskbar using Endpoint Policy Manager Start Screen & Taskbar Manager ? - -![731_1_sss](/img/product_docs/endpointpolicymanager/startscreentaskbar/731_1_sss.webp) diff --git a/docs/endpointpolicymanager/startscreentaskbar/exportcollections.md b/docs/endpointpolicymanager/startscreentaskbar/exportcollections.md deleted file mode 100644 index 1ab4895494..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/exportcollections.md +++ /dev/null @@ -1,39 +0,0 @@ -# Exporting Collections - -Appendix A: [Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md) explains how -to use the Endpoint Policy Manager Exporter to wrap up any Endpoint Policy Manager directive and -deliver it using Microsoft Endpoint Manager (SCCM and Intune), KACE, your own MDM service, or -Endpoint Policy Manager Cloud. For Endpoint Policy Manager Cloud, you should automatically acquire a -license as seen in Figure 50. For Endpoint Policy Manager with an MDM service, the license should -come in your MSI license bundle. - -![collections_policy_settings_17](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_17.webp) - -Figure 50. Endpoint Policy Manager Cloud customers are licensed for Endpoint Policy Manager Start -Screen & Taskbar Manager. - -**NOTE:** For a video demonstrating the use of Endpoint Policy Manager Cloud with Endpoint Policy -Manager Start Screen & Taskbar Manager, see -[Endpoint Policy ManagerStart Screen & Taskbar Manager: Manage non-domain joined machines using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/startscreentaskbar/nondomainjoined.md). - -To export a policy for later use with Endpoint Policy Manager Exporter or Endpoint Policy Manager -Cloud, right-click the Start Screen Manager node, or a collection, and select "Export Collections as -XML," as demonstrated in Figure 51 and Figure 52. - -**NOTE:** For a video of exporting Endpoint Policy Manager Start Screen & Taskbar Manager and using -Endpoint Policy Manager Exporter with an MDM service, watch -[Endpoint Policy Manager and MDM walk before you run](/docs/endpointpolicymanager/video/mdm/testsample.md). - -![collections_policy_settings_18](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_18.webp) - -Figure 51. Exporting all collections for later use. - -![collections_policy_settings_19](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_19.webp) - -Figure 52. Exporting the policy for later use. - -Note that exported collections or policies maintain any Item-Level Targeting set within them. If -you've used items that represent Group Membership in Active Directory, then those items will only -function when the machine is domain-joined. For more information about exporting settings and using -Endpoint Policy Manager Exporter utility, see Appendix A: -[Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md). diff --git a/docs/endpointpolicymanager/startscreentaskbar/foldershortcut.md b/docs/endpointpolicymanager/startscreentaskbar/foldershortcut.md deleted file mode 100644 index 6185d05e30..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/foldershortcut.md +++ /dev/null @@ -1,8 +0,0 @@ -# How-To create a folder shortcut in Windows 10 Start Menu using Endpoint Policy Manager Starts Screen Manager? - -Create the Tile as shown below screenshot. The string to make the Folder shortcut work is here. -Replace the command-line argument (RED text-color) as per your requirement. - -`%systemroot%\explorer.exe "%userprofile%\Desktop\New Folder"` - -![824_1_image-20210304053215-1](/img/product_docs/endpointpolicymanager/startscreentaskbar/824_1_image-20210304053215-1.webp) diff --git a/docs/endpointpolicymanager/startscreentaskbar/gettoknow.md b/docs/endpointpolicymanager/startscreentaskbar/gettoknow.md deleted file mode 100644 index 0049a4e3bb..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/gettoknow.md +++ /dev/null @@ -1,28 +0,0 @@ -# Getting to Know Start Screen & Taskbar Manager - -Endpoint Policy Manager Start Screen & Taskbar Manager is contained within two nodes inside the User -and Computer sides: one for Start Screen settings and one for Taskbar settings, as seen in Figure 3. -Start Screen & Taskbar Manager MMC snap-in enables you to create a new Start Screen Manager or -Taskbar Manager policy or collection. - -**NOTE:** You will only see the Start Screen Manager and Taskbar Manager nodes when the latest Admin -Console MSI is installed on the management station. - -![about_policypak_start_screen_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/about_endpointpolicymanager_start_screen_2.webp) - -Figure 3. The Start Screen Manager and Taskbar Manager nodes. - -The functions of policies, collections, and groups are as follows: - -- Policies are the rules that perform the work (adding or deleting the icons and so on) -- Collections are groupings of policies -- Groups are the actual Windows 10 Start Menu groups that end users will see in the user interface - -To see how to add new collections and policies, see Figure 4. - -![about_policypak_start_screen_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/about_endpointpolicymanager_start_screen_3.webp) - -Figure 4. Adding collections and policies. - -The next sections provide a Quickstart to using the Start Screen Manager node and the Taskbar -Manager node. diff --git a/docs/endpointpolicymanager/startscreentaskbar/helperutility.md b/docs/endpointpolicymanager/startscreentaskbar/helperutility.md deleted file mode 100644 index 22a2695cf1..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/helperutility.md +++ /dev/null @@ -1,55 +0,0 @@ -# Using the Helper Utility - -In the Start Screen & Taskbar Manager Quickstart examples, we recommended that your management -station have the same applications as your target computers, but sometimes that is not practical. -For instance, someone in the Sales department may be the only one who has the "Sales Application -123" desktop application or "Mega Player" UWP installed. Or there could be other instances where you -don't want to install an application on your machine just for the sake of getting it into the Start -Screen or Taskbar. That's where the Start Screen & Taskbar Manager Helper utility comes in. You can -run the Start Screen & Taskbar Manager utility on an endpoint with the application already -installed; however, you should make sure it is one you want to associate a policy with later. - -**NOTE:** For a video overview demonstrating the use of the Start Screen & Taskbar Manager Helper -utility, watch this video: -[Endpoint Policy Manager Start Screen and Taskbar Manager Helper Utility](/docs/endpointpolicymanager/video/startscreentaskbar/helperutility.md) - -The Start Screen & Taskbar Manager Helper utility is found in the Netwrix Endpoint Policy Manager -(formerly PolicyPak) ISO or ZIP download in the PolicyPak Extras folder, as seen in Figure 53. - -![using_the_helper_utility](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility.webp) - -Figure 53. The Start Screen & Taskbar Manager Helper utility is located in the Extras folder. - -**Step 1 –** When you run the wizard you can choose whether to export registered (desktop) -applications or universal (UWP) applications, as shown in Figure 54. - -![using_the_helper_utility_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_1.webp) - -Figure 54. The PolicyPak Start Screen & Taskbar Manager Helper utility lets you export registered -and UWP applications. - -**Step 2 –** Then on the "Select registered programs" page, shown in Figure 55, you can leave the -default settings as they are and click "Next." - -![using_the_helper_utility_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_2.webp) - -Figure 55. The default settings to select all registered applications on the endpoint. - -**Step 3 –** Then on the next screen, shown in Figure 56, you can export the IDs for all the UWP -applications on a machine and click "Next." - -![using_the_helper_utility_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_3.webp) - -Figure 56. The defaults to select all UWP applications on the endpoint. - -**Step 4 –** Finally, you can export the XML to a file to be used on your management station/GPMC -machine. On your GPMC machine, as you're creating new PolicyPak Start Screen or PolicyPak Taskbar -Manager policies, you can then import from the XML file, as shown in Figure 57. - -![using_the_helper_utility_4](/img/product_docs/endpointpolicymanager/startscreentaskbar/using_the_helper_utility_4.webp) - -Figure 57. On the management station you can import from the XML file. - -At this point, your list will change to what was imported from the XML file. This process means you -don't need to install the actual application on your machine to deliver Endpoint Policy Manager -Start Screen or Endpoint Policy Manager Taskbar Manager policies. diff --git a/docs/endpointpolicymanager/startscreentaskbar/insouts/advantages.md b/docs/endpointpolicymanager/startscreentaskbar/insouts/advantages.md deleted file mode 100644 index a28fd3f3bc..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/insouts/advantages.md +++ /dev/null @@ -1,28 +0,0 @@ -# Advantages of Using Start Screen & Taskbar Manager - -With Endpoint Policy Manager Start Screen & Taskbar Manager, you don't have to build the perfect -workstation and then export all the Start Screen and Taskbar settings at one time, making sure to -get it all correct the first time or rebuilding the perfect workstation over and over again. -Additionally, if your organization makes a change, for example, to implement 7-Zip instead of -WinZip, you don't have to rebuild your perfect workstation and repeat the process over and over. - -With Endpoint Policy Manager Start Screen & Taskbar Manager you can do the following: - -- Deploy your application as you normally would, using Microsoft Endpoint Manager (SCCM and Intune) - or PDQ Deploy -- Use Endpoint Policy Manager Start Screen & Taskbar Manager to add the application to your desired - Windows 10 Start Screen Group -- Use Endpoint Policy Manager Start Screen & Taskbar Manager to add the application to the Taskbar - -In addition, it's very easy to have different associations for each computer group by making simple -policies for your associations using Endpoint Policy Manager Start Screen & Taskbar Manager. Because -Group Policy creation is distributed (that is, different people can create different GPOs) you can -leverage Endpoint Policy Manager Start Screen & Taskbar Manager when different people have different -needs. In the case of a conflict of two associations, the rules of Group Policy precedence will take -effect. - -Endpoint Policy Manager Start Screen & Taskbar Manager uses the same basic method and policy -settings that the in-box Microsoft method uses. That is Endpoint Policy Manager Start Screen & -Taskbar Manager will create its own XML file (one per computer when computer-side Group Policy is -used and one per user when user-side Group Policy is used). It works with Microsoft's method (using -the XML file and corresponding Group Policy setting), but adds functionality. diff --git a/docs/endpointpolicymanager/startscreentaskbar/insouts/overview.md b/docs/endpointpolicymanager/startscreentaskbar/insouts/overview.md deleted file mode 100644 index 7dfce31348..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/insouts/overview.md +++ /dev/null @@ -1,11 +0,0 @@ -# Ins and Outs - -Start Screen & Taskbar Manager consists of two parts: Start Screen Manager and Taskbar Manager. -Together they have two goals: - -- Create Windows 10 Start Menu groups and place specific applications' icons within them -- Pin applications to the Windows 10 Taskbar - -In this manual, we will walk through examples of how to perform these functions. We'll start out by -understanding the need to manage Start Screen and Taskbar settings and the use of the in-box method -from Microsoft; then, we'll learn how Endpoint Policy Manager can make the whole process easier. diff --git a/docs/endpointpolicymanager/startscreentaskbar/insouts/windows10.md b/docs/endpointpolicymanager/startscreentaskbar/insouts/windows10.md deleted file mode 100644 index 433af4392a..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/insouts/windows10.md +++ /dev/null @@ -1,50 +0,0 @@ -# Managing Windows 10 Start Screen and Taskbar with the In-Box Method - -If you didn't have Start Screen & Taskbar Manager, you could still manage Start Screen and Taskbar -settings on Windows 10, but it would be difficult and not very user-friendly. - -The following is a Microsoft-sanctioned way to establish the Start Screen and Taskbar for Windows -8.1 and Windows 10: - -1. Create a "perfect machine," fully installed with all applications. -2. Correctly configure all the Start Screen settings by putting them into the groups you want and - pinning any items to the Taskbar. -3. Use the Powershell command to export the Start Screen layout XML file. The command would be - something like `export-startlayout –path .xml`. -4. Use Group Policy to ensure that specific computers use this XML file. - -The exported file from this process might look something like what's seen in Figure 1. - -![about_policypak_start_screen](/img/product_docs/endpointpolicymanager/startscreentaskbar/insouts/about_endpointpolicymanager_start_screen.webp) - -Figure 1. An exported XML file using the Microsoft-sanctioned way to establish the Start Screen and -Taskbar for Windows 10. - -Next, you would configure the Group Policy setting called "Start Layout," seen in Figure 2. - -![about_policypak_start_screen_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/insouts/about_endpointpolicymanager_start_screen_1.webp) - -Figure 2. Configuring Group Policy settings after establishing the Start Screen and Taskbar using -the in-box, Microsoft-sanctioned way. - -The disadvantages of using this in-box method for Windows 10 are as follows: - -- You need a perfect machine for each new application deployment. -- You will likely need different associations files for different machines. -- You might need to segment your computers into different organizational units (OUs) if you have - different Start Menu groups for each group. -- You need to follow this process, even if you have just one or two applications you want to add to - the Start Screen or Taskbar. -- To get the best experience, you need to do this for all applications a user is going to ever need - on the Start Menu or Taskbar. -- The entire XML file must be "perfect" and not have any variations. - -In summary: - -- When your needs change, there is nothing dynamic about this process. -- This process is all manual. -- This process requires a lot of effort to build the "perfect machine" for each different computer - group, export the files one by one for each group, and ensure all computers get the correct file. - -All of this becomes time consuming and will quickly get out of hand every time you must update and -roll out an application that will be the registered extension or protocol. diff --git a/docs/endpointpolicymanager/startscreentaskbar/overview.md b/docs/endpointpolicymanager/startscreentaskbar/overview.md deleted file mode 100644 index 2e31716f28..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/overview.md +++ /dev/null @@ -1,62 +0,0 @@ -# Start Screen & Taskbar Manager - -**NOTE:** Before reading this section, please ensure you have read -[Installation Quick Start](/docs/endpointpolicymanager/gettingstarted/quickstart/overviewinstall.md), which will help you -learn to do the following: - -- Install the Admin MSI on your GPMC machine -- Install the CSE on a test Windows machine -- Set up a computer in Trial mode or Licensed mode -- Set up a common OU structure - -Optionally, if you don't want to use Group Policy, read the section in Appendix A: Advanced Concepts -on Group Policy and non-Group Policy methods (MEMCM, KACE, and MDM service or Endpoint Policy -Manager Cloud) ([Using Endpoint Policy Manager with MDM and UEM Tools](/docs/endpointpolicymanager/mdm/uemtools.md)) to -deploy your directives. - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager enables you to -perform the following operations on Windows 10: - -- Place specific tiles for Desktop Edge and Universal Windows Platform (UWP) applications into your - own desired Start Menu groups -- Remove all existing Start Menu groups (created by users or default from Microsoft) -- Configure the Start Menu to enable users to create their own groups -- Pin applications to the Taskbar or remove user-pinned applications from the Taskbar - -**NOTE:** For an overview of Endpoint Policy Manager Start Screen & Taskbar Manager, watch the -videos at -[https://www.endpointpolicymanager.com/products/endpointpolicymanager-start-screen-taskbar-manager.html](https://www.endpointpolicymanager.com/products/endpointpolicymanager-start-screen-taskbar-manager.html). - -The basic way to use Start Screen & Taskbar Manager is as follows: - -- Create rules to express which applications should appear in which Start Menu group -- Export the Start Screen & Taskbar Manager rules and deliver them using: - - - Microsoft Endpoint Manager (SCCM and Intune) - - Your own systems management software - - A mobile device management (MDM) service - - Endpoint Policy Manager Cloud service - -- Allow the client machine with the Endpoint Policy Manager client-side extension (CSE) to embrace - the directives and perform the work. - -**NOTE:** If you use the Endpoint Policy Manager Cloud service, you can deliver Group Policy -settings even to non-domain-joined machines over the Internet. - -## Moving Parts - -- A management station. The Endpoint Policy Manager Admin Console MSI must be installed on your - management station where you create group policy objects (GPOs). Once it's installed, you'll see - the Endpoint Policy Manager | Start Screen Manager node and Endpoint Policy Manager | Taskbar - Manager node. -- The Endpoint Policy Manager CSE. This runs on the client (target) machine and is the same CSE for - all Endpoint Policy Manager products. There isn't anything separate to install, and the Endpoint - Policy Manager CSE must be present in order to accept Endpoint Policy Manager Start Screen & - Taskbar Manager directives via Group Policy, or when using Microsoft Endpoint Manager (SCCM and - Intune), KACE, MDM, or similar utilities. -- Endpoints. In order to use these, they must be licensed for Endpoint Policy Manager Start Screen & - Taskbar Manager using one of the licensing methods. -- Endpoint Policy Manager Exporter (optional). A free utility that lets you take Endpoint Policy - Manager Admin Templates Manager and our other products' XML files and wrap them into a "portable" - MSI file for deployment using Microsoft Endpoint Manager (SCCM and Intune), an MDM service, or - your own systems management software. diff --git a/docs/endpointpolicymanager/startscreentaskbar/overview/knowledgebase.md b/docs/endpointpolicymanager/startscreentaskbar/overview/knowledgebase.md deleted file mode 100644 index 267915815f..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/overview/knowledgebase.md +++ /dev/null @@ -1,31 +0,0 @@ -# Knowledge Base - -See the following Knowledge Base articles for Start Screen and Task Bar Manager. - -## Troubleshooting - -- [Why aren't Taskbar manager policies working as expected on my Windows 10 machine?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10.md) -- [When does Endpoint Policy Manager Start Screen & Taskbar Manager work on Server 2019, 2016, 2012 R2?](/docs/endpointpolicymanager/requirements/support/startscreentaskbar/windowserver.md) -- [I use Partial/Merge mode, and expected existing icons to be maintained, but instead they were wiped out. What happened?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/existingicons.md) -- [How can I revert / rollback the Windows 10 Start Screen after I make an error (using Partial or Replace mode)?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/rollback.md) -- [Endpoint Policy Manager Start Screen & Taskbar Manager crashes, hangs or is slow when running Group Policy update. Why?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/crash.md) -- [Why do I see a group named ">Endpoint Policy ManagerStart Screen manager" on the left side in Endpoint Policy Manager Start Screen & Taskbar Manager ?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/pinnedcollection.md) -- [Why do I get the error "This app can't run on your PC" ?](/docs/endpointpolicymanager/troubleshooting/error/startscreentaskbar/appcantrun.md) -- [Why am I seeing an Endpoint Policy Manager "advertisement" tile on my Start Screen (when I only use the TaskBar manager and NOT the Start Screen Manager?)](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/linked.md) -- [Windows default applications are not showing in Start Menu](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windowsdefault.md) -- [Endpoint Policy Manager Task Bar Manager differences between MERGE and REPLACE modes](/docs/endpointpolicymanager/startscreentaskbar/modes.md) -- [Custom icons for Endpoint Policy Manager Start Screen & Taskbar Manager aren't working as expected. What can I do?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/customicons.md) -- [How to Disable the "How do you want to open this? Keep using this app" Notification in Windows 10](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10disablenotification.md) -- [Why would it sometimes takes two logoffs and logons to see Start Screen or Taskbar changes?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logons.md) -- [Does Endpoint Policy Manager Start Screen Manager support pinning application icons in Windows Start Screen or Taskbar from a network location, i.e. Mapped Drives or UNC Paths?](/docs/endpointpolicymanager/requirements/support/startscreentaskbar/mappeddrives.md) -- [Why don't I see Office 2016, Office 2019, or Office 365 icons or tiles using Start Screen Manager?](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/office365.md) - -## Tips and Tricks - -- [How do I add Explorer.exe to the taskbar using Endpoint Policy Manager Start Screen & Taskbar Manager ?](/docs/endpointpolicymanager/startscreentaskbar/explorer.md) -- [How do I add the SCCM Software Center to the Start Screen or Taskbar?](/docs/endpointpolicymanager/startscreentaskbar/sccmsoftwarecenter.md) -- [Can Microsoft App-V applications work with Endpoint Policy Manager Starts Screen and Taskbar Manager?](/docs/endpointpolicymanager/integration/appv.md) -- [How do I add the Least Privilege Manager Helper tools to the Left and Right side of the Start Menu?](/docs/endpointpolicymanager/startscreentaskbar/helpertools.md) -- [How-To create a folder shortcut in Windows 10 Start Menu using Endpoint Policy Manager Starts Screen Manager?](/docs/endpointpolicymanager/startscreentaskbar/foldershortcut.md) -- [How can I add a link to the Control Panel to the Start Screen or Taskbar using Endpoint Policy Manager Start Screen Manager?](/docs/endpointpolicymanager/startscreentaskbar/addlink.md) -- [How to automatically kill explorer at 1st Logon to Bypass needing to logout and back in for Start Screen Manager to apply](/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logonworkaround.md) diff --git a/docs/endpointpolicymanager/startscreentaskbar/overview/videolearningcenter.md b/docs/endpointpolicymanager/startscreentaskbar/overview/videolearningcenter.md deleted file mode 100644 index 5da083a82c..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/overview/videolearningcenter.md +++ /dev/null @@ -1,28 +0,0 @@ -# Video Learning Center - -See the following Video topics for Start Screen and Task Bar Manager. - -## Getting Started - -- [Endpoint Policy Manager Start Screen and Taskbar Manager Helper Utility](/docs/endpointpolicymanager/video/startscreentaskbar/helperutility.md) -- [Endpoint Policy Manager Start Screen Manager: Own the Win10 Start Menu](/docs/endpointpolicymanager/video/startscreentaskbar/windows10startmenu.md) -- [Endpoint Policy Taskbar Manager: Quick Demo](/docs/endpointpolicymanager/video/startscreentaskbar/demotaskbar.md) -- [Endpoint Policy Manager Start Screen Manager: Using Item Level Targeting](/docs/endpointpolicymanager/video/startscreentaskbar/itemleveltargeting.md) -- [Endpoint Policy Manager Start Screen Manager: Add IE links](/docs/endpointpolicymanager/video/startscreentaskbar/linksie.md) - -## Troubleshooting - -- [Endpoint Policy Manager Start Screen Manager and Special Custom Icons](/docs/endpointpolicymanager/video/startscreentaskbar/customicons.md) -- [Using PP SCRIPTS to Revert Start Menu](/docs/endpointpolicymanager/video/troubleshooting/startscreentaskbar/revertstartmenu.md) - -## Methods: SCCM, XML, MDM, Cloud, PDQ, Citrix, etc. - -- [Endpoint Policy ManagerStart Screen & Taskbar Manager: Manage non-domain joined machines using Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/startscreentaskbar/nondomainjoined.md) -- [Endpoint Policy Manager Start Screen & Taskbar Manager: Manage Windows 10 Start Screen & Taskbar with your MDM service (Basics with MDM)](/docs/endpointpolicymanager/video/startscreentaskbar/mdm.md) -- [Endpoint Policy Manager Start Screen Manager: Manage Windows 10 Start Screen & Taskbar with your MDM (Advanced scenarios with ILT)](/docs/endpointpolicymanager/video/startscreentaskbar/mdmitemleveltargeting.md) -- [PP Start Screen and Taskbar manager with Citrix XenApp and XenDesktop](/docs/endpointpolicymanager/video/startscreentaskbar/integration/citrix.md) -- [Taking Control of Your Taskbar and Start Menu with Endpoint Policy Manager and PDQ Deploy](/docs/endpointpolicymanager/video/startscreentaskbar/integration/pdqdeploy.md) - -## Extras - -- [Endpoint Policy ManagerStart Screen and Endpoint Policy Manager Scripts: Specify exact Start Menu experience one time](/docs/endpointpolicymanager/video/startscreentaskbar/onetime.md) diff --git a/docs/endpointpolicymanager/startscreentaskbar/processorderprecedence.md b/docs/endpointpolicymanager/startscreentaskbar/processorderprecedence.md deleted file mode 100644 index 255d4e2fc1..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/processorderprecedence.md +++ /dev/null @@ -1,75 +0,0 @@ -# Understanding Processing Order and Precedence - -Within a particular GPO (Computer or User side), the processing order is counted in numerical order. -So lower-numbered collections attempt to process first, and higher-numbered collections attempt to -process last as shown in Figure 46. Then, within any collection, each policy is processed in -numerical order from lowest to highest, as seen in Figure 47. - -![collections_policy_settings_13](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_13.webp) - -Figure 46. The order in which collections are processed. - -![collections_policy_settings_14](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_14.webp) - -Figure 47. Within collections, group policies are processed in order, starting with the lowest -number. - -Then finally, within a Group, all the icons are placed according to their position (column followed -by row). Note the final placement might not be exactly as expected because of the icons sizes. You -might need to adjust the Position fields to get it to look precisely how you want (as shown in -Figure 48). - -![collections_policy_settings_15](/img/product_docs/endpointpolicymanager/startscreentaskbar/collections_policy_settings_15.webp) - -Figure 48. The processing order of multiple policy items within a group contained within a -collection. - -## Merging and Conflicts - -Endpoint Policy Manager Start Screen & Taskbar Manager will merge all GPOs and collections, unless -there is a conflict. That means that instead of having one flat Start Menu and Taskbar XML file that -everyone must use and agree upon, you can distribute the directives across Endpoint Policy Manager -collections or GPOs, and everything that doesn't conflict will merge perfectly. - -For example, consider that you have the following two GPOs: - -- GPO1—Browser Apps Group: Chrome, Firefox, Internet Explorer -- GPO2—Office Apps: Word, Excel, PowerPoint - -You will get two unique groups on the Start Menu: Browser App Group and Office Apps. This works the -same for multiple collections (within a GPO or between GPOs). However, you still need to be aware of -conflicts between Endpoint Policy Manager Start Screen policies and Endpoint Policy Manager Taskbar -Manager policies. - -For Endpoint Policy Manager Start Screen policies, the following general rules apply: - -- If you are using "Partial (Preserve)" or "Merge" mode and you create a group with the same name as - a user group (or a pre-created operating system default group, like Play, Create, and so on), your - group will end up removing the existing group. -- If you are using "Partial (Preserve)" and "Merge" mode, and you specify an icon in a group, your - icon placement will end up removing the icon from the existing group. -- When using a GPO, multiple policies can affect the machine due to natural Group Policy precedence. - When a conflict occurs, the general rule is that the GPO that was applied last will have highest - precedence. Then after that, the mode of the group ("Create," "Replace," "Update," or "Delete") - will be evaluated. -- You can have multiple GPOs with Endpoint Policy Manager Start Screen contents (and also get - Endpoint Policy Manager policies from other sources like MDM, Microsoft Endpoint Manager [SCCM and - Intune], etc.) and these policies will all be merged together, unless there is a conflict. See the - next section "Precedence" for details. - -For Endpoint Policy Manager Taskbar Manager, the following general rule applies: in "Merge" mode, -all items are merged together. That means that the operating system defaults, the user-pinned items, -and the items you've pinned will all be merged together. In the case of a conflict, the policy -written last wins. - -## Precedence - -Policies can be delivered by Group Policy and non-Group Policy methods such as Microsoft Endpoint -Manager (SCCM and Intune) via Endpoint Policy Manager Exporter or Endpoint Policy Manager Cloud. As -such, the Endpoint Policy Manager engine needs to make a final determination whether there is any -overlap of policies. Here is how the precedence works: - -- Policies delivered through Endpoint Policy Manager Cloud have the lowest precedence. -- Policies delivered through Endpoint Policy Manager files have the next highest precedence. -- Policies delivered through Endpoint Policy Manager Group Policy directives have the highest - precedence. diff --git a/docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/overview.md b/docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/overview.md deleted file mode 100644 index 5f72bd3d4a..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/overview.md +++ /dev/null @@ -1,114 +0,0 @@ -# Start Screen Manager Settings - -In the Quickstart, we created a collection by right-clicking within Endpoint Policy Manager Start -Screen Manager or Endpoint Policy Manager Taskbar Manager and selecting Add | New Collection as seen -in Figure 32. - -![collections_policy_settings](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings.webp) - -Figure 32. Creating collections with Endpoint Policy Manager Start Screen & Taskbar Manager. - -For Endpoint Policy Manager Start Screen Manager, collections have two functions. As mentioned -previously, they hold policies that create Windows 10 groups. But a Endpoint Policy Manager Start -Screen Manager collection also defines how those groups will react. The two options for a Endpoint -Policy Manager Start Screen Manager collection can be seen in Figure 33. - -![quickstart_start_screen_manager_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/quickstart_start_screen_manager_3.webp) - -Figure 33. Collections hold policies and specify the layout mode. - -There are two layout modes for a Endpoint Policy Manager Start Screen Manager collection. One is -"Partial (Preserve)," which will maintain a user's existing groups, as well as any default groups, -while adding your new groups to theirs. Users will not be able to modify the groups you assign. The -other layout mode is "Full (Replace)," which will remove any existing groups and replace them with -your new groups. Users will not be able to modify the groups you assign. - -There are two layout size options for a Endpoint Policy Manager Start Screen Manager collection as -shown in Figure 34. If you do not specify a layout size, the default will be Medium (Two Columns). - -![collections_policy_settings_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_1.webp) - -Figure 34. Choosing a layout size. - -You can also select the Item-Level Targeting button to specify when this collection will apply. For -instance, you might choose "Partial (Preserve)" on Windows 10 desktops and you might choose to have -another collection with "Full (Replace)" on Windows 10 laptops. - -The "Edit Item Level Targeting" menu item brings up the Targeting Editor, which is shown in -Figure 35. You can select any combination of characteristics you want to test for. Administrators -familiar with Group Policy Preferences' Item-Level Targeting will be at home in this interface as it -is functionally equivalent. - -You can apply one or more targeting items to a policy, which enables targeting items to be joined -logically, also shown in Figure 35. You can also add targeting collections, which group together -targeting items in much the same way parentheses are used in an equation. In this way, you can -create a complex determination about where a policy will be applied. Collections may be set to -"And", "Or", "Is", or "Is Not." - -There are a few things to note about Figure 35. It is representative of the basic capabilities of -the Targeting Editor. Endpoint Policy Manager Start Screen & Taskbar Manager cannot filter by user -group since the node is only available on the Computer side. In addition, Endpoint Policy Manager -Start Screen & Taskbar Manager is only valid for Windows 8.1 and later. - -![collections_policy_settings_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_2.webp) - -Figure 35. In this example, the Pak would only apply to Windows 10 machines when the machine is -portable and the user is in the FABRIKAM\Traveling Sales Users group. - -Below are some real-world examples of of how you can use Item-Level Targeting. - -- Software prerequisites. If you want to configure an application's settings, first make sure the - application is installed on the user's computer before configuring it. You can use File Match or - Registry Match targeting items (or both) to verify a specific version of a file or a registry - entry is present. (For an example of this, look in the Uninstall registry key.) -- Mobile computers. If you want to deploy settings exclusively for users on mobile PCs, then filter - the rule to apply only to mobile PCs by using the "Portable Computer" targeting item. -- Operating system version. You can specify different settings for applications based on the - operating system version. To do this, create one rule for each operating system. Then filter each - rule using the "Operating System" targeting item. -- Group membership. You can link the Group Policy Object (GPO) to the whole domain or organizational - unit (OU), but only members within a specific group will pick up and process the rule settings. -- IP range. You can specify different settings for various IP ranges, like different settings for - the home office and each field office. - -Close the editor when you are done. Note in Figure 36 that the icon for the policy or collection has -changed to orange, which shows that it now has Item-Level Targeting. - -![collections_policy_settings_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_3.webp) - -Figure 36. When the icon is orange, the entry has Item-Level Targeting. - -When Item-Level Targeting is on, the policy won't apply unless the conditions are True. If -Item-Level Targeting is on a collection, then none of the items in the collection will apply unless -the Item-Level Targeting on the collection evaluates to True. - -Inside Endpoint Policy Manager Start Screen Manager collections are policies for groups. You created -a Group Policy earlier called "My Important Apps." You can select "Change Group Level Targeting" to -jump right into the Item-Level Targeting Editor, or click "Edit Group," as shown in Figure 37 to see -all Group options (including Item-Level Targeting). - -![collections_policy_settings_4](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_4.webp) - -Figure 37. Clicking on "Edit Group" will enable you to see all group level options. - -The group level options can be seen in Figure 38. - -![collections_policy_settings_5](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/collections_policy_settings_5.webp) - -Figure 38. Endpoint Policy Manager Start Screen Manager groups have various options you can -configure. - -The fields inside the Group Editor are as follows: - -- Group Name: The name of the actual Windows 10 group that you'll be manipulating on the computer. -- Comment: Space for optional comments to be added. -- State: Determines if the policy should apply or not. -- Action: Default settings are "Update" and "Create if not present." This will be described in more - detail in the next section. -- Update Mode: Determines where new icons will be added. "Add to the Tail" will add new icons from - the end and "Insert at the top" will insert new icons from the front of the group. -- Placeholder: This is needed when an application is absent, but you want to make a pointer or - reference to them anyway. In this case, you can make a "gap" (which puts in a black, empty gap - tile) or you can insert an "Edge link" (which will explain what was missing). This will be - described in more detail in an upcoming section. -- Item-Level Targeting: This was described above. diff --git a/docs/endpointpolicymanager/startscreentaskbar/settings/taskbar.md b/docs/endpointpolicymanager/startscreentaskbar/settings/taskbar.md deleted file mode 100644 index b0c0f86710..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/settings/taskbar.md +++ /dev/null @@ -1,36 +0,0 @@ -# Taskbar Manager Settings - -Collections are also present (and required) for Endpoint Policy Manager Taskbar Manager. In the -Quickstart, we created a collection by right-clicking within Endpoint Policy Manager Start Screen -Manager or Endpoint Policy Manager Taskbar Manager and selecting Add | New Collection. To see the -collection options, you can right-click on the name of the collection and select "Edit Collection," -as seen in Figure 43. - -![collections_policy_settings_10](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/collections_policy_settings_10.webp) - -Figure 43. Editing collections for Taskbar Manager. - -The Endpoint Policy Manager Taskbar Manager Pinned Collection Editor can be seen in Figure 44. - -![collections_policy_settings_11](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/collections_policy_settings_11.webp) - -Figure 44. Endpoint Policy Manager Taskbar Manager Pinned Collection Editor options. - -The fields inside the Taskbar Manager Pinned Collection Editor are as follows: - -- Collection Name: The name of the collection you'll be creating, which isn't displayed on the - endpoint. -- Comment: Space for optional comments to be added. -- State: Determines if the collection should apply or not. -- Action: Can be set to "Merge" or "Replace." Selecting "Merge" maintains OS defaults and anything a - user has manually pinned to the Taskbar while adding your new items. Selecting "Replace" removes - OS defaults and anything a user has manually pinned while replacing them with your new items. -- Use custom advertisement tile: When desktop items are pinned, they must also be contained in a - Start Menu advertisement tile. The default behavior can be seen in Figure 45, but this can be - changed. If no pinned applications are also in Start Menu groups, then a URL is used as a fallback - display. The icon is then simply a URL within an advertised group. - -![collections_policy_settings_12](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/collections_policy_settings_12.webp) - -Figure 45. Pinned desktop icons will appear in the Endpoint Policy Manager Start Screen Manager -advertisement group, or a group of your choice. diff --git a/docs/endpointpolicymanager/startscreentaskbar/startscreen/overview.md b/docs/endpointpolicymanager/startscreentaskbar/startscreen/overview.md deleted file mode 100644 index 777ca7d453..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/startscreen/overview.md +++ /dev/null @@ -1,27 +0,0 @@ -# Quick Start - Start Screen Manager - -**NOTE:** For some video overviews of Start Screen & Taskbar Manager, see Start Screen & Task Bar -Manager > [Video Learning Center](/docs/endpointpolicymanager/video/index.md). - -If you want to follow along with this Quickstart guide for Start Screen Manager, we suggest you -first download some applications on your Windows 10 management station and your endpoint. Start -Screen & Taskbar Manager is the best and quickest way to set up, test, and manage the Start Screen -and Taskbar from your machine (the Group Policy Editor machine) if you have the same applications as -the target machines. Therefore, we recommend you install Adobe Acrobat Reader twice—once on your -management station and once on your Window 10 endpoint. We suggest the offline MSI installer -package, which can be found at -[https://get.adobe.com/reader/enterprise/](https://get.adobe.com/reader/enterprise/). Make sure, for -the purposes of this Quickstart, you install the same version on your management station as on your -endpoint. - -You should be able to see Acrobat Reader in the Start Menu, as shown in Figure 5. - -![quickstart_start_screen_manager](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager.webp) - -Figure 5. Adobe Reader is installed on the GPMC machine and the Windows 10 Endpoint. - -After Adobe Reader is installed, we can see that it is not automatically assigned to any group in -the Start Menu. Using Start Screen & Taskbar Manager, we want to place all of our newly installed -applications into a single group called "My Important Apps." In this Quickstart, we will create a -group policy object (GPO) and link it to your sample users. (You could also create and link a GPO to -your computers, but we will not be doing that in this Quickstart.) diff --git a/docs/endpointpolicymanager/startscreentaskbar/startscreen/windows10.md b/docs/endpointpolicymanager/startscreentaskbar/startscreen/windows10.md deleted file mode 100644 index 542799a277..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/startscreen/windows10.md +++ /dev/null @@ -1,88 +0,0 @@ -# Creating a Windows 10 Screen Collection and Group - -**Step 1 –** To start out, assume that we have a GPO named "PP Start Screen & Taskbar Policies," -which is linked to the Sales OU, which contains user accounts. Now, in User Configuration | Endpoint -Policy Manager | Start Screen Manager for Windows 10, select Add | New Collection, as seen in -Figure 6. - -![quickstart_start_screen_manager_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_1.webp) - -Figure 6. Creating a new collection using Endpoint Policy Manager Start Screen Manager. - -**Step 2 –** Next, you'll see the "Add new collection" dialog, as shown in Figure 7. - -![quickstart_start_screen_manager_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_2.webp) - -Figure 7. Endpoint Policy Manager Start Screen Manager collections are used to group together -policies and configure the layout mode of all the groups. - -There are two layout modes for a Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen -Manager collection. One is "Partial (Preserve)," which will maintain a user's existing groups, as -well as any default groups, while adding your new groups to theirs. Users will not be able to modify -the groups you assign. The other layout mode is "Full (Replace)," which will remove any existing -groups and replace them with your new groups. Users will not be able to modify the groups you -assign. - -**Step 3 –** Let's select the "Partial (Preserve)" layout mode and click "OK" as shown in Figure 8. - -![quickstart_start_screen_manager_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/settings/startscreen/quickstart_start_screen_manager_3.webp) - -Figure 8. Selecting the "Partial (Preserve)" layout mode. - -You'll see the collection created in both panels in Figure 9. - -![quickstart_start_screen_manager_4](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_4.webp) - -Figure 9. A Endpoint Policy Manager Start Screen Manager collection can be seen in both MMC pane -views. - -**Step 4 –** Double-click "Collection 1" to enter it. Then, right-click and select Add | New Group, -as shown in Figure 10. - -![quickstart_start_screen_manager_5](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_5.webp) - -Figure 10. Endpoint Policy Manager Start Screen groups must be added to collections. - -**Step 5 –** Next, you'll see the Start Screen Tile Group Editor, shown in Figure 11. - -![quickstart_start_screen_manager_6](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_6.webp) - -Figure 11. The Start Screen Tile Group Editor is used to edit the Windows 10 Start Screen group. - -The Group Editor enables you to create or update a Windows 10 Start Menu Group. - -**NOTE:** The Group Editor only applies to groups you make using Endpoint Policy Manager, and -doesn't effect Windows 10 built-in, pre-made groups. - -The fields inside the Group Editor are as follows: - -- Group Name: The name of the actual item you'll be creating (or changing) on the Windows 10 target - machine. -- Comment: Space for optional comments to be added. -- State: Determines if the policy should apply or not. -- Action: Default settings are "Update" and "Create if not present." This will be described in more - detail in an upcoming section. -- Update Mode: Determines where new icons will be added. "Add to the Tail" will add new icons from - the end and "Insert at the top" will insert new icons from the front of the group. -- Placeholder: This is needed when an application is absent, but you want to make a pointer or - reference to them anyway. In this case, you can make a "gap" (which puts in a black, empty gap - tile) or you can insert an "Edge link" (which will explain what was missing). This will be - described in more detail in an upcoming section. -- Item-Level Targeting: This will be described in more detail in an upcoming section. - -**Step 6 –** For now, input the Group Name "My Important Apps" as seen in Figure 10. Then, keeping -the remainder of the details as shown, click "OK" to continue. Now you'll see a policy entry for the -group "My important apps" as shown in Figure 12. - -![quickstart_start_screen_manager_7](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_7.webp) - -Figure 12. A Start Screen group called "My important apps" is created on the end user's machine. - -**Step 7 –** Double-click "My important apps" to go inside the Group. In the next three sections, -you'll add one of each of the icon types (universal [UWP] application tile, desktop application -tile, and Edge tile), by right-clicking and selecting "Add to Group," as seen in Figure 13. - -![quickstart_start_screen_manager_8](/img/product_docs/endpointpolicymanager/startscreentaskbar/startscreen/quickstart_start_screen_manager_8.webp) - -Figure 13. Use the MMC editor to add a new universal (UWP) application tile, desktop application -tile, and new Edge tile. diff --git a/docs/endpointpolicymanager/startscreentaskbar/taskbar.md b/docs/endpointpolicymanager/startscreentaskbar/taskbar.md deleted file mode 100644 index de156c97ed..0000000000 --- a/docs/endpointpolicymanager/startscreentaskbar/taskbar.md +++ /dev/null @@ -1,54 +0,0 @@ -# Quick Start - Taskbar Manager - -Now you're ready to create Netwrix Endpoint Policy Manager (formerly PolicyPak) Taskbar policies. - -**NOTE:** For a video overview of Taskbar Manager, see -[](https://www.endpointpolicymanager.com/products/endpointpolicymanager-start-screen-manager.html)[Endpoint Policy Taskbar Manager: Quick Demo](/docs/endpointpolicymanager/video/startscreentaskbar/demotaskbar.md). - -Like the Endpoint Policy Manager Start Menu policies, Endpoint Policy Manager Taskbar Manager -policies also must reside within collections. - -**Step 1 –** First, find the Taskbar Manager for Windows 10 node within the User | Endpoint Policy -Manager nodes in the Group Policy Editor. Then right-click to open the Taskbar Manager to create -your first Endpoint Policy Manager Taskbar Manager collection, as shown in Figure 28. - -![quickstart_taskbar_manager](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager.webp) - -Figure 28. The Endpoint Policy Manager Taskbar Manager Collection Editor. - -**Step 2 –** For this Quickstart, we recommend you set the Action field to "Replace." For reference, -the Action field values are the following: - -- Merge: Will keep and maintain OS defaults and anything a user has manually pinned to the Taskbar - while adding your new items. -- Replace: Will remove OS defaults and anything a user has manually pinned while replacing with your - new items. - -**Step 3 –** Next, within the collection, you can add items like those shown in Figure 29. - -![quickstart_taskbar_manager_1](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager_1.webp) - -Figure 29. Adding universal (UWP) or desktop application policies. - -**Step 4 –** You can add any registered application using the same process you used earlier in the -"Adding Desktop Applications" section. For this Quickstart, select Adobe Reader. Then add a UWP -application. For testing purposes, you should select Calculator or Alarms & Clock. When you do, -you'll see the two items inside the Endpoint Policy Manager Taskbar Manager collection shown in -Figure 30. - -![quickstart_taskbar_manager_2](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager_2.webp) - -Figure 30. Taskbar policies are contained within collections. - -**Step 5 –** On the endpoint, run GPUpdate and then log off and log on again to get the policy -settings. The result can be seen in Figure 31. - -![quickstart_taskbar_manager_3](/img/product_docs/endpointpolicymanager/startscreentaskbar/quickstart_taskbar_manager_3.webp) - -Figure 31. Policy settings applied after using PolicyPak Taskbar Manager "Replace" mode. - -Since "Replace" mode was used, all Taskbar defaults have been removed and the settings you selected -are implemented. - -This ends the Endpoint Policy Manager Start Screen & Taskbar Manager Quickstart sections. Next, -we'll dive into more detail about the Endpoint Policy Manager Start Screen & Taskbar Manager. diff --git a/docs/endpointpolicymanager/tips/emailoptout.md b/docs/endpointpolicymanager/tips/emailoptout.md deleted file mode 100644 index 418b7af406..0000000000 --- a/docs/endpointpolicymanager/tips/emailoptout.md +++ /dev/null @@ -1,33 +0,0 @@ -# Which Endpoint Policy Manager emails can / can't I opt out of ? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) sends emails from time to time to keep you -updated about learning opportunities as well as technical and security updates. - -As a Primary or Secondary on the Endpoint Policy Manager account, you may opt in or out of the -following emails: - -- Every Monday: Schedule for this week's 20 minute Deep Dive Demo learnings. -- Every Friday: New Knowledge Base articles, Tips and Tricks, Videos, and ‘Endpoint Policy Manager - in the news'. -- As it happens: Portal Updates for Paks, Manuals, minor or major updates. -- As it happens: Tips and Tricks from MDMandGPanswers.com - -What you cannot opt out of are the following types of emails: - -- Direct emails from our team members. -- Automated emails with passwords resets / portal information / license information. -- Major Client Side Extension update announcements. -- Any security concerns. -- Renewal-time emails before you expire (which start 90 days before you expire.) -- General announcements and requests (like survey requests, etc.) - -You may use the portal.endpointpolicymanager.com login, then select Your Profile to choose to opt out of SOME -emails. - -If, after un-selecting the items below, you still want to receive LESS email, then you will need to -establish another email address and use that. - -We at Endpoint Policy Manager have a responsibility for ensuring that some communications get to -you, and agree to do our best. It's up to you if you wish to actively block these emails. - -![693_1_faq2](/img/product_docs/endpointpolicymanager/tips/693_1_faq2.webp) diff --git a/docs/endpointpolicymanager/tips/eventlogs.md b/docs/endpointpolicymanager/tips/eventlogs.md deleted file mode 100644 index 2e7b3973c5..0000000000 --- a/docs/endpointpolicymanager/tips/eventlogs.md +++ /dev/null @@ -1,186 +0,0 @@ -# Windows 10 (and Server) Event Logs to Azure Log Analytics Walkthru - -It's a Cloud, Cloud, Cloud, Cloud, Cloud, Cloud world. Except actually most of your stuff is still -likely mostly on-prem, or acts that way. Take Windows 10 for instance. Windows 10 has events in the -event logs, and maybe you already know about on-prem Event Forwarding. - -**NOTE:** If you want to learn more about on-prem Event Forwarding, you can see my Walkthrough of -that here -[Using Windows Event Forwarding to search for interesting events](/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md) -and -[How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md). - -But how do we take on-prem events from Windows 10 (or Windows Server) and get the up to the cloud -for later analysis? If you have 24, 250, or 25,000 domain joined (or even NON-domain joined) -machines, say with Windows Intune or Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud… how -can you do the equivalent of event forwarding to some central place? - -That is the job of Azure Log Analytics. I'm going to call it "LA" for short. - -LA had an original name, OMS which stood for Operations Management Suite, but as near as I can tell, -that's over. But its good to know LA's original name, because you'll see OMS pop up from time to -time in the walkthrough, docs, and software. Additionally, it's also good to know that what you'll -see here is build upon the original System Center Microsoft Operations Manager (SCOM); but I won't -be using that function. - -The official documentation for LA can be found -[https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows); -but I had a few stumbles. Some tips o' the hat to Travis Roberts' video and blog which also helped -give me a leg up. The blog is -[https://www.ciraltos.com/collect-custom-windows-event-logs-in-log-analytics/](https://www.ciraltos.com/collect-custom-windows-event-logs-in-log-analytics/) -and the helpful video series on Azure Log Analytics (though a little old now because of the name and -UI changes) can be found at: -[https://www.youtube.com/watch?v=6hgvjgPBNzE&list=PLnWpsLZNgHzVXXyN9a0jm9xNNDrikHf8I](https://www.youtube.com/watch?v=6hgvjgPBNzE&list=PLnWpsLZNgHzVXXyN9a0jm9xNNDrikHf8I) - -My goal in researching this project was to give some Endpoint Policy Manager MDM Customers a quick -guide to research interesting events that Endpoint Policy Manager automatically logs to its own -event log. But in this guide, I'm also going to show you how to collect some standard and also some -extra event logs. - -To get started you need a Log Workspace. This is basically a security block between this collection -of logs, and say another collection of logs. Each Log Workspace has a GUID based Workspace ID and -two keys (Primary and Secondary.) You'll use these to send, say, YOUR Windows 10 machines' event -logs to your workspace. And the other Azure admins … you know, those SQL server people or Exchange -or whatever … they'll send their event logs to their workspaces. - -**Step 1 –** To get started use the big search thingie to find "Log Analytics workspaces" like -what's seen here. - -![f5f03570b7ec45-img-01](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ec45-img-01.webp) - -Then, there's a little Wizard (not shown) to help you get started. Basically it's asking you for -names and which Azure region you want to keep the data in. Then after it gets going you'll see "Your -deployment is underway" like what's seen here. - -![f5f03570bb83ef-img-02](/img/product_docs/endpointpolicymanager/tips/f5f03570bb83ef-img-02.webp) - -**Step 2 –** Then you should be thrown into the Advanced settings like what's seen here. If not, -find the Workspace you just created and click Advanced in the left-side menu. It should get you to -this place. Note then the "WORKSPACE ID" and "PRIMARY KEY" like what's seen here. Hang on to those, -you'll need these in a bit. Then also download the Windows Agent 64-bit or 32-bit to get started for -your example machines. - -![f5f03570bb8f55-img-03](/img/product_docs/endpointpolicymanager/tips/f5f03570bb8f55-img-03.webp) - -In this example, we'll be installing the LA Agent by hand on a test machine. In real life you could -use, say Windows Intune to deploy it with command line options to just chuck in your Workspace ID -and Primary Keys and do the whole thing silently and automatically. - -**Step 3 –** Once you have the download, get it over to your test machine. Machine can be real or -virtual. Note that you shouldn't do this (nor do you need to) for WVD virtual machines. Those have a -magical connector to accept event logs to LA; and you shouldn't need to use this method. (Docs: -[https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics](https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics) and -a -blog [https://www.mdmandgpanswers.com/blogs/view-blog/windows-10-and-server-event-logs-to-azure-log-analytics-walkthru](https://www.mdmandgpanswers.com/blogs/view-blog/windows-10-and-server-event-logs-to-azure-log-analytics-walkthru)) - -![f5f03570bc2bfc-img-04](/img/product_docs/endpointpolicymanager/tips/f5f03570bc2bfc-img-04.webp) - -**Step 4 –** Then, Up, Up and away. Launch the agent.. which requires admin rights. (Or, pro tip: -Use Endpoint Policy Manager Scripts to install it automatically where the script is -elevated.[Endpoint Policy ManagerScripts .. Deploy Software via VPN or with Endpoint Policy Manager Cloud](/docs/endpointpolicymanager/video/scriptstriggers/cloud.md) - -**Step 5 –** You'll need to select "Connect the agent to Azure Log Analytics (OMS)" like what's seen -here. - -![f5f03570bad3be-img-05](/img/product_docs/endpointpolicymanager/tips/f5f03570bad3be-img-05.webp) - -**Step 6 –** Then, it's time to chuck in your Workspace ID and Workspace Key. And you'll likely keep -the default of Azure Cloud: Azure Commercial. Pull the pulldown if you have something unusual to -select here. - -![f5f03570bbca1c-img-06](/img/product_docs/endpointpolicymanager/tips/f5f03570bbca1c-img-06.webp) - -**Step 7 –** Yes, you want to check for updates when MS Update kicks in…. - -![f5f03570bc37d5-img-07](/img/product_docs/endpointpolicymanager/tips/f5f03570bc37d5-img-07.webp) - -**Step 8 –** And.. you're basically done. - -![f5f03570be8938-img-08](/img/product_docs/endpointpolicymanager/tips/f5f03570be8938-img-08.webp) - -**Step 9 –** Now let's make sure we're talking in both directions. The Microsoft Monitoring Agent is -found in Control Panel… which is a weird place, but, hey… that's okay. - -![f5f03570be4088-img-09](/img/product_docs/endpointpolicymanager/tips/f5f03570be4088-img-09.webp) - -**Step 10 –** Then click the Azure Log Analytics (OMS) tab and … see you're talking outbound. - -![f5f03570bec541-img-10](/img/product_docs/endpointpolicymanager/tips/f5f03570bec541-img-10.webp) - -**Step 11 –** Back in Azure, in the Advanced Settings page, the zero should be one ! - -![f5f03570bdece8-img-11](/img/product_docs/endpointpolicymanager/tips/f5f03570bdece8-img-11.webp) - -**Step 12 –** Now it's time to add in the actual event logs you want to capture. Note that the more -you capture, the more you pay. Strictly speaking for the Endpoint Policy Manager customer I made -this blog entry for, he only needed to capture the Endpoint Policy Manager log (which I do last.) -But just for completeness and testing, I'll capture some more too, since you might not have the -Endpoint Policy Manager Log. (And, why don't you!? Come on over and check out Endpoint Policy -Manager for Pete's sake. Really, your sake to be honest.) - -![f5f03570bc37d5-img-12](/img/product_docs/endpointpolicymanager/tips/f5f03570bc37d5-img-12.webp) - -**Step 13 –** So just type Application then +. Then System and + and bingo. Those are "well known" -logs which LA knows about and pre-populates this list. But Endpoint Policy Manager? Not as common.. -(Yet !) Therefore you could take a guess that our event logs are named Endpoint Policy Manager (they -are…). But how would you know? - -![f5f03570be8938-img-13](/img/product_docs/endpointpolicymanager/tips/f5f03570be8938-img-13.webp) - -**Step 14 –** The trick is to find the log you want to capture in Windows, and go to its properties -and get its Full Name like what's seen here. Yeah, this one was easy. - -![f5f03570be4088-img-14](/img/product_docs/endpointpolicymanager/tips/f5f03570be4088-img-14.webp) - -But some are harder. I also wanted to capture the MDM event log which has a goofy and weird name. To -get it, I went into an Event inside that log and captured its name -microsoft-windows-devicemanagement-enterprise-diagnostics-provider/Operational and its brother -microsoft-windows-devicemanagement-enterprise-diagnostics-provider/admin. - -![f5f03570bec541-img-15](/img/product_docs/endpointpolicymanager/tips/f5f03570bec541-img-15.webp) - -You can see that second log here… - -![f5f03570bdece8-img-16](/img/product_docs/endpointpolicymanager/tips/f5f03570bdece8-img-16.webp) - -**Step 15 –** Once I pasted in all the logs and added them, I clicked Save and got this! - -![f5f03570b7ec3c-img-17](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ec3c-img-17.webp) - -## Data.. data? Do we have data ? - -**Step 1 –** Click on Logs and close the sample queries. Let's just see what have. All of it (which -shouldn't be much.) - -![f5f03570b7ee5e-img-18](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ee5e-img-18.webp) - -**Step 2 –** In the top box, type SEARCH - -**Step 3 –** Then click Run. Bingo.. out should pop all the events that have been captured. You can -change the Display Time to make sure that you're getting the right events, right now. - -![f5f03570b7e690-img-19](/img/product_docs/endpointpolicymanager/tips/f5f03570b7e690-img-19.webp) - -**Step 4 –** It took a little while for the non-well-known logs to show up. But maybe it will work -faster for you than for me. If you want to give it a shot and try your non-well-known logs, like -this, give it a go. - -`Event | where Eventlog == "PolicyPak"` - -**Step 5 –** Then click Run again. - -Pow! Here come your logs. - -![f5f03570b7ed35-img-20](/img/product_docs/endpointpolicymanager/tips/f5f03570b7ed35-img-20.webp) - -Then I can also dig into an event, and … hey look ! EastSalesUser1 ran Procmon, and Endpoint Policy -Manager did the elevation ! Amazeballs ! - -![f5f03570b7e4f0-img-21](/img/product_docs/endpointpolicymanager/tips/f5f03570b7e4f0-img-21.webp) - -That's it. Well, that's basics anyway. - -_Remember,_ this blog is a simple walkthrough / getting started. This isn't "Magic Tricks with -Windows Analytics." But if I had this guide, I would have been up and running about 10x faster. So I -hope this helps you out and shows how you can take on-prem or "Always on the go" Windows 10 machines -and record their logs, then sort thru them for actionable items and trends. diff --git a/docs/endpointpolicymanager/tips/mmcdisplay.md b/docs/endpointpolicymanager/tips/mmcdisplay.md deleted file mode 100644 index 68dd382961..0000000000 --- a/docs/endpointpolicymanager/tips/mmcdisplay.md +++ /dev/null @@ -1,10 +0,0 @@ -# How can I fix MMC display problems when my admin console uses high DPI? - -Sometimes applications will draw in an unusual way when adding or removing policies. - -To fix this, use the Group Policy editor to specify the following policy such that it hits the Admin -station. - -This policy doesn't need to hit the end-points.. just the admin machine. - -![603_1_faq-5-img-1](/img/product_docs/endpointpolicymanager/tips/603_1_faq-5-img-1.webp) diff --git a/docs/endpointpolicymanager/tips/onpremisecloud.md b/docs/endpointpolicymanager/tips/onpremisecloud.md deleted file mode 100644 index 2d654e38ce..0000000000 --- a/docs/endpointpolicymanager/tips/onpremisecloud.md +++ /dev/null @@ -1,12 +0,0 @@ -# Can I use both Endpoint Policy ManagerOn Premise mode and Endpoint Policy Manager Cloud simultaneously? Do they clash? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) On-Prem Suite and Endpoint Policy Manager Cloud -have been designed to play nicely together. - -Therefore, you can use either the Endpoint Policy Manager Cloud to deliver your setting and/or, say, -Group Policy or SCCM to deliver your setting. - -All policies are simply merged together. If there's a conflict, the on-premise directive (say, using -Group Policy) wins. - -![609_1_img19-deliveryconflict005-resized-450px](/img/product_docs/endpointpolicymanager/tips/609_1_img19-deliveryconflict005-resized-450px.webp) diff --git a/docs/endpointpolicymanager/tips/services.md b/docs/endpointpolicymanager/tips/services.md deleted file mode 100644 index 495f365148..0000000000 --- a/docs/endpointpolicymanager/tips/services.md +++ /dev/null @@ -1,4 +0,0 @@ -# Are the services installed with Endpoint Policy Manager required? Can I disable them if I'm only using a single component? - -Yes. The services are an integral part of every Netwrix Endpoint Policy Manager (formerly PolicyPak) -component and required for each of them to function properly. diff --git a/docs/endpointpolicymanager/troubleshooting/administrativetemplates/missingcollections.md b/docs/endpointpolicymanager/troubleshooting/administrativetemplates/missingcollections.md deleted file mode 100644 index eef7cc6431..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/administrativetemplates/missingcollections.md +++ /dev/null @@ -1,10 +0,0 @@ -# I've created a collection in the Administrative Templates Manager and I've added policies to that collection. However, they are not showing up in the main window. - -![705_1_2015-05-04_1402](/img/product_docs/endpointpolicymanager/troubleshooting/administrativetemplates/705_1_2015-05-04_1402.webp) - -If your Admin Station is Windows 7, ensure you have .Net Framework 3.5 specifically installed on -your management station. Later versions of .Net Framework are not compatible with Netwrix Endpoint -Policy Manager (formerly PolicyPak) on Windows 7. - -If your Admin Station is Windows 8 and later, ensure you have .Net Framework 4.0 or higher -specifically installed on your management station. diff --git a/docs/endpointpolicymanager/troubleshooting/antivirus.md b/docs/endpointpolicymanager/troubleshooting/antivirus.md deleted file mode 100644 index 310e5c5aad..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/antivirus.md +++ /dev/null @@ -1,15 +0,0 @@ -# Why does my mail anti-virus service claim that the Endpoint Policy Manager download ISO or ZIP has a virus? - -Netwrix Endpoint Policy Manager (formerly PolicyPak)'s "Guidance" has some example VBS / VBscript -files which can be flagged if your mail service is set to detect any kind of threat. - -The VBscript examples we use are being detected...as just that. VBscripts in a zip. - -They are in this location, and sometimes they are caught, and sometimes they are not. - -![756_1_img1](/img/product_docs/endpointpolicymanager/troubleshooting/756_1_img1.webp) - -The example files we provide are examples to use or ignore. And, we even put it into the readme of -the folder about the possibility of this file being seen by download filters. - -![756_3_img2](/img/product_docs/endpointpolicymanager/troubleshooting/756_3_img2.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/feature.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/feature.md deleted file mode 100644 index 6a38508845..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/feature.md +++ /dev/null @@ -1,7 +0,0 @@ -# I deselected the Applock feature, Disable whole tab in target application, but the elements are still grayed out. How can I fix this? - -Simply unchecking "Disable whole tab in target application" will not restore the designated user -interface. - -You must select "Force display of whole tab in application" to restore the elements within the UI on -the client. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/overview.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/overview.md deleted file mode 100644 index ffec15b686..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/applock/overview.md +++ /dev/null @@ -1,8 +0,0 @@ -# Problems with Endpoint Policy Manager AppLock™ - -Sometimes the Endpoint Policy Manager AppLock™ features do not show themselves on the client -machine. Not all the preconfigured Paks will lock the user-interface (UI) of applications. When you -captured the application's UI using Endpoint Policy Manager DesignStudio, did you capture it on one -type of machine and then try to deploy it to another? For instance, did you capture WinZip while -running on Windows 7 and then try to deploy it to a Windows 10 machine? This might work, but -sometimes it might not. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/storage.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/storage.md deleted file mode 100644 index 1f9cc8ea5b..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/storage.md +++ /dev/null @@ -1,12 +0,0 @@ -# I do not have access or ability to create the Central Store. What should the best practice to store AppSets be? - -Here's the rule of thumb: - -- If YOU are Domain Administrator, and you CAN create a Central Store, you should do that. -- If YOU are NOT a Domain Admin (and therefore you CANNOT create the Central Store) then you should - use a Share Based Store instead. - -Here's a video on how to do that (using Netwrix Endpoint Policy Manager (formerly PolicyPak) -Application Manager) - -[Using Shares to Store Your Paks (Share-Based Storage)](/docs/endpointpolicymanager/video/applicationsettings/shares.md) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versions.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versions.md deleted file mode 100644 index 8bbe5427f3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/appset/versions.md +++ /dev/null @@ -1,42 +0,0 @@ -# AppSets: Why do some AppSets have pre-defined Item Level Targeting for an EXACT version number, and others say "Version 7 to 99" (or similar)? - -We create a test AppSet for a specific product version. But we want the latest version we release to -work for whatever comes next from the manufacturer. - -Let's use Techsmith Snagit as an example. As of this writing, there are two AppSets for Snagit: 10 -and 11. - -The AppSet for Snag it 10 has its Internal ILT set so it only delivers settings WHEN specifically -version 10 of SnagIt is on the machine. The Internal ILT is set as follows: - -When %ProgramFiles%TechSmithSnagit 10SnagitEditor.exe FILE VERSION is between 10.0.0.0 and 11.0.0.0. -OR the file %ProgramFiles(x86)%TechSmithSnagit 10SnagitEditor.exe FILE VERSION is between 10.0.0.0 -and 11.0.0.0. - -But the Snag it 11 AppSet has its Internal ILT set so it delivers when version 11 and up to 99 is on -the machine. Its internal ILT is set as follows: - -When `%ProgramFiles%TechSmithSnagit 11SnagitEditor.exe` FILE VERSION is between 11.0.0.0 and -99.0.0.0 OR the file` %ProgramFiles(x86)%TechSmithSnagit 11SnagitEditor.exe` FILE VERSION is between -11.0.0.0 and 99.0.0.0. - -Let's assume Techsmith Snagit 12 comes out, and users install it, or it otherwise appears on -machines. It's VERY LIKELY that the AppSet we already created for SnagIt 11 will mostly work for the -next version, version 12. - -Then, when version 12 comes out, we test our Version 11 AppSet with Version 12 of the application -and we do one of two things: - -1. If there are NO updates at all to the AppSet, we do nothing but make a note in the readme file. - We note that the AppSet continues to work as expected. -2. If a AppSet DOES require updates: -      a) We then CHANGE version 11's Internal Filter to work SPECIFICALLY for Version 11. -      b) We produce the AppSet for version 12. And make its Internal Filter work for Version 12 - to 99. - -Now when SnagIt 13, 14, etc comes out, the version 12 AppSet will most likely keep working with it. - -This same idea extends, say to Firefox which gets updated quite often in the VERSION number, but -usually, no new checkboxes or features appear in the Firefox Options. - -In this way, newer versions of Firefox will "just work" when using our latest Firefox AppSet. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/gpos.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/gpos.md deleted file mode 100644 index 3ff3a1c553..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/gpos.md +++ /dev/null @@ -1,7 +0,0 @@ -# Is there an easy way to back up the GPO's I configured with Application Manager? - -Backing up a Netwrix Endpoint Policy Manager (formerly PolicyPak) based GPO can be backed up the -same way as all other Group Policy Objects. Simply highlight the desired GPO itself in Group Policy -Management, right click and select Back Up. You can also highlight the Group Policy Objects -container node of all of your GPOs, right click and select Back Up All which will back up all of -your GPOs in one swipe. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/overview.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/overview.md deleted file mode 100644 index 953838e647..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/overview.md +++ /dev/null @@ -1,86 +0,0 @@ -# Backup, Restore, and XML Export and Import - -In this section, we're going to learn about how to backup and restore with regards to Netwrix -Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager and understand how -Endpoint Policy Manager Application Settings Manager performs Group Policy reporting. - -Let's recall the three pieces that constitute Endpoint Policy Manager Application Settings Manager: - -- The pXML file created using Endpoint Policy Manager DesignStudio. This is your source file that - defines your AppSet. -- The Endpoint Policy Manager extension DLL. This is the output after you compile your pXML file, - which enables you to see your AppSet inside the group policy object (GPO). -- The Endpoint Policy Manager Application Settings Manager data that is stored in the GPO. This - defines the precise settings inside your GPO. - -## Backup and Restore - -**NOTE:** Video: For an overview video of how to backup and restore, please see this -video:[Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md). - -The three pieces that constitute Endpoint Policy Manager Application Settings Manager should be -backed up in case of loss, failure, overwriting, or some other damage. Below, we describe some -suggested best practices for backing up your files. - -The pXML files you create with the Endpoint Policy Manager DesignStudio should be placed in a secure -place and be available in case of loss or damage. These are only text (XML) files and can be easily -stored. Be sure to have backups of these files in case of an emergency. Treat them like any other -important document in your company. - -The Endpoint Policy Manager extension DLLs are best placed in the Central Storage. These files are -then replicated to all domain controllers and are available for use when administrators roam from -machine to machine creating GPOs. However, these should also be backed up and stored in a secure -place where they can be available in case the Central Storage is damaged or someone deletes a -Endpoint Policy Manager extension DLL from it. These files are usually quite small and can be easily -stored. - -The Endpoint Policy Manager Application Settings Manager data inside a GPO is backed up and restored -with normal GPMC backup procedures, as seen in Figure 90. - -![backup_restore_and_xml_export](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/backup_restore_and_xml_export.webp) - -Figure 90. Backing up data with normal GPMC backup procedures. - -If a GPO is ever deleted, its data can be quickly restored using the GPMC's "Manage Backups" option, -also seen in Figure 89. - -When restoring, the Endpoint Policy Manager Application Settings Manager data and all the modes -(Enforcement, Reversion, and Endpoint Policy Manager AppLock™) are restored. - -## Settings for XML Export and Import - -**NOTE:** For an overview of exporting and importing settings, please see this video: -[Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) -(at the 2 minute and 50 second mark). - -The exact settings you specified inside an AppSet within a GPO can be exported and imported. This -might be useful if you have to test out different scenarios (perhaps again and again) but don't want -to start fresh every time with the defaults you set within the AppSet. You might also want to -configure a group of settings within an AppSet and share those exact settings with another -administrator for later implementation. - -The idea of exporting is simple: use your AppSet, set your settings, click on the Options button, -and then select "Export" to export the data, as seen in Figure 91. - -![backup_restore_and_xml_export_1](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/backup/backup_restore_and_xml_export_1.webp) - -Figure 91. The exact settings you specified inside a Pak within a GPO can be exported and, later, -imported by selecting one of these options. - -You will be prompted for a location to save your data. Be sure to give a name that makes sense for -your AppSet, configuration scenario, or test case. Note that the file is an XML file and can only be -used to import data into the same (or very similarly configured) AppSet. It cannot be loaded into -the Endpoint Policy Manager DesignStudio or used for any other purpose. - -When you're ready, you can reverse the process by using the Endpoint Policy Manager | Import -function to import your previously exported settings. Note that an import will only change elements -that are defined within the XML you are importing. That is, the import process may overwrite some -existing values, and it may also leave existing values alone. Again, only values defined in the XML -are changed upon import. - -**NOTE:** Exporting settings in XML is different than XML data export, which is described in -Appendix A: Using Endpoint Policy Manager with MDM and UEM Tools. Use "Exporting Directives as XML -Data Files" to export settings to save or reload into Group Policy Objects. Use XML data export -(Appendix A) to deploy Endpoint Policy Manager settings without using Group Policy Objects, for -instance, with use of Microsoft Endpoint Configuration Manager, Endpoint Policy Manager MDM or -Endpoint Policy Manager Cloud. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/checkmarks.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/checkmarks.md deleted file mode 100644 index 1d3db20b04..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/checkmarks.md +++ /dev/null @@ -1,8 +0,0 @@ -# I am configuring the values for some settings for an application. Many of these settings involve checkmarks which are unchecked by default. How can I tell if an unchecked checkbox is being delivered or not? - -Whenever you modify a value for an application setting within Netwrix Endpoint Policy Manager -(formerly PolicyPak), the setting is underlined. An underlined setting means that Endpoint Policy -Manager will deliver the configured value of that setting. For instance, if you check a checkbox -that by default is unchecked, the setting will then become underlined, stating that Endpoint Policy -Manager will now enforce that checked value. Simply uncheck the checkbox and the setting remains -underlined, showing that the unchecked value will not be delivered. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/policies.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/policies.md deleted file mode 100644 index f6eccb233e..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/chrome/policies.md +++ /dev/null @@ -1,10 +0,0 @@ -# Chrome Policies don't appear to work when using Endpoint Policy Manager Cloud. - -Chrome's POLICIES are supported only when machines are domain joined. - -If your machine is NON-domain joined when used with PPCloud .. which is a typical case, -Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Manager settings cannot be -delivered to Chrome. - -We are working on a workaround in the future, but at this time, there is no workaround unless the -machine is domain joined. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/designstudio.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/designstudio.md deleted file mode 100644 index 6a1d42c4bd..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/designstudio.md +++ /dev/null @@ -1,5 +0,0 @@ -# Is there a particular naming scheme I need to use when compiling my Paks within Design Studio? - -When naming a newly compiled Netwrix Endpoint Policy Manager (formerly PolicyPak), the name must -begin with the letters pp. Endpoint Policy Manager will automatically put this in for you. If you -rename it later (stripping pp- from the name) the pak will not be shown in the MMC. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/downgrade.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/downgrade.md deleted file mode 100644 index 2b9eb09772..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/downgrade.md +++ /dev/null @@ -1,7 +0,0 @@ -# We upgraded our DLL files recently after creating a new Pak with Design Studio. After the implementation we would like to revert back to the original Pak. I have a local copy of the former DLL. Can I downgrade to the curre - -Yes, not only can Netwrix Endpoint Policy Manager (formerly PolicyPak) DLLs be upgraded from one -version to another, they can be downgraded from one version to another as well. The warning, -however, is that any deleted items within the Pak will also be "dropped" from within the Group -Policy data. So, please upgrade and download your paks with caution. See the section "Version -Control of Endpoint Policy Manager Extension DLLs" in the PolicyPakQuickStart guide. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/entrysettings.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/entrysettings.md deleted file mode 100644 index 39027d7f98..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/entrysettings.md +++ /dev/null @@ -1,14 +0,0 @@ -# HowTo: One of my AppSet entry's settings is not getting delivered on target machines. What should be the first thing to look into? - -The most common reason for items not applying is that the Internal Item Level Targeting within a -AppSet doesn't match/evaluate to TRUE on your target machine. - -For instance, the Internal (Pre-defined) Item Level Targeting (ILT) which specifying an application -version in the AppSet for an application that you don't have. - -Usually, the Internal ILT is tied down for "Version X and Later", but it could be very version -specific. - -See this video to bypass the ILT: - -[Bypassing Internal Item Level Targeting Filters](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargetingbypass.md) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/gpos.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/gpos.md deleted file mode 100644 index 6e702b561a..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/export/gpos.md +++ /dev/null @@ -1,7 +0,0 @@ -# Can I Export my GPO settings so that they can be used in the future to create similar GPOs? - -Exporting and Importing Netwrix Endpoint Policy Manager (formerly PolicyPak) GPOs is simple and -fast. Simply go to the PolicyPak Management screen in the GPO edit console. Open up the Endpoint -Policy Manager and look for the Endpoint Policy Manager button in the bottom left-hand corner. Click -the button and choose Export and select the export destination.You do the same process except select -Import when you want to import the GPO. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/certificates.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/certificates.md deleted file mode 100644 index 14365da5a1..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/certificates.md +++ /dev/null @@ -1,91 +0,0 @@ -# Firefox: How do I troubleshoot adding Certificates with Endpoint Policy Manager and Firefox? - -There are various areas you should troubleshoot FIRST with FF and Certificates. - -Shortest possible answer to 99% of problems with FF + Certificates: - -1. Are you using FF ESR? You must use FF ESR… - [Read THIS](https://www.endpointpolicymanager.com/pp-blog/endpointpolicymanager-will-soon-only-support-firefox-esr). -2. Do you have the LATEST CSE on the endpoint? STOP: Make sure. -3. Also; couldn't hurt to upgrade your MMC console to latest version. -4. Are you using the LATEST Firefox pak? STOP: Make sure. -5. Re-open and re-save the cert as a DER binary; even if you think it is that way already. (See Step - 3 in the longer article below.) -6. Change the file extention from .cer to .der -7. Ensure your syntax is correct \DCShareFabrikam-CA.cer, 2, ROOT, add And NOT: - \DCShareFabrikam-CA.cer, ROOT, 2, add -8. If you tried CA or ROOT… try the other one. - -Longer troubleshooting (which you absolutely must go thru before we can do anything more… and you -must do these step by step.) - -**Step 1 –** Check the compatibility chart first - -[Firefox: What versions of the Endpoint Policy Manager CSE support managing certificates in what versions of Firefox?](/docs/endpointpolicymanager/requirements/support/applicationsettings/firefox/version.md) - -**Step 2 –** Watch the Netwrix Endpoint Policy Manager (formerly PolicyPak) and Firefox cert video -for a how-to - -**Step 3 –** The most common reason certificates fail to import is because they are the WRONG -FORMAT. - -Endpoint Policy Manager only imports certificates which are ALREADY in what's called the BINARY DER -format. - -Full details on how to do this are in the document Endpoint Policy Manager Application Settings -Manager – Using the Firefox Pak.PDF Located in the customer portal. - -If you are UNSURE if your cert is BINARY DER or not, here's what you can do to ENSURE that it is -BINARY DER. - -If the CERT is a-ok inside Firefox ALREADY, you can then EXPORT it like this to ensure it is a -BINARY DER file. - -![214_1_image002](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/214_1_image002.webp) - -When you save, save it as a .DER extension. - -**Step 4 –** Look at the Endpoint Policy Manager ppSwitched.log file - -Look in appdatalocalusernamepolicypakpolicypak application manager inside ppSwitched.log. - -Does it appear that Endpoint Policy Manager is trying at all? - -``` -Processing FF: Certificates -{Adding certificate C:\ABC.cer to root store. Replace interval: always -Adding certificate C:\DEF.cer to ca store. Replace interval: always} -``` - -If yes, that's good. - -**Step 5 –** Is the Endpoint Policy Manager Firefox Plug in working? - -You can also use Firefox's log by being on any page and clicking Ctrl+Shift+J. - -In the log below certificates being added to the proper stores. You can also see ERROR CONDITIONS as -well which are helpful for troubleshooting. - -![214_2_image007](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/214_2_image007.webp) - -**Step 6 –** Other reasons your cert just isn't working - -- The certificate is not designed to work in the store of your choice. For instance, you've selected - an email certificate and tried to use it in the ROOT or CA store. Self signed certs are best in - the ROOT store, and not the CA store. -- You have misspelled the name of the file. For instance, the file is really named - \serversharefile123.cer but you specified \serversharefile123 or \serversharefile123.x509 or - \serversharefile1.DER ? -- When specifying a certificate and the number of days that Endpoint Policy Manager should check for - updates, you transpose the values. The correct way to specify a cert and check every, say, 2 days - is\DCShareFabrikam-CA.cer, 2, CA, add - And NOT: - \DCShareFabrikam-CA.cer, CA, 2, add - In the logs, you would see this transposition error demonstrated as: - -![214_3_image008](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/firefox/214_3_image008.webp) - -**Step 7 –** Send us your cert, and we'll send you ours. - -We can try to see if YOUR CERT works in OUR environment. -We can also send you OUR TEST CERT and see if it works in YOURs. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/fontsetting.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/fontsetting.md deleted file mode 100644 index 2ce272aadf..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/fontsetting.md +++ /dev/null @@ -1,5 +0,0 @@ -# I'm trying to find a particular font setting in one of your Word Paks but I can't find it. Is the setting not supported? - -Although the vast majority of application settings can be delivered in our preconfigured Netwrix -Endpoint Policy Manager (formerly PolicyPak)s, there are some exceptions. You can try configuring -the setting yourself using the Endpoint Policy Manager design studio. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/httpsites.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/httpsites.md deleted file mode 100644 index 6f2ba9f067..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/httpsites.md +++ /dev/null @@ -1,12 +0,0 @@ -# Internet Explorer: Why don't HTTP sites get added to the Trusted Site list? - -IE itself wont allow HTTP sites unless you loosen the security in IE. - -Use Netwrix Endpoint Policy Manager (formerly PolicyPak) to do it for you. - -On the Security tab, ensure "Trusted: Require server verification https:" and "Intranet: Require -server verification https" are both UNDERLINED and UN-Checked. - -This will deliver "un-check" to these settings, allowing for HTTP zones. - -![240_1_image002](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/240_1_image002.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfail.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfail.md deleted file mode 100644 index adf14f19d2..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfail.md +++ /dev/null @@ -1,15 +0,0 @@ -# Internet Explorer: Why Internet Explorer is not launching after I apply "Perform ACL Lockdown"? - -If you select ACL Lockdown from the IE option you may experience that the iexplorer.exe process -closes itself, thus failing IE with successful launch. - -That's because, currently we have limitation with that feature support in IE. So uncheck the option -"Perform ACL Lockdown" by right-clicking on the PolicyPak elements: - -Example 1: - -![299_1_image004](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/299_1_image004.webp) - -Example 2: - -![299_2_image005](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/299_2_image005.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfailstig.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfailstig.md deleted file mode 100644 index 20edd946c4..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/launchfailstig.md +++ /dev/null @@ -1,13 +0,0 @@ -# Internet Explorer: Why does IE fail to launch after I apply ACL lockdown or all of the IE AppSet STIG settings? - -There are some settings, which when you use ACL lockdown, will prevent IE from launching. - -Removing ACL lockdown on either of these settings permits IE to launch: - -![284_1_ghjgdffhykui88dr](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/internetexplorer/284_1_ghjgdffhykui88dr.webp) - -Under the hood, the keys that are edited are in - -``` -HKEY_Current_UserSoftwareMicrosoftInternet ExplorerMain -``` diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/issue.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/issue.md deleted file mode 100644 index 9257ae8071..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/issue.md +++ /dev/null @@ -1,38 +0,0 @@ -# HowTo: What do I do if I find a problem with a preconfigured AppSet? - -While you are welcome to contact Netwrix Endpoint Policy Manager (formerly PolicyPak) support -concerning any issues with our preconfigured AppSets, we can recommend some steps to perform before -doing that. - -We encourage customers to take an active role if a Preconfigured AppSet appears to have some issue -in the definition. This is why we provide the Endpoint Policy Manager DesignStudio to customers – to -make and update settings for their own AppSets, or update our preconfigured AppSets. - -That being said, if you identify a pre-configured AppSet issue, here is our step-by-step -recommendation: - -- Ensure you are using the latest Endpoint Policy Manager CSE and latest AppSet. If you are unsure - of what the latest build is of Endpoint Policy Manager, post to the support forums, email support, - or ask your sales person. - -If that doesn't work: - -- Post a message to our support forums (customers and all trial users have access.) -- Narrow down the issue and help us understand what the AppSet is or is not doing. -- Provide screenshots and logs -- See if the community has a known fix for it and/or others can replicate the same problem. -- Use the Endpoint Policy Manager DesignStudio manuals and tool to help yourself and fix your own - AppSet definition issue. (And, please report your fix so we can update the AppSet for the future.) - -If you don't want try to fix a AppSet definition yourself, we (Endpoint Policy Manager Software tech -support) will try to analyze and remediate and AppSet issue if possible, knowing that it might take -some time (or might not be possible at all.) - -The more you can isolate the problem using the troubleshooting procedures outlined in the Endpoint -Policy Manager manuals, the better we can serve you. - -The preconfigured AppSets are examples we (Endpoint Policy Manager Software) provide the community -for free. - -Our company is based around a community model where we all help each other.  You will find that the -Endpoint Policy Manager user community is a true asset. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemleveltargeting/reports.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemleveltargeting/reports.md deleted file mode 100644 index aeba472fa7..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemleveltargeting/reports.md +++ /dev/null @@ -1,10 +0,0 @@ -# How is Item Level Targeting handled in reports? - -Endpoint Policy Manager works, evaluates and reports like the Group Policy Preferences do. - -Even if you have an ILT which evaluates to FALSE, there's no way to know that in the reporting -engine. - -So ILT always evaluates in the reporting as if it's ALWAYS true. - -This is also how Group Policy Preferences works as well, and hence, we follow the same model. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemsunavailable.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemsunavailable.md deleted file mode 100644 index 13b82bd200..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/itemsunavailable.md +++ /dev/null @@ -1,5 +0,0 @@ -# Other: I added a AppSet and some items are grayed out / not available. In other AppSets, everything seems available. What's happening? - -Features that are grayed out in any AppSet means that the setting isn't available to be delivered -via Netwrix Endpoint Policy Manager (formerly PolicyPak). For some applications, everything works, -for others, not everything is manageable. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/issue.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/issue.md deleted file mode 100644 index b32c327b11..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/issue.md +++ /dev/null @@ -1,17 +0,0 @@ -# Java: I don't see that any changes are working at all. What can I try first? - -Solution: - -Every pre-configured Pak comes with its own internal filters and in most cases those are targeting -to a specific version of Application. For instance, if you're using a specific Pak for Java, it -might be trying to apply only to the detected version on that machine. - -So if we have a different version on the target machine that doesn't mean there is no way we can see -the changes. We can still get Netwrix Endpoint Policy Manager (formerly PolicyPak) to deliver the -setting by disabling the internal item-level targeting. - -![323_1_image011dftyrty](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/java/323_1_image011dftyrty.webp) - -To see a demonstration video about Internal Filters and bypassing them, please see this - -[Bypassing Internal Item Level Targeting Filters](/docs/endpointpolicymanager/video/applicationsettings/itemleveltargetingbypass.md) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/sitelistexceptions.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/sitelistexceptions.md deleted file mode 100644 index 30bf0f9a3a..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/java/sitelistexceptions.md +++ /dev/null @@ -1,16 +0,0 @@ -# Java: Java Site List Exceptions just stopped working. What can I do to fix this? - -Sometimes Java will create an errant file which prevents Java Site Exceptions list from working as -expected. - -The file is zero bytes and found in - -``` -appdatalocallowsunjavadeploymentsecurity -``` - -For manual testing on one machine, delete that file, then run GPupdate to refresh. - -See if Java Site exceptions starts to work. - -![46_1_tip-if-java-site-lists-stop-working](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/java/46_1_tip-if-java-site-lists-stop-working.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/license/expires.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/license/expires.md deleted file mode 100644 index 0fc5383e95..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/license/expires.md +++ /dev/null @@ -1,7 +0,0 @@ -# What happens to a application setting when the GPO falls out of scope? - -By default, values for the application settings will remain as configured within the GPO. - -By selecting "Revert this policy setting to the default value when it is no longer applied" the -default values contained with the original Netwrix Endpoint Policy Manager (formerly PolicyPak) s -are then applied. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/license/gpo.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/license/gpo.md deleted file mode 100644 index fd77f2b67b..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/license/gpo.md +++ /dev/null @@ -1,8 +0,0 @@ -# What if I am having trouble getting the Licensing GPO installed? - -First, try running the LT as Domain Administrator. 99.9% of the problems with the licensing GPO is -that the person creating the licensing GPO doesn't have rights to do so. So, try that first. - -If that fails, this -[https://kb.endpointpolicymanager.com/kb/article/828-policypak-troubleshooting-license-gpo-creation/](https://kb.endpointpolicymanager.com/kb/article/828-policypak-troubleshooting-license-gpo-creation/) -demonstrates how you can definitely get it to work. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/limitations.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/limitations.md deleted file mode 100644 index 79afdd581c..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/limitations.md +++ /dev/null @@ -1,18 +0,0 @@ -# How many Endpoint Policy Manager policies can I create within one Group Policy Object? - -This isn't a PolicyPak limitation; you could theoretically have unlimited Netwrix Endpoint Policy -Manager (formerly PolicyPak) policies (entries) within one Group Policy Object. - -That being said, the only major concern would be the overall size of the "registry.pol" file WITIHIN -the Group Policy Object itself (found at following location: - -``` -C:\Windows\Sysvol\sysvolPoliciesuser or computer -``` - -On Windows XP and Windows 7, the maximum size permitted by Microsoft is 5MB, and usually, it takes -almost 10-15 Paks entries to reach 5MB. - -On Windows 8 and later, the max size is 100MB per Group Policy Object, meaning you can have a lot -more entries if you wanted within one Group Policy Object without issue (provided your target -machines are Windows 8 and later). diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/client.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/client.md deleted file mode 100644 index 94ca20f8d7..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/client.md +++ /dev/null @@ -1,45 +0,0 @@ -# Logs from the Client - -Endpoint Policy Manager CSE has several key log files. We mentioned them earlier when describing -what to send technical support. If you are interested in looking through the log files to help -diagnose your own problems, below is the list of Endpoint Policy Manager log files in Table 2. - -Table 2: Endpoint Policy Manager Application Settings Manager log files. - -| Log file | Location | Component | Description | -| -------------------------------------------------------------------- | ------------ | --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Commonly used logs: | | | | -| `ppUser.log` | LocalAppData | CSE | Main CSE log for user policies created during logon, background processing, or` gpupdate` calls. | -| `ppUser_manual.log` | LocalAppData | CSE | CSE log for user policies created during` ppupdate` call. | -| `ppUser_onLogon.log` | LocalAppData | CSE | CSE log for user policies created by PPWatcherSvc on logon. | -| `ppUser_onLaunch.log` | LocalAppData | CSE | CSE log for user policies created by automatic reapplication of settings at launch. This log is created for both installed and virtual applications. | -| `ppUser_onSchedule.log` | LocalAppData | CSE | CSE log for user policies created by automatic reapplication of settings using the timer. | -| `ppUser_onXmlData.log` | LocalAppData | CSE | CSE log for user policies created when XML Data settings are changed. | -| `ppSwitched.log` | LocalAppData | CSE | Main CSE log for Switched policies (i.e., Computer-side settings affecting all users on the machine). This log is created during background processing or `gpupdate` calls. | -| `ppSwitched_manual.log` | LocalAppData | CSE | CSE log for Switched policies created during` ppupdate` call. | -| `ppSwitched_onLogon.log` | LocalAppData | CSE | CSE log for Switched policies created by PPWatcherSvc on logon. | -| `ppSwitched_onLaunch.log` | LocalAppData | CSE | CSE log for Switched policies created by automatic reapplication of settings at launch. This log is created for both installed and virtual applications. | -| `ppSwitched_onSchedule.log` | LocalAppData | CSE | CSE log for Switched policies created by automatic reapplication of settings using the timer. | -| `ppSwitched_onXmlData.log` | LocalAppData | CSE | CSE log for Switched policies created when XML Data settings get changed via file-based or cloud-based delivery. | -| Less commonly used logs: | | | | -| `ppComputer.log` | ProgramData | CSE | Main CSE log for Computer-side Paks. Also useful for Switched policies, although Switched policies have their own log. | -| `ppComputer_manual.log ` | ProgramData | CSE | CSE log for Computer policies created during` ppupdate` call. | -| `ppComputer_onLogon.log` | ProgramData | CSE | CSE log for Computer policies created by PPWatcherSvc on logon. See the next section for more information. | -| `ppComputer_onLaunch.log` | ProgramData | CSE | CSE log for Computer policies created by automatic reapplication of settings at launch. This log is created for both installed and virtual applications. | -| `ppComputer_onSchedule.log` | ProgramData | CSE | CSE log for Computer policies created by automatic reapplication of settings using the timer. | -| `ppComputer_onXmlData.log` | ProgramData | CSE | CSE log for computer policies created when XML data settings are changed. | -| `ppUpdatesChecker.log` | ProgramData | CSE | Automatic updates log. Check here to see if the auto-update component is seeing the `updates.config` file with instructions on how to auto-update. | -| `ppWatcherService.log ppWatcherService_x64.log` | ProgramData | CSE | Main CSE service log. This log contains messages related to system-wide functions (reapply on launch, hooking session creation, entry point for inter-process communication, and other system necessities). | -| `ppSessionWatcher.log ppSessionWatcher_x64.log` | LocalAppData | CSE | This log contains messages related to the session: AppLock, high-level part of reapply on launch, timer-based reinforcement, monitoring XML data changes, and other session items. | -| `gpextension.log` | ProgramData | MMC | Main MMC snap-in log. | -| `mmclistshim.log` | ProgramData | MMC | Log for COM+ component used for extension list. | -| `ppDllWrapper.log` | ProgramData | MMC (x64) | Log for wrapper used for running x86 DLLs in x64 systems. | -| `ppLT.log` | ProgramData | LT (old LT) | Licensing tool log. | -| `ppUser_spoon.log` `ppSwtiched_spoon.log`````` ppComputer_spoon.log` | LocalAppData | Spoon .DLL Shim | Logs for Spoon.Net and Novell ZENworks Application Virtualization. | -| `ppTemp.log` | Temp | Any | Emergency log created when all other locations are not accessible. (Log name could be ppTemp or any of the above.) | - -You can see an example of the contents of the logs in Figure 101. - -![troubleshooting_policypak_5](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/troubleshooting_endpointpolicymanager_5.webp) - -Figure 101. An example of the logs. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/settings.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/settings.md deleted file mode 100644 index 08d352e4cf..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/logs/settings.md +++ /dev/null @@ -1,22 +0,0 @@ -# Which log file should I consult in order to troubleshoot when one or more settings are not getting applied to the Computer? - -"Switched Mode" logs are generated when users log-on (that's one log) and when Group Policy -re-applied in the background on Computer (or `GPupdate` is run). - -Before CSE version 603 you would use the `ppComputer.log` in `programdata` to troubleshoot switched -policies. - -After CSE version 603, you should look for `ppSwitched` log files. - -If you need to troubleshoot switched mode, all switched mode log files will appear in the user's own -`%localappdata%PolicyPak` directory and start with "`ppSwitched`". There are four times a -`ppSwitched` log file might be generated or written to: - -- `ppSwitched_OnLogon.log`: For when the user has just logged on. -- `ppSwittched.log`: For when Group Policy processes in the background or for when  `GPupdate` is - run. -- `ppSwitched_ onXmlData.log`: For when directives are delivered via MSI, file or Netwrix Endpoint - Policy Manager (formerly PolicyPak) Cloud service. -- `ppSwitched_onSchedule.log`: For when directives are re-delivered using the Endpoint Policy - Manager timer mechanism (which is off by default. See the section Automatic Re-Application of - settings with the Reinforcement Timer for details on how to use the timer.) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/lyncclient.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/lyncclient.md deleted file mode 100644 index e8c1ccd004..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/lyncclient.md +++ /dev/null @@ -1,6 +0,0 @@ -# I am selecting values for certain settings for the Lync client. On the Alerts tab, I am selecting and deselecting various radio buttons but none of these selections are being underlined. Why is this? - -When a selection is underlined in the GPO, it means that the selected value of that setting is being -delivered to the users affected by the GPO. If the setting is not underlined, then it means that the -setting cannot be delivered using the Netwrix Endpoint Policy Manager (formerly PolicyPak). You can -however, hide or disable these settings if you wish. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftdefender.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftdefender.md deleted file mode 100644 index 5fc865c508..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/microsoftdefender.md +++ /dev/null @@ -1,26 +0,0 @@ -# Why does Microsoft 365 Defender report suspicious encoded content in Endpoint Policy Manager Application Settings Manager values? - -The following Netwrix Endpoint Policy Manager (formerly PolicyPak) registry value' data may be -flagged as suspicious encoded content. - -Location: - -``` -HKEY_CURRENT_USER\S-1-5-21-...\Software\Policies\PolicyPak\{26E3A6CB-3C62-47B7-960D-7662766E4C6A}\Name-of-the-AppSet\ -``` - -Value: - -``` -(XmlReport) -``` - -We have reports that it is reported under Microsoft Defender's category MITRE ATT&CK Techniques, and -suspicious activity classified as T1001:Data Obfuscation. - -The data in this reg value is in base64 encoding format and it's responsible to store information -for XML reporting purposes. Its classification as a high severity issue can be ignored. - -More information about T1001:Data Obfuscation is at this link: - -[https://attack.mitre.org/techniques/T1001/](https://attack.mitre.org/techniques/T1001/) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/mmc.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/mmc.md deleted file mode 100644 index 848e5ae962..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/mmc.md +++ /dev/null @@ -1,43 +0,0 @@ -# The node for Endpoint Policy Manager Application Settings Manager component is not loading in the MMC snap-in, and shows a "The address is not valid" message. - -Problem: - -The Endpoint Policy Manager Application Settings Manager (ASM) node is not visible or working -properly in Group Policy Management Console (GPMC) and/or Group Policy Editor (GPEDIT). - -![1322_1_7fee40aeea669ba543a9c29a3570029a](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/1322_1_7fee40aeea669ba543a9c29a3570029a.webp) - -Cause: - -The issue appears to be an incomplete installation of the Endpoint Policy Manager Admin console -(MMC), possibly due to interference from an antivirus solution such as Carbon Black antivirus during -the installation process. Although there were no explicit indications of such during installation. - -Resolution: - -Perform and confirm the steps as outlined in the following KB: -[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md) - -If the issue persists, proceed with the following troubleshooting steps. - -Reinstallation of the Endpoint Policy Manager Admin Console (MMC) as Non-Domain Local Admin: - -**Step 1 –** Log out of the Machine and log in as the machine built-in Administrator account. - -**Step 2 –** Uninstall the previous instance of the Endpoint Policy Manager Admin Console (MMC). - -**Step 3 –** Reinstall the Endpoint Policy Manager Admin Console (MMC) using the same version as -previously installed, or a newer version if one is available. - -**Step 4 –** After reinstall, open GPMC or GPEDIT, and verify that the Application Settings Manager -(ASM) node is now visible and functioning normally. - -**Step 5 –** Now logout from the built-in administrator account and back in using a Domain Admin -user account to test and confirm that the ASM node is visible and functioning normally in GPMC. - -**Step 6 –** As a final verification step, log out of the Machine and log back in as the original -user and confirm that the ASM node remained operational in both GPEDIT and GPMC. - -The ASM node should look similar to screen shot below. - -![1322_2_d34f038d53ae47ca403950284e354cdd](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/1322_2_d34f038d53ae47ca403950284e354cdd.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/modifydll.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/modifydll.md deleted file mode 100644 index c6e9fa2327..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/modifydll.md +++ /dev/null @@ -1,11 +0,0 @@ -# I need to modify the Pak (DLL file) of one of the applications I control with Application Manager. Will I lose my group policy settings after I modify the DLL file - -The data for the settings is contained within the Group Policy Object itself, not in the DLL. - -All existing checkmarks, dropdowns, etc. settings, etc are all maintained. - -The only exception to this is if the changes to the Pak / DLL file involve the elimination of an -element such as a checkbox that your PolicyPak based GPO has configured. - -In that case, because the checkbox no longer exists, the settings regarding the checkbox will no -longer exist, but all other data remains. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/onegpo.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/onegpo.md deleted file mode 100644 index c6119976cc..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/onegpo.md +++ /dev/null @@ -1,16 +0,0 @@ -# Should I put lots of Paks (or other PP directives into one GPO?) - -[How many Endpoint Policy Manager policies can I create within one Group Policy Object?](/docs/endpointpolicymanager/troubleshooting/applicationsettings/limitations.md) - -Then, as a suggestion, the best practice for Netwrix Endpoint Policy Manager (formerly PolicyPak) is -to have one GPO for each "thing" you want to do. - -For instance, if you wanted to manage Chrome, you could create ONE GPO and then use Item Level -Targeting to specify the conditions of WHO would get the settings WHEN. - -Here is an example: - -![345_1_2015-09-01_1047](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/345_1_2015-09-01_1047.webp) - -Then you would do the same for another GPO, say, for Firefox, and another GPO for Internet Explorer -settings, and so on. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/overview.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/overview.md deleted file mode 100644 index a28927830d..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/overview.md +++ /dev/null @@ -1,8 +0,0 @@ -# Troubleshooting - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager is a relatively -simple system with one main part—the client-side extension (CSE)—which is installed on the client. -However, there are several areas that you may want to focus on if you encounter problems. - -Since these are common problems with easy solutions, these steps should be performed before calling -or emailing Endpoint Policy Manager technical support. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/permissions.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/permissions.md deleted file mode 100644 index b6784f8807..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/permissions.md +++ /dev/null @@ -1,4 +0,0 @@ -# Are there any required permission settings for a Endpoint Policy ManagerAdministrator to store Endpoint Policy Manager Suite DLL Extensions to the central store? - -The central store is located within the SYSVOL folder of any domain controller. A user must be a -Domain Administrator in order to copy PolicyPakPaks to the SYSVOL folder. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunch.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunch.md deleted file mode 100644 index 0cb2ab5382..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/reapplylaunch.md +++ /dev/null @@ -1,11 +0,0 @@ -# Endpoint Policy Manager should be reapplying my settings on application launch time. Why doesn't "reapply on launch" work ? - -Reapply on launch requires KB3033929 -([https://www.microsoft.com/en-us/download/details.aspx?id=46148)](https://www.microsoft.com/en-us/download/details.aspx?id=46148)or -Reapply on Launch (up to build 901.) 64-bit patch. 32-bit patch is found here: -[https://www.microsoft.com/en-pk/download/details.aspx?id=46078](https://www.microsoft.com/en-pk/download/details.aspx?id=46078) - -After Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE build 901, this patch is no longer -required. - -![518_1_image0011](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/518_1_image0011.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/settings.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/settings.md deleted file mode 100644 index 601b5ff206..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/settings.md +++ /dev/null @@ -1,50 +0,0 @@ -# When Settings Aren't Applying to the Client Machine - -The most common tech support question we get is, "Why aren't Endpoint Policy Manager Application -Settings Manager settings applying to my client machines?" Below are some items to check regarding -this problem - -- Did you go through the Quickstart guide (see "Endpoint Policy Manager Application Settings Manager - Quickstart with Preconfigured Paks") and work through the suggested example start to end? When - people sit down and patiently work through the installation steps in Book 2: Installation - Quickstart, and the Quickstart examples in this book, most will see what they were doing wrong. -- Did you install the Endpoint Policy Manager CSE on your client machines? -- Did you create the Endpoint Policy Manager Application Settings Manager settings within the group - policy object (GPO) on the correct side? Most of the time, you'll want to edit the User side of - the GPO and affect users within a GPO. -- Did you link the GPO to where you want it to take effect? Remember: If you edit the GPO's User - side, you must link the GPO to a place containing users. The same goes for the Computer side. -- Is your computer getting the Licensing GPO? All computers must be licensed in order for Endpoint - Policy Manager Application Settings Manager to work properly. (See "Licensing PolicyPak" in Book - 1: Introduction and Basic Concepts for more information.) Alternatively, try renaming the computer - to computer1 (or similar) so "computer" is in the name. When you do this, the Endpoint Policy - Manager CSE will act as if it's fully licensed. If Endpoint Policy Manager Application Settings - Manager starts to work, you have a licensing issue. - -Most pre-configured Paks ship with internal Item-Level Targeting, which means the Pak is designed to -only affect a specific version of the application. You can bypass internal Item-Level Targeting in -the Pak. Refer to the video at -[http://www.endpointpolicymanager.com/videos/bypassing-internal-item-level-targeting-filters.html](https://www.endpointpolicymanager.com/integration/endpointpolicymanager-group-policy-change-management-utilities.html) -to see how to bypass internal Item-Level Targeting. - -- Did you use block inheritance to block the licensing GPO or block the GPO that is delivering the - settings? We suggest you always specifically enforce the licensing GPO. -- Are you able to get regular Group Policy settings? To find out, in the same GPO where you're - deploying Endpoint Policy Manager settings, do a quick test of regular policy settings. Enable the - setting at `User Configuration | Policies | Administrative Templates | Control Panel | Prohibit` - access to the Control Panel. Then log off and log back on as an effected user. If you are - correctly prevented from accessing the Control Panel, it could be a Endpoint Policy Manager - Application Settings Manager issue since you are clearly getting Group Policy delivered correctly. - If you are not restricted from the Control Panel, you aren't getting Group Policy correctly, so - Endpoint Policy Manager Application Settings Manager cannot function. -- Can you bring up a new Windows 10 computer and name it computer01 (even if this might take some - time) just for testing? Install the Endpoint Policy Manager CSE and reboot. See if your settings - apply now. If so, try to determine why the settings worked when the computer was in Trial Mode - (i.e., when they had the word "computer" in the computer name) and not in Licensing Mode. -- Are the right Registry values present in the Endpoint Policy Manager Application Settings Manager - project? Reopen the source pXML (XML) file using Endpoint Policy Manager DesignStudio. Check to - make sure the settings for any control objects (buttons, checkboxes, etc.) are managing the - correct Registry target settings. -- Has the target machine received the latest Group Policy updates? If not, simply run - `gpupdate/force` from the Run menu on the client machine and try again. Also, try rebooting the - target machine. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/overview.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/overview.md deleted file mode 100644 index 20af44b8a2..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Reporting and What's Happening "Under the Hood" - -In this section, we're going to understand how Netwrix Endpoint Policy Manager (formerly PolicyPak) -Application Settings Manager reports data and also how to troubleshoot Endpoint Policy Manager -Application Settings Manager. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting.md deleted file mode 100644 index 58f729f96a..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting.md +++ /dev/null @@ -1,51 +0,0 @@ -# Reporting - -Endpoint Policy Manager Application Settings Manager supports all GPMC report types. This includes -Group Policy Object Settings reports (seen in our examples), Group Policy Results reports, and Group -Policy Modeling reports. - -Endpoint Policy Manager Application Settings Manager's reports are also available inside third-party -group policy object (GPO) change management tools such as NetIQ GPA, Microsoft AGPM, -Dell/Quest/Scriptlogic GPOadmin, and Quest ActiveAdministrator. - -**NOTE:** Video: For an overview of Endpoint Policy Manager and Change Management utilities like -GPA, AGPM, etc, see -[https://www.endpointpolicymanager.com/integration/endpointpolicymanager-group-policy-change-management-utilities.html](http://www.endpointpolicymanager.com/videos/endpointpolicymanager-using-shares-to-store-your-paks-share-based-storage.html). - -Whenever you add a new AppSet to a GPO and create settings, those settings appear in the GPMC -reports. In Figure 92, you can see the report generated when one AppSet is listed inside the GPO. - -![reporting_and_what_s_happening](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening.webp) - -Figure 92. The GPMC reports showing the new Pak that was added to a GPO. - -In Figure 93, you can see what is reported inside the GPMC when three AppSets have settings within a -GPO. - -![reporting_and_what_s_happening_1](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening_1.webp) - -Figure 93. Three Paks reported within the GPMC. - -Each AppSet's report has two sections: an overall settings section and the representation of the -data within each of the AppSet's tabs. You can see an example of overall settings for the AppSet in -Figure 94. This section also shows the description field (if used) version of Endpoint Policy -Manager DesignStudio that compiled the AppSet and any special flags on the AppSet, including whether -Item-Level Targeting is enabled or not. - -![reporting_and_what_s_happening_2](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening_2.webp) - -Figure 94. The settings in a Pak's report. - -As you can see in Figure 95, the settings themselves are reported, as well as any special cases for -the data settings. For instance, you can see that the value of "Minimum password length" is set to -11, the Enforcement mode is set to "Always reapply," and the AppLock™ state is set to "Grayed" - -![reporting_and_what_s_happening_3](/img/product_docs/endpointpolicymanager/troubleshooting/applicationsettings/underhood/reporting_and_what_s_happening_3.webp) - -Figure 95. Examples of special settings displayed in the settings details. - -However, note that only items with settings that are being delivered appear in the reports, not -every single value that is under AppLock. For instance, in the previous example, you might have only -two values set such as "at least one lower case character" and "at least one numeric character" and -then have performed "ACL Lockdown" over "at least one lower case character." In the reports, you -would not see any other settings, because none of the other settings have any changed values. diff --git a/docs/endpointpolicymanager/troubleshooting/applicationsettings/updatedcommands.md b/docs/endpointpolicymanager/troubleshooting/applicationsettings/updatedcommands.md deleted file mode 100644 index 90f2a81365..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/applicationsettings/updatedcommands.md +++ /dev/null @@ -1,8 +0,0 @@ -# What is the difference between running the gp update (Microsoft) and ppupdate (Endpoint Policy Manager) commands? - -The gpupdate command updates all of the GPO's that are applied to the computer that is issuing the -command. The `ppupdate` command only updates Netwrix Endpoint Policy Manager (formerly PolicyPak) -settings that are contained within a GPO. - -In addition, a computer must be online in order to execute the `gpupdate` command while `ppupdate` -will execute if the client computer is online or offline. diff --git a/docs/endpointpolicymanager/troubleshooting/assignmentremovalfailed.md b/docs/endpointpolicymanager/troubleshooting/assignmentremovalfailed.md deleted file mode 100644 index 3b60f999de..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/assignmentremovalfailed.md +++ /dev/null @@ -1,14 +0,0 @@ -# The removal of the assignment of application Endpoint Policy Manager Client-Side Extension (32bit) from policy failed - -When using Group Policy Software Deployment to install the Policy Pak CSE the following error -message is generated in the System Event log: - -``` -"The removal of the assignment of application Policypak Client-Side Extension (32bit) from policy … failed. The error was : %%2" -``` - -![336_1_image-20200111180227-1_950x451](/img/product_docs/endpointpolicymanager/troubleshooting/336_1_image-20200111180227-1_950x451.webp) - -To resolve this error, uncheck "Make this 32-bit X86 application available to Win64 computers" -checkbox for the 32bit Endpoint Policy Manager Client-Side Extension in the Group Policy Software -Deployment policy. diff --git a/docs/endpointpolicymanager/troubleshooting/bitversion.md b/docs/endpointpolicymanager/troubleshooting/bitversion.md deleted file mode 100644 index 453f967b30..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/bitversion.md +++ /dev/null @@ -1,7 +0,0 @@ -# What if I accidentally install the 32 bit version of Endpoint Policy Manager on a 64 bit machine or vice versa? - -The Netwrix Endpoint Policy Manager (formerly PolicyPak) MSIs will not allow you to do so.If you are -utilizing Group Policy to push out the Endpoint Policy Manager Client Side Extension installation, -you can even configure a GPO to automatically deliver the correct version to each computer by using -the WMI filters option that is built into Group Policy.But even if you don't — nothing "bad" will -happen. The installation simply won't "incorrectly" occur. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter.md b/docs/endpointpolicymanager/troubleshooting/browserrouter.md deleted file mode 100644 index f424ed4312..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter.md +++ /dev/null @@ -1,23 +0,0 @@ -# Why do I get ">Endpoint Policy ManagerBrowser Router couldn't connect to Endpoint Policy Manager extension service. Please contact support"? - -If your users get this message, this means that the Netwrix Endpoint Policy Manager (formerly -PolicyPak) Helper Service has crashed. Typically, the service will automatically restart. But if it -doesn’t, and then Endpoint Policy Manager Browser Router is used, you might see a problem like this. - -![378_1_img-01-image002](/img/product_docs/endpointpolicymanager/troubleshooting/378_1_img-01-image002.webp) - -That being said, that message is old, and has been replaced in more recent CSEs. The first order of -business is to update the Client Side Extension to the LATEST version. - -If the problem still occurs, you would see a message similar to this. Note in this version, users -are instructed to contact you, and not -[Netwrix Support.](https://www.netwrix.com/sign_in.html?rf=tickets.html#netwrix-support) - -![378_3_img-02-image004](/img/product_docs/endpointpolicymanager/troubleshooting/378_3_img-02-image004.webp) - -Again, what specifically causes this error is when the Endpoint Policy Manager Helper Service is -stopped like what's seen here. -If you want to open an investigation on WHY a machine's Endpoint Policy Manager Helper Service is -crashing, open a support ticket and prepare to generate both user and admin logs for investigation. - -![378_5_img-03-image009_950x1116](/img/product_docs/endpointpolicymanager/troubleshooting/378_5_img-03-image009_950x1116.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextension.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextension.md deleted file mode 100644 index 658428b0e3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/chromeextension.md +++ /dev/null @@ -1,66 +0,0 @@ -# How can I use the only remaining Endpoint Policy Manager published Chrome Extension with my older CSE? (CSE 18.7.1779.937 - 19.12.2283.849) - -**Step 1 –** Copy the contents below. - -``` -{    "name": "com.endpointpolicymanager.ppbragent",    "description": "Chrome Native Messaging implementation",    "path": "PPBRAgent.exe",    "type": "stdio",     -"allowed_origins": [        "chrome-extension://kndjicdjdanehpnonfmdekhinhdcdnbo/",        "chrome-extension://mdmkjmbojjnnhlohmjhaapalpbbhkdcg/",         -"chrome-extension://fmbfiodledfjldlhiemaadmgppoeklbn/"    ]} -``` - -**Step 2 –** Save in a file named - -`com.endpointpolicymanager.chromehost.json` - -**Step 3 –** The goal is to copy that file to - -``` -C:\Program Files\PolicyPak\Browser Router\Client -``` - -On machines with the CSE (CSE 18.7.1779.937 - 19.12.2283.849)That you CANNOT upgrade to latest CSE -for now. - -![774_1_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_1_img-01.webp) - -You can use a variety of methods to get the file copied. Options include: - -- Group Policy Preferences Files -- Endpoint Policy Manager Remote Work Delivery Manager -- Endpoint Policy Manager Scripts -- SCCM -- Any other way you want to copy a file down to the machine - -To show one example, using Group Policy Preferences Files… - -Here's the `Com.endpointpolicymanager.chromehost.json` file stored in the file in the share called -`\\dc2016\share` - -![774_3_img-02_950x542](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_3_img-02_950x542.webp) - -Using Group Policy Preferences Files, on the Computer side… - -![774_5_img-03_950x650](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_5_img-03_950x650.webp) - -#### Specify: - -Source: - -``` -\\dc2016\SHARE\com.endpointpolicymanager.chromehost.json -``` - -Destination (must include the path and file name): - -``` -C:\Program Files\PolicyPak\Browser Router\Client\com.endpointpolicymanager.chromehost.json -``` - -Run `GPupdate `on the client, and here's the result. - -Note that upgrading to modern CSE versions will have a SIMIILARLY named file in this folder. - -These two files can sit side by side without issue if you need to use an OLDER CSE for now, then -UPGRADE to latest CSE later. - -![774_7_img-05_950x675](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/clientsideextension/774_7_img-05_950x675.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/firefox.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/firefox.md deleted file mode 100644 index c6bb12225f..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/firefox.md +++ /dev/null @@ -1,25 +0,0 @@ -# Why don't routes work from Firefox to other browsers (in Firefox 49+) ? - -If you run into issues when Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router is -configured to route site from Firefox to some other browser but its not routing at all. We've fixed -this problem with the latest CSE, but if you're using an OLDER CSE, then you could need to modify -Firefox to compensate. - -New releases of Firefox comes with the setting where we can enable multi-process windows for the -browsers. See the following screenshot: - -![492_1_image001](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/492_1_image001.webp) - -The above screenshot means that its enabled and you should expect the Endpoint Policy Manager -Browser Router will have problem in routing. To make it working please disable the setting using -Endpoint Policy Manager's pre-configured Pak for Firefox about:config as illustrated in the -screenshot: - -![492_2_image002](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/492_2_image002.webp) - -So once you check and uncheck the above option it will set the value as false like shown in below -screenshot: - -![492_3_image003](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/492_3_image003.webp) - -You should be all set for now with Endpoint Policy Manager Browser Router. Let us know if otherwise. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/defaultbrowser.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/install/defaultbrowser.md deleted file mode 100644 index e87a43ac1c..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/defaultbrowser.md +++ /dev/null @@ -1,98 +0,0 @@ -# When I unlicense or remove Endpoint Policy ManagerBrowser Router from scope,Endpoint Policy Manager Browser Router Agent still shows as OS "default browser". Why is that and is there a workaround? - -On Windows 8.1 or later, once Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router is -licensed, it becomes the "default browser" in the operating system, like what is seen here. - -![141_1_img-01](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/218_3_ppbr-faq-3-pic-3.webp) - -However, if you are using the Legacy Browser Router mode and unlicense Endpoint Policy Manager -Browser Router or remove the computer from the scope of any Endpoint Policy Manager Browser Router -rules, you will find thatEndpoint Policy Manager Browser Router Agent is apparently maintained as -the OS's default browser. - -This is a "Display Only" and "Cosmetic" issue and not reflective upon reality, this is by design. -Usually, IE will now actually be the default browser as far as the user EXPERIENCES it. - -That being said, once you have unlicensedEndpoint Policy Manager Browser Router it is not active any -longer. -Therefore, (when Endpoint Policy Manager Browser Router is not present.) … an end-user could open up -Firefox, Chrome, IE or Edge … like what is seen here… - -![141_2_img-02](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/218_1_ppbr-faq-3-pic-1.webp) - -And manually set the default browser, or use the operating system itself to specify the desired -default browser .. like what is seen here… - -![141_3_img-03](/img/product_docs/endpointpolicymanager/browserrouter/defaultbrowser/218_2_ppbr-faq-3-pic-2.webp) - -Afterward, they should see the OS default web browser change accordingly and be maintained correctly -at the next login. - -**NOTE:** When not using Legacy Browser Router mode and you remove the computer from the scope of -any Endpoint Policy Manager Browser Router rules or unlicenseEndpoint Policy Manager Browser Router -after having a Endpoint Policy Manager Browser Router policy in place the default behavior is to -revert the default browser to the value present beforeEndpoint Policy Manager Browser Router was -enabled/licensed. - -What if: - -- You really, really don't like Endpoint Policy Manager Browser Router displaying as the default - browser, even though the problem is only "cosmetic." -- You want to FORCE SET a default browser and ensure it for the user (but this time, not using - Endpoint Policy Manager Browser Router). -- You want to set a specific browser as the default, THEN let the user change it after you set the - default, say, to IE. - -For either or all of these options… - -**Step 1 –** Step 1. ONLY if using the following PolicyPak Client-Side Extensions ADMX setting set -to Enabled, (aka Legacy Browser Router mode), OR if Client-Side Extensions version 2535 or older was -ever installed on the machine. - -![141_4_image-20210104150503-1](/img/product_docs/endpointpolicymanager/browserrouter/install/483_7_image-20210105155954-1.webp) - -You have to delete this file first…as a one time action using GPPPrefs if - -![141_5_img-04](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_5_img-04.webp) - -**Step 2 –** Step 2. Then if you want to FORCE A PARTICULAR BROWSER VIA POLICY … (pick ONE) - -- Use Endpoint Policy Manager File Associations Manager to set HTTP and HTTPS to Internet Explorer. - This is supported as long as you are NOT using Endpoint Policy Manager Browser Router any - longer. [Can I use Endpoint Policy ManagerBrowser Router and/or Endpoint Policy Manager File Associations Manager to set the default browser?](/docs/endpointpolicymanager/fileassociations/defaultbrowser.md) -- Use the in-box Group Policy method for File / Protocol Associations (not recommended, since you - have Endpoint Policy Manager File Associations Manager, and this method is not dynamic NOR can you - use it ALONGSIDEEndpoint Policy Manager File Associations Manager, so it is NOT - recommended): [https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy) - -_Remember,_ The two methods above PERMANENTLY AFFIX it to IE, and don't make it changeable. -(Technically, the user CAN change it, but then it's ‘snapped back' every time the user logs off and -on.) - --ANOTHER OPTION- … INSTEAD of forcing a particular browser, you can SET ONE BROWSER as the DEFAULT, -then let the user CHANGE - -"How can I set it to IE, then make it changeable by the end-user?" - -To do this.. we found a utility, which you can likely DEPLOY ONCE via Endpoint Policy Manager -SCRIPTS on the USER side .. (we didn't test that, and only tested it manually on the user side)… - -[http://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/](http://kolbi.cz/blog/2017/11/10/setdefaultbrowser-set-the-default-browser-per-user-on-windows-10-and-server-2016-build-1607/) - -(Endpoint Policy Manager makes no warranties about this tool.) - -When it runs.. it works instantly.. and sets the default browser. In this example, we set it to IE. - -And then it was later changeable by the user. - -![141_6_img-05](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_6_img-05.webp) - -**NOTE:** If you uninstall the Endpoint Policy Manager Client Side Extensions on a machine where -Endpoint Policy Manager Browser Router was set as the default browser then Microsoft Edge will -become the default browser immediately after the Endpoint Policy Manager Client Side Extensions are -uninstalled. You will see the notification below on your screen and if you check the default apps -you will see that Edge has become the default browser. - -![141_7_image](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_7_image.webp) - -![141_8_image](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/install/141_8_image.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/preventiequestions.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/install/preventiequestions.md deleted file mode 100644 index 3be3c264b3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/preventiequestions.md +++ /dev/null @@ -1,8 +0,0 @@ -# I'm using SCCM to deploy the PP CSE. I want to ensure that Internet Explorer is closed during the installation of PPBR to prevent IE questions of users if they are logged in. What should I do? - -You can use the snippet of code within SCCM to test to see if IE is closed and then if it is, only -then install the PP CSE. - -``` -Do {$ieCheck = Get-Process iexplore -ErrorAction SilentlyContinueIf ($ieCheck -eq $null) {msiexec /i ‘PolicyPak Client-Side Extension x64.msi' /q#Write-Host ‘Installing'Start-Sleep -s 600Exit}else {#Write-Host ‘IE Open'Start-Sleep -s 600}} while ($ieCheck -ne $null) -``` diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/twologons.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/install/twologons.md deleted file mode 100644 index 4300270f71..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/install/twologons.md +++ /dev/null @@ -1,14 +0,0 @@ -# Why doesn't Endpoint Policy Manager Browser Router routes take effect the first time I log on to Windows 8.1 or Windows 10? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router rules (and Default Browser -specification) might take two logons to take effect and/or one background GPupdate. - -This is by design. - -The first time the user logs on, Endpoint Policy Manager Browser Router needs to get set up and -introduce itself to the OS as the "Default Browser." - -Then on the next Group Policy refresh (second logon or one logon plus a manual or background -GPupdate), Endpoint Policy Manager Browser Router should be "saved" and ready for use. - -All Endpoint Policy Manager Browser Router policies should work at that point. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/office365.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/office365.md deleted file mode 100644 index 108d540d3b..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/office365.md +++ /dev/null @@ -1,51 +0,0 @@ -# How to set "Choose which browser opens web links in Office365" so that Browser Router properly routes web links in Outlook - -**NOTE:** Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud already has the -Office2016/Office365 ADMX settings available in the Cloud and they can be accessed via the Endpoint -Policy Manager Admin Templates Manager built-in cloud editor.‌ - -For the Endpoint Policy Manager OnPrem version, you can download the Office 365 ADMX files from -here - -[https://www.microsoft.com/en-US/download/details.aspx?id=49030](https://www.microsoft.com/en-US/download/details.aspx?id=49030) -for use in your On-Prem environment. - -Also, this policy will not work for Microsoft 365 Apps for Business, See Group Policy Support -section in the table at the link below: - -[https://learn.microsoft.com/en-us/office365/servicedescriptions/office-applications-service-description/office-applications-service-description](https://learn.microsoft.com/en-us/office365/servicedescriptions/office-applications-service-description/office-applications-service-description) - -![966_1_image-20231114102807-2](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_1_image-20231114102807-2.webp) - -11 Limited to policies for web apps and privacy policies for client apps. - -## SCENARIO 1: Using Endpoint Policy Manager Cloud - -Create a new Admin Template policy with the appropriate setting from the ADMX template (use Keyword -section to search): - -![966_2_image-20230922212443-1](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_2_image-20230922212443-1.webp) - -Now set the value to "System default browser" instead of "Microsoft Edge" in the policy: - -![966_3_image-20230922212443-2_950x650](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_3_image-20230922212443-2_950x650.webp) - -## SCENARIO 2: Using Endpoint Policy Manager On-Prem - -Once Office ADMX is deployed, create a new Admin Template policy with the appropriate setting from -the ADMX template (use Keyword section to search): - -![966_4_image-20230922212443-3_950x397](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_4_image-20230922212443-3_950x397.webp) - -Now set the value to "System default browser" instead of "Microsoft Edge" in the policy: - -![966_5_image-20230922212443-4](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_5_image-20230922212443-4.webp) - -## Verification: - -### BEFORE: - -![966_6_image-20230922212443-5](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_6_image-20230922212443-5.webp) - -### AFTER: - -![966_7_image-20230922212443-6](/img/product_docs/endpointpolicymanager/troubleshooting/browserrouter/966_7_image-20230922212443-6.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/overview.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/overview.md deleted file mode 100644 index f03d696654..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/overview.md +++ /dev/null @@ -1,27 +0,0 @@ -# Troubleshooting - -We have two guides online to help you troubleshoot Endpoint Policy Manager Browser Router. - -If you're having problems getting Endpoint Policy Manager Browser Router to work, see the following -guide: - -[How to quickly troubleshoot Endpoint Policy Manager Browser Router](/docs/endpointpolicymanager/troubleshooting/browserrouter/quick.md). - -If you're having problems getting Endpoint Policy Manager Browser Router to route between browsers -as expected, see the following guide: - -[Troubleshooting routing between browsers.](/docs/endpointpolicymanager/troubleshooting/browserrouter/betweenbrowsers.md). - -Additionally, Endpoint Policy Manager Browser Router has extensive logging, which needs to be turned -on. You can do this using the Endpoint Policy Manager Browser Router ADMX templates and turning on -logging. A video of the process can be found here: -[Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md). - -Log files for Endpoint Policy Manager Browser Router are found in the two following places: - -- `%appdata%\local\PolicyPak\PolicyPak Browser Router` -- `%Programdata%\PolicyPak\PolicyPak Browser Router` - -Logs are automatically wrapped up and can be sent to -[support@endpointpolicymanager.com](https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode) -with the PPLOGS.EXE command on any endpoint where the CSE is installed. diff --git a/docs/endpointpolicymanager/troubleshooting/browserrouter/versions.md b/docs/endpointpolicymanager/troubleshooting/browserrouter/versions.md deleted file mode 100644 index a801ec3cce..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/browserrouter/versions.md +++ /dev/null @@ -1,23 +0,0 @@ -# When does Endpoint Policy Manager Browser Router write v1 or v2 Enterprise Mode site lists? - -Versions less than the following will not accept any EMIE lists, and Endpoint Policy Manager Browser -Router will not try to write EMIE lists: - -IE10: 10.\* -IE11 + Win7: 11.0.9600.17041 -IE11 + Win8.1: 11.0.9600.17031 - -Versions greater than or equal to the following accept EMIE v1, and Endpoint Policy Manager Browser -Router will write v1 site lists: - -IE11 + Win7: 11.0.9600.17041 -IE11 + Win8.1: 11.0.9600.17031 -IE11 + Win10 RTM: 11.0.10240.\* -IE11 + Win10 Version 1511: 11.0.10586.\* - -Versions greater than or equal to the following accept both EMIE v1 and v2, but Endpoint Policy -Manager Browser Router will write v2 site lists: - -- IE11 + Win10 Version 1511: 11.0.10586.\* -- IE 11 + Win 7: Version 11.0.9600.18347 or later -- IE + Win 8.1: Version 11.0.9600.18123 or later diff --git a/docs/endpointpolicymanager/troubleshooting/clientsideextension/rollback.md b/docs/endpointpolicymanager/troubleshooting/clientsideextension/rollback.md deleted file mode 100644 index 22fdd371e3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/clientsideextension/rollback.md +++ /dev/null @@ -1,84 +0,0 @@ -# How to Rollback CSE version from newer to older using PowerShell - -## How To Implement: - -Use PowerShell or PowerShell ISE running as Administrator to run the PowerShell script below on the -target machine where you would like the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE -(Client-Side Extension) to be rolled back. - -## What This Script Does: - -This script will check to see if the CSE version currently installed on a computer matches the -version defined under -the $OldVersion variable, OR if there is no CSE currently installed, if either of these conditions is evaluated to TRUE then the CSE version as defined by the $URL -variable will be downloaded to `"C:\Temp\PP_CSE"` and installed on the computer. If any CSE version -other than the version specified under the $OldVersion variable is installed on the computer then -the script will exit without doing anything. - -``` -#### Start of Script -#### Purpose: This script rolls the PolicyPak Client-Side Extension back from ($OldVersion) 20.8.2543 to ($NewVersion) 20.7.2513. -#### Inspired by and uses portions of script submitted by Jacob Hill -Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force -$software = "PolicyPak Client-Side Extension" -$installed = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq $software }) -ne $null -$OldVersion = "20.8.2543" -$fileName = "PolicyPak Client-Side Extension x64-2513.msi" # $Filename should match the name of the file you uploaded. -$URL = "https://s3.amazonaws.com/0PolicyPakSupport/OldBuilds/$fileName" # $URL = Direct download link to MSI installer -$dir = "C:\Temp\PP_CSE\" -$logfile = $dir+"cse_rollback.log" -$OutPath = $dir+$fileName -# TIMESTAMP FUNCTION: Usage: Write-Output "$(Get-TimeStamp) Text goes here" | Out-file C:\log.txt -append -function Get-TimeStamp { -  return "[{0:MM/dd/yyyy} {0:HH:mm:ss}]" -f (Get-Date) -} -Function Install-Correct-Version { -  Write-Output "$(Get-TimeStamp) Install-Correct-Version Process started, downloading new CSE installation file." | Out-file $logfile -append -  (New-Object Net.WebClient).DownloadFile($URL, "$OutPath") -  Write-Output "$(Get-TimeStamp) Starting MSI installation." | Out-file $logfile -append -  Start-Process C:\Windows\System32\msiexec.exe -Wait -ArgumentList "/i `"$outPath`" /qn /L*V `"$dir\CSE_install.log`"" -NoNewWindow -  $NewVersion = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq $software }).DisplayVersion -  Write-Output "$(Get-TimeStamp) Installation complete! Version $newVersion installed." | Out-file $logfile -append -  Return -} -# Create the storage directory if it does not exist. -If ((Test-Path -Path $dir) -eq $false) -{ -  New-Item -Path $dir -ItemType directory -  Write-Output "$(Get-TimeStamp) Created the $dir directory." | Out-file $logfile -append -} -If(-Not $installed) -{ -  Write-Output "$(Get-TimeStamp) '$software' is NOT installed." | Out-file $logfile -append -  Install-Correct-Version -  Return -} -else -{ -  Write-Output "$(Get-TimeStamp) '$software' IS installed. Checking version." | Out-file $logfile -append -  $version = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq $software }).DisplayVersion -  if ($version -eq $OldVersion) -  { -    Write-Output "$(Get-TimeStamp) Old version $version is installed. Uninstalling problematic version." | Out-file $logfile -append -    # REPLACE - replace the MSI uninstall code. The MSI code can be obtained by running the following command in PowerShell: -    # (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where { $_.DisplayName -eq "PolicyPak Client-Side Extension" }).UninstallString -    # For example the uninstall String for CSE version 2543 is: "MsiExec.exe /X{B3A3F160-51B6-41FD-9D89-054DA19C09B7}" -    Start-Process C:\Windows\System32\msiexec.exe -Wait -ArgumentList "/x {B3A3F160-51B6-41FD-9D89-054DA19C09B7} /q" -NoNewWindow -    Write-Output "$(Get-TimeStamp) Uninstall complete. Now installing correct version." | Out-file $logfile -append -    Install-Correct-Version -    Return -  } -  else -  { -  Write-Output "$(Get-TimeStamp) CSE Version $version is installed. No further action necessary" | Out-file $logfile -append -  Return -  } -} -Write-Output "$(Get-TimeStamp) *** Rollback PolicyPak CSE Process Finished ***" | Out-file $logfile -append -#### End of Script -``` - -Troubleshooting: - -Logs for the Rollback process and MSI install process can both be found in `"C:\Temp\PP_CSE"` once -the script has executed. diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/entraid.md b/docs/endpointpolicymanager/troubleshooting/cloud/entraid.md deleted file mode 100644 index ed9c71ad97..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/entraid.md +++ /dev/null @@ -1,58 +0,0 @@ -# How do I fully reset my Azure AD connection between Azure and Endpoint Policy Manager Cloud to start over? - -If you're having issues getting Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud and Azure -sync'd, here is what to try: - -**Step 1 –** First, you need to be logged into your Azure account you're using FOR the configuration -between Endpoint Policy Manager Cloud and Azure. - -**Step 2 –** Navigate to [https://myapps.microsoft.com/](https://myapps.microsoft.com/) - -**Step 3 –** Select "Endpoint Policy Manager Azure AD Connector' application - -**Step 4 –** Click "Manage your application" - -**Step 5 –** Click "Revoke permissions" - -![951_1_image-20230318014644-1_950x496](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_1_image-20230318014644-1_950x496.webp) - -![951_2_image-20230318014644-2_950x298](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_2_image-20230318014644-2_950x298.webp) - -**Step 6 –** Then in PPC Portal: - -- Create Azure AD configuration -- Activate Azure AD configuration -- Sync Azure AD configuration - -![951_3_image-20230318014644-3_950x521](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_3_image-20230318014644-3_950x521.webp) - -If that still doesn't work, you can force Azure to remove the Endpoint Policy Manager application. -The steps from Microsoft are here: - -[https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-application-permissions?pivots=portal](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-application-permissions?pivots=portal) - -You can use a Powershell script and force remove the app and try again. Put the script below into -block #6 as seen here. - -Afterward, back in Endpoint Policy Manager Cloud re-create the connection. - -![951_4_image-20230318014644-4_950x350](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/951_4_image-20230318014644-4_950x350.webp) - -Connect-AzureAD - -``` -# Get Service Principal using objectId -$sp = Get-AzureADServicePrincipal -ObjectId "d240f374-28e9-4275-8521-110ff55fb61c" -# Get all delegated permissions for the service principal -$spOAuth2PermissionsGrants = Get-AzureADOAuth2PermissionGrant -All $true| Where-Object { $_.clientId -eq $sp.ObjectId } -# Remove all delegated permissions -$spOAuth2PermissionsGrants | ForEach-Object { -    Remove-AzureADOAuth2PermissionGrant -ObjectId $_.ObjectId -} -# Get all application permissions for the service principal -$spApplicationPermissions = Get-AzureADServiceAppRoleAssignedTo -ObjectId $sp.ObjectId -All $true | Where-Object { $_.PrincipalType -eq "ServicePrincipal" } -# Remove all delegated permissions -$spApplicationPermissions | ForEach-Object { -    Remove-AzureADServiceAppRoleAssignment -ObjectId $_.PrincipalId -AppRoleAssignmentId $_.objectId -} -``` diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/expired.md b/docs/endpointpolicymanager/troubleshooting/cloud/expired.md deleted file mode 100644 index ee8585486a..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/expired.md +++ /dev/null @@ -1,12 +0,0 @@ -# Endpoint Policy Manager Cloud shows "The license certificate has expired". Why is this? - -If you see this when running ppcloud command, this means that this machine WAS getting a license, -but you have now over-subscribed your account. - -This computer then transitions to the WAITING LIST and can pick up a new license if one becomes -available. - -To learn more about the WAITING LIST, -[Endpoint Policy Manager Cloud Client: Why are computers appearing in WAITING LIST and how can I fix it?](/docs/endpointpolicymanager/troubleshooting/cloud/waitinglist.md). - -![308_1_jhhj](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/308_1_jhhj.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/install/clientsideextension.md b/docs/endpointpolicymanager/troubleshooting/cloud/install/clientsideextension.md deleted file mode 100644 index 0d101ffc86..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/install/clientsideextension.md +++ /dev/null @@ -1,70 +0,0 @@ -# When rolling out Endpoint Policy Manager Cloud, the Client Side Extension does not get installed with the Cloud Client on initial rollout - -When rolling out a new installation of the Netwrix Endpoint Policy Manager (formerly PolicyPak) -cloud endpoint software, the CSE may not get installed following the manual installation of the -Cloud Client software. Any further attempts to re-install the Cloud Client have the same results. - -## Reason - -One reason for this issue is a corrupt, incomplete, or otherwise malformed MSI of the Client Side -Extension (CSE) cached on the client system. The file being present prevents it from re-downloading. -The file being malformed prevents it from installing. - -## Verification - -Review cached CSE installation file - -**Step 1 –** In Windows Explorer, browse to folder -"`C:\ProgramData\PolicyPak\Downloaded Installations\PolicyPak ClientSide Extension\xx.xx.xxxx"` -(where xx.xx.xxxx represents the version of CSE being installed) - -**Step 2 –** Compare size of file "Endpoint Policy Manager ClientSide Extension, xx.xx.xxxx.msi" to -the same file on other computers - -**NOTE:** The Install`*.log` file will only be approximately 6 KB instead of Usual 900+ KB - -- There will sometimes be multiple logs files for each attempt - -![608_1_image-20201029193618-1](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/install/608_1_image-20201029193618-1.webp) - -## Resolution - -To resolve this scenario: - -### Option 1: - -Delete the malformed file and re-run the installation - -**Step 1 –** Delete the malformed MSI -`(C:\ProgramData\PolicyPak\Downloaded Installations\PolicyPak ClientSide Extension\xx.xx.xxxx\ PolicyPak Client-Side Extension, xx.xx.xxxx.msi"` - -**Step 2 –** Uninstall the "Endpoint Policy Manager Cloud Client" - -![608_2_image-20201029193618-2](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/install/608_2_image-20201029193618-2.webp) - -**Step 3 –** Rerun the installation of the Cloud Client - -**Step 4 –** Verify both Cloud Client and Client Side Extension are installed - -### Option 2: - -Manually install the Client Side Extension. - -Download the CSE from the Endpoint Policy Manager Portal - -**Step 1 –** Browse to the portal and sign in - -- [https://portal.endpointpolicymanager.com](https://portal.endpointpolicymanager.com) - -**Step 2 –** On the Home page, download the "Latest Bits" in the form of either a ZIP or ISO file - -![608_3_image-20201029193618-3](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/install/608_3_image-20201029193618-3.webp) - -- Follow the prompts to complete the download. - -**Step 3 –** Once downloaded, open or mount the file, open the "Client Side Extension (CSE)" folder -and copy out the "Endpoint Policy Manager Client Side Extension x??.msi" - -**Step 4 –** Run the new MSI to install the CSE - -**NOTE:** Can be run from anywhere, does not have to be in the cached install folder above diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/integration/ciscoanyconnect.md b/docs/endpointpolicymanager/troubleshooting/cloud/integration/ciscoanyconnect.md deleted file mode 100644 index 095d8490e9..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/integration/ciscoanyconnect.md +++ /dev/null @@ -1,16 +0,0 @@ -# I'm using Cisco Anyconnect and all the computers I register via Endpoint Policy Manager Cloud are being overwritten. Why is this and what can I do? - -When you use Cisco AnyConnect, the same MAC address is used for all the computers you register -Specifically it will use (00-05-9A-3C-7A-00). - ([https://forum.networklessons.com/t/cisco-asa-anyconnect-remote-access-vpn/833/41?page=3](https://forum.networklessons.com/t/cisco-asa-anyconnect-remote-access-vpn/833/41?page=3) as -you can see in that link.) - -The result is that Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud will match the -existing record and overwrite. - -The workaround is to use Endpoint Policy Manager Cloud in Loose to match on UUID only (not MAC) as -seen below. - -This is dump MAC as a matching criteria and use only UUID which is somewhat less aggressive. - -![817_1_image001_950x578](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/integration/817_1_image001_950x578.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/log/mac.md b/docs/endpointpolicymanager/troubleshooting/cloud/log/mac.md deleted file mode 100644 index 1763dc4e12..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/log/mac.md +++ /dev/null @@ -1,5 +0,0 @@ -# Where are log files for the Endpoint Policy Manager MacOS? - -`/Library/Application Support/PolicyPak/Logs` - -These log files should be small enough to attach directly in email to an existing SRX. diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/login.md b/docs/endpointpolicymanager/troubleshooting/cloud/login.md deleted file mode 100644 index 264aa91db3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/login.md +++ /dev/null @@ -1,61 +0,0 @@ -# Portal login troubleshooting - -If you're experiencing difficulties logging in to either the Netwrix Endpoint Policy Manager -(formerly PolicyPak) Portal or Cloud Portal, try the log in using the browsers incognito method.  If -the issue was caused by browser cookies then incognito will usually work. - -- Try Incognito in your browser -- Try a different browser -- In the browser where you encounter the issue.. - - Clear the browser cache - - Clear the browser cookies - -If you prefer to not clear ALL your browser cookies, see below for how to clear those specific to -Endpoint Policy Manager for different browsers - leaving other site cookies intact - and how to -clear the browser cache. - -## Incognito/Private Window - -Here's how to go incognito for different browsers. - -![926_1_image-20230913000135-1_781x183](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_1_image-20230913000135-1_781x183.webp) - -## Cookies - -Here's how to access cookie settings in different browsers. - -### Firefox - -In Firefox you have to make your way into Browser Settings and locate Privacy & Security. - -![926_2_image-20230104094340-6_657x242](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_2_image-20230104094340-6_657x242.webp) - -![926_3_image-20230104094423-7_613x558](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_3_image-20230104094423-7_613x558.webp) - -![926_4_image-20230104094459-8_610x360](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_4_image-20230104094459-8_610x360.webp) - -### Chrome - -Chrome makes is a little easier to identify and clear cookies for a specific site.  Just navigate to -the login page and follow the sequence below.  In the example below we click Remove 4 times since -there are 4 cookies in use for this specific site. - -![926_5_image-20230104092841-2_535x582](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_5_image-20230104092841-2_535x582.webp) - -### Edge - -Edge makes it even easier, similar to Chrome but only 3 steps. - -![926_6_image-20230104093408-4_491x233](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_6_image-20230104093408-4_491x233.webp) - -![926_7_image-20230104093448-5_527x138](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_7_image-20230104093448-5_527x138.webp) - -## Browser Cache - -In certain occasions you might want to clear the browser cache which clears cached data for ALL -sites you have visited.  For Chrome and Edge, remember to scroll the list and ensure only Cached -images and files is checked. - -All 3 browsers have the Ctrl-Shift-Del shortcut that provides quick access to this setting. - -![926_8_image-20230104100124-9_370x346](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_8_image-20230104100124-9_370x346.webp) ![926_9_image-20230104100144-10_322x350](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_9_image-20230104100144-10_322x350.webp) ![926_10_image-20230104100211-11_294x358](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/926_10_image-20230104100211-11_294x358.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/printers.md b/docs/endpointpolicymanager/troubleshooting/cloud/printers.md deleted file mode 100644 index cb367a00e3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/printers.md +++ /dev/null @@ -1,25 +0,0 @@ -# Printers won't come back once removed by user - -What should you do when Printers won't come back when someone removes it from a managed computer? - -## Summary: - -You're using Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud (PPC) Preference object to -deploy TCP/IP printers and it is working fine until someone removes that printer. You waited for -default PPC refresh, tried with running `"ppcloud /sync" `and log off and log back in and even tried -a reboot, but the required printer won't come back. - -## Reason: - -PPC doesn't see any update in a destination computer's object so it will not execute the next step, -which is to install the Printer. You need to do a little change -nothing configuration related- in -that Printer's PPC - -Pref Object. It will enable the destination computer to identify the change for that object in the -cloud and sync it locally. Then PPC will be able to install that Printer back on the computer. - -## Workaround: - -We've edited the value for Printer's location in the PPC Pref Object. - -![747_1_front-desk-retry](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/747_1_front-desk-retry.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/proxyserver.md b/docs/endpointpolicymanager/troubleshooting/cloud/proxyserver.md deleted file mode 100644 index 62fdd1c3b6..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/proxyserver.md +++ /dev/null @@ -1,10 +0,0 @@ -# How must my Proxy Server be configured to allow Endpoint Policy Manager Cloud communication? - -The Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud client communication is always -encrypted end to end. Endpoint Policy Manager cloud will try on port 443 or 80 as necessary. If you -need to configure your Proxy Server to allow communication to specific hosts, you need to set the -following: - -- cloud-agent.endpointpolicymanager.com via HTTPS/443 -- cloud-events.endpointpolicymanager.com via HTTPS/443 -- ppdl.blob.core.windows.net via HTTPS/443 diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/transition.md b/docs/endpointpolicymanager/troubleshooting/cloud/transition.md deleted file mode 100644 index 25062fad67..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/transition.md +++ /dev/null @@ -1,21 +0,0 @@ -# How do I transition from Endpoint Policy ManagerCloud to Endpoint Policy Manager Group Policy Edition? - -**Step 1 –** Uninstall the Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud Client on the -endpoints.  This will MAINTAIN the Endpoint Policy Manager Client Side Extension . - -![585_1_jm-1_900x536](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/585_1_jm-1_900x536.webp) - -**Step 2 –** Leave in place -or- Upgrade to the LATEST Endpoint Policy Manager Client Side Extension -using SCCM or PDQ Deploy Example: -[https://www.endpointpolicymanager.com/video/managing-group-policy-using-Endpoint Policy Manager-and-pdq-deploy.html ](https://www.endpointpolicymanager.com/video/managing-group-policy-using-endpointpolicymanager-and-pdq-deploy.html) - -**Step 3 –** In Endpoint Policy Manager Cloud, you will already have some POLICIES. You can DOWNLOAD -the policies from Endpoint Policy Manager Cloud like this. (see below.) - -**Step 4 –** Then in new GPOs, IMPORT the XML policies to the right node in a Endpoint Policy -Manager on-prem GPO. - -Note that some items might be restricted to COMPUTER or USER side, and may be actively prohibited on -the "wrong" side. For those, you will have to recreate the policies. - -![585_2_jm-2_900x438](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/585_2_jm-2_900x438.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/installation.md b/docs/endpointpolicymanager/troubleshooting/cloud/underhood/installation.md deleted file mode 100644 index d278554ea6..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/installation.md +++ /dev/null @@ -1,94 +0,0 @@ -# Troubleshooting Installation - -If you choose an interactive installation of the Endpoint Policy Manager Cloud client, then any -success or failure messages that occur when connecting to Endpoint Policy Manager Cloud will be -shown on the final window during installation, as shown in Figure 156. - -![underneath_the_hood_and_troubleshooting_2_624x343](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_2_624x343.webp) - -Figure 156. The final window of the installation process. - -There are some common issues that occur during installation, and these client troubleshooting errors -are documented in one place: Getting Started with Cloud > -[Knowledge Base](/docs/endpointpolicymanager/knowledgebase.md). However, three of our most common errors -are presented in the next few pages. - -## No Internet Connection During Installation - -You might install the Endpoint Policy Manager Cloud client during a time when there is no internet -connection, or some other issue might occur when your client initially joins Endpoint Policy Manager -Cloud. - -**NOTE:** If you always use a proxy, and the Endpoint Policy Manager Cloud client cannot seem to -contact the Endpoint Policy Manager services, please read this Endpoint Policy Manager KB article: -[http://www.endpointpolicymanager.com/knowledge-base/client-installation-troubleshooting/i-always-use-a-proxy-and-the-cloud-client-cannot-seem-to-make-contact-with-the-services-see-faq-item-3-above-first-what-else-can-i-try.html](http://www.endpointpolicymanager.com/knowledge-base/client-installation-troubleshooting/i-always-use-a-proxy-and-the-cloud-client-cannot-seem-to-make-contact-with-the-services-see-faq-item-3-above-first-what-else-can-i-try.html). - -During installation, the Endpoint Policy Manager Cloud client will try to connect with Endpoint -Policy Manager Cloud for a maximum of 60 seconds. If it is able to make a connection and acquire a -license within 60 seconds, you'll get a success message. If the Endpoint Policy Manager Cloud client -cannot locate Endpoint Policy Manager Cloud you'll get an error message, as shown in Figure 157. - -![underneath_the_hood_and_troubleshooting_3_406x302](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_3_406x302.webp) - -Figure 157. The error message when the Endpoint Policy Manager Cloud client cannot connect to -Endpoint Policy Manager Cloud. - -If you click "Continue," you'll see a success message, but no results of the connection to Endpoint -Policy Manager Cloud, as shown in Figure 158. - -![underneath_the_hood_and_troubleshooting_4_406x336](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_4_406x336.webp) - -Figure 158. The success message indicating installation is complete. - -Therefore, if the Endpoint Policy Manager Cloud is contacted and/or the license isn't acquired, then -the Endpoint Policy Manager Cloud client will try to sync again within the next hour. It will -continue to re-try every hour (after Internet access is restored). - -## System Time Error - -A common error occurs when the system time is off. If you get the error shown in Figure 159, ensure -that the system time on the client system is correct. If the time significantly off, the cloud -client cannot talk with the cloud server. - -![underneath_the_hood_and_troubleshooting_5](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_5.webp) - -Figure 159. System time error message. - -To check the time, do the following: - -**Step 1 –** Change the time zone to UTC, as shown in Figure 160. - -![underneath_the_hood_and_troubleshooting_6](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_6.webp) - -Figure 160. Selecting UTC as the time zone. - -**Step 2 –** Verify the time on the computer is now the same as what is shown at the following -website: -[https://www.worldtimeserver.com/current_time_in_UTC.aspx](http://www.worldtimeserver.com/current_time_in_UTC.aspx). - -**Step 3 –** If the computer's time is off, change it so it matches the UTC time. - -**Step 4 –** Then join Endpoint Policy Manager Cloud. - -**Step 5 –** After joining, change the time zone to your correct time zone. - -**Step 6 –** Verify Endpoint Policy Manager Cloud still works with commandline:` ppcloud /sync`. - -## Multiple Registrations for the Same Computer - -If you attempt to destroy and re-create a computer, for instance, after re-installing the whole OS, -then the computer will, by default, be seen as unique (see Figure 161). This is expected because of -the computer registration modes, and it can typically happen when the computer is a VDI machine that -gets destroyed and rebuilt often. To compensate for this, refer to the section "Company Details." - -![underneath_the_hood_and_troubleshooting_7_624x277](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/underneath_the_hood_and_troubleshooting_7_624x277.webp) - -Figure 161. A computer is seen as being unique after the OS is re-installed. - -The registration mode you likely want to use is "Loose (allow computers to recovery access by UUID -or MAC Address)" for normal machines (as shown in Figure 162), and "Advanced (always register a new -computer and keep existing records)" for VDI machines. - -![web_interface_and_controls_71_624x518](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/underhood/web_interface_and_controls_71_624x518.webp) - -Figure 162. Selecting the registration mode. diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/overview.md b/docs/endpointpolicymanager/troubleshooting/cloud/underhood/overview.md deleted file mode 100644 index 4f7e67e286..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/underhood/overview.md +++ /dev/null @@ -1,22 +0,0 @@ -# Underneath the Hood and Troubleshooting - -Recall that the job of Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud job is to do the -following: - -- Provide your company with its own Endpoint Policy Manager Cloud client MSI which is unique and - secure to your company. -- License a machine for use with Endpoint Policy Manager Cloud (for specific Endpoint Policy Manager - Cloud components). -- Deliver Endpoint Policy Manager XML data files for Endpoint Policy Manager settings or Microsoft - Group Policy settings. - -After that, the Endpoint Policy Manager product client-side extension (CSE) (Endpoint Policy Manager -Application Settings Manager CSE or Endpoint Policy Manager Preferences CSE) takes over and performs -the work. - -To get an overall feeling for what's happening within Endpoint Policy Manager Cloud and its -interaction with the client machines, let's explore three areas: - -- XML data storage (where XML directives are downloaded) -- Troubleshooting installation of the Cloud client and connection troubles -- Command line syntax for initiating commands from the client to the server diff --git a/docs/endpointpolicymanager/troubleshooting/cloud/versions.md b/docs/endpointpolicymanager/troubleshooting/cloud/versions.md deleted file mode 100644 index 44598aca79..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/cloud/versions.md +++ /dev/null @@ -1,24 +0,0 @@ -# The Incorrect (non-matching) version of PPPUPDATE is installed on a PPC endpoint - -## PROBLEM: - -When running ` PPUPDATE` on an endpoint that is registered with Netwrix Endpoint Policy Manager -(formerly PolicyPak) Cloud the incorrect version of `PPUPDATE` is shown. The `PPUPDATE `version -displayed does not match the version of the Endpoint Policy Manager Client-Side Extension installed. - -In the screenshots below the CSE version installed is 21.11.2984 but the PPUPDATE version is showing -as 20.1.2317. - -![897_1_image-20220125020029-1](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/897_1_image-20220125020029-1.webp) - -![897_2_image-20220125020029-2](/img/product_docs/endpointpolicymanager/troubleshooting/cloud/897_2_image-20220125020029-2.webp) - -## CAUSE: - -The Endpoint Policy Manager Cloud Client has overwritten the `PPUPDATE` version with an older -version. - -## RESOLUTION: - -Try running a repair on the Endpoint Policy Manager CSE version using Programs and Features, and if -that does not work then reinstall the Endpoint Policy Manager CSE manually to fix the issue. diff --git a/docs/endpointpolicymanager/troubleshooting/customdialog.md b/docs/endpointpolicymanager/troubleshooting/customdialog.md deleted file mode 100644 index cc112684b1..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/customdialog.md +++ /dev/null @@ -1,15 +0,0 @@ -# How can I present a custom dialog (or no dialog) if Browser Router (or the CSE) stops working or crashes? - -Using the Netwrix Endpoint Policy Manager (formerly PolicyPak) ADMX files, you can use the "Show -error message dialog when URL routing is not possible" setting. - -Note that when the setting is: - -1. Default: It will use the default text. -2. Enabled: You can specify your own dialog title and text. NOTE that HTML is NOT supported. Must be - straight text. -3. Disabled: No dialog will appear if Endpoint Policy Manager Endpoint Policy Manager Browser Router - or the CSE has a problem. This could be desirable, but also means that functions will just stop - with no notification. - -![780_1_img-01_950x653](/img/product_docs/endpointpolicymanager/troubleshooting/780_1_img-01_950x653.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/error/admintemplates/namespacealreadydefined.md b/docs/endpointpolicymanager/troubleshooting/error/admintemplates/namespacealreadydefined.md deleted file mode 100644 index 20a1e901bd..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/error/admintemplates/namespacealreadydefined.md +++ /dev/null @@ -1,9 +0,0 @@ -# I get a "Namespace already defined" error when making new Endpoint Policy Manager Admin Templates Manager policies. What is this? - -This error occurs when your ADMX Central Store or Local Store has two ADMX items that overlap with -the same value. - -There are two articles you can read to fix the problem permanently: - -1. [https://support.microsoft.com/en-us/help/3077013/-microsoft-policies-sensors-windowslocationprovider-is-already-defined](https://support.microsoft.com/en-us/help/3077013/-microsoft-policies-sensors-windowslocationprovider-is-already-defined) And -2. [https://jorgequestforknowledge.wordpress.com/2016/10/13/namespace-already-defined-as-the-target-namespace-for-another-file-in-the-policy-store/](https://jorgequestforknowledge.wordpress.com/2016/10/13/namespace-already-defined-as-the-target-namespace-for-another-file-in-the-policy-store/) diff --git a/docs/endpointpolicymanager/troubleshooting/error/cloud/invalidcertificate.md b/docs/endpointpolicymanager/troubleshooting/error/cloud/invalidcertificate.md deleted file mode 100644 index ac627d5ea8..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/error/cloud/invalidcertificate.md +++ /dev/null @@ -1,4 +0,0 @@ -# What is the Endpoint Policy Manager Cloud client installation error "The remote certificate is invalid according to the validation procedure." - -One customer reported that this was because of a missing SonicWall certificate. Check for this or -something similar on your configuration. diff --git a/docs/endpointpolicymanager/troubleshooting/error/install/sufficientprivileges.md b/docs/endpointpolicymanager/troubleshooting/error/install/sufficientprivileges.md deleted file mode 100644 index 7311a6ddcd..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/error/install/sufficientprivileges.md +++ /dev/null @@ -1,18 +0,0 @@ -# Why won't the Endpoint Policy Manager services start, with an error like (or similar to) "Verify that you have sufficient privileges to start system services."? - -If you get an error while starting the Netwrix Endpoint Policy Manager (formerly PolicyPak) -services, such as this… - -``` -Product: Policypak Client-Side Extension -- Error 1920. Service Policypak ' Watcher Service (64-bit)' (PPWatcherSvc64) failed to start. Verify that you have sufficient privileges to start system services. -``` - -It's likely your Antivirus is preventing Endpoint Policy Manager from operating. We know at least -Carbon Black will prevent Endpoint Policy Manager from running unless it's exempted. - -For more information -[How must I configure my Anti-virus or system-level software to work with Endpoint Policy Manager CSE?](/docs/endpointpolicymanager/install/antivirus.md). - -Example of error and results in Event log: - -![97_1_carbonblack1](/img/product_docs/endpointpolicymanager/troubleshooting/error/install/97_1_carbonblack1.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/feature/events.md b/docs/endpointpolicymanager/troubleshooting/feature/events.md deleted file mode 100644 index b574845c53..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/feature/events.md +++ /dev/null @@ -1,53 +0,0 @@ -# Events - -Endpoint Policy Manager Feature Manager for Windows places events in the Endpoint Policy Manager log -(within Applications and Services log), as shown in Figure 47. All events will have the Endpoint -Policy Manager Feature Manager for Windows client source type. In Figure 47, you can see an example -of a feature attempting to be installed. This is Event ID 600. - -![troubleshooting_5](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/avoid_pop_ups_with_admin_approval_1.webp) - -Figure 47. Endpoint Policy Manager Feature Manager for Windows events can be found in the Endpoint -Policy Manager node within Application and Services. - -Then, after it is successfully installed, it shows Event ID 602, as shown in Figure 48. - -![troubleshooting_6](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_6.webp) - -Figure 48. Logged events in Endpoint Policy Manager event log for Endpoint Policy Manager Feature -Manager for Windows. - -You might want to trigger or look for certain events to know what's going on. Endpoint Policy -Manager is compatible with Event Forwarding, if that's something you wish to do. Here is the list of -events in each category: - -General - -- Event 300: The system will reboot to complete installation of Windows Features. -- Event 301: The system reboot is pending. - -Windows Feature Category - -- Event 600: Windows feature is being installed. -- Event 601: Installing Windows feature was canceled. -- Event 602: Windows feature was installed. -- Event 603: Installing Windows feature progress is - \*. -- Event 604: Installing Windows feature failed. -- Event 650: Windows feature is being removed. -- Event 651: Removing Windows feature was canceled. -- Event 652: Windows feature was removed. -- Event 653: Removing Windows feature progress is - \*. -- Event 654: Removing Windows feature failed. - -Windows Optional Feature Category - -- Event 700: Optional feature is being installed. -- Event 701: Installing optional feature was canceled. -- Event 702: Installing optional feature was completed. -- Event 703: Installing optional feature progress is - \*. -- Event 704: Installing Windows feature failed. -- Event 750: Optional feature is being removed. -- Event 751: Removing optional feature was canceled. -- Event 752: Removing optional feature was completed. -- Event 753: Optional feature progress is - \*. -- Event 754: Removing optional feature failed. diff --git a/docs/endpointpolicymanager/troubleshooting/feature/logs.md b/docs/endpointpolicymanager/troubleshooting/feature/logs.md deleted file mode 100644 index f4b8a75478..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/feature/logs.md +++ /dev/null @@ -1,62 +0,0 @@ -# Logging Locations - -The most common problem users experience with Netwrix Endpoint Policy Manager (formerly PolicyPak) -Feature Manager for Windows is that they don't see a feature installed or uninstalled as expected. -Here are some tips when trying to troubleshoot Endpoint Policy Manager Feature Manager for Windows. - -The log files for Endpoint Policy Manager Feature Manager for Windows's are found in the following -folder: - -`%Programdata%\PolicyPak\PolicyPak Feature Manager for Windows`. This is because Endpoint Policy -Manager Feature Manager for Windows affects the Computer side (and all users on that computer). It's -also possible there might be some user-side logins in the following folder: - -`%appdata%\local\PolicyPak\PolicyPak Feature Manager for Windows.` But they will not be useful -because all work related to Endpoint Policy Manager Feature Manager for Windows happens on the -Computer side. - -There are several files to check in the folder. These files are as follows: - -- `ppComputerOperational.log`. This is the log where you can see exactly what Endpoint Policy - Manager Feature Manager for Windows believes it has accomplished, any error conditions, and if the - computer has a pending reboot or not. -- `ppUser_OnLogon.log`. New data is added to this log when Group Policy applies at the time of logon - (and items are set for the User, not the Computer). -- `ppUser_Switched.log`. New data is added to this log when Group Policy applies at the time of - logon (but items are set for the Computer). -- `ppUser_OnGroupPolicy.log`. New data is added to this log when Group Policy applies in the - background (or on GPupdate). -- `ppUser_onPolicyChanged.log`. New data is added to this log when Group Policy applies in the - background or when a non–Group Policy method is used (Microsoft Endpoint Manager [SCCM and - Intune], Endpoint Policy Manager Cloud, and so on). - -Start troubleshooting by verifying that you are set up with the following scenarios: - -- You have the group policy object (GPO) or file. -- You have a collection within the GPO. -- You have the policies within the collection. - -Figure 45 shows an example of a Endpoint Policy Manager Feature Manager for Windows log with some -annotations during a single run/GPupdate. - -![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting.webp) - -![troubleshooting_1](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_1.webp) - -![troubleshooting_2](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_2.webp) - -Figure 45. An example of a Endpoint Policy Manager Feature Manager for Windows log. - -Then, to see details of what Endpoint Policy Manager Feature Manager for Windows is trying to do, -you can open up the PPComputerOperational.log (see Figure 46) located at -`Programdata\PolicyPak\PolicyPak Feature Manager for Windows`. - -![troubleshooting_3](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_3.webp) - -![troubleshooting_4](/img/product_docs/endpointpolicymanager/troubleshooting/feature/troubleshooting_4.webp) - -Figure 46. Log files showing when a policy installs and uninstalls items. - -If needed, logs are automatically wrapped up and can be sent to -[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) using the `PPLOGS.EXE` command on any endpoint -where the client-side extension (CSE) is installed. diff --git a/docs/endpointpolicymanager/troubleshooting/feature/overview.md b/docs/endpointpolicymanager/troubleshooting/feature/overview.md deleted file mode 100644 index cb3f5f5dff..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/feature/overview.md +++ /dev/null @@ -1,3 +0,0 @@ -# Troubleshooting - -In this section, we will talk about a few tips and troubleshooting methods. diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/legacy.md b/docs/endpointpolicymanager/troubleshooting/fileassociations/legacy.md deleted file mode 100644 index 5e9a357b41..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/legacy.md +++ /dev/null @@ -1,39 +0,0 @@ -# How do I revert to "Legacy File Associations Methods & Features" if directed (especially for LTSB/LTSC)? - -If you are having a problem with Netwrix Endpoint Policy Manager (formerly PolicyPak) File -Associations Manager (PPFAM) not working as expected, you may be asked by tech support to "Revert to -Legacy File Assoc Method & Features". - -This might be required if you are attempting to use Endpoint Policy Manager File Associations -Manager on an older version of Windows 10, say, LTSB or LTSC. You can still get Endpoint Policy -Manager File Associations Manager to work, but you must utilize the Legacy behavior. - -First, be sure you are eligible to use this function by copying the latest Endpoint Policy Manager -ADMX files to your Central Store or using Endpoint Policy Manager Cloud. - -Directions for Central Store: -[Troubleshooting with ADMX files](/docs/endpointpolicymanager/video/troubleshooting/admxfiles.md) - -Directions for Endpoint Policy Manager Cloud (if they are not already pre-placed there): -[PolicyPak Cloud: Upload and use your own ADMX files to PolicyPak Cloud](/docs/endpointpolicymanager/video/cloud/admxfiles.md) - -Then, the setting you should use if directed by support is entitled: - -`Computer Configuration | Policies | Admin Templates | PolicyPak ADMX Settings | Client-side Extensions | File Associations Manager | Revert to Legacy File Assoc Method & Features` -and set to Enabled to return back to the legacy behavior. - -![837_1_image-20201027212337-3](/img/product_docs/endpointpolicymanager/troubleshooting/fileassociations/837_1_image-20201027212337-3.webp) - -## What does "Revert to Legacy File Assoc Method & Features" mean? - -By establishing to use Legacy File Assoc Method & Features the following occurs: - -- Endpoint Policy Manager File Associations Manager policies will ONLY apply on the COMPUTER side. - - **NOTE:** The MMC and/or Cloud editors cannot know you've enabled this setting; and as such - those editors will still work, but the CSE will then ignore the USER side directives. - -- Endpoint Policy Manager File Associations Manager policies can only take effect on DOMAIN JOINED - machines. -- Endpoint Policy Manager File Associations Manager policies can only take effect when you log out - and back in. diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/logs.md b/docs/endpointpolicymanager/troubleshooting/fileassociations/logs.md deleted file mode 100644 index 33a75e524c..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/logs.md +++ /dev/null @@ -1,42 +0,0 @@ -# Logging Locations - -Endpoint Policy Manager File Associations Manager log files are found in -`%Programdata%\PolicyPak\PolicyPak File Associations Manager.` This is because Endpoint Policy -Manager File Associations Manager affects the computer (and all users on that computer).It's also -possible there might be some user-side logins in -`%appdata%\local\PolicyPak\PolicyPak File Associations Manager`, but they will not be useful since -all Endpoint Policy Manager File Associations Manager work happens on the Computer side. - -There are several files to check in the folder -`%Programdata%\PolicyPak\PolicyPak File Associations Manager.` These files are: - -- `ppUser_OnLogon.log`: This log file is updated when Group Policy applies at the time of login (and - items are set for the User side, not the Computer side). -- `ppUser_Switched.log`: This log file is updated when Group Policy applies at the time of login - (and items are set for the Computer side). -- `ppUser_OnGroupPolicy.log`: This log file is updated when Group Policy applies in the background - (when you run GPupdate or Group Policy applies in the background). -- `ppUser_onPolicyChanged.log`: This log file is updated when Group Policy applies in the background - or when a method other than the Group Policy method is used (e.g., Microsoft Endpoint Manager - [SCCM and Intune] and Endpoint Policy Manager Cloud). - -Start troubleshooting by verifying that the following conditions are true: - -- You have the Group Policy Object (GPO) (or file). -- You have a collection within the GPO. -- You have the rules within the collection. - -Figure 55 and Figure 56 are examples of Endpoint Policy Manager File Associations Manager logs with -some important items highlighted. - -![troubleshooting_1](/img/product_docs/endpointpolicymanager/troubleshooting/fileassociations/troubleshooting_1.webp) - -Figure 55. An example of a Endpoint Policy Manager File Associations Manager log. - -![troubleshooting_2](/img/product_docs/endpointpolicymanager/troubleshooting/fileassociations/troubleshooting_2.webp) - -Figure 56. Highlights from the Endpoint Policy Manager k File Associations Manager log. - -If needed, logs can be automatically wrapped up and sent to -[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) with the `PPLOGS.EXE` command on any endpoint -where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/overview.md b/docs/endpointpolicymanager/troubleshooting/fileassociations/overview.md deleted file mode 100644 index 68576e82db..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/overview.md +++ /dev/null @@ -1,13 +0,0 @@ -# Troubleshooting - -The most common problem users encounter with Netwrix Endpoint Policy Manager (formerly PolicyPak) -File Associations Manager occurs during initial use when trying to make associations. Here are some -tips when trying to troubleshoot Endpoint Policy Manager File Associations Manager: - -- Do not try to use Microsoft's method and Endpoint Policy Manager's method for managing file - associations on the same Windows 10 endpoints. Only one method will win. -- If deploying policies on the computer side, then Endpoint Policy Manager File Associations Manager - will attempt to map file associations if any user has the registered application you specify (not - only the logged-on user at the moment)>.This is a risk if the program exists at all on the - endpoint, but the user logging on at that moment (say on a Terminal Server/RDS machine) doesn't - have access to that application. diff --git a/docs/endpointpolicymanager/troubleshooting/fileassociations/specificbrowser.md b/docs/endpointpolicymanager/troubleshooting/fileassociations/specificbrowser.md deleted file mode 100644 index 3b35fb52ab..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/fileassociations/specificbrowser.md +++ /dev/null @@ -1,13 +0,0 @@ -# How can I associate .HTM files with a specific browser, like Internet Explorer? - -You can use Netwrix Endpoint Policy Manager (formerly PolicyPak) File Associations Manager to -associate a .HTM file with IE like this. - -However, doing this WILL NOT route URLs. - -So if you set PPFAM association HTM -> IE and click to some .HTM file in Windows File Explorer (or -open it in some third party program) it will be opened with IE. - -But note that if you type a URL into, say, the Firefox or Chrome address bar (or follow some -hyperlink) to navigate to `file://server/site.htm`, it will stay in the same browser and not -magically open in IE. diff --git a/docs/endpointpolicymanager/troubleshooting/forepointdlp.md b/docs/endpointpolicymanager/troubleshooting/forepointdlp.md deleted file mode 100644 index 84179a7bba..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/forepointdlp.md +++ /dev/null @@ -1,7 +0,0 @@ -# Why do I get crashes and blue screens when using Endpoint Policy Manager with Forcepoint DLP? - -You must upgrade to the latest Forepoint DLP client of at least 23.10.5661. - -This was a bug in Forcepoint. - -![982_1_oct-11](/img/product_docs/endpointpolicymanager/troubleshooting/982_1_oct-11.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/gpoexport/onpremisecloud.md b/docs/endpointpolicymanager/troubleshooting/gpoexport/onpremisecloud.md deleted file mode 100644 index bdead348e2..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/gpoexport/onpremisecloud.md +++ /dev/null @@ -1,41 +0,0 @@ -# Why do I sometimes see Endpoint Policy Manager Cloud security settings and sometimes see on-prem GPO security settings? - -Microsoft stores all Security Settings in a single INF file -`("Microsoft\Windows NT\SecEdit\GptTmpl.inf")`, there can only be one instance of these settings in -use at a time. What happens when there are multiple versions of the file being used is that ALL of -the settings in each version of the INF file overwrite each other when the individual policies are -applied. - -Therefore, the quick reason you might see policy settings "vaporize" is a flip-flop between two -delivery methods: Group Policy and Netwrix Endpoint Policy Manager (formerly PolicyPak) Cloud, for -instance. - -To illustrate this point let's assume you have a Domain-Joined computer that also receives a -Security Settings policy via Endpoint Policy Manager Cloud (PPC). Then from the domain-based GPO you -have a Password Policy applied at the domain level, and from the PP Cloud side you have a Rename -Administrator account policy being applied to the computer group the computer is in. - -You might expect these two settings to MERGE within the Security Settings policy. But that's not -what happens. - -When Group Policy processes (ie: gpupdate) occurs on the Domain-Joined computer, the computer will -receive the Domain version of the Password policy, this will overwrite ALL existing Security -Settings policies currently on the machine coming from PPC. Likewise, when the PPC Security Settings -policy applies it will overwrite ALL Security Settings that were coming from the domain. - -When the Domain policy applies (gpupdate etc.) the computer will get these settings below, note that -the "Rename administrator account" policy is set to "Not Defined" for the Domain policy. - -![698_1_image-20200511225437-1](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/698_1_image-20200511225437-1.webp) - -When Endpoint Policy Manager Cloud settings are applied (PPCloud /sync, ppupdate etc.) the computer -will receive these settings below, note that there is nothing defined for "Enforce password history" -within the PPC policy. - -![698_3_image-20200511225437-2](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/698_3_image-20200511225437-2.webp) - -Video example below shows the result of having Security Settings Policy set in both PPC and in -On-Premises Group Policy, the policies will continuously replace each other every time they apply. - -We recommend you choose only one method, and set Security Settings policies in either PPC or -On-Premises Group Policy, not in both. diff --git a/docs/endpointpolicymanager/troubleshooting/gpoexport/securitysettings.md b/docs/endpointpolicymanager/troubleshooting/gpoexport/securitysettings.md deleted file mode 100644 index 65b7f2fbf9..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/gpoexport/securitysettings.md +++ /dev/null @@ -1,23 +0,0 @@ -# Why Won't my Windows Security Settings Export using GPO Export Manager - -First, check to see if you're creating your Windows security settings on your local machine. - -![617_1_ppsec-kb-01-img-01](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_1_ppsec-kb-01-img-01.webp) - -If you are working with your local group policy editor, and then you try to export your settings -using Netwrix Endpoint Policy Manager (formerly PolicyPak) Security Settings Manager, you're going -to get this error message: - -![617_2_ppsec-kb-01-img-02](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_2_ppsec-kb-01-img-02.webp) - -Instead, manage your Windows security settings using the GPMC within a domain-based GPO as seen -here: - -![617_3_ppsec-kb-01-img-03](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_3_ppsec-kb-01-img-03.webp) - -Then use Endpoint Policy Manager Security Settings Manager to export your settings as XML for use -with the cloud or MDM service, as seen here. - -![617_4_ppsec-kb-01-img-04](/img/product_docs/endpointpolicymanager/troubleshooting/gpoexport/617_4_ppsec-kb-01-img-04.webp) - -You'll be managing your Windows Security Settings through the cloud or MDM service in no time! diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/eventlogs.md b/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/eventlogs.md deleted file mode 100644 index cdb5949635..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/eventlogs.md +++ /dev/null @@ -1,12 +0,0 @@ -# Event Logs - -The Endpoint Policy Manager GPCR client (admin console) logs warnings and errors to the Windows -Event Viewer in the application log. Because a lot of data could be in the log, use the filters -shown in Figure 76 to make a custom view showing only Endpoint Policy Manager GPCR events in the -application log. - -![tuning_and_troubleshooting_17](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_17.webp) - -Figure 76. Creating a custom view for Endpoint Policy Manager GPCR events. - -If asked by Endpoint Policy Manager Support, be prepared to export these events for analysis. diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/overview.md b/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/overview.md deleted file mode 100644 index faba74d313..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Tuning and Troubleshooting - -This section details tuning Netwrix Endpoint Policy Manager (formerly PolicyPak) GPCR endpoints if -the defaults need to be changed. We will also discuss several common problems, solutions, and -troubleshooting steps with Endpoint Policy Manager GPCR. diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/scheduledtasks.md b/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/scheduledtasks.md deleted file mode 100644 index 50ccfee308..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/scheduledtasks.md +++ /dev/null @@ -1,25 +0,0 @@ -# Troubleshooting Scheduled Tasks - -You can see the scheduled task on the endpoint, as shown in Figure 73. - -![tuning_and_troubleshooting_14](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_14.webp) - -Figure 73. The endpoint scheduled task. - -The ideal status is "Ready." When Group Policy triggers, it should change to "Queued," then to -"Running," and then back to "Ready." However, sometimes the scheduled task can get stuck at -"Queued," as shown in Figure 74. - -![tuning_and_troubleshooting_15](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_15.webp) - -Figure 74. The scheduled task stuck in a queued state. - -Sometimes endpoints require a reboot in order for data to start to flow to the Endpoint Policy -Manager GPCR server. This is normal when the task is first installed via a Group Policy Preference -scheduled task. If the task fires correctly, verify the action is set correctly so that -PPGPCR.Auditor.exe will be started from the proper location and the information will be delivered to -the target server (in this case DC), as shown in Figure 75. - -![tuning_and_troubleshooting_16](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_16.webp) - -Figure 75. Verifying the action is set correctly. diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/server.md b/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/server.md deleted file mode 100644 index f0d36dabab..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/server.md +++ /dev/null @@ -1,19 +0,0 @@ -# Troubleshooting Server Problems - -The most likely reason for server problems is that the service has not started. The service must be -running and started on a server, as shown in Figure 68. - -![tuning_and_troubleshooting_9](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_9.webp) - -Figure 68. Verification that the GPCR server service is running. - -Another possible reason why all connections are rejected is that the firewall is not allowing -incoming requests. Verify the following entry is in place, since it should automatically be created -when the Endpoint Policy Manager GPCR server component and service are installed (see Figure 69). - -![tuning_and_troubleshooting_10](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning_and_troubleshooting_10.webp) - -Figure 69. Ensuring the firewall is properly configured. - -If this does not solve the problem, temporarily disable the server's firewall to determine whether -requests start to come in. diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/serverside.md b/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/serverside.md deleted file mode 100644 index 3e3629e946..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/serverside.md +++ /dev/null @@ -1,6 +0,0 @@ -# What Server-side items should I send to Tech Support if asked? - -The PPGPCR Server contents are in the following folder. Please ZIP the folder and send to us if -requested. - -**NOTE:** You do not need to STOP the PPGPCR Server service first. diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/admx.md b/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/admx.md deleted file mode 100644 index 59f7b797fc..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/admx.md +++ /dev/null @@ -1,149 +0,0 @@ -# Using ADMX Files to Tune the Auditor - -Inside the Endpoint Policy Manager GPCR download is the PPGPCR Diagnostics ADMX.ZIP. When unpacked -from the ZIP file, you can use the ADMX files to manage and tune Endpoint Policy Manager GPCR or for -troubleshooting if necessary. To use the ADMX files, do the following: - -- If you have a Group Policy Central store, copy the PolicyDefinitions folder into - - ``` - \\\sysvol\\Policies - ``` - -- If you do not have a Group Policy Central store, copy the PolicyDefinitions folder to - - ``` - c:\PolicyDefinitions - ``` - -You can see what copying those files to a Group Policy Central store looks like in Figure 58. - -![tuning_and_troubleshooting_624x274](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/tuning_and_troubleshooting_624x274.webp) - -Figure 58. Copying the ADMX files to the PolicyDefinitions folder. - -Now when you edit Group Policy Objects (GPOs), you will see Endpoint Policy Manager GPCR policy -settings under `Computer Configuration\Policies\Administrative Templates\PolicyPak`. The settings to -tune `PPGPCR.Auditor.exe` on endpoints can be seen in the Auditor Endpoints folder, as shown in -Figure 59. - -![tuning_and_troubleshooting_1_624x272](/img/product_docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/tuning_and_troubleshooting_1_624x272.webp) - -Figure 59. The policy settings for endpoints. - -The settings and their functions are each presented in the sections that follow. Note that they are -not presented in the same order as found in the figure above. - -## Maximum Check-Ins Per Day - -The "Maximum check-ins per day" setting allows you to limit how many times per day -`PPGPCR.Auditor.exe` will run on an endpoint automatically. The default maximum is 20 audits in a -calendar day (not 24 hours from when the computer is started). - -**NOTE:** If you were to run `PPGPCR.Auditor.exe` with the /force switch to manually start the -auditing process, it would not count toward this maximum number. The` PPGPCR.Auditor.exe` can only -run with the /force switch when run as SYSTEM (not as an admin). - -## Time Period Allowed to Run - -The "Time period allowed to run" setting allows you to limit the hours that the auditor will run. -This can be useful during times when it is not needed, such as outside of normal business hours. It -can also be used if you only want the auditor to run outside of business hours to save bandwidth. -The following options are available for the setting: - -- Default/Not Configured: Runs at all hours -- Enabled: Runs from 10 AM to 4 PM according to the time zone of the endpoint and is changeable -- Disabled: Runs at all hours - -## Run Auditor on Logon - -The "Run Auditor on logon" setting controls whether the auditor can run on user login and consume -bandwidth during that startup and login process. When allowed, this can cause massive network flow -at the start of working hours and can also slow the user's login time. Our recommended approach is -to keep the default setting, which will only send Endpoint Policy Manager GPCR auditor data in the -background (after the login process). The following options are available for the setting: - -- Default/Not Configured: Does not run at login -- Enabled: Runs at login -- Disabled: Does not run at login - -When enabled, the auditor will also trigger and send data when the following GP events occur: - -- 8000 Successful computer end event -- 8001 Successful user end event - -## Prevent Auditor from Running - -To save bandwidth it is recommended to only run the auditor during background events. This is the -Default/Not Configured recommendation. You can also prevent the auditor from running during -background events by changing the "Prevent Auditor from running upon Group Policy background events" -setting to "Disabled." If this policy is set to "Disabled," then you will likely need to enable -"PPGPCR Auditor Endpoints: Run Auditor on logon" or you will have no data from the auditor (unless -manually run with the `/force` command). The following options are available for the setting: - -- Not Configured/Enabled: Runs during background events -- Disabled: Does not run during background events - -When disabled, the auditor will no longer trigger for the following event IDs for background events: - -- 8006 Successful computer periodic refresh event -- 8007 Successful user periodic refresh event - -## Run Auditor Upon Network Change - -The setting "Run Auditor upon network change" controls whether the auditor runs on a network change. -This might be useful when computers are offline for a period of time, and then re-connect over -wireless or a VPN connection. We recommend you leave this off by default, and acquire auditing data -in the background, which will occur during the next background refresh cycle of Group Policy. The -following options are available for the setting: - -- Not Configured/Default: Does not run on a network change -- Enabled: Runs on a network change -- Disabled: Does not run on a network change - -If enabled, the auditor will trigger for the following event IDs: - -- 8002 Successful computer network change event -- 8003 Successful user network change event - -## Run Auditor Upon Manual GPUpdate - -The setting "Run Auditor upon manual gpupdate" controls whether the auditor runs when a user -manually runs GPUpdate. This is enabled by default because, typically, end-users do not run -GPUpdate; it is usually run by admins. Therefore, the default is that an Admin would run GPUpdate, -which would automatically run the Endpoint Policy Manager GPCR auditor and deliver latest data to -the server. The following options are available for the setting: - -- Default: Auditor will trigger when GPUpdate is run manually -- Enabled: Same as Default / auditor will run upon manual GPUpdate -- Disabled: Does not trigger the auditor when GPUpdate is run manually - -When disabled, the following event IDs are ignored: - -- 8004 Successful computer manual refresh event -- 8005 Successful user manual refresh event - -## Run Auditor Immediately - -The setting "Run Auditor immediately when Scheduled Task configuring Auditor is applied" controls -whether or not the auditor will run when a scheduled task it applied. We recommend using the default -setting as running the auditor immediately can create massive network flow just after configuring -auditor. The following options are available for the setting: - -- Default: Does not immediately run when the scheduled task is applied -- Enabled/Not Configured: Does not run immediately after the scheduled task is applied -- Disabled: Runs immediately on any machine after the scheduled task configuring the auditor is - applied - -The behavior of the auditor is not affected at the occurrence of any event IDs. - -## Only Run Group Policy Compliance Reporter Auditor on Computer Side - -The setting "Only run PPGPCR Auditor on computer side, but only when a user is actually logged in" -controls whether the auditor runs when no user is logged in to a PC. You might want to set this -setting to "Enabled" to only capture auditing data when someone is actually logged in to save -bandwidth. The following options are available for the setting: - -- Default/Not configured: Runs on the computer side regardless of whether a user is logged in or not -- Enabled: Only runs on the computer side when a user is logged in -- Disabled: Runs on the computer side regardless of whether a user is logged in or not diff --git a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/overview.md b/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/overview.md deleted file mode 100644 index 4e8ce35325..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/grouppolicycompliancereporter/tuning/overview.md +++ /dev/null @@ -1,99 +0,0 @@ -# Tuning Group Policy Compliance Reporter - -Tuning Endpoint Policy Manager GPCR involves using provided ADMX files to reduce or increase how -often Endpoint Policy Manager GPCR endpoints communicate with the Endpoint Policy Manager GPCPR -server. We discuss using these files, as well as how the auditing process works and what triggers -it, in the sections below. - -## Triggering the Auditor with a Scheduled Task - -Starting with Endpoint Policy Manager GPCR build 1227, endpoints using `PPGPCR.Auditor.exe` will not -push data up to the server every time Group Policy applies. However, a scheduled task will trigger -`PPGPCR.Auditor.exe` to run every time Group Policy is applied. This is shown below in the Group -Policy Preference item that triggers the auditor to run: - -``` -Subscription -``` - -The auditor EXE determines when to run and then sends the data back to the server. - -## Default Auditor Triggers - -The Endpoint Policy Manager GPCR auditor EXE process will only do work and send data back to the -server when a Group Policy background refresh event occurs: - -- 8006 Successful computer periodic refresh event -- 8007 Successful user periodic refresh event - -This ensures that the computer is started and the user is logged in (90–120 minutes after login) and -Group Policy is successful. The auditor EXE also keeps track of how many times per day it runs, with -a maximum of 20. Capping the auditor EXE at 20 runs per day ensures you'll never send an unrealistic -number of audits in a day. You could also configure the `PPGPCR.Auditor.exe` using ADMX files (see -the section called "Troubleshooting with ADMX or Registry Entries) to change or augment these -settings. - -## Auditing Process for Modern Versions of Group Policy Compliance Reporter - -When `PPGPCR.Auditor.exe` runs, the first thing it does is gather the RSOP via WMI and send them to -the Endpoint Policy Manager GPCR server for storage and processing. - -- Running` PPGPCR.Auditor.exe` over the network requires about 1.4 MB of extra data to be sent. This - occurs only at the background refresh cycle (but is changeable using ADMX settings). -- Taking an XML RSOP from WMI happens locally and takes no bandwidth. -- Sending the RSOP data to the server takes virtually no bandwidth. Once the RSOP is determined - (about 600 KB), it is zipped down to about 68 KB. -- If the RSOP is the same as the last time, then no zipped files are sent from the client to the - server, but a 1 KB heartbeat is still sent to update the server. - -Note that it's possible to copy `PPGPCR.Auditor.exe` locally and run it there instead of running it -from a share on the server. This saves running 1.4 MB over the network every time any Group Policy -event is triggered. Values may change slightly from run to run. - -## Auditing Process for Older Versions of Group Policy Compliance Reporter - -With older versions of the PPGPCR, the first thing that `PPGPCR.Auditor.exe` does is run the -in-system function GPRESULT /X to generate RSOPs and send them to the Endpoint Policy Manager GPCR -server for storage and processing. When this happens, about 10 MB of data is sent over the network. -This is the very nature of `GPRESULT /X`. You can do a rough calculation of how long Endpoint Policy -Manager GPCR might take to push data from the endpoints up to the server based on the number of -endpoints and the bandwidth by using this calculator: -[http://ibeast.com/tools/band-calc.asp](http://ibeast.com/tools/band-calc.asp). - -For example, if you had nine computers over a very slow 1.5 MB link to the closest DC, you could -estimate that the upload would take 8 minutes and 8 seconds if they all ran the auditor at the exact -same time. Since Group Policy is randomly running across all machines in the background (90–120 -minutes after login), and since PPGPCR.Auditor.exe will only trigger on successful background user -and computer refreshes (now by default) and not at computer startup or user login, the risk of -saturation of a slow link is minimized. - -Here is the breakdown of exactly what is happening when PPGPCR.Auditor.exe is triggered to do work: - -- Running PPGPCR.Auditor.exe over the network requires about 1.4 MB of extra data to be sent. This - occurs only at the background refresh cycle (but is changeable using ADMX settings). -- Taking an XML RSOP from `gpresult.exe /x` causes about 7–10 MB of data to be sent over the network - from the DC to the endpoint. -- Sending the RSOP data to the server takes virtually no bandwidth. Once the RSOP is determined - (about 600 KB), it is zipped down to about 34 KB. -- If the RSOP is the same as the last time, then no zipped files are sent from the client to the - server, but a 1 KB heartbeat is still sent to update the server. - -Note that it's possible to copy` PPGPCR.Auditor.exe` locally and run it there instead of running it -from a share on the server. This saves running 1.4 MB over the network every time any Group Policy -event is triggered. Values may change slightly from run to run, but in summary, after running -GPUpdate, the Endpoint Policy Manager GPCR auditor takes about 10 MB of network bandwidth on the -next auditor run because of the need to generate a new RSOP and compare it to the last one. The -biggest problem is that the Endpoint Policy Manager GPCR auditor relies on GPRESULT /X, which is a -system command and is hardcoded to work the way it does, making it take up the bulk of the -bandwidth. This is why only events that actually trigger the auditor to do real work are successful -user and computer background events, and they are capped at 20 per day. - -Endpoint Policy Manager GPCR has a problem where bandwidth is constrained between the client and the -DCs, but build 1227 has dramatically improved on this problem. In builds beyond 1227, we will -continue working on additional ways to minimize the problem GPresult /x causes over slow links with -future releases. diff --git a/docs/endpointpolicymanager/troubleshooting/install/clientsideextension.md b/docs/endpointpolicymanager/troubleshooting/install/clientsideextension.md deleted file mode 100644 index ce52a03ad8..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/install/clientsideextension.md +++ /dev/null @@ -1,29 +0,0 @@ -# During CSE installation on a VM the following message is displayed indicating a reboot will be needed - -``` -"The following applications are using files which the installer must update. You can either close the applications and click "Try Again" or click "Continue" so that the installer continues the installation, and replaces these files when your system restarts" -``` - -![752_1_image-20200108161845-1](/img/product_docs/endpointpolicymanager/troubleshooting/install/752_1_image-20200108161845-1.webp) - -You are receiving this message because the "Microsoft Visual C++ 2015-2019 Redistributable" that -VMware installs, is an older version than the version needed by the Netwrix Endpoint Policy Manager -(formerly PolicyPak) CSE. - -### More Information: - -VMware Tools are developed and built using VS2015 and uses the Microsoft Visual Studio 2015 -Redistributable, however, in Endpoint Policy Manager we use VS2019. - -Microsoft maintains a single version of the MS Visual C++ Redistributable for VS2015, VS2017 and -VS2019 and products built for VS2015 (e.g. VMware Tools) can use it without issue. However, the -Endpoint Policy Manager CSE cannot use the now outdated VS2015 bits, and installs the unified -version of the redistributable unless it is already present on a machine. - -To avoid seeing this message on VMs during the CSE installation process you can download and install -the required redistributable using the links below before installing the Endpoint Policy Manager -Client Side Extensions (CSE). - -[https://aka.ms/vs/16/release/vc_redist.x64.exe](https://aka.ms/vs/16/release/vc_redist.x64.exe) - -[https://aka.ms/vs/16/release/vc_redist.x86.exe](https://aka.ms/vs/16/release/vc_redist.x86.exe) diff --git a/docs/endpointpolicymanager/troubleshooting/install/uninstall.md b/docs/endpointpolicymanager/troubleshooting/install/uninstall.md deleted file mode 100644 index 3589d140b4..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/install/uninstall.md +++ /dev/null @@ -1,84 +0,0 @@ -# The CSE won't uninstall or allow in-place upgrade. What should I do? - -The issue of the CSE not allowing an uninstall or an updrage isn't a problem with the Netwrix -Endpoint Policy Manager (formerly PolicyPak) CSE. This is a problem with the MSI database that -contains the contents of what is registered or not. - -One quick fix we have seen is to rename the newest CSE you get from us to something unique. For -instance, `endpointpolicymanager-CSE-SETUPx64-BUILD12345.MSI`, then retry your upgrade. Users have reported that -this can fix the problem by fooling the MSI database. - -If that does not work, you might see a dialog similar to this when trying to install/uninstall. Even -if you revert to a previous version, it is still likely that the CSE won't uninstall. - -![116_1_msiuu2-image-005](/img/product_docs/endpointpolicymanager/troubleshooting/install/116_1_msiuu2-image-005.webp) - -## Resolution - -Microsoft has a one-off fix to deal with broken MSIs that get stuck. Start with this solution from -Microsoft to test on one machine. See Microsoft's article -[Fix problems that block programs from being installed or removed](https://support.microsoft.com/en-us/topic/fix-problems-that-block-programs-from-being-installed-or-removed-cca7d1b6-65a9-3d98-426b-e9f927e1eb4d) -for the procedure on this solution. - -If the procedure from Microsoft's article is unsuccessful, try the following steps on one machine. - -**Step 1 –** Remove existing CSE version to allow a re-installation of the newest CSE, download -MSICUU from this link: -[https://www.endpointpolicymanager.com/pp-files/msicuu2.zip](https://www.endpointpolicymanager.com/pp-files/msicuu2.zip) - -**Step 2 –** Then launch it and select the CSE version and click **Remove**. - -![116_2_msiuu2-image-006](/img/product_docs/endpointpolicymanager/troubleshooting/install/116_2_msiuu2-image-006.webp) - -**Step 3 –** Manually install the latest Endpoint Policy Manager CSE, and verify it worked as -expected. - -If that succeeds, follow these steps. - -**Step 1 –** Test a scriptversion of that on some machines. - -**Step 2 –** Try to deploy the new CSE to some machines. - -**Step 3 –** Run the script on the remainder of your machines. - -**Step 4 –** Deploy the new CSE to the remainder of your machines. - -If you don't already have a tool you use to deploy the Endpoint Policy Manager CSE, we recommend you -use PDQ Deploy [(www.PDQ.com](https://www.pdq.com/)). There is a free and a paid version of the -tool, either version will work. - -Once the new CSE is deployed to the remainder of your machines, follow these steps. - -**Step 1 –** Download our -[`MSIZAP` and batch file](https://www.endpointpolicymanager.com/pp-files/ppMSIzapscript-4191.zip). - -**NOTE:** `MSIZAP` is a command line version of `MSICUU` that was used in the previous steps.. - -**Step 2 –** Locate the batch file included in the download. - -**Step 3 –** Run the batch file which will perform the uninstall using `MSIZAP`. It only works if -you put the old versions in another location. You'll see if you open up the batch file, which is -much clearer. - -**NOTE:** If the batch file needs updating and doesn't contain the MSI codes for the version you are -trying to uninstall, please work with your Netwrix support rep who can get that updated for you. - -After the batch file has been run, follow these steps. - -**Step 1 –** Manually test the batch file on a handful of machines. - -**Step 2 –** Verify that it worked. - -**Step 3 –** Don't try to run the script on all your machines yet. - -**Step 4 –** Try PDQ Deploy to get the latest CSE on those endpoints. - -**Step 5 –** Run the script on the remainder of your machines. - -**Step 6 –** Continue to use PDQ deploy to get the rest of the machines CSEs installed. - -**Step 7 –** Rename the latest CSE to be a unique name while attempting your upgrade. This might -yield more success, according to at least one customer report. - -The machines are now updated with a new CSE. If this solution was unsuccessful, contact your Netwrix -support representative for additional assistance. diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/itemleveltargeting.md b/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/itemleveltargeting.md deleted file mode 100644 index 0d1a76dc29..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/itemleveltargeting.md +++ /dev/null @@ -1,5 +0,0 @@ -# Checking Item-Level Targeting - -Item-Level Targeting (ILT) filters can apply and match (or not match) to any Endpoint Policy Manager -Java Rules Manager rule. If an ILT filter evaluates to TRUE, then it will appear in the Java Rule -Set. If an ILT filter evaluates to FALSE, then it will be removed from the Java Rule Set. diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/logfiles.md b/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/logfiles.md deleted file mode 100644 index a0dbe4e0b2..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/logfiles.md +++ /dev/null @@ -1,32 +0,0 @@ -# Checking the Log Files - -Log files for Endpoint Policy Manager Java Rules Manager are found in two places: - -- `%Programdata%\PolicyPak\PolicyPak Java Rules Manager` -- `%appdata%\local\PolicyPak\PolicyPak Java Rules Manager` - -To see the \ProgramData\PolicyPak folder, run an admin command prompt as shown in Figure 35. -Endpoint Policy Manager Java Rules manager logs are contained within the Endpoint Policy Manager -Java Rules Manager folder. - -![troubleshooting_policypak_6](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_6.webp) - -Figure 35. The PolicyPak Java Rules Manager logs are contained withinEndpoint Policy Manager Java -Rules Manager folder. - -The log files can help determine processing occurrences. There is a different log file for each time -Group Policy applies. The following list shows some of these logs: - -- `ppComputer_onPolicyChanged` is used when Group Policy, Endpoint Policy Manager Cloud, and/or - PolicyPak XML files (via PolicyPak Exporter) are used. This is your best bet to try first. -- `ppComputer_onLogon` is used when the computer starts up and processes initial GPOs. -- `ppComputer_onGroupPolicy` is used when Group Policy is processed. -- `ppComputer_OnManual` is used when Endpoint Policy Manager's command ppupdate.exe is run. -- `ppComputer_onSchedule` is used when Endpoint Policy Manager's internal processes attempt to look - for any changes while offline (usually every 60 minutes). - -Logs are automatically wrapped up and can be sent to -[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) with the `PPLOGS.EXE` command on any endpoint -where the client-side extension (CSE) is installed. Since the main logs for Endpoint Policy Manager -Java Rules Manager are in ProgramData, run an Elevated Command Prompt (as admin), and run -`PPLOGS.EXE` to obtain the data from the PolicyPak Java Rules Manager logs. diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/overview.md b/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/overview.md deleted file mode 100644 index 149b0ee004..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/overview.md +++ /dev/null @@ -1,8 +0,0 @@ -# Troubleshooting - -Troubleshooting Netwrix Endpoint Policy Manager (formerly PolicyPak) Java Rules Manager is somewhat -different from troubleshooting other Endpoint Policy Manager components. This is because PolicyPak -Java Rules Manager only applies to the Computer side and not to the User side. The typical problem -encountered with Endpoint Policy Manager Java Rules Manager is that RIA websites don't honor the -version of Java JRE you expect on an endpoint. The sections below list the most common reasons why -they don't and provide some troubleshooting steps. diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/processorder.md b/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/processorder.md deleted file mode 100644 index 65c6e6ff55..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/processorder.md +++ /dev/null @@ -1,6 +0,0 @@ -# Checking the Processing Order - -Multiple GPOs that have Endpoint Policy Manager Java Rules Manager policies can apply to the machine -and will be cumulative. If a conflict does occur, the higher Group Policy with the higher precedence -should "win." See the "Processing Order" section earlier in this document to understand what happens -when Group Policy, file-based policy, and cloud-based policy conflict. diff --git a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/version.md b/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/version.md deleted file mode 100644 index 893e2530d7..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/javaenterpriserules/version.md +++ /dev/null @@ -1,24 +0,0 @@ -# Checking the Version - -Each rule you specify attempts to map an RIA to a specific version of Java (as best it can). When -you specify to use an "Exact" version, Java Rules Manager will only try to match the exact version -(see Figure 30). - -![troubleshooting_policypak_1](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_1.webp) - -Figure 30. The "Exact" specification for a Java version won't be exact, but it will be close. - -If that version is not present, then Java Rules will notify you as shown in Figure 31. - -![troubleshooting_policypak_2](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_2.webp) - -Figure 31. You will receive this prompt if your "Exact" specification doesn't have a Java version -match. - -Also note that if you specify "Latest in family" (as demonstrated in Figure 32), then the latest -version of Java is utilized. - -![troubleshooting_policypak_3](/img/product_docs/endpointpolicymanager/troubleshooting/javaenterpriserules/troubleshooting_endpointpolicymanager_3.webp) - -Figure 32. "Latest on machine" does what it implies; it utilizes the latest version of Java -available and installs it on the machine. diff --git a/docs/endpointpolicymanager/troubleshooting/latestupdates.md b/docs/endpointpolicymanager/troubleshooting/latestupdates.md deleted file mode 100644 index 061a955b3d..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/latestupdates.md +++ /dev/null @@ -1,4 +0,0 @@ -# How can I keep abreast of the latest Endpoint Policy Manager updates as they are released? - -All Netwrix Endpoint Policy Manager (formerly PolicyPak) customers are sent timely email update -alerts to keep them informed. diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/overview.md b/docs/endpointpolicymanager/troubleshooting/leastprivilege/overview.md deleted file mode 100644 index 890a134ba3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/overview.md +++ /dev/null @@ -1,115 +0,0 @@ -# Troubleshooting - -Endpoint Policy Manager Least Privilege Manager problems can generally be divided into three -categories: - -- Case 1: You expected a rule to bypass UAC, but it did not. -- Case 2: A rule is bypassing UAC, and it was not expected. -- Case 3: A rule is preventing an item from running when not expected. - -In all cases, you can see detailed information about the occurrence within the Endpoint Policy -Manager Least Privilege Manager log files which are found in: -`%appdata%\local\PolicyPak\PolicyPak Least Privilege Manager and %Programdata%\PolicyPak\PolicyPak Least Privilege Manager` - -First, you need to open the correct log file, based on the activity that has occurred, to see which -Endpoint Policy Manager Least Privilege Manager policies you have. There are several files to check: - -- ppUser_OnLogon.log. This log gets new data when Group Policy applies at logon, and items are set - for the User side, not the Computer side. -- ppUser_Switched.log. This log file is updated when Group Policy applies at logon, but items are - set for the Computer side. -- ppUser_OnGroupPolicy.log. This log gets new data when Group Policy applies in the background when - GPupdate is run, or when Group Policy applies in the background. -- ppUser_onPolicyChanged.log. This log file is updated when Group Policy applies in the background, - or when a non-Group Policy method is used (e.g., Microsoft Endpoint Manager (SCCM and Intune) or - Endpoint Policy Manager Cloud). - -Start troubleshooting by verifying that the following conditions (seen here) are true: - -- You have the GPO (or file). -- There is a collection within the GPO. -- The rules are within the collection. - -![A screenshot of a computer - -Description automatically -generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_1.webp) - -The final log to check is the ppUser_Operational.log, which can indicate why something is denied -(blocked), allowed, or elevated. It shows what was trying to run and which GPO, collection, and -policy performed the action, along with the ultimate result. For example, this log shows a Deny -result. - -![A screenshot of a computer code - -Description automatically -generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_2.webp) - -An Allowed result can be seen here. - -![A screenshot of a computer code - -Description automatically -generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_3.webp) - -An Elevated result can be seen here. - -![A screenshot of a computer code - -Description automatically -generated](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/troubleshooting_4.webp) - -Additionally, as expressed earlier, you can also see when Admin Approval dialogs are shown to end -users, when they are canceled, and which processes failed to run because they did not get -Administrator privileges. In this screenshot you can see that the dialog was canceled, which means -the end user was not permitted to perform an action which required a UAC prompt. - -![A screenshot of a computer program - -Description automatically -generated](/img/product_docs/endpointpolicymanager/leastprivilege/adminapproval/avoid_pop_ups_with_admin_approval_1.webp) - -Additionally, Admin Approval is logged in the ppUser_Operational.log file as well, which shows when -applications require Admin privileges and when the user successfully enters in a response code from -an Admin when he or she uses the Endpoint Policy Manager Admin Approval Tool. - -**NOTE:** The Reason Code is also stored here and is a fixed list from within the Endpoint Policy -Manager Admin Approval Tool. - -``` -Admin Approval Dialog (2018/07/14, 15:55:20.312, PID: 1360, TID: 3020) -{ -    Process requires administrator privileges -    Dialog Guide: {3F8058CB-AB08-F878-D146-78312F2B7031} User Sid: S-1-5-    21-934088035-149717768-3671783038-1116 -    User Name: FABRIKAM\EastSalesUser1 Process Id: 7072 -    Process Path: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe -    Command Line: "C:\Users\eastsalesuser1\Desktop\Silverlight install.exe" -    Task Kind: ApplicationInstaller  -    Task Hash: -25AA5CA53202838E3937FCFF39B3DB34C6B5A7188D28F45D7BFEDE81CF37ED6D -    Executable: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe -    File Owner Sid: S-1-5-21-934088035-149717768-3671783038-1116 -    File Owner Name: FABRIKAM\EastSalesUser1 Trusted: No -    Signed: Yes -} // End of Admin Approval Dialog, elapsed time: 00:00:00.001 -Admin Approval Dialog (2018/07/14, 15:56:10.279, PID: 1360, TID: 2920) -{ -    Dialog success -    Dialog Guid: S-1-5-21-934088035-149717768-3671783038-1116 User Sid: S-1-5-21-934088035-149717768-3671783038-1116 -    User Name: FABRIKAM\EastSalesUser1 Process Id: 7072 -    Process Path: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe -    Command Line: "C:\Users\eastsalesuser1\Desktop\Silverlight install.exe" -    Task Kind: ApplicationInstaller  -    Task Hash: -25AA5CA53202838E3937FCFF39B3DB34C6B5A7188D28F45D7BFEDE81CF37ED6D -    Executable: C:\Users\eastsalesuser1\Desktop\Silverlight install.exe -    File Owner Sid: S-1-5-21-934088035-149717768-3671783038-1116 -    File Owner Name: FABRIKAM\EastSalesUser1 Trusted: No -    Signed: Yes -    Reason: Application_LOB  -    Forced Elevation: No - -``` - -If requested by support, logs are automatically wrapped up and can be sent to Netwrix Support with -the PPLOGS.EXE command on any endpoint where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/ruleprecedence.md b/docs/endpointpolicymanager/troubleshooting/leastprivilege/ruleprecedence.md deleted file mode 100644 index 9c1ab7c1bd..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/ruleprecedence.md +++ /dev/null @@ -1,11 +0,0 @@ -# If multiple Endpoint Privilege Manager rules would apply, which rule takes precedence? - -When a process is created, PPLPM evaluates the result in the following order: - -1. Explicit rules on computer side -2. Explicit rules on user side -3. The rule inherited from the parent process -4. SecureRun on computer side -5. SecureRun on user side - -Once a rule is found, we stop the search and do what the rule says. diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/inlinecommands.md b/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/inlinecommands.md deleted file mode 100644 index aa772b3c21..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/inlinecommands.md +++ /dev/null @@ -1,94 +0,0 @@ -# Why does Endpoint Policy Manager SecureRun block "inline commands" and what can I do to overcome or revert the behavior ? - -Windows operations like Command Prompt and PowerShell allow scripts to run. That is, they allow to -run various commands and NOT just executables (e.g. .exe files). - -Netwrix Endpoint Policy Manager (formerly PolicyPak) SecureRun automatically blocks unknown and -un-trusted scripts. You can read about these automatically blocked script types here: - -[What is the supported list of BLOCKED script types for Endpoint Policy Manager SecureRun™ ?](/docs/endpointpolicymanager/leastprivilege/securerun/blockedscripttypes.md) - -But it's possible to pass the commands on the command line - -For example, one can run something like this from the Run dialog (or in many other ways.) - -``` -cmd /c "mkdir C:\TEST & copy c:\Windows\notepad.exe C:\TEST" -``` - -![538_1_image-20201215000203-1](/img/product_docs/endpointpolicymanager/leastprivilege/securerun/securerun_and_inline_commands.webp) - -Normally, users don't do this. But it could be valid during an application installation or program -setup. - -This technique is essentially what is used in much modern malware, as seen in this diagram. - -![538_2_image-20201215000203-2](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_2_image-20201215000203-2.webp) - -When commands are run in this way, Endpoint Policy Manager SecureRun cannot know precisely what to -do. - -Remember that SecureRun's primary duty is to check "File Owner." And, since this inline command has -no owner, Endpoint Policy Manager SecureRun cannot make a definitive determination of "Should it run -or not?" - -In older versions of Endpoint Policy Manager, Endpoint Policy Manager Least Privilege Manager -SecureRun™ did not trap for these inline commands or make any determination. - -In current versions, Endpoint Policy Manager, Endpoint Policy Manager Least Privilege Manager -SecureRun™ assumes this behavior of inline commands should be interpreted as unexpected/bad -behavior. - -That being said, you might have a reliance on this behavior for an application setup or valid -process. As such you have three options as workarounds. - -## Option 1: Analyze the statement and create an explicit Allow and Log Rule (Most Secure) - -In this example, assume you determined you had an inline command you needed to explicitly overcome a -SecureRun block: - -``` -cmd /c "mkdir C:\TEST & copy c:\Windows\notepad.exe C:\TEST" -``` - -To overcome this, you would need to make an Executable rule (not a Script rule). You would specify a -Combo rule, then specify Path and Command Line Arguments like what's seen here. - -![538_3_image-20201215000203-3](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_3_image-20201215000203-3.webp) - -The Path Condition part would be CMD.EXE: - -![538_4_image-20201215000203-4](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_4_image-20201215000203-4.webp) - -Then the most secure would be "Strict equality" and then specify the arguments which make up the -remainder of the command. - -Note that other configurations may work, but only "Strict equality" would be the most secure. - -![538_5_image-20201215000203-5](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_5_image-20201215000203-5.webp) - -Finally, set Allow And Log. - -![538_6_image-20201215000203-6](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_6_image-20201215000203-6.webp) - -Now you have a rule which is explicitly enabled to overcome a SecureRun block. - -## Option 2: Explicitly set Endpoint Policy Manager SecureRun to Disabled (Least Secure; not recommended) - -If Endpoint Policy Manager SecureRun has no configuration or is explicitly Disabled, like what's -seen here, then the inline checking will not function. - -![538_7_image-20201215000203-7](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_7_image-20201215000203-7.webp) - -## Option 3: Universally revert Endpoint Privilege Manager SecureRun™ Inline Command Processing Behavior to bypass inline commands (Less Secure; possibly recommended) - -In Endpoint Policy Manager CSE build 2725 we have introduced an ADMX setting entitled "Use legacy -(less secure) Endpoint Policy Manager Least Privilege Manager SecureRun Inline Processing Method." - -When this value is set to Enabled, you are telling the Endpoint Policy Manager Least Privilege -Manager that you want the SecureRun behavior to be reverted back to the original behavior. - -In this method, the Endpoint Policy Manager Least Privilege Manager SecureRun commandline parser -will ignore inline commands, and all processes like this will continue. - -![538_8_hfkb-1008-img-op-03-01_1379x575](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/securerun/538_8_hfkb-1008-img-op-03-01_1379x575.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/uninstall.md b/docs/endpointpolicymanager/troubleshooting/leastprivilege/uninstall.md deleted file mode 100644 index 4e3752fe7e..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/uninstall.md +++ /dev/null @@ -1,14 +0,0 @@ -# How can I uninstall the Least Privilege Manager client for MacOS? - -If you need to uninstall the Least Privilege Manager client for Mac open a Terminal session and type -in the following command. - -``` -sudo policypak uninstall -``` - -Please note that this command must be run by an administrator of the computer - - The outcome should be as follows: - -![931_1_image-20221216000132-1](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/931_1_image-20221216000132-1.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/leastprivilege/wildcards.md b/docs/endpointpolicymanager/troubleshooting/leastprivilege/wildcards.md deleted file mode 100644 index a2615b515b..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/leastprivilege/wildcards.md +++ /dev/null @@ -1,24 +0,0 @@ -# How are wildcards supported when used with Path and Command-line arguments in Least Privilege Manager? - -When creating a PATH rule in LPM you can use wildcards at almost any level for the folder or file -name. - -For example, all of the PATHs below are valid: - -![667_1_image-20210312232539-1](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_1_image-20210312232539-1.webp) - -The same thing applies to using wildcards in Command-line arguments, all of the command-line -argument examples below are valid. - -Syntax when you know the file name starts with a 2: - -![667_2_image-20210316100826-1_942x394](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_2_image-20210316100826-1_942x394.webp) - -Syntax to substitute the name of any folder directly after %LocalAppData% and the file name starts -with a 2: - -![667_3_image-20210316101015-2_944x398](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_3_image-20210316101015-2_944x398.webp) - -Syntax to substitute the name of any folder after Microsoft and the file name starts with a 2: - -![667_4_image-20210316101118-3_940x391](/img/product_docs/endpointpolicymanager/troubleshooting/leastprivilege/667_4_image-20210316101118-3_940x391.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/license/components.md b/docs/endpointpolicymanager/troubleshooting/license/components.md deleted file mode 100644 index 0271d888b3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/license/components.md +++ /dev/null @@ -1,67 +0,0 @@ -# How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed? - -You can use the `ppupdate` command line tool to both refresh cached policies and determine the -licensing method. When the command is run, you can determine: - -1. Methods of licensure (Group Policy, MDM, and/or XML) -2. Legacy License, Universal License, or Enterprise Full (aka Enterprise+) Universal License -3. Start and Expiry Date -4. Which GPO or from which XML file is performing the license -5. Which Components are licensed -6. Which Components are licensed for which Capabilities (for instance Netwrix Endpoint Policy - Manager (formerly PolicyPak) Least Privilege Manager Standard vs. Complete). - Tip: Enterprise Full licenses always show Complete for all components. -7. When a specific component is expressly disabled via an ADMX policy. -8. When a specific component is expressly disabled via the license file. -9. When a specific computer is licensed via multiple methods. - -Some examples below of how a computer could be licensed and the types of output you can expect. - -### How can I validate on a few endpoints that I am VALID and won't expire? - -![681_1_image-1](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_1_image-1.webp) - -A second example, but this one using Enterprise Full (aka Enterprise+) licenses (only valid for CSE -versions 23.6 and later): - -![681_3_image_950x735](/img/product_docs/endpointpolicymanager/troubleshooting/license/935_6_image-20230713042924-6_950x735.webp) - -- Use the `PPUPDATE` command which will always show if you are VALID and licensing type. -- Example of a machine getting Universal licenses successfully: - - **NOTE:** Enterprise Full licenses are not honored by pre 23.6 CSEs. You MAY run multiple - licenses "side by side" to transition from your original license to Enterprise Full licenses. - -Additional Examples for various circumstances are below. - -## Example 1: Computer in the name, acts fully licensed for all components. Very useful for testing licensing issues. - -![681_4_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_4_img-01.webp) - -## Example 2: Completely unlicensed. - -![681_6_img-02](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_6_img-02.webp) - -## Example 3: Some items are licensed and not others. Typical when a customer is a Professional Customer and has purchased licenses for SPECIFIC components. - -![681_8_img-03](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_8_img-03.webp) - -## Example 4: Licensed by placing the XML file directly upon the machine, and not by GPO. - -![681_10_img-04](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_10_img-04.webp) - -## Example 5: When a component is licensed, but expressly disabled by ADMX. - -![681_12_img-05](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_12_img-05.webp) - -## Example 6: When a computer is licensed via multiple methods - -![681_14_image8_1490x882](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_14_image8_1490x882.webp) - -## Example 7: When a computer is licensed for SOME components via Endpoint Policy Manager Cloud - -**NOTE:** The Expiry date expresses when the computer is required to check-in by to maintain the -license; not the actual expiration date of all computers. (That information is only found in -Endpoint Policy Manager Cloud Portal.) - -![681_16_e7_954x1262](/img/product_docs/endpointpolicymanager/troubleshooting/license/681_16_e7_954x1262.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/license/expires.md b/docs/endpointpolicymanager/troubleshooting/license/expires.md deleted file mode 100644 index 939ac9f831..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/license/expires.md +++ /dev/null @@ -1,66 +0,0 @@ -# I have a pop-up saying "License expires soon" or "Licenses expire in X days" when editing a GPO. What do I do? - -Once a new license key has been imported to existing On-Prem environment, you may notice a pop-up -message in your GPMC console mentioning your old license key is getting expired soon. - -One or more similar messages may appear in MMC/GPMC when editing a GPO. - -![937_1_image-20230425211701-1_950x194](/img/product_docs/endpointpolicymanager/troubleshooting/license/937_1_image-20230425211701-1_950x194.webp) - -![937_2_image-20230425211701-2](/img/product_docs/endpointpolicymanager/troubleshooting/license/937_2_image-20230425211701-2.webp) - -As example, this can occur if you have two license GPOs in your domain. - -For instance, two license GPOs are linked with the following expiration dates: - -GPO 1: Expires March 1, 2023 - -GPO 2: Expires March 1, 2024 - -**NOTE:** The rest of this KB is generally around your GPMC editing machine and the pop-ups within -the GPMC. If you're getting client-side pop-ups, please refer to this article: - -[How do I make the Grace Period licensing pop-up go away?](/docs/endpointpolicymanager/troubleshooting/license/graceperiod.md) - -Resolution for the Admin's GPMC editing station: - -- Unlink the old and expiring license after verifying that the new license will cover the same - components and OUs/ domain as the soonto-be-expiring license. Delete the old GPO links as well - from under any OUs/domain where it was linked. More details here: - [I just installed new license files / new GPOs. Should I keep or delete the old license files / GPOs?](/docs/endpointpolicymanager/license/unlicense/fileold.md) - -**NOTE:** You can use the LT tool to search through and find OLD licenses so you can be sure you -only have one license remaining. [Using LT for license cleanup](/docs/endpointpolicymanager/video/license/cleanup.md)/ - -- On an example ENDPOINT computer (one that has the Netwrix Endpoint Policy Manager (formerly - PolicyPak) CSE; which can also include the Admin's GPMC machine) verify the endpoint got the new - license successfully. Use this KB article with PPUPDATE directions to see exactly if a machine is - properly licensed: - [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/troubleshooting/license/components.md) - -Now, on your machine, the one with the GPMC… - -- Run `GPupdate /force` to flush out old licenses that were being delivered to your GPMC management - station -- Close the GPMC, then reopen the GPMC. -- Try editing a GPO in GPMC, does the error message reappear -- If popups are gone, you are all done. - -If you still get pop-up messages and the messages reference the registry, you should check under the -following registry keys on your GPMC management station for any old information relating to the old -license. - -License info held in Registry in the following locations (HKLM) - -``` -SOFTWARE\Policies\PolicyPak\License Policies\    SOFTWARE\PolicyPak\License Policies\    SOFTWARE\Policies\PolicyPak\Licenses\    SOFTWARE\PolicyPak\Licenses\ -``` - -If any old info is found, then export those registry keys just in case they need to be readded back -for some reason. - -Then once the registry keys are backed up safely to reg files somewhere you can safely delete any -registry keys with old Endpoint Policy Manager license info. - -Afterward, reopen GPMC and try editing a GPO again, does the message appear? If not, you are done. -If yes, then open a support ticket for further assistance. diff --git a/docs/endpointpolicymanager/troubleshooting/license/legacy.md b/docs/endpointpolicymanager/troubleshooting/license/legacy.md deleted file mode 100644 index 69125f10b8..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/license/legacy.md +++ /dev/null @@ -1,162 +0,0 @@ -# Action Required for Endpoint Policy Manager Customers using Legacy Licenses - -## What is happening: - -- The Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE (endpoint piece) is hardcoded to stop - honoring Legacy licenses on Feb 28, 2023… even if you have a Valid Legacy license hitting the - machine. - -## Why is this happening: - -- We started delivering Universal licenses in Jan 2021 thus giving customers two years to upgrade to - make the switch. This is your three-month (and likely final) warning of the impending requirement. - -## Who is NOT affected by this: - -- If you are using CLOUD licensing, you are not affected. -- If you already have Universal licenses in place and no Legacy licenses in place, you are not - affected. - -## Who IS affected by this: - -- If you are using GPO or MDM / XML licensing with Legacy licenses only and... -- You are using CSE version 2687 (21.1.2687.802) or later. - -… Then you are affected. - -## Is this a security concern? - -- No. This is not a security concern. - -## How do I know if I'm using LEGACY licenses, UNIVERSAL licenses, or both? - -- Please watch this video to help you determine your position and situation plus some advice on what - to do. -- Video: [Legacy License Retirement Guidance (for Feb 28, 2023)](/docs/endpointpolicymanager/video/license/legacy.md) - -## Where can I get UNIVERSAL licenses? - -- When we cut keys for new customers who started after 2021, chances are you got only Universal keys - in the first place. -- When we cut keys for existing customers (who started before 2021) we always provided Universal - keys and sometimes provided Legacy keys. -- Therefore: You should be able to pick up your existing keys at portal.endpointpolicymanager.com. Example of - how to find existing keys: - - ![840_1_1](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_1_1.webp) - -- Only email [support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) if you cannot locate your - Universal license because it should already be in the Portal at portal.endpointpolicymanager.com. - -## In the portal, after I download my license keys, how can I tell which are UNIVERSAL and which are LEGACY keys? - -- Example download of valid dates with both Universal and Legacy keys, but only Universal keys will - be honored past Feb 28, 2023: - - ![840_2_2_950x572](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_2_2_950x572.webp) - -## What must I do to keep PolicyPak working if I am affected?: - -- There are a few strategies you can pursue to keep Endpoint Policy Manager working as expected. -- BEST: - - Import the Universal license and make sure it hits your endpoints. If you do not have a - universal license, you may request one by opening a case at - [Netwrix support](https://www.netwrix.com/sign_in.html?rf=tickets.html#netwrix-support). - Please do not wait until the last minute to get your license as we could have many requests to - field. - - Upgrade the CSE to something recent; hopefully the latest version. -- GOOD, but not as good as BEST: - - Keep using your Legacy licenses which will  naturally expire Feb 28, 2023. - - Update the CSE to the latest version (3421 or later) on your endpoints. - - Use a Endpoint Policy Manager ADMX setting which will give you +90 days to implement the - Universal license. See screen shot below: - -![1231_licenseadmxsetting](/img/product_docs/endpointpolicymanager/troubleshooting/license/1231_licenseadmxsetting.webp) - -**NOTE:** This ADMX setting only affects CSE 3421 and later is only a stopgap measure if you -literally have no way to transition from Legacy XML to Universal XML, but you do have some way to -update your CSE. - -- Please honor the philosophy of Rings and don't "blast out" an upgrade CSE to all of your computers - at once so you can control a rollout or a rollback. Use - this guidance: [Using Rings to Test and Update the Endpoint Policy Manager Client-Side Extension and/or Cloud Client (And How to Stay Supported)](/docs/endpointpolicymanager/install/rings.md) - -## How can I install UNIVERSAL licenses once I have downloaded them? - -- First, upgrade your Admin Console MMC snap in with the latest download from the portal. Only the - latest Admin Consoles can import Universal licenses. -- Video: - [How to install UNIVERSAL licenses for NEW Customers (via GPO, SCCM or MDM)](/docs/endpointpolicymanager/video/license/installuniversal.md) - - **NOTE:**   You cannot import both Legacy and Universal licenses into the same GPO. You need - separate GPOs for both license types. If you try to put both licenses into the same GPO you will - get the error: "Sorry but you can't install GP and Enterprise licenses into the same GPO, please - install them to different GPOs or select licenses with the same type." - -## What will happen if I do nothing?: - -- If you are using LEGACY licenses and/or very old CSEs which ONLY process LEGACY licenses (so CSEs - before 21.1.2687.802), then Endpoint Policy Manager will keep working because CSEs before - 21.1.2687.802 don't understand Universal licenses anyway. -- If you're using LEGACY licenses and NEWER CSEs (21.1.2687.802 or later), you can expect Endpoint - Policy Manager to stop processing and stop working as if your license file expired on Feb - 28, 2023. - - **NOTE:** Exact behavior when licenses expire can be seen here: - [What happens to each component when Endpoint Policy Manager gets unlicensed or the GPO or policy no longer applies?](/docs/endpointpolicymanager/license/unlicense/components.md) - -## What if I'm applying both Universal and Legacy licenses to an endpoint? - -- If a computer receives both Legacy and Universal licenses, then you should be all set, provided - you are using a CSE (build 2687 and later) on the endpoint. - - **NOTE:** More modern CSEs on the endpoints are preferred. - -## How can I validate on a few endpoints that I am Valid and won't expire? - -- Use the `PPUPDATE` command which will always show if you are Valid and licensing type. -- Example of a machine getting Universal licenses successfully: - - ![840_3_3_950x610](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_3_3_950x610.webp) - -- FAQ on error conditions: - [How can I tell how a machine is licensed (by GPO, MDM, or XML file), and also know for what components it is licensed?](/docs/endpointpolicymanager/troubleshooting/license/components.md). -- **NOTE:** The Latest CSE in the portal (build 3375) will also express Invalid licenses if any are - applying to the machine. Example: - - ![840_4_4_950x675](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_4_4_950x675.webp) - -## Anything else I should know / Bugs & Known Issues? - -Item 1: `PPupdate` may show "Computers with ‘Computer' in the name" while actually being licensed -(CSE 3375 only.) - -This bug exists only in 3375 and doesn't exist in later version of the CSE, such as 3421 and later. - -In build 3375, you might see something like this when you test `PPUPDATE`. - -![840_5_image-20230126194031-1](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_5_image-20230126194031-1.webp) - -_Remember,_ this is a display bug in 3375 which has been removed in the latest CSE version. This -message can safely be ignored. - -As long as you can see you ARE getting licensed by the Universal key method (see section above -entitled “How can I validate on a few endpoints that I am VALID and won’t expire?”) then you are -free to ignore this bug. - -Item 2: `PolicyPak` Update might show a statement which is a little misleading in CSE 3375 or -earlier. The message is updated for clarity in CSE 3421 and later. - -The message in CSE 3375 and earlier says: “The license is valid. WARNING: GP licenses will no longer -be accepted after Feb 28th, 2023.” - -Example: - -![840_6_image-20230126194031-2_950x764](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_6_image-20230126194031-2_950x764.webp) - -What it is trying to say is that Legacy XML licenses are not honored beyond Feb 28, 2022. - -You can still use Universal licenses via GPO and/or MDM/XML method. The updated messaging from -latest CSEs is as follows: - -![840_7_image_950x724](/img/product_docs/endpointpolicymanager/troubleshooting/license/840_7_image_950x724.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/license/logs.md b/docs/endpointpolicymanager/troubleshooting/license/logs.md deleted file mode 100644 index 0e49765470..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/license/logs.md +++ /dev/null @@ -1,22 +0,0 @@ -# What Logs do I need to send for troubleshooting LT (License Tool) or other MMC / .Net related functions? - -If you are having problems with the MMC editor (or other .NET Tools like the Netwrix Endpoint Policy -Manager (formerly PolicyPak) License Tool) you will need to go to `%appdata%\local\PolicyPak` - -And find the logs required. - -For instance, for the License Tool, you would supply: - -- General and -- Endpoint Policy Manager License Tool. - -If you had an issue, with say, Endpoint Policy Manager Least Privilege Manager editor, then you -would supply: - -- General and -- Endpoint Policy Manager Least Privilege Manager - -Once you have collected the required logs, please ZIP up the following folder and upload to your -support case in SHAREFILE. - -![182_1_1_950x786](/img/product_docs/endpointpolicymanager/troubleshooting/license/182_1_1_950x786.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/license/universal.md b/docs/endpointpolicymanager/troubleshooting/license/universal.md deleted file mode 100644 index 9951c577d2..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/license/universal.md +++ /dev/null @@ -1,9 +0,0 @@ -# I unlicensed my machine by removing a universal license, my machine still appears licensed. Why is this? - -Modern versions of the Netwrix Endpoint Policy Manager (formerly PolicyPak) CSE will cache licenses -for 24 hours, even if rebooted. This is to compensate for errors by admins, or if something was to -manipulate the storage location of licenses before new licenses were put in place. - -As such you will still see licenses in place when running `PPUPDATE` command. - -![826_1_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/license/826_1_img-01.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/log/grouppolicy/guid.md b/docs/endpointpolicymanager/troubleshooting/log/grouppolicy/guid.md deleted file mode 100644 index a0d94372d5..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/log/grouppolicy/guid.md +++ /dev/null @@ -1,7 +0,0 @@ -# How can I find the name of a GPO located within a PP Log file? - -Use Powershell to reverse from a GPO GUID to a GPO name like this: - -Import-Module GroupPolicy - -Get-GPO -Guid 31a09564-cd4a-4520-98fa-446a2af23b4b -Domain sales.contoso.com diff --git a/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/preferences.md b/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/preferences.md deleted file mode 100644 index 6f4ca44ff3..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/preferences.md +++ /dev/null @@ -1,74 +0,0 @@ -# How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support (when using Preferences ILT engine)? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Item Level Targeting is a function of Group -Policy Preferences which is also incorporated into Endpoint Policy Manager. There are two pieces to -ILT: The editor and the evaluation within the Client Side Extension. - -The ILT editor in Group Policy Preferences can be seen in every Group Policy Preferences item, like -what's seen here. - -![196_1_img-01](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_1_img-01.webp) - -The ILT editor in Endpoint Policy Manager can be seen in nearly all Endpoint Policy Manager items, -like what's seen here. - -![196_3_img-02](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_3_img-02.webp) - -If you think your Item Level Targeting isn't working, we ask that you first "backtrack" to a quick -Group Policy Preferences test and try it there first. - -Indeed, we ask you take two steps: - -**Step 1 –** Create a Group Policy Preferences Shortcut with NO Item Level Targeting. We'll call -this www.1.com . In this experiment, this will be the "Control" group. (No ILT, just to see it -working.) - -**Step 2 –** Create a Group Policy Preferences Shortcut WITH your Item Level Targeting. We'll call -this www.2.com. In this experiment, this will get your "ILT Medicine" and see if ILT is working or -not. - -## Part 1: - -So, again, use Group Policy Preferences and create a new Group Policy Preferences shortcut to -www.1.com , on the DESKTOP, with TARGET URL being www.1.com and pick any icon you want. - -![196_5_img-03](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_5_img-03.webp) - -## Part 2: - -Use Group Policy Preferences to create a Group Policy Preferences shortcut to www.2.com, on the -DESKTOP, with TARGET URL being www.2.com and pick any icon you want.. then click in the COMMON tab -and select Item Level Targeting, and put in your proposed ILT. - -![196_7_img-04](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_7_img-04.webp) - -![196_9_img-05](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_9_img-05.webp) - -Before you test, let's make sure we fully understand the experiment… - -![196_11_img-06](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_11_img-06.webp) - -Then on the endpoint run GPupdate… Here is the result you should get: - -![196_13_img-07](/img/product_docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/196_13_img-07.webp) - -So: - -**Step 1 –** If you only see www.1.com and not www.2.com, then something is wrong with your ILT -evaluation and it is evaluating to FALSE. This evaluation will also evaluate to FALSE in any -Endpoint Policy Manager item. - -**Step 2 –** If you BOTH www.1.com and www.2.com, then your ILT evaluation is evaluating to TRUE and -should also work in any Endpoint Policy Manager item. - -Now… how does Endpoint Policy Manager fit into this? - -If you take the WORKING ILT evaluation and use it in a Endpoint Policy Manager item… and it STILL -doesn't work. Then we can attempt to investigate it. - -That being said if you're really sure an ILT evaluation functions correctly in Group Policy -Preferences (see above) but not in Endpoint Policy Manager … you can continue to troubleshoot by -turning on ILT logging for Endpoint Policy Manager items using this -KB:[How do I turn on Item Level Targeting (ILT) logging if asked by Endpoint Policy Manager Tech Support?](/docs/endpointpolicymanager/troubleshooting/log/itemleveltargeting/index.md) - -All log files require a support case to analyze. diff --git a/docs/endpointpolicymanager/troubleshooting/log/manual.md b/docs/endpointpolicymanager/troubleshooting/log/manual.md deleted file mode 100644 index 213072c870..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/log/manual.md +++ /dev/null @@ -1,86 +0,0 @@ -# How do I manually collect logs if PPLOGS as User or Admin does not launch? - -**NOTE:** PPLOGs does not magically stop working, there is always some underlying cause.  Typically -some sort of barrier which prevents it... pplogs or other tools used in the pplogs process (like -reg.exe) from working. If there is something in your environment that is blocking the automated -(pplogs) way of gathering log information you can still fetch this information by hand. - -## First, manually collect the information for the ADMIN Logs: - -**Step 1 –** Login as an Administrator to the computer where the issue is occurring then gather the -following: - -- Copy entire `%programdata%\PolicyPak `folder, this folder includes logs, dumps, policy store, and - xmldata files. - - **NOTE:** Some of these files cannot be accessed without elevation. The easiest UI way to get - them might be to copy the` %programdata%\PolicyPak` folder to Desktop and then approve the - elevation when prompted. - -**Step 2 –** Run Regedit as Administrator, then export the following registry keys if they are -present, ignore any keys that do not exist. - -- `HKLM\Software\PolicyPak\Client-Side Extensions\{1659C456-08FC-4359-B125-BB70EE34DD55}` -- `HKLM\Software\Classes\PPBRURL` -- `HKLM\Software\Classes\PPBRNURL` -- `HKLM\Software\Clients\StartMenuInternet` -- `HKLM\Software\Policies\Google\Chrome` -- `HKLM\Software\Policies\Microsoft\Windows\Explorer` -- `HKLM\Software\Policies\Microsoft\Windows\System` -- `HKLM\Software\Policies\PolicyPak` -- `HKLM\Software\PolicyPak` -- `HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths` -- `HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID` -- `HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy \{123AA0DB-7D32-4E82-9CBB-14E096E802AF}` -- `HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions` -- `HKLM\Software\RegisteredApplications` - -**Step 3 –** Launch Event Viewer as Administrator: - -1. Expand "Applications and Services Logs", right-click on "Netwrix Endpoint Policy Manager - (formerly PolicyPak)" event log and choose "Save All Events As…", save the file as - - `"endpointpolicymanager.evtx"` - -2. Expand "Applications and Services Logs" > "Microsoft" > "Windows", right-click on "GroupPolicy" - event log and choose "Save All Events As…", save the file as - - `"GroupPolicy.evtx"` - -3. Expand "Windows Logs" then right-click the "Application" log and choose "Save All Events As…" - save the file as - - `"Application.evtx".` - -**Step 4 –** Lastly, zip up everything you have collected on the ADMIN side -as`pplogs_as_admin_SRX#.zip`(substitute your Service request number for "SRX#") then upload to the -SUPPORT INBOX on SHAREFILE: -[https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9](https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9) - -## Next, manually collect the information for the USER Logs: - -**Step 1 –** Login as a regular (non-admin) user to the computer where the issue is occurring then -gather the following: - -- Copy entire `%localappdata%\PolicyPak`, this folder is important for troubleshooting all and any - CSE issues. -- Locate and gather any Endpoint Policy Manager log files in the `%TEMP%, %USERPROFILE%`, - `%APPDATA%`, and `%LOCALAPPDATA%` folders. - -**Step 2 –** Run Regedit then export the following registry keys if they are present, ignore any -keys that do not exist. - -- `HKCU\Software\Mozilla\Firefox\Extensions` -- `HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{123AA0DB-7D32-4E82-9CBB-14E096E802AF}` -- `HKCU\Software\Microsoft\Internet Explorer\Main\EnterpriseMode` -- `HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\` -- `HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice` -- `HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice` -- `HKCU\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` -- `HKCU\Software\Policies\Microsoft\Windows\Explorer` -- `HKCU\Software\PolicyPak` - -**Step 3 –** Lastly, zip up everything you have collected on the USER side as -`pplogs_as_user_SRX#.zip` (substitute your Service request number for "SRX#") then upload to the -SUPPORT INBOX on SHAREFILE: -[https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9](https://endpointpolicymanager.sharefile.com/share/getinfo/rc857a57f16b4d4b9) diff --git a/docs/endpointpolicymanager/troubleshooting/mac/logs.md b/docs/endpointpolicymanager/troubleshooting/mac/logs.md deleted file mode 100644 index b13af84829..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/mac/logs.md +++ /dev/null @@ -1,7 +0,0 @@ -# Understanding Log Files on the Client - -The PolicyPak logs are located in `/Library/Application Support/PolicyPak/Logs`. If requested by -Support, zip up these three logs. As the customer, you can find useful information within -endpointpolicymanagerd.log and cloud.log (details later in this document). - -![A screenshot of a computer Description automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_1_6e10551394ec326177434ffc228df475.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/mac/overview.md b/docs/endpointpolicymanager/troubleshooting/mac/overview.md deleted file mode 100644 index 054159d613..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/mac/overview.md +++ /dev/null @@ -1,4 +0,0 @@ -# Troubleshooting + Logging the Mac OS Client - -Troubleshooting usually involves trying to understand why a rule isn’t applying. In this section we -will understand the log files and how to use them. diff --git a/docs/endpointpolicymanager/troubleshooting/mac/reports.md b/docs/endpointpolicymanager/troubleshooting/mac/reports.md deleted file mode 100644 index 749175b87d..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/mac/reports.md +++ /dev/null @@ -1,22 +0,0 @@ -# Reporting on Collected Events - -All the collected events can be accessed through the “Computers (Collected Events)” report on the -Reports tab and selecting “Endpoint Policy Manager Least Privilege Manager for macOS”. - -![A screenshot of a computerDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_10_2ab64dc549729d2f51cdf61ab7d88108.webp) - -Next, configure the time period you want to report on. The default is the beginning of the day, but -this can be altered to the desired start and stop time and date. Click “Show” to see the results. - -![A screenshot of a computerDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_11_7135ed6ab54692983796dd995a2517e4.webp) - -The results can be filtered to show only the desired information. For example, show only specific -computers or only Elevation events. Every column can be filtered by click on the ellipsis within the -column header. - -![A screenshot of a computerDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_12_3996f6bea2016ba07eaf96f5c05b43c0.webp) - -For offline analysis, the report can be exported to either Excel or, if very large, CSV format. This -can be done before or after filtering. - -![A screenshot of a loginDescription automatically generated](/img/product_docs/endpointpolicymanager/leastprivilege/mac/1329_13_50b225886bba8747a9460411f4662cc9.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/mdm/overview.md b/docs/endpointpolicymanager/troubleshooting/mdm/overview.md deleted file mode 100644 index 7a09d8bca7..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/mdm/overview.md +++ /dev/null @@ -1,7 +0,0 @@ -# Troubleshooting - -Remember that there are three items needed to make Endpoint Policy Manager work with an MDM service: -the Endpoint Policy Manager CSE, the Endpoint Policy Manager license file, and the Endpoint Policy -Manager settings MSI files. That means there are (at least) three places to look when things go -wrong. The next three sections address the top problems and resolutions connected to these three -items. diff --git a/docs/endpointpolicymanager/troubleshooting/nondomain/limitations.md b/docs/endpointpolicymanager/troubleshooting/nondomain/limitations.md deleted file mode 100644 index 4d6dd18d9a..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/nondomain/limitations.md +++ /dev/null @@ -1,34 +0,0 @@ -# Which Endpoint Policy Manager items will not work when the computer is non-domain joined (or the computer is NEVER connected to the Internet)? - -There are some items which will not work if the computer is not domain joined… - -### Using Client Side Extension 2339 or a previous version: - -1. Netwrix Endpoint Policy Manager (formerly PolicyPak) Browser Router may or may not work as - expected with "External links", say, those from Outlook or Skype or Acrobat. This is because - PPBRAgent needs to be expressly specified as the "Default Browser" inside Windows 10; and with a - Non-Domain Joined machine, Endpoint Policy Manager cannot set this value ourselves. You can set - it manually on a per-computer basis. This is RESOLVED in Client Side Extension 2362 and later. -2. Endpoint Policy Manager File Associations manager will not work unless the machine is domain - joined. So if you want to use Endpoint Policy Manager File Associations manager with Endpoint - Policy Manager Cloud, Group Policy or MDM editions, then the machine must be domain joined first, - and then get its directive from the method of your choosing. This is RESOLVED in Client Side - Extension 2362 and later. - -### Using Any Client Side Extension: - -1. Chrome's plug SHOULD work and activate automatically, but in might need to be activated if it - doesn't operate as expected. - [Browser Router now supports Chrome on Non-Domain Joined machines](/docs/endpointpolicymanager/video/browserrouter/chromenondomainjoined.md). -2. Endpoint Policy Manager Application Manager will work as expected, except managing some areas of - CHROME when non-domain joined. Chrome simply has a self-imposed limitation for non-domain joined - machines. The list of settings which WILL and WON'T work is documented - [Which items in Chrome will, and will not work when non-domain joined?](/docs/endpointpolicymanager/troubleshooting/nondomain/chrome.md). -3. Windows Edge (original) will report at each launch "We've turned off extensions from unknown - sources. They might be risky so we recommend keeping them off." (See picture below.) There is NO - workaround at this time. - - ![359_1_tyr](/img/product_docs/endpointpolicymanager/troubleshooting/nondomain/359_1_tyr.webp) - -4. Windows Edge + Chromium: The Browser Router Extension will not install automatically. There is NO - workaround at this time except to manually install the Chrome Extension on Edge by hand. diff --git a/docs/endpointpolicymanager/troubleshooting/outlook.md b/docs/endpointpolicymanager/troubleshooting/outlook.md deleted file mode 100644 index bab31ff4ba..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/outlook.md +++ /dev/null @@ -1,6 +0,0 @@ -# How can I fix Outlook To-Do bar flashing when GP or Endpoint Policy Manager does a background refresh? - -For anyone experiencing the Outlook To-Do bar flashing when GP or PP does a background refresh, MS -has released KB3191883 May 2018 which solves that issue. - -[https://support.microsoft.com/en-us/help/3191883/may-2-2017-update-for-outlook-2016-kb3191883](https://support.microsoft.com/en-us/help/3191883/may-2-2017-update-for-outlook-2016-kb3191883) diff --git a/docs/endpointpolicymanager/troubleshooting/powershell/pplogsprompt.md b/docs/endpointpolicymanager/troubleshooting/powershell/pplogsprompt.md deleted file mode 100644 index de57e74a34..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/powershell/pplogsprompt.md +++ /dev/null @@ -1,17 +0,0 @@ -# How can I use Powershell to automatically say yes to the PPLOGS prompt? - -Remember that two different logs are required to get on a computer in order to get Netwrix Endpoint -Policy Manager (formerly PolicyPak) Support. Please review -[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md). - -Then, when you're ready to automatically grab the logs from the machine please use the following -commands (and see a sample result below.) - -**NOTE:** The commands must be run on the machine in question and will not work requesting the -details remotely. Therefore you can run a command like this from a scripting tool or anything else -where the command will execute on the machine itself. - -`echo y|pplogs /out:"c:\temp\pplogs_"$env:computername"_"$env:username".zip"` -`echo y|pplogs /out:"c:\temp\pplogs_"$env:computername"_admin.zip"` - -![934_1_image001_950x736](/img/product_docs/endpointpolicymanager/troubleshooting/powershell/934_1_image001_950x736.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/preferences/domainjoined.md b/docs/endpointpolicymanager/troubleshooting/preferences/domainjoined.md deleted file mode 100644 index 7ee94f0f9b..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/preferences/domainjoined.md +++ /dev/null @@ -1,19 +0,0 @@ -# Why do I see slowdowns on my machines when Endpoint Policy Manager Preferences is licensed and computers domain joined? Can this be worked around? - -From time to time, a Microsoft Group Policy Preference item is not compatible with Netwrix Endpoint -Policy Manager (formerly PolicyPak) trying to process it with Endpoint Policy Manager Preferences -component. - -We have worked around many of these items, but some still remain. - -As such, we have recommended that all on-prem customers un-license Endpoint Policy Manager -Preferences component unless its absolutely necessary for a specific use case. - -This problem only manifests itself when the computer is DOMAIN JOINED and then also getting -Microsoft Group Policy Preferences items while Endpoint Policy Manager Preferences component is -licensed. - -To that end, here is the documentation to un-license a single component, like Endpoint Policy -Manager Preferences: If you're an on-Prem cloud or MDM customer. - -[What if I want to unlicense specific components via ADMX or Endpoint Policy Manager Cloud?](/docs/endpointpolicymanager/license/unlicense/componentscloud.md) diff --git a/docs/endpointpolicymanager/troubleshooting/preferences/logs.md b/docs/endpointpolicymanager/troubleshooting/preferences/logs.md deleted file mode 100644 index ac4316902b..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/preferences/logs.md +++ /dev/null @@ -1,40 +0,0 @@ -# Troubleshooting Logs - -Endpoint Policy Manager Preferences Manager client-side extension (CSE) has several key log files. -Endpoint Policy Manager Preferences Manager can affect the Computer side and User side. The -computer-side log files can be seen in Figure 19, and the user-side log files can be seen in -Figure 20. - -![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/preferences/troubleshooting.webp) - -Figure 19. Computer-side log files. - -![troubleshooting_1](/img/product_docs/endpointpolicymanager/troubleshooting/preferences/troubleshooting_1.webp) - -Figure 20. User-side log files. - -If you want to look through the log files to help diagnose your problems, Table 1 shows the list of -Endpoint Policy Manager Preferences Manager log files. - -Table 1: Log files. - -| Log file | Location | Description | -| -------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | -| `ppUser_onLogon.log` | LocalAppData | CSE log for user policies created by PPWatcherSvc on login | -| `ppUser_onManual.log` | LocalAppData | CSE log for user policies created when Group Policy is manually run via GPupdate | -| `ppUser_onSchedule.log` | LocalAppData | CSE log for user policies created by automatic reapplication of settings using the timer | -| `ppUser_onPolicyChanged.log` | LocalAppData | CSE log for user policies created when Endpoint Policy Manager Preferences Manager receives data from GPOs or XML Data files | -| `ppUser_onServiceStart.log` | LocalAppData | Log for when the Endpoint Policy Manager Application Settings Manager Service starts and attempts to process the user-side | -| `ppComputer_onServiceStart.log` | ProgramData | Log for when the Endpoint Policy Manager Application Settings Manager Service starts and attempts to process the computer-side | -| `ppComputer_manual.log` | ProgramData | CSE log for computer policies created during ppupdate call | -| `ppComputer_onLogon.log` | ProgramData | CSE log for computer policies created by PPWatcherSvc on login (see next section for more information) | -| `ppComputer_onSchedule.log` | ProgramData | CSE log for computer policies created by automatic reapplication of settings using the timer | -| `ppComputer_onPolicyCHanged.log` | ProgramData | CSE log for computer policies created when XML Data settings get changed | -| `ppUpdatesChecker.log` | ProgramData | Automatic updates log. Check here to see if the auto-update component is seeing the updates.config file with instructions on how to auto-update. | -| `ppService.log` | ProgramData | Main Endpoint Policy Manager CSE service log. This log contains messages related to system-wide functions. | - -You can see an example of the contents of the logs in Figure 21. - -![troubleshooting_2](/img/product_docs/endpointpolicymanager/troubleshooting/preferences/troubleshooting_2.webp) - -Figure 21. The contents of the logs that are required for troubleshooting. diff --git a/docs/endpointpolicymanager/troubleshooting/preferences/overview.md b/docs/endpointpolicymanager/troubleshooting/preferences/overview.md deleted file mode 100644 index d8dab516d2..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/preferences/overview.md +++ /dev/null @@ -1,27 +0,0 @@ -# Troubleshooting - -In this section, we're going to learn how Netwrix Endpoint Policy Manager (formerly PolicyPak) -Preferences Manager reports data and how to troubleshoot Endpoint Policy Manager Preferences -Manager. Endpoint Policy Manager Preferences Manager is a relatively simple system with two -important components: the CSE, which is installed on the client, and the Group Policy Preferences -XML files copied into the special folders within `%ProgramData%`. However, there are several areas -that you may want to focus on if you encounter problems. Before calling or emailing PolicyPak -technical support, make sure to perform the following steps to solve common problems with easy -solutions. - -## Working with Technical Support - -To get you working as quickly as possible, please send us the following items: - -- Your Group Policy Preferences XML data file(s). -- An example of a client's log files. All Endpoint Policy Manager products have a universal log - "collector" utility. Simply run` pplogs.exe` from a command prompt and a ZIP file will be - generated for you. Mail that ZIP file to [support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) or - directly to your support representative if asked. -- Screenshots or a video of the problem, if there's something to see. Use an application such as - ScreenShot Pilot ([http://tinyurl.com/screenshotpilot](http://tinyurl.com/screenshotpilot)) or - Jing ([www.Techsmith.com](http://www.Techsmith.com)) to capture images or videos showing your - issue. - -We'll try to get you an answer right away. Call (800) 883-8002 if you think we haven't gotten your -request for help. We want to help you! diff --git a/docs/endpointpolicymanager/troubleshooting/remotedesktopprotocol/overview.md b/docs/endpointpolicymanager/troubleshooting/remotedesktopprotocol/overview.md deleted file mode 100644 index 80ff985b1b..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/remotedesktopprotocol/overview.md +++ /dev/null @@ -1,26 +0,0 @@ -# Troubleshooting - -Netwrix Endpoint Policy Manager (formerly PolicyPak) log files for Endpoint Policy Manager RDP -Manager are found in the following folders: - -- `%Programdata%\PolicyPak\PolicyPak Remote Desktop Protocol Manager for Computer side logs` -- `%AppData%\PolicyPak\PolicyPak Remote Desktop Protocol Manager for User side logs` - -There are also several files to check in the User folder: - -- `ppUser_OnLogon.log`: New data is added to this log when Group Policy applies at the time of login - (and items are set for the User, not the Computer). -- `ppUser_Switched.log`: New data is added to this log when Group Policy applies at the time of - login (but items are set for the Computer). -- `ppUser_OnGroupPolicy.log`: New data is added to this log when Group Policy applies in the - background (on GPupdate or when Group Policy applies in the background). -- `ppUser_onPolicyChanged.log`: New data is added to this log when Group Policy applies in the - background or when a method other than Group Policy is used (Microsoft Endpoint Manager [SCCM and - Intune], PolicyPak Cloud, and so on). - -Start troubleshooting by verifying the licensing, GPO name, and collection or policy name, as shown -in Figure 18. - -![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/remotedesktopprotocol/troubleshooting.webp) - -Figure 18. The ppuser log file. diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/events.md b/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/events.md deleted file mode 100644 index c726af8efa..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/events.md +++ /dev/null @@ -1,51 +0,0 @@ -# Events - -Endpoint Policy Manager Remote Work Delivery Manager places events (like what is shown in Figure 57) -in the Endpoint Policy Manager log (within Applications and Services Log). All Endpoint Policy -Manager Remote Work Delivery Manager events will have the Endpoint Policy Manager Remote Work -Delivery Manager Client source type. - -![tips_security_and_troubleshooting_8](/img/product_docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips_security_and_troubleshooting_8.webp) - -Figure 57. Endpoint Policy Manager Remote Work Delivery Manager events can be found in the Endpoint -Policy Manager node within Application and Services. - -You might want to trigger or look for certain events to know what's going on. Endpoint Policy -Manager is compatible with Event Forwarding if that's something you wish to do. Here is the list of -events in each category: - -- General - - - EventId = 500: Bits became unavailable. - - EventId = 501: Bits service is stopped. - - EventId = 502: Bits became available. - -- SMB File Copy jobs - - - EventId = 600: SMB job is created. - - EventId = 601: SMB job gets an error. - - EventId = 602: SMB job gets an error. - - EventId = 603: SMB job fails with error. - - EventId = 604: SMB job fails with error. - - EventId = 605: SMB job is completed. - - EventId = 606: SMB revert job is created. - - EventId = 607: SMB revert job gets an error. - - EventId = 608: SMB revert job gets an error. - - EventId = 609: SMB revert job fails with error. - - EventId = 610: SMB revert job fails with error. - - EventId = 611: SMB revert job is completed. - -- HTTP/Web Jobs: - - - EventId = 700: HTTP job is created. - - EventId = 701: HTTP job gets an error. - - EventId = 702: HTTP job gets an error. - - EventId = 703: HTTP job fails with error. - - EventId = 704: HTTP job fails with error. - - EventId = 705: HTTP job is completed. - - EventId = 706: HTTP revert job is created. - - EventId = 707: HTTP revert job gets an error. - - EventId = 708: HTTP revert job gets an error. - - EventId = 709: HTTP revert job fails with error. - - EventId = 710: HTTP revert job fails with error. - - EventId = 711: HTTP revert job is completed. diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/logs.md b/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/logs.md deleted file mode 100644 index c0b34def6f..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/logs.md +++ /dev/null @@ -1,55 +0,0 @@ -# Logging Locations - -The most common problem with Endpoint Policy Manager Remote Work Delivery Manager is that files do -not copy as expected. Here are some tips when trying to troubleshoot Endpoint Policy Manager Remote -Work Delivery Manager. - -The log files for Endpoint Policy Manager Remote Work Delivery Manager are found in the following -folder: `%Programdata%\PolicyPak\PolicyPa`k Remote Work Delivery Manager. This is because Endpoint -Policy Manager Remote Work Delivery Manager affects the Computer side (and all users on that -computer). It's also possible there might be some user-side logins in the following folder: -`%appdata%\local\PolicyPak\PolicyPak Remote Work Delivery Manager`. But it will not be useful -because all Endpoint Policy Manager Remote Work Delivery Manager work happens on the Computer side. -Therefore, you will want to check several files in the %Programdata%\PolicyPak\PolicyPak Remote Work -Delivery Manager folder. - -These files are as follows: - -- `ppUser_OnLogon.log`: New data is added to this log when Group Policy applies at the time of logon - (and items are set for the User, not the Computer). -- `ppUser_Switched.log`: New data is added to this log when Group Policy applies at the time of - logon (but items are set for the Computer). -- `ppUser_OnGroupPolicy.log`: New data is added to this log when Group Policy applies in the - background (on GPupdate or when Group Policy applies in the background). -- `ppUser_onPolicyChanged.log`: New data is added to this log when Group Policy applies in the - background or when a non-Group Policy method is used (MEMCM, Endpoint Policy Manager Cloud, and so - on). - -Start troubleshooting by verifying that you are set up with the following scenarios: - -- You have the GPO (or file). -- You have a collection within the GPO. -- You have the policies within the collection. - -Figure 55 is an example of a Endpoint Policy Manager Remote Work Delivery Manager log with some -annotations. - -![tips_security_and_troubleshooting_6](/img/product_docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips_security_and_troubleshooting_6.webp) - -Figure 55. An example of a Endpoint Policy Manager Remote Work Delivery Manager log. - -Then, to see details of what Endpoint Policy Manager Remote Work Delivery Manager is trying to do, -you can open up the PP_Operational.log. There will be two PP_Operational logs for Endpoint Policy -Manager Remote Work Delivery Manager (see Figure 56): - -- One for the User side (and switched mode) in - `\appdata\\PolicyPak\PolicyPak Remote Work Delivery Manager` -- One for the Computer side in `Programdata\PolicyPak\PolicyPak Remote Work Delivery Manager` - -![tips_security_and_troubleshooting_7](/img/product_docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips_security_and_troubleshooting_7.webp) - -Figure 56. Log files showing when a policy applies and when a policy reverts. - -If needed, logs are automatically wrapped up and can be sent to -[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) using the `PPLOGS.EXE` command on any endpoint -where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/overview.md b/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/overview.md deleted file mode 100644 index b686314748..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/overview.md +++ /dev/null @@ -1,4 +0,0 @@ -# Tips, Security, and Troubleshooting - -In this section, we give you a few tips about Netwrix Endpoint Policy Manager (formerly PolicyPak) -Remote Work Delivery Manager and discuss a security concern with some ways to troubleshoot it. diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/overview.md b/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/overview.md deleted file mode 100644 index c67c8a6924..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/overview.md +++ /dev/null @@ -1,4 +0,0 @@ -# Tips: Wildcards and Variables - -In the next sections we discuss some helpful tips for using Endpoint Policy Manager Remote Work -Delivery Manager. diff --git a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/wildcards.md b/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/wildcards.md deleted file mode 100644 index 26b35e5628..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/remoteworkdelivery/tips/wildcards.md +++ /dev/null @@ -1,24 +0,0 @@ -# About Wildcards - -When specifying the source for SMB shares, you can use wildcards. We used these earlier with the -special two-asterisk (\*\*) syntax to signify the start of recursion. - -The supported wildcards are: - -- `*` - matches zero or more characters (except slashes and backslashes) - -- `?` - matches exactly one character (except slashes and backslashes) -- `**` - matches zero or more characters (including slashes and backslashes) - -Examples: - -- `\\server\share\Folder1\*.txt`: This will accept all .txt files from Folder1. -- `\\server\share\Folder*\*.txt`: Note the star after the word "Folder" in addition to the one for - the .txt. This will accept all .txt files from `\\server\share\Folder1` and - `\\server\share\FolderTest` and every other folder with the word "Folder" in its name. -- `\\server\share\folder\??.pdf`: This will match every filename that has two characters and the - extension .pdf. -- `\\server\share\Folder?\??.pdf`: This will match every folder with the word "Folder" plus one - additional character (like Folder1, Folder4, Folder9) and then match every file that has two - characters (like 11.pdf, 12.pdf, 22.pdf) from `\\server\share\Folder1`, `\\server\share\Folder2`, - and so on. diff --git a/docs/endpointpolicymanager/troubleshooting/savesettings.md b/docs/endpointpolicymanager/troubleshooting/savesettings.md deleted file mode 100644 index b18658d454..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/savesettings.md +++ /dev/null @@ -1,10 +0,0 @@ -# When I edit the GPO, the settings don't seem to "stick" - -This is a problem on DCs where they hold files open. So edits appear to work, until you close and -reopen the GPO and find out that they aren't applying at all. - -Apply this KB to apply to all your DCs: - -[https://support.microsoft.com/en-us/kb/2791372](https://support.microsoft.com/en-us/kb/2791372) - -Then retry the Netwrix Endpoint Policy Manager (formerly PolicyPak) operation. diff --git a/docs/endpointpolicymanager/troubleshooting/scriptstriggers/overview.md b/docs/endpointpolicymanager/troubleshooting/scriptstriggers/overview.md deleted file mode 100644 index 46e07f84d0..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/scriptstriggers/overview.md +++ /dev/null @@ -1,45 +0,0 @@ -# Troubleshooting - -The most common problem with Netwrix Endpoint Policy Manager (formerly PolicyPak) Scripts & Triggers -Manager happens during the initial application. Here are some tips when trying to troubleshoot -Endpoint Policy Manager Scripts & Triggers Manager. - -Endpoint Policy Manager Scripts & Triggers Manager's log files are found in the following folder: - -`%Programdata%\PolicyPak\PolicyPak Scripts Manager`. This is because Endpoint Policy Manager Scripts -& Triggers Manager affects the Computer side (and all users on that computer). It's also possible -there might be some user-side logins in the following folder: - -`%appdata%\local\PolicyPak\PolicyPak Scripts Manager`. But these will not be useful since all -Endpoint Policy Manager Scripts & Triggers Manager work happens on the Computer side. - -There are several files to check in the folder: - -`%Programdata%\PolicyPak\PolicyPak Scripts Manager`. These files are as follows: - -- `ppUser_OnLogon.log`: New data is added to this log when Group Policy applies at the time of login - (and items are set for the user, not the computer). -- `ppUser_Switched.log`: New data is added to this log when Group Policy applies at the time of - login (but items are set for the computer). -- `ppUser_OnGroupPolicy.log`: New data is added to this log when Group Policy applies in the - background (on GPupdate or when Group Policy applies in the background). -- `ppUser_onPolicyChanged.log`: New data is added to this log when Group Policy applies in the - background or when a method other than Group Policy is used (Microsoft Endpoint Manager [SCCM and - Intune], Endpoint Policy Manager Cloud, and so on). - -**Step 1 –** Start with troubleshooting to verify that you are set up with the following scenarios: - -- You have the group policy object (GPO) or file. -- You have a collection within the GPO. -- You have the policies within the collection. - -Figure 33 shows an example of a Endpoint Policy Manager Scripts & Triggers Manager log with some -annotations. - -![troubleshooting](/img/product_docs/endpointpolicymanager/troubleshooting/scriptstriggers/troubleshooting.webp) - -Figure 33. An example of a Endpoint Policy Manager Scripts & Triggers Manager log. - -**Step 2 –** If needed, logs are automatically wrapped up and can be sent to -[support@endpointpolicymanager.com](mailto:support@endpointpolicymanager.com) using the `PPLOGS.EXE` command on any endpoint -where the client-side extension is installed. diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/crash.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/crash.md deleted file mode 100644 index 9c155692c1..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/crash.md +++ /dev/null @@ -1,8 +0,0 @@ -# Endpoint Policy Manager Start Screen & Taskbar Manager crashes, hangs or is slow when running Group Policy update. Why? - -The WAP Push Message Routing Service must be enabled on the machine as Manual (Trigger Start) or -Running for Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager to -function. -Do not disable this dmwappushservice service. - -![537_1_asdfghkyhj](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/537_1_asdfghkyhj.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/existingicons.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/existingicons.md deleted file mode 100644 index ec0d084161..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/existingicons.md +++ /dev/null @@ -1,13 +0,0 @@ -# I use Partial/Merge mode, and expected existing icons to be maintained, but instead they were wiped out. What happened? - -This can occur if you're doing something else to manage the Start Layout \*\*BEFORE\*\* Netwrix -Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager is involved. - -In short, there are two categories of Start Screen items: - -- Default Windows groups and applications, or groups and applications pinned by user; -- Applications pinned by Enterprise (regardless of the method they were added: MDM, Group Policy, - import-startlayout script during OSD, etc); - -Items that fall into the second category "Applications pinned by Enterprise" are wiped out when new -layout is applied by Endpoint Policy Manager Start Screen & Taskbar Manager. diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logons.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logons.md deleted file mode 100644 index 22a55ea41d..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/logons.md +++ /dev/null @@ -1,19 +0,0 @@ -# Why would it sometimes takes two logoffs and logons to see Start Screen or Taskbar changes? - -To answer this, there are two scenarios. - -Scenario 1: - -- The user has no profile at all. -- GPOs apply SYNCHRONOUSLY but Explorer doesn't get the signal about Netwrix Endpoint Policy Manager - (formerly PolicyPak) Start Screen & Taskbar. -- This means you typically need another log off and back on to see the "now written, but not yet - seen" Start Screen & Taskbar. - -Scenario 2: - -- The user has a profile, but he is logged off. -- Then the Admin makes some change to Start Menu. -- When the User logs on, because policies are applied asynchronously, the end-user missed the chance - to apply those to Explorer. So, you see the result at the next logon because the Start Screen & - Taskbar policies are "now written, but not yet seen." diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/office365.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/office365.md deleted file mode 100644 index acf49cbc24..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/office365.md +++ /dev/null @@ -1,34 +0,0 @@ -# Why don't I see Office 2016, Office 2019, or Office 365 icons or tiles using Start Screen Manager? - -If you attempt to deliver Microsoft Office tiles using Netwrix Endpoint Policy Manager (formerly -PolicyPak) Start Screen Manager, you might find blank tiles like what is experienced here. - -On LTSC machines, you won't see any tiles at all, because there is no Microsoft Edge installed. - -![910_1_image001_950x879](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_1_image001_950x879.webp) - -When you click on a tile, you should see some indication of the issue like what's seen here. - -![910_2_image002_950x308](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_2_image002_950x308.webp) - -Upon inspection of one of the tiles, you might see the target application shown like this: - -![910_3_image003_950x697](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_3_image003_950x697.webp) - -However, the correct details should be entered as follows: - -![910_4_image004_950x690](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/910_4_image004_950x690.webp) - -To get this to work, you should use the Endpoint Policy Manager Start Screen Helper Tool on a -machine with the version of Office 2016, 2019, or Office 365 you want to add icons for. - -Here's the video on this -tool:[Endpoint Policy Manager Start Screen and Taskbar Manager Helper Utility](/docs/endpointpolicymanager/video/startscreentaskbar/helperutility.md)/ - -Summary to get Office icons to appear on endpoints: - -**Step 1 –** Get the apps installed on an endpoint. - -**Step 2 –** Use the Helper tool. - -**Step 3 –** Then create the icons from the export the helper tool made. diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/overview.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/overview.md deleted file mode 100644 index 11a9a46846..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/overview.md +++ /dev/null @@ -1,15 +0,0 @@ -# Troubleshooting - -The most common problem with Start Screen & Taskbar Manager is getting it to work the first time. -Here are some tips when trying to troubleshoot Start Screen & Taskbar Manager: - -- Do not try to use Microsoft's method and Netwrix Endpoint Policy Manager (formerly PolicyPak)'s - method for managing the Start Screen and Taskbar on the same Windows 10 endpoints. Only one method - can be used at a time, and multiple methods are not supported. -- Do not try to use a built-in OMA-DM/MDM method and Endpoint Policy Manager's method for managing - the Start Screen and Taskbar on the same Windows 10 endpoints. Only one method can be used at a - time, and multiple methods are not supported. -- Taskbar Manager policies only take effect after the user has received a Group Policy update and - then logs on again. -- Start Screen & Taskbar Manager's policies may not work the very first time a user logs onto a - Windows 10 machine, but will take effect in the background a bit later. diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/pinnedcollection.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/pinnedcollection.md deleted file mode 100644 index ac995c28ad..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/pinnedcollection.md +++ /dev/null @@ -1,13 +0,0 @@ -# Why do I see a group named ">Endpoint Policy ManagerStart Screen manager" on the left side in Endpoint Policy Manager Start Screen & Taskbar Manager ? - -You will see a group named Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & -Taskbar Manager on the left when you have icons on the right which do NOT have their own LEFT SIDE -shortcut. This is automatically created for you and is not configurable. - -Items which are delivered to the TASK BAR must also have items that exist on the LEFT SIDE. If these -items do not exist, we will create a group JUST for the Task Bar. That is configurable, and you can -see how to do it in the second screenshot. - -![623_1_faq-07-img-01](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/623_1_faq-07-img-01.webp) - -![623_2_faq-07-img-02](/img/product_docs/endpointpolicymanager/troubleshooting/startscreentaskbar/623_2_faq-07-img-02.webp) diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/rollback.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/rollback.md deleted file mode 100644 index 499740e5c6..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/rollback.md +++ /dev/null @@ -1,7 +0,0 @@ -# How can I revert / rollback the Windows 10 Start Screen after I make an error (using Partial or Replace mode)? - -Use Netwrix Endpoint Policy Manager (formerly PolicyPak) Script manager to run a simple script to -re-trigger the initial start menu layout. Note you may not get an EXACT revert; but it's pretty -close. - -[Endpoint Policy ManagerStart Screen and Endpoint Policy Manager Scripts: Specify exact Start Menu experience one time](/docs/endpointpolicymanager/video/startscreentaskbar/onetime.md) diff --git a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10.md b/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10.md deleted file mode 100644 index b669723b5d..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/startscreentaskbar/windows10.md +++ /dev/null @@ -1,7 +0,0 @@ -# Why aren't Taskbar manager policies working as expected on my Windows 10 machine? - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Start Screen & Taskbar Manager policies will -fully work with Windows 10 build 1703. -With build 1607 only Start Screen policies are expected to work. -To get both Start Screen and Taskbar Manager policies to work, you will need to have the endpoint(s) -be 1703 or later. diff --git a/docs/endpointpolicymanager/troubleshooting/versions.md b/docs/endpointpolicymanager/troubleshooting/versions.md deleted file mode 100644 index 4ba12893b6..0000000000 --- a/docs/endpointpolicymanager/troubleshooting/versions.md +++ /dev/null @@ -1,60 +0,0 @@ -# What are the Endpoint Policy Manager Build and Version numbers? - -Endpoint Policy Manager on-premise suite doesn't have traditional "1.0", "2.0" product versions. - -We simply have "the latest" and if you're a customer in good standing, you get to utilize that build -and upgrade anytime. - -There are various places you'll see the version number of the build, the CSE, and Paks (for Endpoint -Policy Manager Application Manager). - -In the Customer Portal, you'll see the BUILD number demonstrated like this … in this example the -build is 834.. - -![217_1_image002](/img/product_docs/endpointpolicymanager/troubleshooting/217_1_image002.webp) - -Here's how to read it: - -- So the NUMBER represents the Endpoint Policy Manager CSE version. The CSE is the part that's - installed on the endpoint / client machine. -- The LETTER represents how many times the download had been updated with MINOR updates. - -Perhaps there was a bugfix update to the Endpoint Policy Manager Admin Console MSI, after the CSE -was shipped. In that case the build number stays the same, but the letter is increased by one (a to -b) to show that something new is inside the download. - -When the CSE is installed on a client machine, you can see the version by running the PPupdate tool -and see the version number: - -**NOTE:** At no time will you see a, b, c, etc in the actual CSE (See picture below.) - -You'll only see the CSE ID which should match the build number. - -Older builds, like 761 will show it like this: - -![217_2_image0011](/img/product_docs/endpointpolicymanager/troubleshooting/217_2_image0011.webp) - -Newer builds, like 834 will show it like this: - -![217_3_image004](/img/product_docs/endpointpolicymanager/troubleshooting/217_3_image004.webp) - -You can also see the same number in Programs / Features in Windows like this: - -![217_4_image005](/img/product_docs/endpointpolicymanager/troubleshooting/217_4_image005.webp) - -What do the numbers BEFORE the build mean? - -- 15 is 2015. -- 12 is December. -- 834 is the build number. -- Anything after that is the minor increment number. - -For Endpoint Policy Manager Application Manager Paks, you might see Paks represented with the build -number of the Endpoint Policy Manager DesignStudio version that compiled the Pak. - -In this screenshot, you can see the original style and the new style: - -- Original style (4.2.785.1) means build 785 of the DesignStudio compiled the Pak. -- New Style (15.12.827.19) means build 827 of the DesignStudio compiled the Pak. - -![217_5_image006](/img/product_docs/endpointpolicymanager/troubleshooting/217_5_image006.webp) diff --git a/docs/endpointpolicymanager/video/applicationsettings/proxysettings.md b/docs/endpointpolicymanager/video/applicationsettings/proxysettings.md deleted file mode 100644 index 5d08101758..0000000000 --- a/docs/endpointpolicymanager/video/applicationsettings/proxysettings.md +++ /dev/null @@ -1,91 +0,0 @@ -# Manage different proxy settings, even when offline - -Starting in build 545, you can flip / flop specific settings even when offline. For instance, see in -this video how we change Firefox's Proxy settings — even when there is no DC. You're going to love -this tip ! - - - -### PolicyPak: Manage different proxy settings, even when offline video transcript - -Hi, this is Jeremy Moskowitz, former Group Policy MVP and Founder of PolicyPak Software. In this -quick demonstration, I'm going to show you how you can use PolicyPak to when you're on a particular -IP subnet range get a particular proxy server, and when you're not on a particular IP range get a -different proxy server. - -I'm going to do this demonstration with Firefox, but it works perfectly well if you're using -PolicyPak in conjunction with Internet Explorer or other utilities that use a proxy. Let's get -started by taking a look. Here's my "Mozilla Firefox" on my target machine. If I go to "Options" -here, the "Home Page" isn't set and also the proxy server isn't set. - -What we want to say is, when I'm on a particular IP range – and this particular machine happens to -be on IP range "192.168" – so when I'm on one range, get one set of settings; when I'm on another -range, get a different set of settings. The best part is PolicyPak can dictate those settings -continuously, even when the computer is offline. I'm going to show you that as well. - -I'll call this "Firefox Proxy Demo." I'm doing this on the computer side. You could do it on user -side too, but I happen to be doing it on the computer side. Select "New/Application" and I'll pick -"PolicyPak for Mozilla Firefox." Again, this will work perfectly well for anything else that you -want. I just happen to be using Firefox. You can use the PolicyPak Pak for IEE as well. - -We'll go ahead and click here. Let's set the "Home Page" to "www.INRANGE.com." For the network -proxy, we'll also set the proxy as "www.inrangePROXY.com," and we'll make this port "81." When we're -in this IP range, we're going to get the home page being one thing and also the proxy being the -same. - -The way we're going to do this is we're going to use PolicyPak's item-level targeting. We will -"Enable item-level targeting" and then "Edit item-level targeting filters." What we're going to do -is click on "IP Address Range" and set it up accordingly – "192.168.0.0" to "192.168.255.255." When -I'm in this range, I get this set of settings. There we go. - -While we're here, let's go ahead and "Edit Description" in case we need to do some troubleshooting. -We'll call this "ILT = IN RANGE." We're just making a note for ourselves; this is the in-range entry -point. - -We'll do another one for "PolicyPak for Mozilla Firefox." This time we will call this -"www.OUTofRANGE.com." We'll do the same thing for the proxy. We'll call this "www.OUT -ofRangePROXY.com," and the port will be "55" or something weird. - -Again, you could use "No proxy." That probably makes more sense when users are roaming off of your -network. I just happened to be using manual for this demonstration, but you could use "No proxy," if -you're so inclined. - -Once again, we're going to go to "Enable item-level targeting" here under the "Options" button, and -we'll also "Edit item-level targeting filters." Actually, it's quite similar. We'll just set "IP -Address Range." Instead of the IP range being "192.168.0.0" to "192.168.255.255," we actually want -to make it when it "Is Not" that range. The first entry is when it is in range, and the second entry -is when it's not in range. Now that we've done that, we'll go ahead and "Edit Description" here. -We'll call this "ILT = OUT of RANGE." - -Alright, so we've got these two entry points. Here's the best part. Let's get the latest, greatest -Group Policy by either logging on or running "gpupdate." Now PolicyPak is special. It's different -than the in-the-box policy. It's different than the in-the-box preference. We'll maintain these -instruction sets, even when offline. - -Because of that what we get out of that it, let's go ahead and run "Mozilla Firefox" and see what -happens first. We'll go ahead and go to "Options" here, and  we'll go to "General." There we go. We -are "www.INRANGE.com." If we click on the "Network" proxy, there we go. We're using the -"www.inrangePROXY.com," just the way we expect. - -Let's do something funky, and let's actually go off the network. I'm doing this part off camera. -Here we go. I'm changing this "Network connection" to be not on the network anymore. Now I've -traveled to their home or something. - -I know when they're really at their home or some other business or something like that, they would -pick up a different IP range. I'm just setting this manually for the purposes of this demo. In real -life, of course, you wouldn't be doing this or they wouldn't have to do this. It's just for the -purposes of this demo: "255.0.0.0," "10.0.0.1" and "10.0.0.111." There we go. - -Now I've changed the IP range on this computer, and there's no way that it's going to connect to the -mother ship and get the latest, greatest policy settings. The assumption is that they just got a new -IP range and they're just going to run "Mozilla Firefox." When you do that, magic instantly occurs -with PolicyPak. When you go to the "General" tab, "www.OUTofRANGE.com," because we're no longer in -that IP range anymore. If we look at the "Network" proxy, we set it up exactly what we expected. - -This gets you an amazing superpower if you're using either Internet Explorer or Firefox in -conjunction with PolicyPak. There's really no other way to do this unless you're using PolicyPak. -This is a very common ask, so I figured I would show a demonstration of exactly how to do it. If you -have any questions on how to do this, please feel free to post your questions in the PolicyPak -forum. - -Thanks so much. Talk to you soon. diff --git a/docs/endpointpolicymanager/video/applicationsettings/trustedappsets.md b/docs/endpointpolicymanager/video/applicationsettings/trustedappsets.md deleted file mode 100644 index fd5fa39da3..0000000000 --- a/docs/endpointpolicymanager/video/applicationsettings/trustedappsets.md +++ /dev/null @@ -1,13 +0,0 @@ -# Endpoint Policy Manager Application Setting Manager (Understanding Trusted AppSets) - -Netwrix Endpoint Policy Manager (formerly PolicyPak) Application Settings Manager now ships signed -AppSets from Netwrix. This means that all the DLLs (AppSets) we ship are digitally signed and -unaltered and you know they came from us. Watch this video to understand how to take advantage of -this feature. - -**NOTE:** Before heading down this path please watch the backup / restore videos: - -- [Endpoint Policy Manager Application Settings Manager: Backup, Restore, Export, Import](/docs/endpointpolicymanager/video/troubleshooting/backup.md) -- [Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem](/docs/endpointpolicymanager/video/troubleshooting/backupoptions.md) - - diff --git a/docs/endpointpolicymanager/video/cloud/add/administrator.md b/docs/endpointpolicymanager/video/cloud/add/administrator.md index c2c7823da2..1678cf3adc 100644 --- a/docs/endpointpolicymanager/video/cloud/add/administrator.md +++ b/docs/endpointpolicymanager/video/cloud/add/administrator.md @@ -4,7 +4,7 @@ The process of adding new admins to your cloud service couldn't be easier. Watch out how. See -also:  [Endpoint Policy Manager Cloud Portal - Adding new company admins - Quickstart](/docs/endpointpolicymanager/cloud/add/administrator.md) +also:  [Endpoint Policy Manager Cloud Portal - Adding new company admins - Quickstart](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithcl/knowledgebase/cloudportalsecurity/administrator.md) Hi, this is Whitney with PolicyPak Software. In this video, we are talking about adding a new admin to your cloud service. There are a few different scenarios in which this could happen, so we'll walk diff --git a/docs/endpointpolicymanager/video/gettingstarted/admx.md b/docs/endpointpolicymanager/video/gettingstarted/admx.md deleted file mode 100644 index 962b383f51..0000000000 --- a/docs/endpointpolicymanager/video/gettingstarted/admx.md +++ /dev/null @@ -1,7 +0,0 @@ -# Endpoint Policy Manager: Exclude Processes via ADMX - -You're likely already excluding your AV and other system software from Netwrix Endpoint Policy -Manager (formerly PolicyPak). But you can use this ADMX setting to specify which processes Endpoint -Policy Manager should exclude. - - diff --git a/docs/endpointpolicymanager/video/index.md b/docs/endpointpolicymanager/video/index.md index 62bcad79d0..859a0ad2aa 100644 --- a/docs/endpointpolicymanager/video/index.md +++ b/docs/endpointpolicymanager/video/index.md @@ -2,11 +2,11 @@ Explore our comprehensive collection of video tutorials to help you get the most out of Endpoint Policy Manager. -## Getting Started {#getting-started} +## Getting Started Get started with the basics of Endpoint Policy Manager. -## DesignStudio How-To {#designstudio-how-to} +## DesignStudio How-To Learn how to use the DesignStudio to create custom application settings. diff --git a/docs/endpointpolicymanager/video/leastprivilege/autorulesfromadmin.md b/docs/endpointpolicymanager/video/leastprivilege/autorulesfromadmin.md deleted file mode 100644 index cc6a131375..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/autorulesfromadmin.md +++ /dev/null @@ -1,6 +0,0 @@ -# Endpoint Privilege Manager Automatic Rules Creation from Admin Approval Requests - -After setting up Admin Approval you might want to convert those requests into automatic rules. Learn -how to take inbound requests and immediately convert them into rules. - - diff --git a/docs/endpointpolicymanager/video/leastprivilege/bestpractices/msi.md b/docs/endpointpolicymanager/video/leastprivilege/bestpractices/msi.md deleted file mode 100644 index 96d163d755..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/bestpractices/msi.md +++ /dev/null @@ -1,6 +0,0 @@ -# Best Practices of MSI installations from the Windows Store (UWP Applications) - -With Endpoint Policy Manager and UWP rules you can elevate an MSI that comes from the Windows Store. -See how in this video. - - diff --git a/docs/endpointpolicymanager/video/leastprivilege/denyselfelevate.md b/docs/endpointpolicymanager/video/leastprivilege/denyselfelevate.md deleted file mode 100644 index 4c28494274..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/denyselfelevate.md +++ /dev/null @@ -1,6 +0,0 @@ -# PPLPM: Deny Wins Over Self Elevate (using Java installation as example) - -Want to allow Self Elevate but deny specific vendors' software, like Oracle Java so developers can't -install them? See how in this video! - - diff --git a/docs/endpointpolicymanager/video/leastprivilege/integration/selfelevatemode.md b/docs/endpointpolicymanager/video/leastprivilege/integration/selfelevatemode.md deleted file mode 100644 index 4cdb5fa77e..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/integration/selfelevatemode.md +++ /dev/null @@ -1,4 +0,0 @@ -# Endpoint Privilege Manager: NPS Self Elevate Mode (Paid Feature) - -With Endpoint Policy Manager you can use the power of the Self Elevate Feature in conjunction with -the proxy and brokering of the Netwrix Privilege Secure Server. diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/applicationpackage.md b/docs/endpointpolicymanager/video/leastprivilege/mac/applicationpackage.md deleted file mode 100644 index b4204c9d95..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/applicationpackage.md +++ /dev/null @@ -1,5 +0,0 @@ -# Endpoint Policy Manager Least Priv Manager for Macs Application Package Support - -Got Macs and need to do Least Privilege Functions upon them? Then use Netwrix Endpoint Policy -Manager (formerly PolicyPak) for Mac which hooks into Endpoint Policy Manager Cloud and remove local -admin rights for Macs! diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/cloudinstall.md b/docs/endpointpolicymanager/video/leastprivilege/mac/cloudinstall.md deleted file mode 100644 index e6da067947..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/cloudinstall.md +++ /dev/null @@ -1,3 +0,0 @@ -# Endpoint Policy Managerfor MacOS Installation (using Endpoint Policy Manager Cloud) - -Got Macs and want to get PolicyPak installed quickly? Here's your guide! diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/collectdiagnostics.md b/docs/endpointpolicymanager/video/leastprivilege/mac/collectdiagnostics.md deleted file mode 100644 index 7fc42d7594..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/collectdiagnostics.md +++ /dev/null @@ -1,4 +0,0 @@ -# Collect Diagnostics - -Automatically locate all relevant Endpoint Policy Manager for Mac logs and get them Zipped up and -ready for investigation by the Endpoint Policy Manager team. diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/macjointoken.md b/docs/endpointpolicymanager/video/leastprivilege/mac/macjointoken.md deleted file mode 100644 index c76cdecfc3..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/macjointoken.md +++ /dev/null @@ -1,4 +0,0 @@ -# Mac and Jointoken - -Create a Jointoken in Endpoint Policy Manager, then use the Mac client to automatically place the -endpoint in one or more groups. diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmounpart2.md b/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmounpart2.md deleted file mode 100644 index d8a347d074..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/mountunmounpart2.md +++ /dev/null @@ -1,4 +0,0 @@ -# Endpoint Privilege Manager for Mac: Mount / Unmount Part II - -This is Part II where you can learn some advanced parameters which you can mix and match to dial in -the exact experience you want with Mac mounting, unmounting and elevation. diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/privilege.md b/docs/endpointpolicymanager/video/leastprivilege/mac/privilege.md deleted file mode 100644 index 5e19af3005..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/privilege.md +++ /dev/null @@ -1,6 +0,0 @@ -# Endpoint Policy Manager LPM for MacOS: Privilege Policies (for Helper Apps) - -Got applications which launch that need admin rights to install their MacOS helper apps? Here's how -to overcome that problem! - - diff --git a/docs/endpointpolicymanager/video/leastprivilege/mac/systemsettings.md b/docs/endpointpolicymanager/video/leastprivilege/mac/systemsettings.md deleted file mode 100644 index 76e56bdf10..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/mac/systemsettings.md +++ /dev/null @@ -1,6 +0,0 @@ -# Endpoint Policy Manager for Mac / Least Priv Manager: System Settings policy - -If you have MacOS and want to overcome the System Settings prompts which require administrative -rights; watch this video to see how its done. - - diff --git a/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/selfelevate.md b/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/selfelevate.md deleted file mode 100644 index 3114b59147..0000000000 --- a/docs/endpointpolicymanager/video/leastprivilege/selfelevatemode/selfelevate.md +++ /dev/null @@ -1,4 +0,0 @@ -# Changing Double-Click Behavior with Process Interception (Self Elevate / Admin Approval) - -If you'd prefer the double-click behavior to be Self Elevate instead of UAC prompts or Admin -Approval here's how to adjust and decide which behavior you want. diff --git a/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md b/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md index 74aca84820..cbf0fcfb14 100644 --- a/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md +++ b/docs/endpointpolicymanager/video/leastprivilege/windowseventforwarding.md @@ -190,4 +190,4 @@ throwing UAC prompts and help you create rules to bypass them, you can do that r Thank you very much for watching, and talk to you soon. Related -article: [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/leastprivilege/windowseventforwarding.md) +article: [How to forward interesting events for Least Privilege Manager (or anything else) to a centralized location using Windows Event Forwarding.](/docs/endpointpolicymanager/knowledgebase/leastprivilegemanage/knowledgebase/eventing/windowseventforwarding.md) diff --git a/docs/endpointpolicymanager/video/license/lttool.md b/docs/endpointpolicymanager/video/license/lttool.md deleted file mode 100644 index e40684c6ed..0000000000 --- a/docs/endpointpolicymanager/video/license/lttool.md +++ /dev/null @@ -1,4 +0,0 @@ -# Endpoint Policy Manager LT Tool Problems - -Having problems with the Netwrix Endpoint Policy Manager (formerly PolicyPak) LT tool but need to -get "counting" with your number of Intune connected machines? Use this workaround. diff --git a/docs/endpointpolicymanager/video/networksecurity/applicationsports.md b/docs/endpointpolicymanager/video/networksecurity/applicationsports.md deleted file mode 100644 index 2ee80c42c9..0000000000 --- a/docs/endpointpolicymanager/video/networksecurity/applicationsports.md +++ /dev/null @@ -1,3 +0,0 @@ -# Endpoint Policy Manager Network Security Manager - Applications and Ports - -Got applications you want to lockdown to use specific IPs and ports? Use this video to get the gist. diff --git a/docs/endpointpolicymanager/video/networksecurity/auditingevents.md b/docs/endpointpolicymanager/video/networksecurity/auditingevents.md deleted file mode 100644 index 0fb12255c9..0000000000 --- a/docs/endpointpolicymanager/video/networksecurity/auditingevents.md +++ /dev/null @@ -1,3 +0,0 @@ -# Endpoint Policy Manager Network Security Manager - Auditing Events - -Need to turn on eventing? You can do this per Process then per activity. See how in this video. diff --git a/docs/endpointpolicymanager/video/networksecurity/domainnames.md b/docs/endpointpolicymanager/video/networksecurity/domainnames.md deleted file mode 100644 index 2dd991846f..0000000000 --- a/docs/endpointpolicymanager/video/networksecurity/domainnames.md +++ /dev/null @@ -1,3 +0,0 @@ -# Endpoint Policy Manager Network Security Manager - Using Domain Names - -Want to use Domain Names to allow and block? You can do that ! diff --git a/docs/endpointpolicymanager/video/networksecurity/globalsettings.md b/docs/endpointpolicymanager/video/networksecurity/globalsettings.md deleted file mode 100644 index e275223c2c..0000000000 --- a/docs/endpointpolicymanager/video/networksecurity/globalsettings.md +++ /dev/null @@ -1,5 +0,0 @@ -# Endpoint Policy Manager Network Security Manager - Global settings - -Learn how you can specify the text of the dialog box presented to users when Network Security -Manager is actively managing a process. You can even use links in the dialog to send them to your -helpdesk for more information ! diff --git a/docs/endpointpolicymanager/video/networksecurity/videolearningcenter.md b/docs/endpointpolicymanager/video/networksecurity/videolearningcenter.md deleted file mode 100644 index a3f180ab27..0000000000 --- a/docs/endpointpolicymanager/video/networksecurity/videolearningcenter.md +++ /dev/null @@ -1,11 +0,0 @@ -# Video Learning Center - -See the following Video topics for Network Security Manager. - -## Getting Started - -- [Endpoint Policy Manager Network Security Manager - The Basics](/docs/endpointpolicymanager/video/networksecurity/basics.md) -- [Endpoint Policy Manager Network Security Manager - Using Domain Names](/docs/endpointpolicymanager/video/networksecurity/domainnames.md) -- [Endpoint Policy Manager Network Security Manager - Applications and Ports](/docs/endpointpolicymanager/video/networksecurity/applicationsports.md) -- [Endpoint Policy Manager Network Security Manager - Global settings](/docs/endpointpolicymanager/video/networksecurity/globalsettings.md) -- [Endpoint Policy Manager Network Security Manager - Auditing Events](/docs/endpointpolicymanager/video/networksecurity/auditingevents.md) diff --git a/docs/endpointpolicymanager/video/remotedesktopprotocol/cloud.md b/docs/endpointpolicymanager/video/remotedesktopprotocol/cloud.md deleted file mode 100644 index 95ef69be13..0000000000 --- a/docs/endpointpolicymanager/video/remotedesktopprotocol/cloud.md +++ /dev/null @@ -1,7 +0,0 @@ -# Create and update .RDP files for end-users using Endpoint Policy Manager Cloud Edition - -How do you create an RDP file on the desktop? You could just "copy it there" but then it's not kept -up to date if a user changes it. Welcome Endpoint Policy Manager RDP Manager. Endpoint Policy -Manager RDP Manager enables you to deliver .RDP files using the Endpoint Policy Manager Cloud -Edition and dictate connections as YOU want them defined. Don't leave it up to end users--you set it -for them! diff --git a/docs/endpointpolicymanager/video/remotedesktopprotocol/itemleveltargeting.md b/docs/endpointpolicymanager/video/remotedesktopprotocol/itemleveltargeting.md deleted file mode 100644 index 217e0825ba..0000000000 --- a/docs/endpointpolicymanager/video/remotedesktopprotocol/itemleveltargeting.md +++ /dev/null @@ -1,4 +0,0 @@ -# Use Item Level Targeting to Deliver Targeted .RDP Files - -Deliver unique RDP sessions to multiple users, machines, security groups and more using Netwrix -Endpoint Policy Manager (formerly PolicyPak)'s RDP Manager and Item Level Targeting! diff --git a/docs/endpointpolicymanager/video/remotedesktopprotocol/mdm.md b/docs/endpointpolicymanager/video/remotedesktopprotocol/mdm.md deleted file mode 100644 index 9337af18dd..0000000000 --- a/docs/endpointpolicymanager/video/remotedesktopprotocol/mdm.md +++ /dev/null @@ -1,6 +0,0 @@ -# Create and update .RDP files for end-users using Endpoint Policy Manager MDM Edition - -How do you create an RDP file on the desktop? You could just "copy it there" but then it's not kept -up to date if a user changes it. Welcome Endpoint Policy Manager RDP Manager. Endpoint Policy -Manager RDP manager enables you to deliver .RDP files and dictate connections as YOU want them -defined. Don't leave it up to end users-- you set it for them! diff --git a/docs/endpointpolicymanager/video/remotedesktopprotocol/videolearningcenter.md b/docs/endpointpolicymanager/video/remotedesktopprotocol/videolearningcenter.md deleted file mode 100644 index 96b28e6c87..0000000000 --- a/docs/endpointpolicymanager/video/remotedesktopprotocol/videolearningcenter.md +++ /dev/null @@ -1,10 +0,0 @@ -# Video Learning Center - -See the following Video topics for Endpoint Policy Manager RDP Manager. - -## Remote Work and VDI Scenarios - -- [Create and update .RDP files for end-users for Remote Work and VDI scenarios](/docs/endpointpolicymanager/video/remotedesktopprotocol/vdiscenarios.md) -- [Create and update .RDP files for end-users using Endpoint Policy Manager Cloud Edition](/docs/endpointpolicymanager/video/remotedesktopprotocol/cloud.md) -- [Create and update .RDP files for end-users using Endpoint Policy Manager MDM Edition](/docs/endpointpolicymanager/video/remotedesktopprotocol/mdm.md) -- [Use Item Level Targeting to Deliver Targeted .RDP Files](/docs/endpointpolicymanager/video/remotedesktopprotocol/itemleveltargeting.md) diff --git a/docs/endpointpolicymanager/video/troubleshooting/backupoptions.md b/docs/endpointpolicymanager/video/troubleshooting/backupoptions.md deleted file mode 100644 index 4417a6475b..0000000000 --- a/docs/endpointpolicymanager/video/troubleshooting/backupoptions.md +++ /dev/null @@ -1,3 +0,0 @@ -# Endpoint Policy Manager: Backup and Restore Options to Recover from nearly any problem - - diff --git a/docs/endpointpolicymanager/video/troubleshooting/logs.md b/docs/endpointpolicymanager/video/troubleshooting/logs.md index bc8bd8b0be..d8b11fe378 100644 --- a/docs/endpointpolicymanager/video/troubleshooting/logs.md +++ b/docs/endpointpolicymanager/video/troubleshooting/logs.md @@ -7,7 +7,7 @@ step is to collect logs for support to review. Follow the steps in this video to logs of the issue so support can troubleshoot it quickly. See the -[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/troubleshooting/fastsupport.md) +[What must I send to Endpoint Policy Manager support in order to get the FASTEST support?](/docs/endpointpolicymanager/knowledgebase/gettingstartedwithen/knowledgebase/troubleshootinggener/fastsupport.md) topic for additional information on current support policies and how to get the fastest support. ## Troubleshooting Previous Versions of Endpoint Policy Manager diff --git a/docs/passwordreset/3.3/administration/configuring_password_reset.md b/docs/passwordreset/3.3/administration/configuring_password_reset.md deleted file mode 100644 index 0018a1cd5b..0000000000 --- a/docs/passwordreset/3.3/administration/configuring_password_reset.md +++ /dev/null @@ -1,22 +0,0 @@ -# Configuring Password Reset - -Configuring Password Reset - -# Configuring Password Reset - -In the previous section, you used Password Reset with a default configuration. You can use the -Configuration Console to edit the configuration settings. Click **Start** > **Netwrix Password -Reset** > **NPR Configuration Console**on the Password Reset Server computer to open the -Configuration Console. - -![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr_3.webp) - -Information about the configuration console tabs can be found in the following topics: - -- [General Tab](/docs/passwordreset/3.3/administration/general_tab.md) -- [Enroll Tab](/docs/passwordreset/3.3/administration/enroll_tab.md) -- [E-mail Tab](/docs/passwordreset/3.3/administration/email_tab.md) -- [Verification Tab](/docs/passwordreset/3.3/administration/verification_tab.md) -- [Security Tab](/docs/passwordreset/3.3/administration/security_tab.md) -- [Permissions Tab](/docs/passwordreset/3.3/administration/permissions_tab.md) -- [About Tab](/docs/passwordreset/3.3/administration/about_tab.md) diff --git a/docs/passwordreset/3.3/administration/installation.md b/docs/passwordreset/3.3/administration/installation.md deleted file mode 100644 index 3226b3f6df..0000000000 --- a/docs/passwordreset/3.3/administration/installation.md +++ /dev/null @@ -1,361 +0,0 @@ -# Installation - -Installation - -# Installation - -Netwrix Password Reset V3.30 is designed to run on Windows 2008 to 2019. Users access Password Reset -from a web browser, or from the Password Reset console. - -## System Requirements - -- Windows 2008\*, 2008 R2, 2012, 2012 R2, 2016, or 2019. - - \*x64 only for NPR Server and Web Interface. - -- 20 Megabytes free disk space. -- 20 Megabytes free RAM. - -## System Components - -Password Reset has two server components, and an optional client. Both server components can be -installed on one server, or they may be installed on separate servers if your web server is in a -DMZ. - -### The Web Interface - -The Web Interface is the component that users interact with. It accepts user requests, encrypts -them, and sends them to the Password Reset Server. The Web Interface must be installed on a server -running IIS 7 or later. - -### The Netwrix Password Reset Server - -The Password Reset Server is the component that performs requests on behalf of users. It receives -requests from the Web Interface, checks the user's credentials, and performs the requested task if -the credentials are valid. - -![installing_npr](/img/product_docs/passwordreset/3.3/evaluation/installing_npr.webp) - -**NOTE:** Microsoft SQL Server Compact is installed with the Password Reset Server. SQL Server -Compact is free to use, and should only be removed if you move the database to SQL Server. SQL -Server Compact is an embedded database. Unlike SQL Server, you do not need to configure or manage -it. See the [Working with the Database](/docs/passwordreset/3.3/administration/working_with_the_database.md) topic for additional -information. - -## Installation Types - -A single server installation is recommended where users will only access Password Reset from a -trusted network, including a VPN. In this installation type, the Web Interface and Password Reset -Server are both installed on the same server. The server must have access to a domain controller in -each managed domain. - -If Password Reset will be accessible from the Internet without a VPN, then it is likely that you -will want to run the Web Interface in a DMZ. A multiple server installation is recommended for this -scenario. In this installation type, the Web Interface is installed on an server in the DMZ and the -Password Reset Server is installed on another server in the internal network. A firewall rule allows -the two servers to communicate. - -You choose the installation type when installing Password Reset, but you can change it later. - -**NOTE:** An Password Reset Server can accept requests from more than one Web Interface. Having -multiple Web Interfaces allows for load balancing and failover, but you should only consider this -option if you already have redundant web servers. Most organizations only need one Web Interface. - -Password Reset can share server resources with other applications. It is normally not necessary to -dedicate a server exclusively to Password Reset. The Web Interface can be installed on an existing -web server as long as it is well secured and not overloaded. The Password Reset Server can run on an -existing member server or domain controller. - -### Single Server Installation - -Follow the steps below to install the Web Interface and Password Reset Server on a single server. - -**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). - -**Step 2 –** The Setup wizard may ask you to backup some files if an older version of Password Reset -is detected. Backup the files, and then click **Next**. - -**Step 3 –** Click **Next**. - -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. - -**Step 5 –** Select the **All Components** option, and then click **Next**. - -**Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. - -**Step 7 –** Enter a **User Name**, **Domain**, and **Password** for the Password Reset service -account. The account will be created and added to the Domain Admins group if it does not exist. - -**NOTE:** You can remove the account from the Domain Admins group later. If using an existing -account, make sure it has the required permissions. See the -[Securing Password Reset](/docs/passwordreset/3.3/administration/securing_password_reset.md) topic for additional information. - -**Step 8 –** Click **Next**. - -**Step 9 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default -**Virtual Directory** for the Web Interface. - -**NOTE:** The Web Interface should be installed in its own virtual directory. - -**Step 10 –** Click **Next** twice. - -**Step 11 –** Wait for Password Reset to install, and then click **Finish**. - -**NOTE:** The Password Reset Setup wizard installs the Password Reset Server and associated files -into the `\Program Files\NetwrixPassword Reset\` folder by default. Use the SERVERDIR parameter to -install the Password Reset Server to a different folder. For example, APR330.exe -SERVERDIR="D:\Programs\NPR\" - -### Multiple Server Installation - -Create firewall rules to allow the Web Interface and Password Reset Server to communicate if there -is a DMZ firewall between them. The Web Interface initiates a request by sending a datagram with the -following properties: - -| Web Interface Datagram | | -| ---------------------- | ---------------------------------- | -| Protocol | UDP | -| Source Address | Web Interface server's IP address | -| Source Port | Any | -| Destination address | Password Reset Server's IP address | -| Destination Port | 5100 | - -The Password Reset Server responds with a datagram that has the following properties: - -| NPR Server Datagram | | -| ------------------- | ---------------------------------- | -| Protocol | UDP | -| Source Address | Password Reset Server's IP address | -| Source Port | 5100 | -| Destination address | Web Interface server's IP address | -| Destination Port | Any | - -Install Password Reset Server on an Internal Network - -Follow the steps below to install the Password Reset Server on a server in the internal network. - -**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). - -**Step 2 –** The Setup wizard may ask you to backup some files if an older version of Password Reset -is detected. Backup the files, and then click **Next**. - -**Step 3 –** Click **Next**. - -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. - -**Step 5 –** Select the Server **Only option**, and then click **Next**. - -**Step 6 –** Type a **User Name**, **Domain**, and **Password** for the Password Reset service -account. The account will be created and added to the Domain Admins group if it does not exist. - -**NOTE:** You can remove the account from the Domain Admins group later. If using an existing -account, make sure it has the required permissions. See the -[Securing Password Reset](/docs/passwordreset/3.3/administration/securing_password_reset.md) topic for additional information. - -**Step 7 –** Make sure the **Create Windows Firewall Exception for the NPR Server service** check -box is selected, and then click **Next** twice. - -**Step 8 –** Wait for the Password Reset Server to install, and then click **Finish**. - -**NOTE:** Open UDP port 5100 on the Password Reset Server computer if a host-based firewall other -than the Windows Firewall is installed. This is needed in addition to the DMZ firewall rules -above. -The Password Reset Setup wizard installs the Password Reset Server and associated files into the -`\Program Files\Netwrix Password Reset\` folder by default. Use the SERVERDIR parameter to install -the Password Reset Server to a different folder. For example, APR330.exe -SERVERDIR="D:\Programs\NPR\" - -Install Web Interface Server in DMZ - -Follow the steps below to install the Web Interface on a server in the DMZ. - -**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). - -**Step 2 –** The Setup wizard may ask you to backup some files if an older version of Password Reset -is detected. Backup the files, and then click **Next**. - -**Step 3 –** Click **Next**. - -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. - -**Step 5 –** Select the **Web Interface Only** option, and then click **Next**. - -**Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. - -**Step 7 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default -**Virtual Directory** for the Web Interface. The Web Interface should be installed in its own -virtual directory. - -**Step 8 –** Click **Next** twice. - -**Step 9 –** Wait for the Web Interface to install, and then click **Finish**. - -**Step 10 –** Start the Registry Editor (regedit.exe). - -**Step 11 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **ANIXIS**, **ANIXIS Password -Reset**, and **3.0** registry keys. - -**Step 12 –** Set the **ServerIP** registry value to the IP address of the computer that you -installed the Password Reset Server onto. - -![installing_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/installing_npr_1.webp) - -The Password Reset Setup wizard only installs one Web Interface on each server, but you can copy the -files to another directory and publish several Web Interfaces from one server. This allows you to -present different user interfaces from each directory. The Web Interfaces all communicate with the -same NPR Server because there is only one ServerIP value. - -Follow the steps below to configure the Web Interfaces to communicate with different Password Reset -Servers. - -**Step 1 –** Start the Registry Editor (regedit.exe). - -**Step 2 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **ANIXIS**, **ANIXIS Password Reset**, -and **3.0** registry keys. - -**Step 3 –** Clear the data in the **ServerIP** registry value. - -**Step 4 –** Create a REG_SZ value for each Web Interface called ServerIP_VDIR where VDIR is the -name of the virtual directory. - -For example, if the virtual directory is called Finance, then the registry value should be called -ServerIP_Finance. - -**Step 5 –** Set each ServerIP_VDIR value to the IP address of the Password Reset Server. - -## Upgrading From NPR V3.x - -Some planning is needed to ensure a smooth upgrade from NPR V3.x. A trial run on a lab network is -recommended if you have not installed NPR before. - -### Before You Begin - -The database files are not overwritten during an upgrade, but you should still create a backup -before upgrading. See the -[Backing up the Database](working_with_the_database.md#backing-up-the-database) topic for additional -information. - -**The Web Interface files are overwritten during an upgrade. You must backup any customized Web -Interface files before upgrading**. The Web Interface files are installed in the -`\Inetpub\wwwroot\pwreset\` folder by default. - -**NOTE:** A full backup of the NPR server(s) is recommended. This allows you to roll back to the -previous version if the upgrade cannot be completed. -You may need to restart Windows after upgrading. - -If Password Reset was originally installed by someone else and you do not have their installation -notes, then read the Installation topic before you begin. Also make sure you know the password for -the Password Reset Server service account as you will need it during the upgrade. - -### Upgrading to V3.3 - -Start the Password Reset Setup wizard (APR330.exe) and follow the prompts. The Setup wizard -uninstalls the previous version, so there is no need to manually uninstall it. - -If the Password Reset Server and Web Interface are installed on different servers, then upgrade all -servers before using the new version. The Password Reset Server and Web Interface are only tested -with matching versions. - -Restore any customized Web Interface files after upgrading. Do not restore APR.dll from the backup -as it belongs to the previous version. You should keep a copy of the original Web Interface files -and compare them with the files from the previous version using a file comparison tool. Any changes -between versions should be merged into your customized files. - -The Password Reset V3.30 data console does not read the VerificationCode or EnrollRecord columns -from the User table on SQL Server. Access to these columns can be denied for Data Console users -after upgrading all instances of the Data Console. See the -[Using the Data Console](/docs/passwordreset/3.3/administration/using_the_data_console.md) topic for additional information. - -## Upgrading From NPR V2.x - -As this is a major upgrade with many changes, some planning is needed to ensure a smooth upgrade. A -trial run on a lab network is recommended, especially if you are customizing the user interface. See -the [Editing the HTML Templates](/docs/passwordreset/3.3/administration/editing_the_html_templates.md) topic for additional information. - -**CAUTION:** Due to a protocol upgrade, Netwrix Password Reset v3.3 is not compatible with Netwrix -Password Policy Enforcer v8.x and earlier versions. If you are using Netwrix Password Reset with any -of those older Netwrix Password Policy Enforcer versions, please consider upgrading Netwrix Password -Policy Enforcer first to a current version, and only then upgrade Netwrix Password Reset to v3.3 (or -later). - -### Before You Begin - -**Step 1 –** Backup the NPR V2.x server(s). - -**Step 2 –** Close the Data Console if it is open. - -**Step 3 –** Stop the Netwrix Password Reset service and backing up the database. See the -[Backing up the Database](working_with_the_database.md#backing-up-the-database) topic for additional -information. - -### Upgrading to V3.23 - -**Step 1 –** Follow the steps for either Single Server Installation or Multiple Server Installation. -If the Web Interface is on a different server, then upgrade it as well. - -**Step 2 –** Open the Data Console, and check the Audit Log and User tabs to make sure the data was -imported. - -**Step 3 –** Open NPR in a web browser and test the Enroll, Reset, and Change features. - -**Step 4 –** Install your new license key if you have a perpetual license. - -**Step 5 –** Update the Client license key if you have a perpetual license. - -## Other Tasks - -Move Database files - -The database files are created in the installation folder when NPR is first installed. The default -installation folder for NPR V2.x was below the Program Files (x86) folder, but in NPR V3.3 it is -below the Program Files folder. The database files are not moved automatically during an upgrade, so -you should move them to the new installation folder (or a different folder) after upgrading. - -Follow the steps below to move the database files to the `\Program Files\Netwrix Password Reset\` -folder. - -**Step 1 –** Close the Data Console if it is open. - -**Step 2 –** Stop the Netwrix Password Reset service. - -**Step 3 –** Move apr.sdf and aprlog.sdf from the \Program Files (x86)\Netwrix Password Reset\ -folder to the \Program Files\Netwrix Password Reset\ folder. - -**Step 4 –** Open the Configuration Console. - -**Step 5 –** Click the **General** tab. - -**Step 6 –** Click **Change...** - -**Step 7 –** Click **Browse...** and then browse to the \Program Files\Netwrix Password Reset\ -folder. - -**Step 8 –** Click **OK** twice, and then click **Apply**. - -**Step 9 –** Start the Netwrix Password Reset service. - -**Step 10 –** Update the backup script to copy from the new folder. See the -[Backing up the Database](working_with_the_database.md#backing-up-the-database) topic for additional -information. - -Configure Password Reset Client to use IE11 emulation mode - -Older versions of the Password Reset Client display pages in Internet Explorer 7 emulation mode. -This mode cannot display the new HTML templates correctly. You can upgrade the Password Reset Client -to the latest version, or configure existing installations to use IE 11 mode. This only works on -Windows Vista and later with IE 9 or later. - -Follow the steps below to configure the Password Reset Client to use IE 11 mode. - -**Step 1 –** Start the Registry Editor (regedit.exe). - -**Step 2 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **Microsoft**, **Internet Explorer**, -**MAIN**, **FeatureControl**, and **FEATURE_BROWSER_EMULATION** registry keys. - -**Step 3 –** Create a new DWORD value called **LogonUI.exe**, and set it to 2AF8 (hex). - -Create this registry value on all the Password Reset Client computers. IE 11 mode can be requested -even if the computer is running an older version of IE. diff --git a/docs/passwordreset/3.3/administration/password_reset_client.md b/docs/passwordreset/3.3/administration/password_reset_client.md deleted file mode 100644 index 3184af23ef..0000000000 --- a/docs/passwordreset/3.3/administration/password_reset_client.md +++ /dev/null @@ -1,244 +0,0 @@ -# Password Reset Client - -Password Reset Client - -# Password Reset Client - -The Password Reset Client allows users to securely reset their password or unlock their account from -the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password -Reset system. - -![the_password_reset_client](/img/product_docs/passwordreset/3.3/administration/the_password_reset_client.webp) - -**NOTE:** The Password Reset Client does not modify any Windows system files. - -## Installing the PRC - -The Password Reset Client is designed to run on Windows XP to Windows 10, and Server 2003 to -Server 2019. The PRC is compatible with Remote Desktop Services on these operating systems. Support -for Windows XP and Server 2003 is depreciated because the PRC uses Internet Explorer for page -rendering, and Internet Explorer 8 has very limited support for HTML5. Send an e-mail to -[support@netwrix.com ](mailto:support@netwrix.com)if you need to use the Password Reset Client with -these older operating systems. - -### System Requirements - -- Windows Vista, 7, 8, 8.1, or 10. - Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, or 2019. - Windows XP, Server 2003, or 2003 R2 (depreciated). -- 1 Megabyte free disk space. -- 128 Kilobytes free RAM (per session if using Remote Desktop Services). - -You can install the PRC manually if you only have a few computers, but it is easier to perform an -automated installation if you have many computers. Follow the instructions below to perform an -automated installation with Group Policy. - -### Create a Distribution Point - -A distribution point can either be a UNC path to a server share, or a DFS (Distributed File System) -path. Organizations with large, multi-site networks should use DFS as it offers fault tolerance and -load sharing. To create a PRC distribution point: - -**Step 1 –** Log on to a server as an administrator. - -**Step 2 –** Create a shared network folder to distribute the files from. - -**Step 3 –** Give the Domain Computers security group read access to the share, and limit write -access to authorized personnel only. - -**Step 4 –** Copy NPRClt330.msi into the distribution point folder. - -**NOTE:** NPRClt330.msi is in the Client folder below the Netwrix Server's installation folder. -(`\Program Files\Netwrix Password Reset\` by default). - -**Step 5 –** Give the Domain Computers security group read access to the NPRClt330.msi file in the -distribution point. - -### Create a Group Policy Object - -**Step 1 –** Start the Group Policy Management Console (gpmc.msc). - -**Step 2 –** Expand the forest and domain items in the left pane. - -**Step 3 –** Right-click the domain root node in the left pane, and then click **Create a GPO in -this domain, and Link it here...** - -**Step 4 –** Enter **Password Reset Client**, then press **ENTER**. - -![the_password_reset_client_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1.webp) - -### Edit the Group Policy Object - -**Step 1 –** **Right-**Click the **Password Reset Client GPO**, then click the Edit**...** button. - -**Step 2 –** Expand the **Computer Configuration**, **Policies**, and **Software Settings** items in -the left pane. - -**Step 3 –** **Right-Click** the **Software installation** item, and then select **New** > -**Package**. - -**Step 4 –** Enter the full UNC path to NPRClt330.msi in the Open dialog box. - -**NOTE:** You must enter a UNC path so that other computers can access this file over the network. -For example, \\file server\distributionpointshare\NPRClt330.msi - -**Step 5 –** Click **Open**. - -**Step 6 –** Select the **Assigned deployment** method, then click **OK**. - -**Step 7 –** Close the Group Policy Management Editor. - -### Complete the Installation - -Restart each computer to complete the installation. Windows installs the Password Reset Client -during startup. The computer may restart itself automatically to complete the installation. - -**NOTE:** Computers with Fast Logon Optimization enabled may not install the Password Reset Client -during the first restart. These computers perform a background refresh of Group Policy, and will -install the client on the first restart after the refresh. See the Microsoft Description of the -[Windows Fast Logon Optimization feature](https://support.microsoft.com/en-us/topic/description-of-the-windows-fast-logon-optimization-feature-9ca41d24-0210-edd8-08b0-21b772c534b7) -article for additional information on the Fast Logon Optimization feature. - -## Configuring the PRC - -You must install an Active Directory administrative template to configure the Password Reset Client. -The administrative template only has to be installed once. - -Install PRC Administrative Template - -Follow the steps below to install the PRC administrative template. - -**Step 1 –** Use the Group Policy Management Console (gpmc.msc) to display the GPOs linked at the -domain level. - -**Step 2 –** **Right-click** the **Password Reset Client** GPO, and then **click** the -**Edit...**button. - -**Step 3 –** Expand the **Computer Configuration** item. - -**Step 4 –** Expand the **Policies** item if it is visible. - -**Step 5 –** **Right-click** the **Administrative Templates** item, and then click **Add/Remove -Templates...** - -**Step 6 –** Click **Add...** and then browse to the Client folder below the Password Reset Server's -installation folder. (`\Program Files\Netwrix Password Reset\` by default). - -**Step 7 –** Select **NPRClt.adm**, and then click **Open**. - -![the_password_reset_client_2](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_2.webp) - -**Step 8 –** Click **Close**. - -Configure the PRC - -Follow the steps below to configure the Password Reset Client. - -**Step 1 –** Use the Group Policy Management Console (gpmc.msc) to display the GPOs linked at the -domain level. - -**Step 2 –** **Right-click** the **Password Reset Client** GPO, then click the **Edit...** button. - -**Step 3 –** Expand the **Computer Configuration, Policies** (if it exists), **Administrative -Templates**, **Classic Administrative Templates (ADM)**, **Netwrix Password Reset**, and **Password -Reset Client** items. - -![the_password_reset_client_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_3.webp) - -**Step 4 –** Double-click the **Browser settings** item in the right pane of the Group Policy -Management Editor. - -![the_password_reset_client_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_4.webp) - -**Step 5 –** Select the **Enabled**option. - -**Step 6 –** Enter the desired **Width** and **Height** of the PRC browser window. - -**NOTE:** Set the Width and Height to 0 to have the PRC calculate an appropriate size. - -**Step 7 –** Enter the **Start address** (URL) of the Password Reset system. The URL should point to -the Password Reset menu or reset page. - -**NOTE:** The Start address should follow this format: -`HTTPS://(your domain or IP address)/pwrest/en_default.htm` -This format helps ensure that the URL points to the correct location on your Password Reset server. - -**Step 8 –** Enter a **Restricted path** (URL) to stop users from following links to other sites -from the Password Reset Client browser. - -**NOTE:** The Restricted path should follow this format: -`HTTPS://(your domain or IP address)/pwrest/` -This will help prevent users from navigating to untrusted sites within the Password Reset Client. - -**Step 9 –** Click **OK**. - -**Step 10 –** Close the Group Policy Management Editor. - -The new PRC configuration is applied to all computers in the domain. This does not happen -immediately, as Windows takes some time to apply the changes to Group Policy. You can force an -immediate refresh of Group Policy on the local computer with the following command: gpupdate -/target:computer - -The Password Reset Client only opens URLs with .dll, .htm, and .html extensions. URLs without a -filename are not opened. The PRC also blocks some page content, including audio and video files, -ActiveX controls and Java applets. Send an e-mail to -[support@netwrix.com ](mailto:support@netwrix.com)if you need to change the default filename and -content restrictions. - -**CAUTION:** Users may follow links to untrusted sites if the Password Reset user interface or -server error pages contain external links. This is a security risk because the Password Reset Client -runs under the context of the local system account. Specify a restricted path to stop users from -following links to other sites from the Password Reset Client. The start address and restricted path -should both begin with https:// - -**NOTE:** The **Enable Password Reset Client**, **Always show reset link**, and **Dialog attachment -delay** are automatically set by the Password Reset Client, and are normally left in their default -(Not configured) state. -The administrative template contains detailed information about all the PRC configuration settings. -This information is shown on the **Help** box. The **Help** box is shown after you double-click one -of the configuration settings in the left pane. - -## Licensing the PRC - -Follow the steps below to add a license key to the PRC configuration. - -**Step 1 –** Open the **Configuration Console** and install your license key. - -**Step 2 –** Start the **Registry Editor** (regedit.exe). - -**Step 3 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **ANIXIS**, **ANIXIS Password Reset**, -and **3.0** registry keys. - -**NOTE:** The LicenseKey registry value should be located on the Password Reset Server. This is the -machine where you have installed the Password Reset server component, not the client machines. - -**Step 4 –** Double-click the **LicenseKey** value, and then copy the entire license key to the -clipboard. - -**Step 5 –** Use the Group Policy Management Console (gpmc.msc) to display the GPOs linked at the -domain level. - -**Step 6 –** Right-click the **Password Reset Client** GPO, then click the **Edit...** button. - -**Step 7 –** Expand the **Computer Configuration**, **Policies** (if it exists), **Administrative -Templates**, **Classic Administrative Templates (ADM)**, **Netwrix Password Reset**, and **Password -Reset Client** items. - -**Step 8 –** Double-click the **License key** item in the Left pane of the Group Policy Management -Editor. - -**Step 9 –** Select the **Enabled** option. - -**Step 10 –** Click inside the **License key** text box, then paste the license key. - -![the_password_reset_client_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_5.webp) - -**Step 11 –** Click **OK**. - -**Step 12 –** Close the Group Policy Management Editor. - -The license key is applied to all computers in the domain. This does not happen immediately, as -Windows takes some time to apply the changes to Group Policy. You can force an immediate refresh of -Group Policy on the local computer with the following command: - -`gpupdate /target:computer` diff --git a/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md b/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md index cf3a982cb7..5556f178a3 100644 --- a/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md +++ b/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md @@ -20,7 +20,7 @@ If you do not want to enable the API because your Web Interface is accessible fr then you could leave the API disabled on your Internet-facing Web Interface and set up an internal Web Interface for API queries. Use the ServerIP registry value to point both Web Interfaces to the same NPR Server, and enable the API only on the internal server. See the -[Multiple Server Installation](installation.md#multiple-server-installation) topic for more +[Multiple Server Installation](/docs/passwordreset/3.3/administrationoverview/installation.md#multiple-server-installation) topic for more information. Follow the steps below to enable the API. diff --git a/docs/passwordreset/3.3/administration/using_password_reset.md b/docs/passwordreset/3.3/administration/using_password_reset.md deleted file mode 100644 index d86619c950..0000000000 --- a/docs/passwordreset/3.3/administration/using_password_reset.md +++ /dev/null @@ -1,160 +0,0 @@ -# Using Password Reset - -Using Password Reset - -# Using Password Reset - -Netwrix Password Policy Enforcer is a web application. Users can access it from a web browser, or -from the Password Reset Client. The default URL for the Web Interface -is:` http://[server]/pwreset/` -See the [Password Reset Client](/docs/passwordreset/3.3/administration/password_reset_client.md) topic for more information. - -You can use URL parameters to open a specific page, and to set the user and domain names. For -example: `http://[server]/pwreset/apr.dll? cmd=enroll&username=johnsmith&domain=CORP` - -Where [server] is the name or IP address of the server hosting the Web Interface. - -![using_npr](/img/product_docs/passwordreset/3.3/administration/using_npr_1.webp) - -Users access the Enroll, Reset, Unlock, and Change features from the menu. These features are -explained on the following pages. - -**CAUTION:** The connection between the Web Interface and Password Reset Server is always encrypted. -Install an SSL certificate on the web server and use HTTPS to encrypt connections from the browser -to the web server. See the -[Installing and Using an SSL Certificate](securing_password_reset.md#installing-and-using-an-ssl-certificate) -topic for more information. - -## Enroll - -Only enrolled users can reset their password and unlock their account. Users can enroll manually by -answering some questions about themselves, or they can be enrolled automatically if automatic -enrollment is enabled. Users only need to enroll once, but they can enroll again if they are locked -out of Password Reset, or if they want to change their questions or answers. See the -[Verification Codes](verification_tab.md#verification-codes) and -[Verification Tab](/docs/passwordreset/3.3/administration/verification_tab.md) topics for more information. - -Follow the steps below to manually enroll into Password Reset. - -**Step 1 –** Click the **Enroll** item in the menu. - -![using_npr_0](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1_1.webp) - -**Step 2 –** Type a **Username**, **Domain**, and **Password**. - -**Step 3 –** Type an e-mail address if the **E-mail** text box is visible. See the -[Options](enroll_tab.md#options) topic for more information. - -**Step 4 –** Select a question from each of the **Question** drop-down lists, and type an answer to -each question in the **Answer** text boxes. - -**Step 5 –** Click **Next**, and then click **OK** to return to the menu. - -**NOTE:** Windows increments the bad password count in Active Directory when a user tries to enroll -with an incorrect password. This may trigger a lockout if the Windows account lockout policy is -enabled. - -## Reset - -Users should use the Reset feature if they have forgotten their password. Resetting a password also -unlocks the account if it is locked. - -Follow the steps below to reset an account password. - -**Step 1 –** Click the **Reset** item in the menu. - -![using_npr_1](/img/product_docs/passwordreset/3.3/administration/using_npr_1.webp) - -**Step 2 –** Type a **Username** and **Domain**, and then click **Next**. - -![using_npr_2](/img/product_docs/passwordreset/3.3/administration/using_npr_2.webp) - -**Step 3 –** Type the **Answer** to the first question, and then click **Next**. Repeat until all -questions are answered correctly. - -![using_npr_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_3.webp) - -**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your -phone by e-mail or SMS. Type the **Code**, and then click **Next**. - -![using_npr_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_5.webp) - -**Step 5 –** Type the new **Password** into both text boxes, and then click **Next**. - -![using_npr_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_6.webp) - -**Step 6 –** Click **OK** to return to the menu. - -## Unlock - -Users should use the Unlock feature if they know their password, but have entered it incorrectly too -many times and locked out their account. - -Follow the steps below to unlock an account. - -**Step 1 –** Click the **Unlock** item in the menu. - -![using_npr_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_7.webp) - -**Step 2 –** Type a **Username** and **Domain**, and then click **Next**. - -![using_npr_4](/img/product_docs/passwordreset/3.3/administration/using_npr_4.webp) - -**Step 3 –** Type the **Answer** to the first question, and then click **Next**. Repeat until all -questions are answered correctly. - -![using_npr_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_8.webp) - -**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your -phone by e-mail or SMS. Type the **Code**, and then click **Next**. - -![using_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) - -**Step 5 –** Click **OK** to return to the menu. - -**NOTE:** The Unlock feature unlocks accounts in Active Directory. Users who are locked out of -Password Reset should re-enroll to gain access to Password Reset. See the -[Verification Codes](verification_tab.md#verification-codes) topic for more information. - -## Change - -Users should use the Change feature if they know their password and would like to change it. - -Follow the steps below to change an account password. - -**Step 1 –** Click the **Change** item in the menu. - -![using_npr_10](/img/product_docs/passwordreset/3.3/administration/using_npr_10.webp) - -**Step 2 –** Type a **Username** and **Domain**, and then click **Next**. - -![using_npr_11](/img/product_docs/passwordreset/3.3/administration/using_npr_11.webp) - -**Step 3 –** Type the **Old Password**, **New Password**, and **Confirm Password**, and then click -**Next**. - -**Step 4 –** Click **OK** to return to the menu. - -**NOTE:** Windows increments the bad password count in Active Directory when a user tries to change -their password with an incorrect password. This may trigger a lockout if the Windows account lockout -policy is enabled. - -## Error Messages - -Validation errors are shown in a red box below the page instructions. Validation errors are normally -caused by invalid user input. They can often be overcome by changing the value of one or more input -fields and resubmitting the form. - -![using_npr_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_12.webp) - -Critical errors are shown on their own page. These errors are mostly a result of configuration or -system errors. An event may be written to the Windows Application event log on the Password Reset -Server computer when a critical error occurs. Users can sometimes overcome a critical error by -following the instructions in the error message, but most critical errors are beyond the user's -control. - -![using_npr_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) - -Validation and critical error messages are stored in the HTML templates. You can modify the default -messages by editing the templates. See the -[Resource Strings](editing_the_html_templates.md#resource-strings) topic for more information. diff --git a/docs/passwordreset/3.3/administrationoverview/_category_.json b/docs/passwordreset/3.3/administrationoverview/_category_.json new file mode 100644 index 0000000000..4865c25aab --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Administration", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "administration_overview" + } +} \ No newline at end of file diff --git a/docs/passwordreset/3.3/administration/administration_overview.md b/docs/passwordreset/3.3/administrationoverview/administration_overview.md similarity index 84% rename from docs/passwordreset/3.3/administration/administration_overview.md rename to docs/passwordreset/3.3/administrationoverview/administration_overview.md index 7567a5b81a..7c5bbd02f9 100644 --- a/docs/passwordreset/3.3/administration/administration_overview.md +++ b/docs/passwordreset/3.3/administrationoverview/administration_overview.md @@ -1,3 +1,9 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 20 +--- + # Administration Administration @@ -27,12 +33,12 @@ Identifying staff over the phone can be difficult, especially in large organizat identifies users by asking them to answer some questions about themselves, and optionally by sending a verification code to their mobile phone. Incorrect answers are logged, and you can configure Password Reset to automatically lock out users who give too many incorrect answers. See the -[Configuring Password Reset](/docs/passwordreset/3.3/administration/configuring_password_reset.md) topic for additional information. +[Configuring Password Reset](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md) topic for additional information. ## Higher Availability Password Reset is ready to respond to password management requests at any hour of the day and night. It takes only minutes to install, and can handle thousands of requests every hour. -The [Evaluation](/docs/passwordreset/3.3/evaluation/evaluation_overview.md) topic contains step-by-step instructions to +The [Evaluation](/docs/passwordreset/3.3/evaluationoverview/evaluation_overview.md) topic contains step-by-step instructions to help you quickly install, configure, and evaluate Password Reset. diff --git a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/_category_.json b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/_category_.json new file mode 100644 index 0000000000..890f9222a2 --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuring Password Reset", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "configuring_password_reset" + } +} \ No newline at end of file diff --git a/docs/passwordreset/3.3/administration/about_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/about_tab.md similarity index 89% rename from docs/passwordreset/3.3/administration/about_tab.md rename to docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/about_tab.md index 1c95cd4782..67a112ea8e 100644 --- a/docs/passwordreset/3.3/administration/about_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/about_tab.md @@ -1,3 +1,9 @@ +--- +title: "About Tab" +description: "About Tab" +sidebar_position: 70 +--- + # About Tab About Tab diff --git a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md new file mode 100644 index 0000000000..04f6956170 --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md @@ -0,0 +1,28 @@ +--- +title: "Configuring Password Reset" +description: "Configuring Password Reset" +sidebar_position: 30 +--- + +# Configuring Password Reset + +Configuring Password Reset + +# Configuring Password Reset + +In the previous section, you used Password Reset with a default configuration. You can use the +Configuration Console to edit the configuration settings. Click **Start** > **Netwrix Password +Reset** > **NPR Configuration Console**on the Password Reset Server computer to open the +Configuration Console. + +![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr_3.webp) + +Information about the configuration console tabs can be found in the following topics: + +- [General Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md) +- [Enroll Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/enroll_tab.md) +- [E-mail Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md) +- [Verification Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/verification_tab.md) +- [Security Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/security_tab.md) +- [Permissions Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/permissions_tab.md) +- [About Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/about_tab.md) diff --git a/docs/passwordreset/3.3/administration/email_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md similarity index 95% rename from docs/passwordreset/3.3/administration/email_tab.md rename to docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md index dd94c60191..d07d22d265 100644 --- a/docs/passwordreset/3.3/administration/email_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md @@ -1,3 +1,9 @@ +--- +title: "E-mail Tab" +description: "E-mail Tab" +sidebar_position: 30 +--- + # E-mail Tab E-mail Tab @@ -80,5 +86,5 @@ understand their e-mail alerts. in the Web Interface language chosen by the attacker if the target user has not enrolled or changed their password with Password Reset. The target user will receive the e-mail alerts, but they may not understand them. Use the Rest API to remind new users to enroll so their preferred language is known -to Password Reset. See the [Enabling the API](persuading_users_to_enroll.md#enabling-the-api) topic +to Password Reset. See the [Enabling the API](/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md#enabling-the-api) topic for additional information. diff --git a/docs/passwordreset/3.3/administration/enroll_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/enroll_tab.md similarity index 93% rename from docs/passwordreset/3.3/administration/enroll_tab.md rename to docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/enroll_tab.md index bcaf243495..85bf40bef0 100644 --- a/docs/passwordreset/3.3/administration/enroll_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/enroll_tab.md @@ -1,3 +1,9 @@ +--- +title: "Enroll Tab" +description: "Enroll Tab" +sidebar_position: 20 +--- + # Enroll Tab Enroll Tab @@ -39,7 +45,7 @@ Follow the steps below to remove a question from the list. **NOTE:** You can rearrange questions by dragging them. You can also replace question lists with text boxes so users can enter their own questions. See the -[Editing the HTML Templates](/docs/passwordreset/3.3/administration/editing_the_html_templates.md) document for more information +[Editing the HTML Templates](/docs/passwordreset/3.3/administrationoverview/editing_the_html_templates.md) document for more information ### Options diff --git a/docs/passwordreset/3.3/administration/general_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md similarity index 95% rename from docs/passwordreset/3.3/administration/general_tab.md rename to docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md index 27acf91695..87833b42b9 100644 --- a/docs/passwordreset/3.3/administration/general_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md @@ -1,3 +1,9 @@ +--- +title: "General Tab" +description: "General Tab" +sidebar_position: 10 +--- + # General Tab General Tab @@ -66,10 +72,10 @@ files in their new location. **Step 8 –** Start the Password Reset service. **Step 9 –** Update the backup script to copy from the new folder. See the -[Working with the Database](/docs/passwordreset/3.3/administration/working_with_the_database.md) topic for additional information. +[Working with the Database](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md) topic for additional information. You can also move the database from SQL Server Compact to SQL Server. See the -[Working with the Database](/docs/passwordreset/3.3/administration/working_with_the_database.md) topic for more information. +[Working with the Database](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md) topic for more information. ### Netwrix Password Policy Enforcer diff --git a/docs/passwordreset/3.3/administration/permissions_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/permissions_tab.md similarity index 92% rename from docs/passwordreset/3.3/administration/permissions_tab.md rename to docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/permissions_tab.md index bde52058c0..7d7969cfed 100644 --- a/docs/passwordreset/3.3/administration/permissions_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/permissions_tab.md @@ -1,3 +1,9 @@ +--- +title: "Permissions Tab" +description: "Permissions Tab" +sidebar_position: 60 +--- + # Permissions Tab Permissions Tab diff --git a/docs/passwordreset/3.3/administration/security_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/security_tab.md similarity index 98% rename from docs/passwordreset/3.3/administration/security_tab.md rename to docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/security_tab.md index 55a19134b7..d38df0e177 100644 --- a/docs/passwordreset/3.3/administration/security_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/security_tab.md @@ -1,3 +1,9 @@ +--- +title: "Security Tab" +description: "Security Tab" +sidebar_position: 50 +--- + # Security Tab Security Tab diff --git a/docs/passwordreset/3.3/administration/verification_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/verification_tab.md similarity index 98% rename from docs/passwordreset/3.3/administration/verification_tab.md rename to docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/verification_tab.md index 501a8d3da5..0b23987a4e 100644 --- a/docs/passwordreset/3.3/administration/verification_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/verification_tab.md @@ -1,3 +1,9 @@ +--- +title: "Verification Tab" +description: "Verification Tab" +sidebar_position: 40 +--- + # Verification Tab Verification Tab diff --git a/docs/passwordreset/3.3/administration/editing_the_html_templates.md b/docs/passwordreset/3.3/administrationoverview/editing_the_html_templates.md similarity index 97% rename from docs/passwordreset/3.3/administration/editing_the_html_templates.md rename to docs/passwordreset/3.3/administrationoverview/editing_the_html_templates.md index 6ccd116fb6..fbc12097e7 100644 --- a/docs/passwordreset/3.3/administration/editing_the_html_templates.md +++ b/docs/passwordreset/3.3/administrationoverview/editing_the_html_templates.md @@ -1,3 +1,9 @@ +--- +title: "Editing the HTML Templates" +description: "Editing the HTML Templates" +sidebar_position: 70 +--- + # Editing the HTML Templates Editing the HTML Templates @@ -187,7 +193,7 @@ message invites the user to enroll so they can also use the reset and unlock fea When users enroll into Password Reset, they choose their questions from the Question List. You can replace some or all of the question lists with text boxes so users can enter their own questions. -See the [Question List](enroll_tab.md#question-list) topic for additional information. +See the [Question List](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/enroll_tab.md#question-list) topic for additional information. The lines you need to edit in en_enroll.htm look like this: diff --git a/docs/passwordreset/3.3/administrationoverview/installation.md b/docs/passwordreset/3.3/administrationoverview/installation.md new file mode 100644 index 0000000000..fc50e88ca2 --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/installation.md @@ -0,0 +1,367 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 10 +--- + +# Installation + +Installation + +# Installation + +Netwrix Password Reset V3.30 is designed to run on Windows 2008 to 2019. Users access Password Reset +from a web browser, or from the Password Reset console. + +## System Requirements + +- Windows 2008\*, 2008 R2, 2012, 2012 R2, 2016, or 2019. + + \*x64 only for NPR Server and Web Interface. + +- 20 Megabytes free disk space. +- 20 Megabytes free RAM. + +## System Components + +Password Reset has two server components, and an optional client. Both server components can be +installed on one server, or they may be installed on separate servers if your web server is in a +DMZ. + +### The Web Interface + +The Web Interface is the component that users interact with. It accepts user requests, encrypts +them, and sends them to the Password Reset Server. The Web Interface must be installed on a server +running IIS 7 or later. + +### The Netwrix Password Reset Server + +The Password Reset Server is the component that performs requests on behalf of users. It receives +requests from the Web Interface, checks the user's credentials, and performs the requested task if +the credentials are valid. + +![installing_npr](/img/product_docs/passwordreset/3.3/evaluation/installing_npr.webp) + +**NOTE:** Microsoft SQL Server Compact is installed with the Password Reset Server. SQL Server +Compact is free to use, and should only be removed if you move the database to SQL Server. SQL +Server Compact is an embedded database. Unlike SQL Server, you do not need to configure or manage +it. See the [Working with the Database](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md) topic for additional +information. + +## Installation Types + +A single server installation is recommended where users will only access Password Reset from a +trusted network, including a VPN. In this installation type, the Web Interface and Password Reset +Server are both installed on the same server. The server must have access to a domain controller in +each managed domain. + +If Password Reset will be accessible from the Internet without a VPN, then it is likely that you +will want to run the Web Interface in a DMZ. A multiple server installation is recommended for this +scenario. In this installation type, the Web Interface is installed on an server in the DMZ and the +Password Reset Server is installed on another server in the internal network. A firewall rule allows +the two servers to communicate. + +You choose the installation type when installing Password Reset, but you can change it later. + +**NOTE:** An Password Reset Server can accept requests from more than one Web Interface. Having +multiple Web Interfaces allows for load balancing and failover, but you should only consider this +option if you already have redundant web servers. Most organizations only need one Web Interface. + +Password Reset can share server resources with other applications. It is normally not necessary to +dedicate a server exclusively to Password Reset. The Web Interface can be installed on an existing +web server as long as it is well secured and not overloaded. The Password Reset Server can run on an +existing member server or domain controller. + +### Single Server Installation + +Follow the steps below to install the Web Interface and Password Reset Server on a single server. + +**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). + +**Step 2 –** The Setup wizard may ask you to backup some files if an older version of Password Reset +is detected. Backup the files, and then click **Next**. + +**Step 3 –** Click **Next**. + +**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and +then click **Next** if you accept all the terms. + +**Step 5 –** Select the **All Components** option, and then click **Next**. + +**Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. + +**Step 7 –** Enter a **User Name**, **Domain**, and **Password** for the Password Reset service +account. The account will be created and added to the Domain Admins group if it does not exist. + +**NOTE:** You can remove the account from the Domain Admins group later. If using an existing +account, make sure it has the required permissions. See the +[Securing Password Reset](/docs/passwordreset/3.3/administrationoverview/securing_password_reset.md) topic for additional information. + +**Step 8 –** Click **Next**. + +**Step 9 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default +**Virtual Directory** for the Web Interface. + +**NOTE:** The Web Interface should be installed in its own virtual directory. + +**Step 10 –** Click **Next** twice. + +**Step 11 –** Wait for Password Reset to install, and then click **Finish**. + +**NOTE:** The Password Reset Setup wizard installs the Password Reset Server and associated files +into the `\Program Files\NetwrixPassword Reset\` folder by default. Use the SERVERDIR parameter to +install the Password Reset Server to a different folder. For example, APR330.exe +SERVERDIR="D:\Programs\NPR\" + +### Multiple Server Installation + +Create firewall rules to allow the Web Interface and Password Reset Server to communicate if there +is a DMZ firewall between them. The Web Interface initiates a request by sending a datagram with the +following properties: + +| Web Interface Datagram | | +| ---------------------- | ---------------------------------- | +| Protocol | UDP | +| Source Address | Web Interface server's IP address | +| Source Port | Any | +| Destination address | Password Reset Server's IP address | +| Destination Port | 5100 | + +The Password Reset Server responds with a datagram that has the following properties: + +| NPR Server Datagram | | +| ------------------- | ---------------------------------- | +| Protocol | UDP | +| Source Address | Password Reset Server's IP address | +| Source Port | 5100 | +| Destination address | Web Interface server's IP address | +| Destination Port | Any | + +Install Password Reset Server on an Internal Network + +Follow the steps below to install the Password Reset Server on a server in the internal network. + +**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). + +**Step 2 –** The Setup wizard may ask you to backup some files if an older version of Password Reset +is detected. Backup the files, and then click **Next**. + +**Step 3 –** Click **Next**. + +**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and +then click **Next** if you accept all the terms. + +**Step 5 –** Select the Server **Only option**, and then click **Next**. + +**Step 6 –** Type a **User Name**, **Domain**, and **Password** for the Password Reset service +account. The account will be created and added to the Domain Admins group if it does not exist. + +**NOTE:** You can remove the account from the Domain Admins group later. If using an existing +account, make sure it has the required permissions. See the +[Securing Password Reset](/docs/passwordreset/3.3/administrationoverview/securing_password_reset.md) topic for additional information. + +**Step 7 –** Make sure the **Create Windows Firewall Exception for the NPR Server service** check +box is selected, and then click **Next** twice. + +**Step 8 –** Wait for the Password Reset Server to install, and then click **Finish**. + +**NOTE:** Open UDP port 5100 on the Password Reset Server computer if a host-based firewall other +than the Windows Firewall is installed. This is needed in addition to the DMZ firewall rules +above. +The Password Reset Setup wizard installs the Password Reset Server and associated files into the +`\Program Files\Netwrix Password Reset\` folder by default. Use the SERVERDIR parameter to install +the Password Reset Server to a different folder. For example, APR330.exe +SERVERDIR="D:\Programs\NPR\" + +Install Web Interface Server in DMZ + +Follow the steps below to install the Web Interface on a server in the DMZ. + +**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). + +**Step 2 –** The Setup wizard may ask you to backup some files if an older version of Password Reset +is detected. Backup the files, and then click **Next**. + +**Step 3 –** Click **Next**. + +**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and +then click **Next** if you accept all the terms. + +**Step 5 –** Select the **Web Interface Only** option, and then click **Next**. + +**Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. + +**Step 7 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default +**Virtual Directory** for the Web Interface. The Web Interface should be installed in its own +virtual directory. + +**Step 8 –** Click **Next** twice. + +**Step 9 –** Wait for the Web Interface to install, and then click **Finish**. + +**Step 10 –** Start the Registry Editor (regedit.exe). + +**Step 11 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **ANIXIS**, **ANIXIS Password +Reset**, and **3.0** registry keys. + +**Step 12 –** Set the **ServerIP** registry value to the IP address of the computer that you +installed the Password Reset Server onto. + +![installing_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/installing_npr_1.webp) + +The Password Reset Setup wizard only installs one Web Interface on each server, but you can copy the +files to another directory and publish several Web Interfaces from one server. This allows you to +present different user interfaces from each directory. The Web Interfaces all communicate with the +same NPR Server because there is only one ServerIP value. + +Follow the steps below to configure the Web Interfaces to communicate with different Password Reset +Servers. + +**Step 1 –** Start the Registry Editor (regedit.exe). + +**Step 2 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **ANIXIS**, **ANIXIS Password Reset**, +and **3.0** registry keys. + +**Step 3 –** Clear the data in the **ServerIP** registry value. + +**Step 4 –** Create a REG_SZ value for each Web Interface called ServerIP_VDIR where VDIR is the +name of the virtual directory. + +For example, if the virtual directory is called Finance, then the registry value should be called +ServerIP_Finance. + +**Step 5 –** Set each ServerIP_VDIR value to the IP address of the Password Reset Server. + +## Upgrading From NPR V3.x + +Some planning is needed to ensure a smooth upgrade from NPR V3.x. A trial run on a lab network is +recommended if you have not installed NPR before. + +### Before You Begin + +The database files are not overwritten during an upgrade, but you should still create a backup +before upgrading. See the +[Backing up the Database](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md#backing-up-the-database) topic for additional +information. + +**The Web Interface files are overwritten during an upgrade. You must backup any customized Web +Interface files before upgrading**. The Web Interface files are installed in the +`\Inetpub\wwwroot\pwreset\` folder by default. + +**NOTE:** A full backup of the NPR server(s) is recommended. This allows you to roll back to the +previous version if the upgrade cannot be completed. +You may need to restart Windows after upgrading. + +If Password Reset was originally installed by someone else and you do not have their installation +notes, then read the Installation topic before you begin. Also make sure you know the password for +the Password Reset Server service account as you will need it during the upgrade. + +### Upgrading to V3.3 + +Start the Password Reset Setup wizard (APR330.exe) and follow the prompts. The Setup wizard +uninstalls the previous version, so there is no need to manually uninstall it. + +If the Password Reset Server and Web Interface are installed on different servers, then upgrade all +servers before using the new version. The Password Reset Server and Web Interface are only tested +with matching versions. + +Restore any customized Web Interface files after upgrading. Do not restore APR.dll from the backup +as it belongs to the previous version. You should keep a copy of the original Web Interface files +and compare them with the files from the previous version using a file comparison tool. Any changes +between versions should be merged into your customized files. + +The Password Reset V3.30 data console does not read the VerificationCode or EnrollRecord columns +from the User table on SQL Server. Access to these columns can be denied for Data Console users +after upgrading all instances of the Data Console. See the +[Using the Data Console](/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/using_the_data_console.md) topic for additional information. + +## Upgrading From NPR V2.x + +As this is a major upgrade with many changes, some planning is needed to ensure a smooth upgrade. A +trial run on a lab network is recommended, especially if you are customizing the user interface. See +the [Editing the HTML Templates](/docs/passwordreset/3.3/administrationoverview/editing_the_html_templates.md) topic for additional information. + +**CAUTION:** Due to a protocol upgrade, Netwrix Password Reset v3.3 is not compatible with Netwrix +Password Policy Enforcer v8.x and earlier versions. If you are using Netwrix Password Reset with any +of those older Netwrix Password Policy Enforcer versions, please consider upgrading Netwrix Password +Policy Enforcer first to a current version, and only then upgrade Netwrix Password Reset to v3.3 (or +later). + +### Before You Begin + +**Step 1 –** Backup the NPR V2.x server(s). + +**Step 2 –** Close the Data Console if it is open. + +**Step 3 –** Stop the Netwrix Password Reset service and backing up the database. See the +[Backing up the Database](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md#backing-up-the-database) topic for additional +information. + +### Upgrading to V3.23 + +**Step 1 –** Follow the steps for either Single Server Installation or Multiple Server Installation. +If the Web Interface is on a different server, then upgrade it as well. + +**Step 2 –** Open the Data Console, and check the Audit Log and User tabs to make sure the data was +imported. + +**Step 3 –** Open NPR in a web browser and test the Enroll, Reset, and Change features. + +**Step 4 –** Install your new license key if you have a perpetual license. + +**Step 5 –** Update the Client license key if you have a perpetual license. + +## Other Tasks + +Move Database files + +The database files are created in the installation folder when NPR is first installed. The default +installation folder for NPR V2.x was below the Program Files (x86) folder, but in NPR V3.3 it is +below the Program Files folder. The database files are not moved automatically during an upgrade, so +you should move them to the new installation folder (or a different folder) after upgrading. + +Follow the steps below to move the database files to the `\Program Files\Netwrix Password Reset\` +folder. + +**Step 1 –** Close the Data Console if it is open. + +**Step 2 –** Stop the Netwrix Password Reset service. + +**Step 3 –** Move apr.sdf and aprlog.sdf from the \Program Files (x86)\Netwrix Password Reset\ +folder to the \Program Files\Netwrix Password Reset\ folder. + +**Step 4 –** Open the Configuration Console. + +**Step 5 –** Click the **General** tab. + +**Step 6 –** Click **Change...** + +**Step 7 –** Click **Browse...** and then browse to the \Program Files\Netwrix Password Reset\ +folder. + +**Step 8 –** Click **OK** twice, and then click **Apply**. + +**Step 9 –** Start the Netwrix Password Reset service. + +**Step 10 –** Update the backup script to copy from the new folder. See the +[Backing up the Database](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md#backing-up-the-database) topic for additional +information. + +Configure Password Reset Client to use IE11 emulation mode + +Older versions of the Password Reset Client display pages in Internet Explorer 7 emulation mode. +This mode cannot display the new HTML templates correctly. You can upgrade the Password Reset Client +to the latest version, or configure existing installations to use IE 11 mode. This only works on +Windows Vista and later with IE 9 or later. + +Follow the steps below to configure the Password Reset Client to use IE 11 mode. + +**Step 1 –** Start the Registry Editor (regedit.exe). + +**Step 2 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **Microsoft**, **Internet Explorer**, +**MAIN**, **FeatureControl**, and **FEATURE_BROWSER_EMULATION** registry keys. + +**Step 3 –** Create a new DWORD value called **LogonUI.exe**, and set it to 2AF8 (hex). + +Create this registry value on all the Password Reset Client computers. IE 11 mode can be requested +even if the computer is running an older version of IE. diff --git a/docs/passwordreset/3.3/administrationoverview/password_reset_client.md b/docs/passwordreset/3.3/administrationoverview/password_reset_client.md new file mode 100644 index 0000000000..5427eb705d --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/password_reset_client.md @@ -0,0 +1,250 @@ +--- +title: "Password Reset Client" +description: "Password Reset Client" +sidebar_position: 80 +--- + +# Password Reset Client + +Password Reset Client + +# Password Reset Client + +The Password Reset Client allows users to securely reset their password or unlock their account from +the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password +Reset system. + +![the_password_reset_client](/img/product_docs/passwordreset/3.3/administration/the_password_reset_client.webp) + +**NOTE:** The Password Reset Client does not modify any Windows system files. + +## Installing the PRC + +The Password Reset Client is designed to run on Windows XP to Windows 10, and Server 2003 to +Server 2019. The PRC is compatible with Remote Desktop Services on these operating systems. Support +for Windows XP and Server 2003 is depreciated because the PRC uses Internet Explorer for page +rendering, and Internet Explorer 8 has very limited support for HTML5. Send an e-mail to +[support@netwrix.com ](mailto:support@netwrix.com)if you need to use the Password Reset Client with +these older operating systems. + +### System Requirements + +- Windows Vista, 7, 8, 8.1, or 10. + Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, or 2019. + Windows XP, Server 2003, or 2003 R2 (depreciated). +- 1 Megabyte free disk space. +- 128 Kilobytes free RAM (per session if using Remote Desktop Services). + +You can install the PRC manually if you only have a few computers, but it is easier to perform an +automated installation if you have many computers. Follow the instructions below to perform an +automated installation with Group Policy. + +### Create a Distribution Point + +A distribution point can either be a UNC path to a server share, or a DFS (Distributed File System) +path. Organizations with large, multi-site networks should use DFS as it offers fault tolerance and +load sharing. To create a PRC distribution point: + +**Step 1 –** Log on to a server as an administrator. + +**Step 2 –** Create a shared network folder to distribute the files from. + +**Step 3 –** Give the Domain Computers security group read access to the share, and limit write +access to authorized personnel only. + +**Step 4 –** Copy NPRClt330.msi into the distribution point folder. + +**NOTE:** NPRClt330.msi is in the Client folder below the Netwrix Server's installation folder. +(`\Program Files\Netwrix Password Reset\` by default). + +**Step 5 –** Give the Domain Computers security group read access to the NPRClt330.msi file in the +distribution point. + +### Create a Group Policy Object + +**Step 1 –** Start the Group Policy Management Console (gpmc.msc). + +**Step 2 –** Expand the forest and domain items in the left pane. + +**Step 3 –** Right-click the domain root node in the left pane, and then click **Create a GPO in +this domain, and Link it here...** + +**Step 4 –** Enter **Password Reset Client**, then press **ENTER**. + +![the_password_reset_client_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1.webp) + +### Edit the Group Policy Object + +**Step 1 –** **Right-**Click the **Password Reset Client GPO**, then click the Edit**...** button. + +**Step 2 –** Expand the **Computer Configuration**, **Policies**, and **Software Settings** items in +the left pane. + +**Step 3 –** **Right-Click** the **Software installation** item, and then select **New** > +**Package**. + +**Step 4 –** Enter the full UNC path to NPRClt330.msi in the Open dialog box. + +**NOTE:** You must enter a UNC path so that other computers can access this file over the network. +For example, \\file server\distributionpointshare\NPRClt330.msi + +**Step 5 –** Click **Open**. + +**Step 6 –** Select the **Assigned deployment** method, then click **OK**. + +**Step 7 –** Close the Group Policy Management Editor. + +### Complete the Installation + +Restart each computer to complete the installation. Windows installs the Password Reset Client +during startup. The computer may restart itself automatically to complete the installation. + +**NOTE:** Computers with Fast Logon Optimization enabled may not install the Password Reset Client +during the first restart. These computers perform a background refresh of Group Policy, and will +install the client on the first restart after the refresh. See the Microsoft Description of the +[Windows Fast Logon Optimization feature](https://support.microsoft.com/en-us/topic/description-of-the-windows-fast-logon-optimization-feature-9ca41d24-0210-edd8-08b0-21b772c534b7) +article for additional information on the Fast Logon Optimization feature. + +## Configuring the PRC + +You must install an Active Directory administrative template to configure the Password Reset Client. +The administrative template only has to be installed once. + +Install PRC Administrative Template + +Follow the steps below to install the PRC administrative template. + +**Step 1 –** Use the Group Policy Management Console (gpmc.msc) to display the GPOs linked at the +domain level. + +**Step 2 –** **Right-click** the **Password Reset Client** GPO, and then **click** the +**Edit...**button. + +**Step 3 –** Expand the **Computer Configuration** item. + +**Step 4 –** Expand the **Policies** item if it is visible. + +**Step 5 –** **Right-click** the **Administrative Templates** item, and then click **Add/Remove +Templates...** + +**Step 6 –** Click **Add...** and then browse to the Client folder below the Password Reset Server's +installation folder. (`\Program Files\Netwrix Password Reset\` by default). + +**Step 7 –** Select **NPRClt.adm**, and then click **Open**. + +![the_password_reset_client_2](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_2.webp) + +**Step 8 –** Click **Close**. + +Configure the PRC + +Follow the steps below to configure the Password Reset Client. + +**Step 1 –** Use the Group Policy Management Console (gpmc.msc) to display the GPOs linked at the +domain level. + +**Step 2 –** **Right-click** the **Password Reset Client** GPO, then click the **Edit...** button. + +**Step 3 –** Expand the **Computer Configuration, Policies** (if it exists), **Administrative +Templates**, **Classic Administrative Templates (ADM)**, **Netwrix Password Reset**, and **Password +Reset Client** items. + +![the_password_reset_client_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_3.webp) + +**Step 4 –** Double-click the **Browser settings** item in the right pane of the Group Policy +Management Editor. + +![the_password_reset_client_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_4.webp) + +**Step 5 –** Select the **Enabled**option. + +**Step 6 –** Enter the desired **Width** and **Height** of the PRC browser window. + +**NOTE:** Set the Width and Height to 0 to have the PRC calculate an appropriate size. + +**Step 7 –** Enter the **Start address** (URL) of the Password Reset system. The URL should point to +the Password Reset menu or reset page. + +**NOTE:** The Start address should follow this format: +`HTTPS://(your domain or IP address)/pwrest/en_default.htm` +This format helps ensure that the URL points to the correct location on your Password Reset server. + +**Step 8 –** Enter a **Restricted path** (URL) to stop users from following links to other sites +from the Password Reset Client browser. + +**NOTE:** The Restricted path should follow this format: +`HTTPS://(your domain or IP address)/pwrest/` +This will help prevent users from navigating to untrusted sites within the Password Reset Client. + +**Step 9 –** Click **OK**. + +**Step 10 –** Close the Group Policy Management Editor. + +The new PRC configuration is applied to all computers in the domain. This does not happen +immediately, as Windows takes some time to apply the changes to Group Policy. You can force an +immediate refresh of Group Policy on the local computer with the following command: gpupdate +/target:computer + +The Password Reset Client only opens URLs with .dll, .htm, and .html extensions. URLs without a +filename are not opened. The PRC also blocks some page content, including audio and video files, +ActiveX controls and Java applets. Send an e-mail to +[support@netwrix.com ](mailto:support@netwrix.com)if you need to change the default filename and +content restrictions. + +**CAUTION:** Users may follow links to untrusted sites if the Password Reset user interface or +server error pages contain external links. This is a security risk because the Password Reset Client +runs under the context of the local system account. Specify a restricted path to stop users from +following links to other sites from the Password Reset Client. The start address and restricted path +should both begin with https:// + +**NOTE:** The **Enable Password Reset Client**, **Always show reset link**, and **Dialog attachment +delay** are automatically set by the Password Reset Client, and are normally left in their default +(Not configured) state. +The administrative template contains detailed information about all the PRC configuration settings. +This information is shown on the **Help** box. The **Help** box is shown after you double-click one +of the configuration settings in the left pane. + +## Licensing the PRC + +Follow the steps below to add a license key to the PRC configuration. + +**Step 1 –** Open the **Configuration Console** and install your license key. + +**Step 2 –** Start the **Registry Editor** (regedit.exe). + +**Step 3 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **ANIXIS**, **ANIXIS Password Reset**, +and **3.0** registry keys. + +**NOTE:** The LicenseKey registry value should be located on the Password Reset Server. This is the +machine where you have installed the Password Reset server component, not the client machines. + +**Step 4 –** Double-click the **LicenseKey** value, and then copy the entire license key to the +clipboard. + +**Step 5 –** Use the Group Policy Management Console (gpmc.msc) to display the GPOs linked at the +domain level. + +**Step 6 –** Right-click the **Password Reset Client** GPO, then click the **Edit...** button. + +**Step 7 –** Expand the **Computer Configuration**, **Policies** (if it exists), **Administrative +Templates**, **Classic Administrative Templates (ADM)**, **Netwrix Password Reset**, and **Password +Reset Client** items. + +**Step 8 –** Double-click the **License key** item in the Left pane of the Group Policy Management +Editor. + +**Step 9 –** Select the **Enabled** option. + +**Step 10 –** Click inside the **License key** text box, then paste the license key. + +![the_password_reset_client_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_5.webp) + +**Step 11 –** Click **OK**. + +**Step 12 –** Close the Group Policy Management Editor. + +The license key is applied to all computers in the domain. This does not happen immediately, as +Windows takes some time to apply the changes to Group Policy. You can force an immediate refresh of +Group Policy on the local computer with the following command: + +`gpupdate /target:computer` diff --git a/docs/passwordreset/3.3/administration/securing_password_reset.md b/docs/passwordreset/3.3/administrationoverview/securing_password_reset.md similarity index 94% rename from docs/passwordreset/3.3/administration/securing_password_reset.md rename to docs/passwordreset/3.3/administrationoverview/securing_password_reset.md index e6583e2ab6..01b7cfead1 100644 --- a/docs/passwordreset/3.3/administration/securing_password_reset.md +++ b/docs/passwordreset/3.3/administrationoverview/securing_password_reset.md @@ -1,3 +1,9 @@ +--- +title: "Securing Password Reset" +description: "Securing Password Reset" +sidebar_position: 60 +--- + # Securing Password Reset Securing Password Reset @@ -14,7 +20,7 @@ Server. The Web Interface and Password Reset Server always communicate over a secure channel. You do not have to configure the encryption for this connection, but you do need to set up SSL (Secure Sockets Layer) encryption for the connection between the web browser (or Password Reset Client) and the web -server. See the [Password Reset Client](/docs/passwordreset/3.3/administration/password_reset_client.md) topic for more information. +server. See the [Password Reset Client](/docs/passwordreset/3.3/administrationoverview/password_reset_client.md) topic for more information. **CAUTION:** Do not use Password Reset on a production network without SSL encryption. @@ -68,7 +74,7 @@ dsacls "dc=axs,dc=net" /I:S /G "axs\apr:CA;Reset Password;user" If Password Reset is configured to use an SQL Server Compact database, then give the service account read and write permissions to the database files. See the -[Moving to SQL Server](/docs/passwordreset/3.3/administration/moving_to_sql_server.md) topic for more information. +[Moving to SQL Server](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/moving_to_sql_server.md) topic for more information. Remove the service account from the Domain Admins group and restart the Password Reset service after executing these commands. Check the Windows Application event log if the service does not start. diff --git a/docs/passwordreset/3.3/administrationoverview/using_password_reset.md b/docs/passwordreset/3.3/administrationoverview/using_password_reset.md new file mode 100644 index 0000000000..1abfd4a88b --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/using_password_reset.md @@ -0,0 +1,166 @@ +--- +title: "Using Password Reset" +description: "Using Password Reset" +sidebar_position: 20 +--- + +# Using Password Reset + +Using Password Reset + +# Using Password Reset + +Netwrix Password Policy Enforcer is a web application. Users can access it from a web browser, or +from the Password Reset Client. The default URL for the Web Interface +is:` http://[server]/pwreset/` +See the [Password Reset Client](/docs/passwordreset/3.3/administrationoverview/password_reset_client.md) topic for more information. + +You can use URL parameters to open a specific page, and to set the user and domain names. For +example: `http://[server]/pwreset/apr.dll? cmd=enroll&username=johnsmith&domain=CORP` + +Where [server] is the name or IP address of the server hosting the Web Interface. + +![using_npr](/img/product_docs/passwordreset/3.3/administration/using_npr_1.webp) + +Users access the Enroll, Reset, Unlock, and Change features from the menu. These features are +explained on the following pages. + +**CAUTION:** The connection between the Web Interface and Password Reset Server is always encrypted. +Install an SSL certificate on the web server and use HTTPS to encrypt connections from the browser +to the web server. See the +[Installing and Using an SSL Certificate](securing_password_reset.md#installing-and-using-an-ssl-certificate) +topic for more information. + +## Enroll + +Only enrolled users can reset their password and unlock their account. Users can enroll manually by +answering some questions about themselves, or they can be enrolled automatically if automatic +enrollment is enabled. Users only need to enroll once, but they can enroll again if they are locked +out of Password Reset, or if they want to change their questions or answers. See the +[Verification Codes](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/verification_tab.md#verification-codes) and +[Verification Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/verification_tab.md) topics for more information. + +Follow the steps below to manually enroll into Password Reset. + +**Step 1 –** Click the **Enroll** item in the menu. + +![using_npr_0](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1_1.webp) + +**Step 2 –** Type a **Username**, **Domain**, and **Password**. + +**Step 3 –** Type an e-mail address if the **E-mail** text box is visible. See the +[Options](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/enroll_tab.md#options) topic for more information. + +**Step 4 –** Select a question from each of the **Question** drop-down lists, and type an answer to +each question in the **Answer** text boxes. + +**Step 5 –** Click **Next**, and then click **OK** to return to the menu. + +**NOTE:** Windows increments the bad password count in Active Directory when a user tries to enroll +with an incorrect password. This may trigger a lockout if the Windows account lockout policy is +enabled. + +## Reset + +Users should use the Reset feature if they have forgotten their password. Resetting a password also +unlocks the account if it is locked. + +Follow the steps below to reset an account password. + +**Step 1 –** Click the **Reset** item in the menu. + +![using_npr_1](/img/product_docs/passwordreset/3.3/administration/using_npr_1.webp) + +**Step 2 –** Type a **Username** and **Domain**, and then click **Next**. + +![using_npr_2](/img/product_docs/passwordreset/3.3/administration/using_npr_2.webp) + +**Step 3 –** Type the **Answer** to the first question, and then click **Next**. Repeat until all +questions are answered correctly. + +![using_npr_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_3.webp) + +**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your +phone by e-mail or SMS. Type the **Code**, and then click **Next**. + +![using_npr_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_5.webp) + +**Step 5 –** Type the new **Password** into both text boxes, and then click **Next**. + +![using_npr_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_6.webp) + +**Step 6 –** Click **OK** to return to the menu. + +## Unlock + +Users should use the Unlock feature if they know their password, but have entered it incorrectly too +many times and locked out their account. + +Follow the steps below to unlock an account. + +**Step 1 –** Click the **Unlock** item in the menu. + +![using_npr_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_7.webp) + +**Step 2 –** Type a **Username** and **Domain**, and then click **Next**. + +![using_npr_4](/img/product_docs/passwordreset/3.3/administration/using_npr_4.webp) + +**Step 3 –** Type the **Answer** to the first question, and then click **Next**. Repeat until all +questions are answered correctly. + +![using_npr_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_8.webp) + +**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your +phone by e-mail or SMS. Type the **Code**, and then click **Next**. + +![using_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) + +**Step 5 –** Click **OK** to return to the menu. + +**NOTE:** The Unlock feature unlocks accounts in Active Directory. Users who are locked out of +Password Reset should re-enroll to gain access to Password Reset. See the +[Verification Codes](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/verification_tab.md#verification-codes) topic for more information. + +## Change + +Users should use the Change feature if they know their password and would like to change it. + +Follow the steps below to change an account password. + +**Step 1 –** Click the **Change** item in the menu. + +![using_npr_10](/img/product_docs/passwordreset/3.3/administration/using_npr_10.webp) + +**Step 2 –** Type a **Username** and **Domain**, and then click **Next**. + +![using_npr_11](/img/product_docs/passwordreset/3.3/administration/using_npr_11.webp) + +**Step 3 –** Type the **Old Password**, **New Password**, and **Confirm Password**, and then click +**Next**. + +**Step 4 –** Click **OK** to return to the menu. + +**NOTE:** Windows increments the bad password count in Active Directory when a user tries to change +their password with an incorrect password. This may trigger a lockout if the Windows account lockout +policy is enabled. + +## Error Messages + +Validation errors are shown in a red box below the page instructions. Validation errors are normally +caused by invalid user input. They can often be overcome by changing the value of one or more input +fields and resubmitting the form. + +![using_npr_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_12.webp) + +Critical errors are shown on their own page. These errors are mostly a result of configuration or +system errors. An event may be written to the Windows Application event log on the Password Reset +Server computer when a critical error occurs. Users can sometimes overcome a critical error by +following the instructions in the error message, but most critical errors are beyond the user's +control. + +![using_npr_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) + +Validation and critical error messages are stored in the HTML templates. You can modify the default +messages by editing the templates. See the +[Resource Strings](editing_the_html_templates.md#resource-strings) topic for more information. diff --git a/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/_category_.json b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/_category_.json new file mode 100644 index 0000000000..8de6d57933 --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using the Data Console", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "using_the_data_console" + } +} \ No newline at end of file diff --git a/docs/passwordreset/3.3/administration/filter_editor.md b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/filter_editor.md similarity index 95% rename from docs/passwordreset/3.3/administration/filter_editor.md rename to docs/passwordreset/3.3/administrationoverview/usingthedataconsole/filter_editor.md index cb38bdbbbb..aa405197d6 100644 --- a/docs/passwordreset/3.3/administration/filter_editor.md +++ b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/filter_editor.md @@ -1,3 +1,9 @@ +--- +title: "Filter Editor" +description: "Filter Editor" +sidebar_position: 20 +--- + # Filter Editor Filter Editor diff --git a/docs/passwordreset/3.3/administration/filtering_data.md b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/filtering_data.md similarity index 96% rename from docs/passwordreset/3.3/administration/filtering_data.md rename to docs/passwordreset/3.3/administrationoverview/usingthedataconsole/filtering_data.md index 2c40d393f2..0a8e7ee1c3 100644 --- a/docs/passwordreset/3.3/administration/filtering_data.md +++ b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/filtering_data.md @@ -1,3 +1,9 @@ +--- +title: "Filtering Data" +description: "Filtering Data" +sidebar_position: 10 +--- + # Filtering Data Filtering Data @@ -9,7 +15,7 @@ any time. Filters let you focus on the important information. You can create simple filters by typing values directly into the filter row, or by selecting values from Filtering by Column Values. More complex filters are created with the Custom Filters and -[Filter Editor](/docs/passwordreset/3.3/administration/filter_editor.md) windows. +[Filter Editor](/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/filter_editor.md) windows. ### The Filter Row diff --git a/docs/passwordreset/3.3/administration/using_the_data_console.md b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/using_the_data_console.md similarity index 96% rename from docs/passwordreset/3.3/administration/using_the_data_console.md rename to docs/passwordreset/3.3/administrationoverview/usingthedataconsole/using_the_data_console.md index cd89ef346f..3ab34364d3 100644 --- a/docs/passwordreset/3.3/administration/using_the_data_console.md +++ b/docs/passwordreset/3.3/administrationoverview/usingthedataconsole/using_the_data_console.md @@ -1,3 +1,9 @@ +--- +title: "Using the Data Console" +description: "Using the Data Console" +sidebar_position: 40 +--- + # Using the Data Console Using the Data Console diff --git a/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/_category_.json b/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/_category_.json new file mode 100644 index 0000000000..ce4bb573d5 --- /dev/null +++ b/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Working with the Database", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "working_with_the_database" + } +} \ No newline at end of file diff --git a/docs/passwordreset/3.3/administration/moving_to_sql_server.md b/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/moving_to_sql_server.md similarity index 98% rename from docs/passwordreset/3.3/administration/moving_to_sql_server.md rename to docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/moving_to_sql_server.md index 109f903f74..829bbb9134 100644 --- a/docs/passwordreset/3.3/administration/moving_to_sql_server.md +++ b/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/moving_to_sql_server.md @@ -1,3 +1,9 @@ +--- +title: "Moving to SQL Server" +description: "Moving to SQL Server" +sidebar_position: 10 +--- + # Moving to SQL Server Moving to SQL Server diff --git a/docs/passwordreset/3.3/administration/working_with_the_database.md b/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md similarity index 88% rename from docs/passwordreset/3.3/administration/working_with_the_database.md rename to docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md index 81fb4f407b..e78e6cca85 100644 --- a/docs/passwordreset/3.3/administration/working_with_the_database.md +++ b/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/working_with_the_database.md @@ -1,3 +1,9 @@ +--- +title: "Working with the Database" +description: "Working with the Database" +sidebar_position: 50 +--- + # Working with the Database Working with the Database @@ -21,7 +27,7 @@ using SQL Server include: - Improved availability if SQL Server is configured for high availability. - Increased security. -See solutions to these disadvantages in the [Moving to SQL Server](/docs/passwordreset/3.3/administration/moving_to_sql_server.md) topic. +See solutions to these disadvantages in the [Moving to SQL Server](/docs/passwordreset/3.3/administrationoverview/workingwiththedatabase/moving_to_sql_server.md) topic. ## Backing up the Database @@ -55,7 +61,7 @@ reset\aprlog.bak" net start "Netwrix Password Reset" **NOTE:** Change the paths above if the database files are in a different folder. See the -[Database](general_tab.md#database) topic for more information. +[Database](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md#database) topic for more information. **Restoring database from backup** diff --git a/docs/passwordreset/3.3/evaluation/configuring_password_reset.md b/docs/passwordreset/3.3/evaluation/configuring_password_reset.md deleted file mode 100644 index f3dd02fc8f..0000000000 --- a/docs/passwordreset/3.3/evaluation/configuring_password_reset.md +++ /dev/null @@ -1,22 +0,0 @@ -# Configuring Password Reset - -Configuring Password Reset - -# Configuring Password Reset - -In the previous section, you used Password Reset with a default configuration. You can use the -Configuration Console to edit the configuration settings. Click Start > Netwrix Password Reset > NPR -Configuration Console to open the console. - -![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_1.webp) - -The Configuration Console has a tabbed layout. Click the tabs along the top to see the various -settings. Most of the settings are self-explanatory. Press **F1** on any of the tabs to see the help -page for the current tab. - -Configuration changes are applied when you click **Apply** or **OK**. Clicking **OK** also closes -the Configuration Console. - -**NOTE:** Password Reset includes a 30-day evaluation license for up to 50 users. -Please[ contact Netwrix support](mailto:support@netwrix.com) if you would like to evaluate Netwrix -Password Reset with more than 50 users. diff --git a/docs/passwordreset/3.3/evaluation/installation.md b/docs/passwordreset/3.3/evaluation/installation.md deleted file mode 100644 index c471e41c77..0000000000 --- a/docs/passwordreset/3.3/evaluation/installation.md +++ /dev/null @@ -1,45 +0,0 @@ -# Installation - -Installation - -# Installation - -Password Reset has two server components, and an optional client. See the -[Password Reset Client](/docs/passwordreset/3.3/evaluation/password_reset_client.md) topic for additional information. Both server -components can be installed on one server, or they may be installed on separate servers if your web -server is in a DMZ. As the evaluation server is not in a DMZ, we will install both components on one -server. - -The Web Interface is the component that users interact with. It accepts user requests, encrypts -them, and sends them to the Password Reset Server. The Password Reset Server is the component that -performs requests on behalf of users. It receives requests from the Web Interface, checks the user's -credentials, and performs the requested task if the credentials are valid. - -![installing_npr](/img/product_docs/passwordreset/3.3/evaluation/installing_npr.webp) - -You only need one Windows 2008 to 2019 server for the evaluation. The server can be a domain -controller or a member server. - -Follow the steps below to install Password Reset on the server. - -**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). - -**Step 2 –** Click **Next**. - -**Step 3 –** Read the license agreement. Click **I accept the terms of the license agreement**. -Click **Next** if you accept all terms. - -**Step 4 –** Click **Next**, then click **OK** to install IIS, if asked. - -**Step 5 –** Enter **aprsvc** in the User Name field. - -**Step 6 –** Enter a secure password in the Password field. - -**Step 7 –** Click **Next** three times. - -**Step 8 –** Wait for Password Reset to install, then click **Finish**. - -**NOTE:** The Setup wizard creates the aprsvc account and adds it to the Domain Admins group. You -can remove the account from the Domain Admins group and grant the required permissions later. See -the [Securing Password Reset](/docs/passwordreset/3.3/administration/securing_password_reset.md) topic of the Password -Reset Administrator's Guide for additional information. diff --git a/docs/passwordreset/3.3/evaluation/password_reset_client.md b/docs/passwordreset/3.3/evaluation/password_reset_client.md deleted file mode 100644 index aff5f6cb21..0000000000 --- a/docs/passwordreset/3.3/evaluation/password_reset_client.md +++ /dev/null @@ -1,74 +0,0 @@ -# Password Reset Client - -Password Reset Client - -# Password Reset Client - -The Password Reset Client allows users to securely reset their password or unlock their account from -the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password -Reset system. - -![the_password_reset_client_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1.webp) - -The Password Reset Client does not modify any Windows system files. - -The Password Reset Client is normally deployed with Group Policy, Microsoft System Center -Configuration Manager, or some other software deployment tool. It takes about 15 minutes to set up -an automated deployment, so we will install the PRC manually for the evaluation. - -## Installing the PRC - -Follow the steps below to install the PRC. - -**Step 1 –** Click **Start** > **Netwrix Password Reset** > **Client Software**. - -**Step 2 –** Double-click **NPRClt330.msi**. - -**Step 3 –** Click **Next**. - -**Step 4 –** Read the license agreement. Click **I accept the license agreement**. Click **Next** if -you accept all the terms. - -**Step 5 –** Click **Next**. - -**Step 6 –** Once the Password Reset Client is installed, click **Finish**. - -**Step 7 –** Click **Yes** is asked to restart the computer. - -You can also install the Password Reset Client on any client computers that are being used for the -evaluation. - -## Configuring the PRC - -The Password Reset Client is normally configured with an Active Directory administrative template. -This allows you to centrally configure all computers in the domain. It takes about 15 minutes to set -up the Administrative Template, so we will configure the PRC by importing the settings into the -registry for the evaluation. - -**Step 1 –** Download the sample configuration from the following link: -[https://www.netwrix.com/download/PRC_Config.zip](https://www.netwrix.com/download/PRC_Config.zip) - -**Step 2 –** Extract **PRC_Config.reg** from the .zip file. - -**Step 3 –** Right-click **PRC_Config.reg**, then click **Edit**. - -![the_password_reset_client_1_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1_1.webp) - -**Step 4 –** Replace **127.0.0.1** in the .reg file with the IP address or hostname of your -evaluation server. - -**NOTE:** If you are only testing the Password Reset Client on the evaluation server, then leave it -set to 127.0.0.1. The IP address appears on two lines. You must change both lines. - -**Step 5 –** Press **CTRL** + **S** to save your changes, then close **Notepad**. - -**Step 6 –** Double-click **PRC_Config** to import the settings into the registry. Click **Yes** -when asked to confirm. Repeat this step on any client computers being used for the evaluation. - -**NOTE:** You must import the configuration settings into the registry whenever you edit -PRC_Config.reg, otherwise the old settings will remain. - -## Using the PRC - -You can access the Password Reset Client from the Windows Logon and Unlock Computer screens. Click -the **Reset password...** command link to display the Password Reset menu. diff --git a/docs/passwordreset/3.3/evaluation/using_password_reset.md b/docs/passwordreset/3.3/evaluation/using_password_reset.md deleted file mode 100644 index dd6663bb67..0000000000 --- a/docs/passwordreset/3.3/evaluation/using_password_reset.md +++ /dev/null @@ -1,88 +0,0 @@ -# Using Password Reset - -Using Password Reset - -# Using Password Reset - -Password Reset is a web application. Open a web browser on the server and go to -[http://127.0.0.1/pwreset/ ](http://127.0.0.1/pwreset/)to see Password Reset's menu. You can also -access Password Reset from another computer by replacing 127.0.0.1 in the URL with the IP address or -hostname of the evaluation server. - -![using_npr_1](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1.webp) - -You should install an SSL certificate on the web server when using Password Reset on a production -network with real passwords. See the -[Securing Password Reset](/docs/passwordreset/3.3/administration/securing_password_reset.md) topic for additional -information. - -## Enrolling into Password Reset - -You must enroll into Password Reset before you can use it to reset your password or unlock your -account. You can enroll manually by providing some information about yourself, or Password Reset can -enroll you automatically and send a verification code to confirm your identity. - -Follow the steps below to manually enroll into Password Reset. - -**Step 1 –** Click the **Enroll** item in the menu. - -![using_npr_1_1](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1_1.webp) - -**Step 2 –** Enter a **Username**, **Domain**, and **Password** in the respective fields. - -**Step 3 –** Select a question from each of the Question dropdown lists, and enter a corresponding -in Answer text boxes. - -**Step 4 –** Click **Next**. - -Windows increments the bad password count in Active Directory every time you try to enroll with an -incorrect password. This may trigger a lockout if the Windows account lockout policy is enabled. - -## Resetting a Password - -Use the Reset feature when you have forgotten your password. Resetting a password also unlocks the -account if it is locked. - -Follow the steps below to reset a password. - -**Step 1 –** Click the **Reset** item in the menu. - -**Step 2 –** Enter a **Username** and **Domain** in the respective fields, then click **Next**. - -**Step 3 –** Enter an **Answer** to the first question in the corresponding field, then click -**Next**. Repeat this step for each security question. - -**Step 4 –** Enter the **New Password** into both text boxes, then click **Next**. - -## Unlocking an Account - -Use the Unlock feature when you know the password, but have entered it incorrectly too many times -and Windows has locked out your account. - -Follow the steps below to unlock an account. - -**Step 1 –** Click the **Unlock** item in the menu. - -**Step 2 –** Enter a **Username** and **Domain** in the respective fields, then click **Next**. - -**Step 3 –** Enter an **Answer** to the first question in the corresponding field, then click -**Next**. Repeat this step for each security question. - -## Changing a Password - -Use the Change feature when you know the password and would like to change it. - -Follow the steps below to change a password. - -**Step 1 –** Click the **Change** item in the menu. - -**Step 2 –** Enter a **Username** and **Domain** in the respective fields, then click **Next**. - -**Step 3 –** Enter the **Old Password**, **New Password**, and **Confirm Password** in the -respective field. Click **Next**. - -Password Reset's user interface is built with customizable templates. You can easily modify the user -interface by editing the templates. Even the error messages are defined in the templates, so you can -edit those too. See the -[Editing the HTML Templates](/docs/passwordreset/3.3/administration/editing_the_html_templates.md) topic of the -Administrator's Guide for additional information. diff --git a/docs/passwordreset/3.3/evaluationoverview/_category_.json b/docs/passwordreset/3.3/evaluationoverview/_category_.json new file mode 100644 index 0000000000..fd3ccfb28e --- /dev/null +++ b/docs/passwordreset/3.3/evaluationoverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Evaluation", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "evaluation_overview" + } +} \ No newline at end of file diff --git a/docs/passwordreset/3.3/evaluation/conclusion.md b/docs/passwordreset/3.3/evaluationoverview/conclusion.md similarity index 92% rename from docs/passwordreset/3.3/evaluation/conclusion.md rename to docs/passwordreset/3.3/evaluationoverview/conclusion.md index 5e57e3b05d..56eb7d1fd0 100644 --- a/docs/passwordreset/3.3/evaluation/conclusion.md +++ b/docs/passwordreset/3.3/evaluationoverview/conclusion.md @@ -1,3 +1,9 @@ +--- +title: "Conclusion" +description: "Conclusion" +sidebar_position: 70 +--- + # Conclusion Conclusion diff --git a/docs/passwordreset/3.3/evaluationoverview/configuring_password_reset.md b/docs/passwordreset/3.3/evaluationoverview/configuring_password_reset.md new file mode 100644 index 0000000000..4f65fc0c17 --- /dev/null +++ b/docs/passwordreset/3.3/evaluationoverview/configuring_password_reset.md @@ -0,0 +1,28 @@ +--- +title: "Configuring Password Reset" +description: "Configuring Password Reset" +sidebar_position: 30 +--- + +# Configuring Password Reset + +Configuring Password Reset + +# Configuring Password Reset + +In the previous section, you used Password Reset with a default configuration. You can use the +Configuration Console to edit the configuration settings. Click Start > Netwrix Password Reset > NPR +Configuration Console to open the console. + +![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_1.webp) + +The Configuration Console has a tabbed layout. Click the tabs along the top to see the various +settings. Most of the settings are self-explanatory. Press **F1** on any of the tabs to see the help +page for the current tab. + +Configuration changes are applied when you click **Apply** or **OK**. Clicking **OK** also closes +the Configuration Console. + +**NOTE:** Password Reset includes a 30-day evaluation license for up to 50 users. +Please[ contact Netwrix support](mailto:support@netwrix.com) if you would like to evaluate Netwrix +Password Reset with more than 50 users. diff --git a/docs/passwordreset/3.3/evaluation/data_console.md b/docs/passwordreset/3.3/evaluationoverview/data_console.md similarity index 93% rename from docs/passwordreset/3.3/evaluation/data_console.md rename to docs/passwordreset/3.3/evaluationoverview/data_console.md index df38afe21c..3ad8b69797 100644 --- a/docs/passwordreset/3.3/evaluation/data_console.md +++ b/docs/passwordreset/3.3/evaluationoverview/data_console.md @@ -1,3 +1,9 @@ +--- +title: "Data Console" +description: "Data Console" +sidebar_position: 40 +--- + # Data Console Data Console diff --git a/docs/passwordreset/3.3/evaluation/evaluation_overview.md b/docs/passwordreset/3.3/evaluationoverview/evaluation_overview.md similarity index 92% rename from docs/passwordreset/3.3/evaluation/evaluation_overview.md rename to docs/passwordreset/3.3/evaluationoverview/evaluation_overview.md index 9eade324cf..0295f7e6e8 100644 --- a/docs/passwordreset/3.3/evaluation/evaluation_overview.md +++ b/docs/passwordreset/3.3/evaluationoverview/evaluation_overview.md @@ -1,3 +1,9 @@ +--- +title: "Evaluation" +description: "Evaluation" +sidebar_position: 30 +--- + # Evaluation Evaluation diff --git a/docs/passwordreset/3.3/evaluationoverview/installation.md b/docs/passwordreset/3.3/evaluationoverview/installation.md new file mode 100644 index 0000000000..a6cdbbb6cd --- /dev/null +++ b/docs/passwordreset/3.3/evaluationoverview/installation.md @@ -0,0 +1,51 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 10 +--- + +# Installation + +Installation + +# Installation + +Password Reset has two server components, and an optional client. See the +[Password Reset Client](/docs/passwordreset/3.3/evaluationoverview/password_reset_client.md) topic for additional information. Both server +components can be installed on one server, or they may be installed on separate servers if your web +server is in a DMZ. As the evaluation server is not in a DMZ, we will install both components on one +server. + +The Web Interface is the component that users interact with. It accepts user requests, encrypts +them, and sends them to the Password Reset Server. The Password Reset Server is the component that +performs requests on behalf of users. It receives requests from the Web Interface, checks the user's +credentials, and performs the requested task if the credentials are valid. + +![installing_npr](/img/product_docs/passwordreset/3.3/evaluation/installing_npr.webp) + +You only need one Windows 2008 to 2019 server for the evaluation. The server can be a domain +controller or a member server. + +Follow the steps below to install Password Reset on the server. + +**Step 1 –** Start the Password Reset Setup wizard (APR330.exe). + +**Step 2 –** Click **Next**. + +**Step 3 –** Read the license agreement. Click **I accept the terms of the license agreement**. +Click **Next** if you accept all terms. + +**Step 4 –** Click **Next**, then click **OK** to install IIS, if asked. + +**Step 5 –** Enter **aprsvc** in the User Name field. + +**Step 6 –** Enter a secure password in the Password field. + +**Step 7 –** Click **Next** three times. + +**Step 8 –** Wait for Password Reset to install, then click **Finish**. + +**NOTE:** The Setup wizard creates the aprsvc account and adds it to the Domain Admins group. You +can remove the account from the Domain Admins group and grant the required permissions later. See +the [Securing Password Reset](/docs/passwordreset/3.3/administrationoverview/securing_password_reset.md) topic of the Password +Reset Administrator's Guide for additional information. diff --git a/docs/passwordreset/3.3/evaluationoverview/password_reset_client.md b/docs/passwordreset/3.3/evaluationoverview/password_reset_client.md new file mode 100644 index 0000000000..9f6d15356d --- /dev/null +++ b/docs/passwordreset/3.3/evaluationoverview/password_reset_client.md @@ -0,0 +1,80 @@ +--- +title: "Password Reset Client" +description: "Password Reset Client" +sidebar_position: 50 +--- + +# Password Reset Client + +Password Reset Client + +# Password Reset Client + +The Password Reset Client allows users to securely reset their password or unlock their account from +the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password +Reset system. + +![the_password_reset_client_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1.webp) + +The Password Reset Client does not modify any Windows system files. + +The Password Reset Client is normally deployed with Group Policy, Microsoft System Center +Configuration Manager, or some other software deployment tool. It takes about 15 minutes to set up +an automated deployment, so we will install the PRC manually for the evaluation. + +## Installing the PRC + +Follow the steps below to install the PRC. + +**Step 1 –** Click **Start** > **Netwrix Password Reset** > **Client Software**. + +**Step 2 –** Double-click **NPRClt330.msi**. + +**Step 3 –** Click **Next**. + +**Step 4 –** Read the license agreement. Click **I accept the license agreement**. Click **Next** if +you accept all the terms. + +**Step 5 –** Click **Next**. + +**Step 6 –** Once the Password Reset Client is installed, click **Finish**. + +**Step 7 –** Click **Yes** is asked to restart the computer. + +You can also install the Password Reset Client on any client computers that are being used for the +evaluation. + +## Configuring the PRC + +The Password Reset Client is normally configured with an Active Directory administrative template. +This allows you to centrally configure all computers in the domain. It takes about 15 minutes to set +up the Administrative Template, so we will configure the PRC by importing the settings into the +registry for the evaluation. + +**Step 1 –** Download the sample configuration from the following link: +[https://www.netwrix.com/download/PRC_Config.zip](https://www.netwrix.com/download/PRC_Config.zip) + +**Step 2 –** Extract **PRC_Config.reg** from the .zip file. + +**Step 3 –** Right-click **PRC_Config.reg**, then click **Edit**. + +![the_password_reset_client_1_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1_1.webp) + +**Step 4 –** Replace **127.0.0.1** in the .reg file with the IP address or hostname of your +evaluation server. + +**NOTE:** If you are only testing the Password Reset Client on the evaluation server, then leave it +set to 127.0.0.1. The IP address appears on two lines. You must change both lines. + +**Step 5 –** Press **CTRL** + **S** to save your changes, then close **Notepad**. + +**Step 6 –** Double-click **PRC_Config** to import the settings into the registry. Click **Yes** +when asked to confirm. Repeat this step on any client computers being used for the evaluation. + +**NOTE:** You must import the configuration settings into the registry whenever you edit +PRC_Config.reg, otherwise the old settings will remain. + +## Using the PRC + +You can access the Password Reset Client from the Windows Logon and Unlock Computer screens. Click +the **Reset password...** command link to display the Password Reset menu. diff --git a/docs/passwordreset/3.3/evaluation/using.md b/docs/passwordreset/3.3/evaluationoverview/using.md similarity index 90% rename from docs/passwordreset/3.3/evaluation/using.md rename to docs/passwordreset/3.3/evaluationoverview/using.md index bedd3b8fff..ba622f0c5e 100644 --- a/docs/passwordreset/3.3/evaluation/using.md +++ b/docs/passwordreset/3.3/evaluationoverview/using.md @@ -1,3 +1,9 @@ +--- +title: "Using Password Reset with Password Policy Enforcer" +description: "Using Password Reset with Password Policy Enforcer" +sidebar_position: 60 +--- + # Using Password Reset with Password Policy Enforcer Using Password Reset with Password Policy Enforcer diff --git a/docs/passwordreset/3.3/evaluationoverview/using_password_reset.md b/docs/passwordreset/3.3/evaluationoverview/using_password_reset.md new file mode 100644 index 0000000000..1117b21ee7 --- /dev/null +++ b/docs/passwordreset/3.3/evaluationoverview/using_password_reset.md @@ -0,0 +1,94 @@ +--- +title: "Using Password Reset" +description: "Using Password Reset" +sidebar_position: 20 +--- + +# Using Password Reset + +Using Password Reset + +# Using Password Reset + +Password Reset is a web application. Open a web browser on the server and go to +[http://127.0.0.1/pwreset/ ](http://127.0.0.1/pwreset/)to see Password Reset's menu. You can also +access Password Reset from another computer by replacing 127.0.0.1 in the URL with the IP address or +hostname of the evaluation server. + +![using_npr_1](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1.webp) + +You should install an SSL certificate on the web server when using Password Reset on a production +network with real passwords. See the +[Securing Password Reset](/docs/passwordreset/3.3/administrationoverview/securing_password_reset.md) topic for additional +information. + +## Enrolling into Password Reset + +You must enroll into Password Reset before you can use it to reset your password or unlock your +account. You can enroll manually by providing some information about yourself, or Password Reset can +enroll you automatically and send a verification code to confirm your identity. + +Follow the steps below to manually enroll into Password Reset. + +**Step 1 –** Click the **Enroll** item in the menu. + +![using_npr_1_1](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1_1.webp) + +**Step 2 –** Enter a **Username**, **Domain**, and **Password** in the respective fields. + +**Step 3 –** Select a question from each of the Question dropdown lists, and enter a corresponding +in Answer text boxes. + +**Step 4 –** Click **Next**. + +Windows increments the bad password count in Active Directory every time you try to enroll with an +incorrect password. This may trigger a lockout if the Windows account lockout policy is enabled. + +## Resetting a Password + +Use the Reset feature when you have forgotten your password. Resetting a password also unlocks the +account if it is locked. + +Follow the steps below to reset a password. + +**Step 1 –** Click the **Reset** item in the menu. + +**Step 2 –** Enter a **Username** and **Domain** in the respective fields, then click **Next**. + +**Step 3 –** Enter an **Answer** to the first question in the corresponding field, then click +**Next**. Repeat this step for each security question. + +**Step 4 –** Enter the **New Password** into both text boxes, then click **Next**. + +## Unlocking an Account + +Use the Unlock feature when you know the password, but have entered it incorrectly too many times +and Windows has locked out your account. + +Follow the steps below to unlock an account. + +**Step 1 –** Click the **Unlock** item in the menu. + +**Step 2 –** Enter a **Username** and **Domain** in the respective fields, then click **Next**. + +**Step 3 –** Enter an **Answer** to the first question in the corresponding field, then click +**Next**. Repeat this step for each security question. + +## Changing a Password + +Use the Change feature when you know the password and would like to change it. + +Follow the steps below to change a password. + +**Step 1 –** Click the **Change** item in the menu. + +**Step 2 –** Enter a **Username** and **Domain** in the respective fields, then click **Next**. + +**Step 3 –** Enter the **Old Password**, **New Password**, and **Confirm Password** in the +respective field. Click **Next**. + +Password Reset's user interface is built with customizable templates. You can easily modify the user +interface by editing the templates. Even the error messages are defined in the templates, so you can +edit those too. See the +[Editing the HTML Templates](/docs/passwordreset/3.3/administrationoverview/editing_the_html_templates.md) topic of the +Administrator's Guide for additional information. diff --git a/docs/passwordreset/3.3/netwrix_password_reset_documentation.md b/docs/passwordreset/3.3/netwrix_password_reset_documentation.md deleted file mode 100644 index c02f28ce97..0000000000 --- a/docs/passwordreset/3.3/netwrix_password_reset_documentation.md +++ /dev/null @@ -1,9 +0,0 @@ -# Netwrix Password Reset v3.3 Documentation - -Netwrix Password Reset v3.3 Documentation - -# Netwrix Password Reset - -Netwrix Password Reset is a self-service password management system that helps you to reduce the -number of password related help desk calls. Password Reset allows users to securely change their -password and unlock their account, even if they have forgotten their password. diff --git a/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/_category_.json b/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/_category_.json new file mode 100644 index 0000000000..54142c3609 --- /dev/null +++ b/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Password Reset v3.3 Documentation", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "netwrix_password_reset_documentation" + } +} \ No newline at end of file diff --git a/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/netwrix_password_reset_documentation.md b/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/netwrix_password_reset_documentation.md new file mode 100644 index 0000000000..6e3d4c0c45 --- /dev/null +++ b/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/netwrix_password_reset_documentation.md @@ -0,0 +1,15 @@ +--- +title: "Netwrix Password Reset v3.3 Documentation" +description: "Netwrix Password Reset v3.3 Documentation" +sidebar_position: 10 +--- + +# Netwrix Password Reset v3.3 Documentation + +Netwrix Password Reset v3.3 Documentation + +# Netwrix Password Reset + +Netwrix Password Reset is a self-service password management system that helps you to reduce the +number of password related help desk calls. Password Reset allows users to securely change their +password and unlock their account, even if they have forgotten their password. diff --git a/docs/passwordreset/3.3/administration/what_new.md b/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/what_new.md similarity index 87% rename from docs/passwordreset/3.3/administration/what_new.md rename to docs/passwordreset/3.3/netwrixpasswordresetdocumentation/what_new.md index f0cc8544fd..a968937941 100644 --- a/docs/passwordreset/3.3/administration/what_new.md +++ b/docs/passwordreset/3.3/netwrixpasswordresetdocumentation/what_new.md @@ -1,3 +1,9 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 10 +--- + # What's New What's New @@ -20,7 +26,7 @@ version, and only then upgrade Netwrix Password Reset to v3.3 (or later). Older versions of Netwrix Password Policy Enforcer can still enforce the policy, but Netwrix Password Reset 3.3 will not get the policy and rejection messages or enforce the Similarity rule -from Netwrix Password Policy Enforcer versions older than 9.0. See the [General Tab](/docs/passwordreset/3.3/administration/general_tab.md) +from Netwrix Password Policy Enforcer versions older than 9.0. See the [General Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md) topic for more information. • **Option to enable PPC protocol encryption** — Due to a protocol upgrade, it is now recommended to @@ -31,7 +37,7 @@ Please do not enable this option if you are using Netwrix Password Reset v3.3 wi Policy Enforcer v8.x or earlier versions, or with Netwrix Password Policy Enforcer/Web. If you are using Netwrix Password Reset v3.3 with any of those older versions of Netwrix Password Policy Enforcer, please consider upgrading first to a current and supported version. See the -[General Tab](/docs/passwordreset/3.3/administration/general_tab.md) topic for more information. +[General Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md) topic for more information. • **Enabled ‘ServerMayChangeIPAddress’ for PPC queries** — This ensures that Netwrix Password Reset always displays the policy or rejection message if it queried a domain controller with more than one diff --git a/docs/passwordsecure/9.2/configuration/_category_.json b/docs/passwordsecure/9.2/configuration/_category_.json new file mode 100644 index 0000000000..9843cc2a8e --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuration", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "configuration" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/example_applications.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/example_applications.md deleted file mode 100644 index 30473ed641..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/example_applications.md +++ /dev/null @@ -1,7 +0,0 @@ -# Example Applications - -In this section you'll find examples for applications. - -- [SAP GUI logon - SSO Application](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_-_sso_application.md) -- [SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_dropbox.md) -- [SAML application for Postman](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_postman.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications.md deleted file mode 100644 index a08fefedc4..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications.md +++ /dev/null @@ -1,72 +0,0 @@ -# Notifications - -## What are notifications? - -With the notification system, you are always up-to-date on all events that you consider important. -Almost all modules allow users to configure notifications. All configured messages are only created -for the currently registered Netwrix Password Secure user. It is not possible to create a -notification for another user. Each user can and should define himself which passwords, which -triggers as well as changes are important and informative for him. The configuration of visibility -is explained in a similar way to the other modules in one place -[Visibility](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md) - -![Notifications modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) - -NOTE: The reading pane is deactivated in this module by default. It can be activated in the -"Display" tab in the ribbon. - -## Module-specific ribbon functions - -There are also some ribbon functionalities that are exclusively available for the notification -module. In particular, the function **Forward important notifications to email addresses** enables -administrators and users to maintain control and transparency independent of the location. - -![Ribbon notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_2-en.webp) - -### Mark notifications as read - -The two buttons on the ribbon enable you to mark notifications as read/unread. In particular, the -filter criterion available in this context (see following screenshot) enables fast sorting according -to current and also historical notifications. - -![filter notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_3-en.webp) - -It is possible to mark the notifications as read/unread via the ribbon and also via the context menu -that is accessed using the right mouse button. If the corresponding setting has been activated, -opening a notification will also mean that it is marked as read. - -## Manual configuration of notifications - -Irrespective of the selected module, permissions can be configured manually for objects. The -following dialogue can be opened via the ribbon in the "Actions" tab: - -![Manual configuration of notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_5-en.webp) - -- **Notification**: Definition for the trigger -- **Value**: Defines whether a notification should be created for the previously defined trigger. In - the example for the "Apple" record, this only occurs when the record is edited. -- **Event type**: The event type for the generated notifications can be either "Info", "Warning" or - "Error". This information can also be used e.g. as an additional filter criterion. - -In contrast to previous editions, it is best to configure the notifications manually. This ensures -that a notification is really only triggered for relevant events. - -## Other triggers for notifications - -As well as manually configurable notifications, there are other triggers in Netwrix Password Secure -which will result in notifications. - -- [Seals](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md): Requests - to release sealed records are handled via the notification system -- [System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md)s: If reports are automatically - created via the system tasks, these are also made available in the form of a notification. If this - type of notification is selected, it can be directly opened via the corresponding button that - appears on the ribbon. - -![Ribbon functions notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_6-en.webp) - -## Automatic deletion of old notifications - -If desired, notifications can be automatically cleaned up. This option can be configured on the -**Server Manager**. Further information can be found in the section -[Managing databases](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/managing_databases.md). diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/directory_services.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/directory_services.md deleted file mode 100644 index 712ca32a35..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/directory_services.md +++ /dev/null @@ -1,10 +0,0 @@ -# Directory services - -It is possible to use existing user and group structures from external directories with Netwrix -Password Secure. - -Choose your preferred integration method: - -- [Microsoft Entra ID connection](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/entra_id_connection.md) - -- [Active Directory link](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/managing_users.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/managing_users.md deleted file mode 100644 index 7c07684c44..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/managing_users.md +++ /dev/null @@ -1,80 +0,0 @@ -# Managing users - -## How are users managed in Netwrix Password Secure? - -The way in which users are managed is highly dependent on whether Active Directory is connected or -not. In Master Key mode, Active Directory remains the leading system. Accordingly, users are then -also managed in the AD. If Netwrix Password Secure is the leading system, e.g. in end-to-end mode, -users are managed in the organisational structures module. More details are provided in the relevant -sections. - -## Relevant rights - -The following options are required to add local users. - -### User rights - -Can add new users -Display organisational structure module - -## Adding local users - -In general, new users are added in the same way as creating a local organisational unit. Therefore, -only the differences will be covered below. - -### Creating users - -![create user](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/create-user-wc.webp) - -- **Allocated roles**: New users can directly be allocated one or more rolls when they are created -- **Change password on next login**: The user will be requested to change their user password on the - next login (obligatory) -- **Account is deactivated**: The user is created with the status "deactivated". The account is thus - not useable. The write rights for a user can be set/removed with this option. In editing mode, the - account can also be deactivated during ongoing operation. -- **Restricted user**: Controlling entities exist in many companies that are only tasked with - checking the integrity and hierarchies of various pieces of information with one another but are - not required to productively work with the information themselves. This could be a data protection - officer or also an administrator in some cases. This would be the case if an administrator was - responsible for issuing permissions to other people but should not be able to view the data - themselves. The property **restricted user** is used to limit the visibility of the password - field. It thus deals with purely administrative users or controlling entities. - -NOTE: Restricted users cannot view any passwords - -### Configuring rights - -The second tab of the wizard allows you to define the permissions for the newly created user. If an -allocated organisational unit or a rights template group was defined in the first tab, the new user -will inherit its permissions. Here, these permissions can be adapted if desired. - -### Configuring user rights - -Users always receive their user rights via role, which is either user-specific or global (see user -rights). If no role is defined in the first tab "Create user", the third tab will thus contain -globally defined user rights. - -## Importing users - -Importing from Active Directory can be carried out in two ways that are described in a separate -section. - -## User licenses - -There are two different types of licenses, **Advanced view** and **Basic view** licenses. In all -other editions you can only purchase Advanced view licenses. Please note that licensed Basic view -users are not able to use the Advanced view. However, Advanced view Users can also switch to the -Basic view. - -**CAUTION:** For licensing reasons, it is not intended to switch from a Advanced view user to a -Basic view user! - -Our sales team will be happy to answer any questions you may have about licensing. - -Display data to which the user is authorized In order to display the data to which a user is -authorized, you must right-click on the corresponding user in the organisational structure. In the -context menu that opens, you will find the following options under **displaying data records**: - -Password -Documents -Forms -Rolls -Uses -Password Reset -System Tasks -Seal templates - -NOTE: All authorizations for a data record are taken into account, regardless of whether you are -authorized by a role or the user. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md deleted file mode 100644 index b8c841c2da..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md +++ /dev/null @@ -1,107 +0,0 @@ -# Organisational structure - -## What are organisational structures? - -The storage of passwords or documents always takes place according to the defined organisational -structures. The module enables complex structures to be defined, which later form the basis for the -systematic storage of data. It is often possible to define them on the basis of already existing -organization diagrams for the company or department. It is also possible to use other criteria, such -as the function / activity performed, as the basis for creating hierarchies. It is always up to the -customer themselves to decide which structure is most useful for the purpose of the application. - -![Organizational structure modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_1-en.webp) - -## Relevant rights - -The following options are required for adding new organisational structures. - -### User rights - -- Can add new organisational units -- Display organisational structure module - -## Module-specific ribbon functions - -The operation of the ribbon differs fundamentally in a couple of aspects to how it works in other -modules. The following section will focus on only those elements of the ribbon that differ. The -remaining actions have already be explained for the password module. - -![create new user/organisational unit](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_2-en.webp) - -- **New organisational unit/user**: New organisational units or new users can be added via the - ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right - mouse button. Due to its complexity, there is a separate section for this function: - [User management](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/user_management/user_management.md) -- **Drag & Drop**: If this option has been activated, it is possible to move users or organisational - units in list view via drag & drop -- **Permissions**: The configuration of permissions within the organisational structure is important - both for the administration of the structure and also as the basis for the permissions in - accordance with - [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance_from_organizational.md). - The benefits of - [Predefining rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md) are - explained in a separate section. -- **Settings**: The settings can be configured for both users and also organisational units. More - information on [User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md)… -- **Active Directory**: The connection to Active Directory is explained in a dedicated section - [Active Directory link](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md) -- **Microsoft Entra ID**: The connection to Microsoft Entra ID is explained in a dedicated section -- **Multi Factor authentication**: Additional security during login is provided through positive - authentication based on another factor. More on this subject… -- **Reset password**: Administrators can reset the passwords with which users log in to Netwrix - Password Secure to a defined value. Naturally, this is only possible if the connection to Active - Directory is configured - via[End-to-end encryption](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end-to-end_encryption.md). In the - alternative [Masterkey mode](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode.md), the - authentication is linked to the correct entry of the AD password. - -NOTE: To reset a user password, membership for the user is a prerequisite. - -The example below shows the configuration of a user where only the user themselves is a member. - -![permission for user](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_3-en.webp) - -This configuration means that the user password cannot be reset by administrators. The disadvantage -is that if the password is lost there is no technical solution for "resetting" the password in the -system. - -**CAUTION:** It is not recommended to configure the permissions so that only the user themselves has -membership. No other interventions can be made if the password is then lost. - -## Adding local organisational units - -Both users and also organisational units themselves can be added as usual via the ribbon -(alternatively via Ctrl + N or via the context menu). These processes are supported by various -wizards. The example below shows the creation of a new organisational unit: - -### Create organisational unit - -![Add new organisational unit](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_4-en.webp) - -- **Allocated organisational unit**: If the new object is defined as a **main organisational unit**, - it is not allocated to an existing organisational unit -- **Rights template group**: If an already existing organisational unit was selected under - "allocated organisational unit", you can select one of the existing rights template groups. - -NOTE: The organisational unit marked in list view will be used as a default. This applies to the -fields "allocated organisational unit" and also "rights template". - -### Create role - -![Create role](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_5-en.webp) - -When creating a new organisational unit, the second tab in the wizard enables you to directly create -a new role. This role will not only be created but also given "read permission" to the newly created -organisational unit. - -### Configuring rights - -![Configuring rights](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_6-en.webp) - -The third tab of the wizard allows you to define the permissions for the newly created -organisational unit. If an allocated organisational unit or a rights template group was defined in -the first tab, the new organisational unit will inherit its permissions. These permissions can be -adapted if desired. - -NOTE: The **organisational structure** module is based on the Web Application module of the same -name. Both modules have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/rollback/rollback.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/rollback/rollback.md deleted file mode 100644 index 9af3125321..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/rollback/rollback.md +++ /dev/null @@ -1,23 +0,0 @@ -# Rollback - -## What is a rollback? - -If an error occurs while running a script, a rollback is initiated. This ensures that the original -password is restored. - -## When does a rollback run? - -The following diagram shows when and according to which criteria a rollback is initiated: - -![rollback run](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/rollback/rollback_1-en.webp) - -## Procedure - -If a rollback needs to be run, all scripts for the Password Reset are executed once again. The last -password in the history is used for this process. No new historical entry is created after the -rollback. - -## Logbook - -The logbook can be used to see if a rollback has been run and if it was successful. After a -rollback, the password should be checked once again as a precaution. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/scripts.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/scripts.md deleted file mode 100644 index 4909a107c2..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/scripts.md +++ /dev/null @@ -1,76 +0,0 @@ -# Scripts - -## Available scripts - -The following scripts are supplied and can be directly used. In all scripts, a password is firstly -selected in the upper section. This is not the password that will be reset on the target system. -Instead, a user should be entered here that can complete the rest of the process on the target -system. This password thus requires administrative rights to the target system. - -A delay can also be configured in every script. This may be necessary, for example, if a password is -changed in AD and it is firstly distributed to other controllers. - -![new script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_1-en.webp) - -## Active Directory Password Reset - -This script is responsible for changing passwords for Active Directory users (domain users). Access -to Active Directory is configured here under **Hostname**. - -![Active Directory Password Reset](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_2-en.webp) - -## Service accounts - -This script changes the access data within a service. Both the user and also the password can be -changed. The **host name** – i.e. the target computer – and the **service name** are saved here. - -![Service accounts scripts](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_3-en.webp) - -Please note that the **display name** for the **service** needs to be used. - -![display name service](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_4-en.webp) - -The access data in the associated password can be saved as follows: - -### Local user - -[Username] [Username] .[Username] [Computer][Username] - -### Active Directory user - -[Domain][Username] - -## Windows user - -This script can be used to reset the passwords for local Windows users. Only the **host name** needs -to be saved here. - -![Windows user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_5-en.webp) - -## Linux user - -Linux users can also be reset in the same way as Windows users. It is also only necessary to enter -the **host name** and the **port** here. - -![Linux user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_6-en.webp) - -## MSSQL user - -This script resets passwords for local MSSQL users. It is only necessary to enter the **MSSQL -instance** and the **port**. - -![MSSQL user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_7-en.webp) - -The name of the MSSQL instance can be taken from the login window for the SQL Management Studio. - -![MSSQL user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_8-en.webp) - -If a domain user is being used to log in to the SQL server, the user needs to be managed via the -script **Active Directory user**. - -## Planned task - -The passwords for users of Windows Task Scheduler can be changed using this script. The **host -name** of the computer on which the task will run and the **name** of the task itself are entered. - -![planned task](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_9-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history.md deleted file mode 100644 index c152013bfc..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history.md +++ /dev/null @@ -1,50 +0,0 @@ -# History - -## What is the history? - -Alongside saving passwords and keeping them safe, the ability to trace changes to records also has -great relevance. The history maintains a seamless account of the versions for all form fields in a -record. Every change to records is separately recorded, saved and can thus also be restored. In -addition, it is always possible to compare historical values with the current version. The history -is thus an indispensable component of every security concept. - -## The history in the reading pane - -The optional footer area can be used to already display the history when in the reading pane. All of -the historical entries are listed and sorted in chronological order. - -![history in footer](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_1-en.webp) - -The different versions are displayed one below the other on the left. The info for each respective -version can then be seen alongside on the right. A quick view can be displayed via the **History** -in the ribbon or via a double click. - -![quick view history](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_2-en.webp) - -## Detailed history in the Extras - -The detailed history for the record marked in list view can be called up in the Start/Extras tab. - -![History](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_3-en.webp) - -The history for the marked record opens in a separate tab. In list view, all of the available -versions with the date and time of their last change are sorted in chronological order. - -![history list view](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_4-en.webp) - -## Comparison of versions - -At least two versions need to be selected in order to carry out a comparison. In list view, mark the -first version and then add another version via the “Add” button on the right of the reading pane to -compare with the first one. - -![comparison of history versions](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_5-en.webp) - -If deviations exist between the two versions, these will be highlighted in color. - -![difference between password history](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_6-en.webp) - -## Restoring versions - -A selected status can be restored via the ribbon. The current state is overwritten and added to the -history diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords.md b/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords.md deleted file mode 100644 index be9b3f3341..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords.md +++ /dev/null @@ -1,109 +0,0 @@ -# Passwords - -## What are passwords? - -In Netwrix Password Secure v8, the data record with the passwords represents the central data -object. The Passwords module provides administrators and users with central access to the passwords -for the purpose of handling this sensitive data that requires protection. Search filters in -combination with color-highlighted tags enable very focussed work. Various approaches can be used to -help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module -helps all users to use Netwrix Password Secure in an efficient and targeted manner. - -![Password modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_1-en.webp) - -## Prerequisite - -The following user right is required for adding new passwords: - -- **Can add new passwords** - -## Module-specific ribbon functions - -The ribbon offers access to all possible actions relevant to the situation at all times. Especially -within the "Passwords" module, the ribbon plays a key role due to the numerous module-specific -functions. General information on the subject of the ribbon is available in the relevant section. -The module-specific ribbon functions will be explained below. - -![ribbon functions](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_2-en.webp) - -### New - -- **New password**: New passwords can be added via this icon in the ribbon, via the context menu - that is accessed using the right mouse button and via the shortcut (Ctrl + N). The next step is to - select a suitable form. -- **Open**: Opens the object marked in list view and provides further information about the record - in the reading pane. -- **Delete**: Deletes the object marked in list view. A log file entry is created (see logbook). -- **Reveal**: The function **Reveal** can be used for all records that have a password field. The - passwords in the reading pane will be revealed. In the example, the passwords have been revealed - and can be hidden again with the **Hide** button. - -![hide password](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_3-en.webp) - -### Actions - -- **Notifications**: Defining notifications enables a constant flow of information about any type of - interaction. The issuing of notifications is carried out in the module designed for this purpose. -- **Duplicate**: Duplicating creates an exact copy of the record in a new tab. -- **Move**: Moves the record marked in list view to another organisational structure. -- **Toggle** **Favorite**: The selected record is marked as a favorite. It is possible to switch - between all records and favorites at any time. -- **Quick view**: A modal window opens for the selected record for 15 seconds and displays all - available information **including the value of the password**. -- Notifications: A list of all configured notifications - -### Permissions - -- **Permissions**: The drop-down menu can be used to set both password permissions and also form - field permissions. This method only allows the manual setting of permissions for data (see - - authorization concept) - -- **Password masking**: Masking passwords that need to be protected from unauthorized users is an - important feature of the security concept in Netwrix Password Secure. -- **Seal**: The multi-eye principle in Netwrix Password Secure is covered in its own section. Seals. - -### Clipboard - -The clipboard is a key element in the ribbon. This only exists in the "Passwords" module. **Clicking -on the desired form field for a record in the ribbon** will copy it to the clipboard. - -![Clipboard](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_4-en.webp) - -The message in the style of the "Balloon Tips" in Windows shows that the password has now been saved -in the clipboard for 300 seconds. (Note: the time until the clipboard is cleared is 60 seconds by -default. In the present case, this has been adjusted via the user settings.) - -### Start - -Conveniently working with passwords is only possible via the efficient usage of automated accesses -via RDP, SSH, general Windows applications or websites. This makes it possible to dispense with -(unsecure) entries via "copy & paste". - -- **Open web page**: If an URL is saved in the record, this menu option can be used to directly open - it. -- **Applications**: If applications have been linked to records, they can be directly opened via the - "start menu". - -### Extras - -- **Create external link**: This option creates an external link for the record marked in list view. - A number of different options can be selected: - -![external link](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_5-en.webp) - -**CAUTION:** If several sessions are opened on a client, an external link is always called in the -first session. - -- **History**: This icon opens the history for those records selected in list view in a new tab. Due - to the comprehensive recording of historical versions of passwords, it is now possible to compare - several versions with one another. -- **Print**: This option can be used to open the print function. -- **Export**: It is possible to export all the selected records and also the data defined by the - filter to a .csv file. -- **Change form**: It is possible to change the form used for individual records. "Mapping" of the - previous form fields can be directly carried out in the process. -- **Settings**: The password settings are described in a separate section. - -NOTE: The password module is based on the module of the same name in the Web Application. Both -modules have a different scope and design. However, they are almost identical to use. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export.md b/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export.md deleted file mode 100644 index 258be2223d..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export.md +++ /dev/null @@ -1,50 +0,0 @@ -# Export - -## What is an export? - -An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and -automated [System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md) can extract information from -Netwrix Password Secure in this manner. - -**CAUTION:** Please note that extracting passwords is always associated with a weakening of the -security concept. The informative value of the logbook will suffer when data is exported because the -revision of this data will no longer be logged. This aspect needs to be taken into account -particularly in conjunction with the Netwrix Password Secure -[Export wizard](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/export_wizard.md) because the export result is not separately secured -by a password. - -The export function is accessed via the Main menu/Export. There are two fundamental types of export -– the WebViewer export and the export wizard. However, the latter is divided into four -subcategories. - -![installation_with_parameters_63](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_63.webp) - -The [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/html_webviewer_export.md) creates a HTML file -protected by a password. In contrast, the export wizard creates an open and unprotected .csv file. - -## Requirements - -Permissions are used to define whether a record can be exported or not. Various protective -mechanisms can be applied. Restrictions can be placed on either the record itself and also via user -rights - -- **The permissions for the record:** The permissions for the record define whether a record can be - exported - -![Export in the ribbon](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_64-en.webp) - -In this example, the marked role IT employee does not have the required permissions to export the -record. In contrast, the IT manager does have the required permissions. In addition, the -administrator possesses all rights, including the right to export. - -#### Relevant right - -The following option is required. - -User right - -- Can export - -NOTE: If a record is exported, this user right and also the corresponding permissions for the record -must be set. The user right defines whether a user can generally export data, while the permissions -for the record define which records can be exported. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/extras.md b/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/extras.md deleted file mode 100644 index 2eb7ed7b36..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/extras.md +++ /dev/null @@ -1,17 +0,0 @@ -# Extras - -## What are Extras? - -Netwrix Password Secure provides a diverse range of supporting features that do not directly provide -added value but mostly build on existing approaches and expand their functionalities. They are -work-saving features that in total simplify the process of working with Netwrix Password Secure. - -![installation_with_parameters_77_517x414](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/installation_with_parameters_77_517x414.webp) - -- [Password rules](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md) -- [Password generator](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/password_generator.md) -- [Reports](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/reports.md) -- [System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md) -- [Seal templates](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/seal_templates.md) -- [Tag manager](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/tag_manager.md) -- [Image management](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/image_manager.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/reports.md b/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/reports.md deleted file mode 100644 index 3614ef09dd..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/reports.md +++ /dev/null @@ -1,51 +0,0 @@ -# Reports - -## What are reports? - -Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix -Password Secure. Similar to selectively configurable -[Notifications](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications.md), reports also contain -information that can be selectively defined. The difference is mainly the trigger. Notifications are -linked to an event, which acts as the trigger for the notification. In contrast, reports enable -tabular lists of freely definable actions to be produced at any selected time – the trigger is thus -the creation of a report. This process can also be automated via -[System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md). - -![reports](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) - -NOTE: Reports only ever contain information for which the user has the required permissions. - -A separate tab for managing existing reports and creating new reports can be opened in the current -module via the Main menu/Extras/Reports. The module in which the report is opened is irrelevant, the -contents are always the same. - -![installation_with_parameters_79](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_79.webp) - -The filter on the left has no relevance in relation to reports. Although reports can also be -“tagged” in theory, filtering has no effect on the reports. In -[List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md), there are currently three -configured report requests shown. - -#### Creating a report request - -New report requests can be created in list view via the ribbon or also the context menu that is -accessed using the right mouse button. The form for creating a new report request again opens in a -separate tab. Alongside a diverse range of variables, the report type can be defined using a -drop-down list. There are currently dozens of report types available. - -![installation_with_parameters_80](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_80.webp) - -The filter can be used to define the scope of the report e.g. to focus on a certain OU or simply a -selection of tags. Once saved, the report will now be shown in the list of report requests. - -###### Manually create reports - -You can now create a manual report via the ribbon. This will open in a separate tab and can be -displayed in the default web browser if desired. - -![installation_with_parameters_81](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_81.webp) - -Automated sending of reports via system tasks - -In general, reports are not manually created but are automatically sent to defined recipients. This -is apossible via system tasks, which can run processes of this nature at set times. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/main_menu_fc.md b/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/main_menu_fc.md deleted file mode 100644 index d95c3b2fc3..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/main_menu_fc.md +++ /dev/null @@ -1,17 +0,0 @@ -# Main menu - -## What is the Main menu/Backstage? - -All settings that are not linked to a particular module are defined in the Backstage (main menu). -This makes it easy to access the settings at any time and in any module. - -![Main menu](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) - -- [Extras](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/extras.md) -- [Account](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/account.md) -- [General settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/general_settings.md) -- [User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md) -- [User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md) -- [Administration](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/administration.md) -- [Import](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/import.md) -- [Export](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md b/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md deleted file mode 100644 index 6d616bacd5..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md +++ /dev/null @@ -1,85 +0,0 @@ -# List view - -## What is the list view? - -The list view is located centrally in the Netwrix Password Secure client, and is a key element of -daily work. There are also list views in Windows operating systems. If you click on a folder in -Windows Explorer, the contents of the folder are displayed in a list view. The same is true in -Netwrix Password Secure version 9. - -However, instead of folders, the content of the list view is defined by the currently applied -filter. \* This always means that the list view is the result of a filtered filter \*. For the -currently marked record in list view, all existing form fields are output to the reading pane. With -the two tabs “All” and “Favourites, the filter results can be further restricted. - -![List view](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_26-en.webp) - -At the bottom of the list view, the number of loaded records and the time required for this are -shown. - -NOTE: For more than 100 list elements, only the first 100 records are displayed by default. This is -to prevent excessive database queries where the results are unmanageable. In this case, it makes -sense to further refine the filter criteria. By pressing the “All” button in the header of the list -view, you can still manually switch to the complete list. - -## Searching in list view - -Through the search field, the results found by the filter can be further refined as required. After -you have entered the search term, the results are automatically limited to those records which -correspond to the criteria (after about half a second). The search used for the search is -highlighted in yellow. - -![installation_with_parameters_27](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_27.webp) - -## Detailed list view - -The default view displays only limited information about the records. However, the width of the list -view is flexible and can be adjusted by mouse. At a certain point, the view automatically changes to -the detailed list view, similar to the procedure in Microsoft Outlook. All form fields are displayed - -![Table view](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_28-en.webp) - -## Favourites - -Regularly used records can be marked as favourites. This process is carried out directly in the -[Ribbon](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md). A record marked as a favourite is indicated with a star in list view. - -![Favourite](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) - -You can filter for favourites directly in the list view. For this purpose, simply switch to the -“Favourites” tab - -![installation_with_parameters_30](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_30.webp) - -#### Othersymbols - -Every record displayed in list view has multiple icons on the right. These give feedback in colour -about both the password quality and the [Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md) used. Mouseover tooltips provide -more precise details. - -![installation_with_parameters_31](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) - -NOTE: The information visible underneath the password name is taken from the info field for the -associated form and will be explained separately - -## Workingwith records - -All records that correspond to the filter criteria are now displayed in list view. These can now be -opened, edited, or deleted via the ribbon. Many functions are also available directly from the -context menu. You can do this by right-clicking the record. Multiple selection is also possible. To -do this, simply highlight the desired objects by holding down the Ctrl key. - -![installation_with_parameters_32](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_32.webp) - -#### Opening and editing data sets - -By double-clicking, as with the context menu (right mouse button), all records can be opened from -the list view in a separate tab. Only in this view can you make changes. This detail view opens in a -separate tab, the list view is completely hidden - -![editing dataset](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_33-en.webp) - -NOTE: Working with data records depends of course on the type of the data record. Whether passwords, -documents or organisational structures: The handling is partly very different. For more information, -please refer to the respective sections on the individual -[Client Module](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_module.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation_and_setup.md b/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation_and_setup.md deleted file mode 100644 index 12cc3018b8..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation_and_setup.md +++ /dev/null @@ -1,91 +0,0 @@ -# Operation and Setup - -## Client structure - -The modular structure of the client ensure that the required functionalities are always in the same -place. Although the module selection gives access to the various areas of Netwrix Password Secure, -the control elements always remain at the positions specified for this purpose. This intuitive -operating concept ensures efficient work and a minimum of training time. - -![Operation](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation-and-setup-1-en.webp) - -![Dashboard](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation-and-setup-2-en.webp) - -1. [Ribbon](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md) - -2. [Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md) - -3. [List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md) - -4. [Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md) - -5. [Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md) - -6. [Search](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md) - -7. [Dashboard and widgets    ](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/dashboard_and_widgets.md) - -## TABs - -Tabs offer yet another option within the to present related information in a separate area. This tab -navigation enables you to display, quickly access and switch between relevant information. The -results for a filter with specific criteria can thus be retained without the original result being -overwritten - -when a new filter is applied. In parallel, detailed information about records can also be found in -their own tabs. It is of course possible to adjust the order of the tabs via drag & drop according -to your individual requirements. - -![Dashboard](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/installation_with_parameters_2-en.webp) - -#### Standard tab - -Depending on the active module, the All passwords tab will be renamed to the corresponding module by -default. (All documents, all forms, etc.) - -![Standard tab](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/standard-tab-en.webp) - -Although the name suggests that all records in the database are displayed, the records displayed in -list view correspond to the criteria that have been defined in the filter. The tab closes and can be -restored by reusing the filter. - -## Client footer information - -Independently of the module chosen, various information is displayed in the footer area of the -client. The icons are also provided with a meaningful mouse-over text, which provides additional -information. - -- Connection to database -- Feedback in case connection is insecure -- Last name, first name (user name) of the logged-in user - -![installation_with_parameters_4](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/installation_with_parameters_4.webp) - -- [Ribbon](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md) -- [Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md) -- [List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md) -- [Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md) -- [Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md) -- [Search](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md) -- [Dashboard and widgets](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/dashboard_and_widgets.md) -- [Shortcut key](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/keyboard_shortcuts.md) - -## Orientation - -It is possible to change the alignment of the following objects: - -- [Active Directory link](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md) -- [Applications](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications.md) -- [Notifications](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications.md) -- [Reports](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/reports.md) -- [Documents](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents.md) -- [Forms](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms.md) -- [Logbook](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook.md) -- [Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md) -- [Password Reset](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset.md) -- [Password rules](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md) -- [Roles](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md) -- [Seal templates](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/seal_templates.md) -- [System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md) -- Forwarding Rules -- Profil picture in the reading pane diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/rights_templates/right_templates.md b/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/rights_templates/right_templates.md deleted file mode 100644 index b88b6288de..0000000000 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/rights_templates/right_templates.md +++ /dev/null @@ -1,16 +0,0 @@ -# Right templates - -## Using right templates - -Once they have been configured, permissions can be constantly reused. The functionality **Saving -permissions as a template** in the ribbon is used for this purpose. The templates are globally -available and can also be used for other records. - -NOTE: When saving templates, always select a name that will also allow it to be safely -differentiated from other templates if you have a large number of right templates. - -Nevertheless, the use of right templates merely reduces the amount of work and still envisages the -manual setting of permissions. Automatic process for the issuing of permissions also exist in -Netwrix Password Secure and will be covered in the section -[Predefining rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md) and also under -"[Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance_from_organizational.md)". diff --git a/docs/passwordsecure/9.2/configuration/advancedview/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/_category_.json new file mode 100644 index 0000000000..09f5c3ea34 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Advanced View", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/_category_.json new file mode 100644 index 0000000000..32dfd95a1c --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Client Module", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "client_module" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/_category_.json new file mode 100644 index 0000000000..ae7e02e7ab --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Applications", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md index 10846e746c..1b7a103e6a 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md @@ -1,3 +1,9 @@ +--- +title: "Applications" +description: "Applications" +sidebar_position: 80 +--- + # Applications ## What are applications? @@ -12,7 +18,7 @@ automatic logon to almost any kind of software. ![applications module](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications_1-en.webp) - Automatic logins to websites are covered by the - [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofill_add-on/autofill_add-on.md). + [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md). ## The four types of applications @@ -23,14 +29,14 @@ applications. In terms of how they are handled, **RDP and SSH** applications can be covered together. Both types of application can be (optionally) "embedded" in Netwrix Password Secure. The relevant session then -opens in its own tab in the [Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md). +opens in its own tab in the [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). All other forms of automatic logins are summarized in the **SSO applications** and **web applications** categories. How exactly these logins are created and used is covered in the next section and in the web applications chapter. They include all forms of Windows login masks and also applications for websites. In contrast to RDP and SSH applications, they cannot be started embedded in Netwrix Password Secure but are instead opened as usual in their own window. These SSO applications need to be defined in advance. In Netwrix Password Secure, this is also described as -[Learning the applications](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications.md). In contrast, +[Learning the applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md). In contrast, RDP and SSH can be both completely defined and also started within Netwrix Password Secure. ## RDP and SSH diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md index 79f0dfdabf..d96291969f 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md @@ -1,3 +1,9 @@ +--- +title: "Configuration of SAML" +description: "Configuration of SAML" +sidebar_position: 30 +--- + # Configuration of SAML ## What is SAML? @@ -50,6 +56,6 @@ After verification, the **SAML application** can be started from the Basic view application** with a password. NOTE: Setup and configuration instructions for -[SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_dropbox.md) and -[SAML application for Postman](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_postman.md)can be +[SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) and +[SAML application for Postman](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md)can be found in the corresponding chapters. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json new file mode 100644 index 0000000000..c7ac80dfd9 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Example Applications", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "example_applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md new file mode 100644 index 0000000000..a9c13b2a3c --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/example_applications.md @@ -0,0 +1,13 @@ +--- +title: "Example Applications" +description: "Example Applications" +sidebar_position: 40 +--- + +# Example Applications + +In this section you'll find examples for applications. + +- [SAP GUI logon - SSO Application](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md) +- [SAML Application for Dropbox](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md) +- [SAML application for Postman](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_dropbox.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md similarity index 89% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_dropbox.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md index 780ecfbee7..8c050c74d3 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_dropbox.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_dropbox.md @@ -1,9 +1,15 @@ +--- +title: "SAML Application for Dropbox" +description: "SAML Application for Dropbox" +sidebar_position: 20 +--- + # SAML Application for Dropbox ## SAML Configuration Example for Dropbox This chapter explains how to configure the SAML application for **Dropbox**. It is assumed that -[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml.md) has already been +[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been activated in the Server Manager. - Log in as administrator at the **Dropbox** diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_postman.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_postman.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md index 56c6493dcc..e2e39f1dbe 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/saml_examples/saml_application_for_postman.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/saml_application_for_postman.md @@ -1,9 +1,15 @@ +--- +title: "SAML application for Postman" +description: "SAML application for Postman" +sidebar_position: 30 +--- + # SAML application for Postman ## SAML configuration example for Postman This chapter explains how to configure the SAML application for **Postman**. It is assumed that -[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml.md) has already been +[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) has already been activated in the Server Manager. - First, you register with Postman. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_-_sso_application.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md similarity index 84% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_-_sso_application.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md index b3c9fffda6..ed3e90a4ad 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_-_sso_application.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/exampleapplications/sap_gui_logon_-_sso_application.md @@ -1,13 +1,19 @@ +--- +title: "SAP GUI logon - SSO Application" +description: "SAP GUI logon - SSO Application" +sidebar_position: 10 +--- + # SAP GUI logon - SSO Application ## Fundamental information Logging into SAP can be achieved via the usage of -[Start Parameter](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter.md). The +[Start Parameter](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md). The prerequisite here is for the login process to be carried out via the "SAPshortcut". All available parameters are listed in the [SAP-Wiki](https://wiki.scn.sap.com/wiki/display/NWTech/SAPshortcut). -Form Firstly, a [Forms](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms.md) should be created with the required fields. This +Form Firstly, a [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) should be created with the required fields. This could look like this: ![SAP form](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/examples/sap/sap_gui_logon_1-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json new file mode 100644 index 0000000000..542da12aad --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Learning the applications", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "learning_the_applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md index 9eb67edee6..ddb0588c1a 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/learning_the_applications.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/learning_the_applications.md @@ -1,3 +1,9 @@ +--- +title: "Learning the applications" +description: "Learning the applications" +sidebar_position: 10 +--- + # Learning the applications ## Which applications need to be learned? @@ -66,7 +72,7 @@ storage location for all users, it can then also be accessed by all other users. ## Linking records with applications -In the [Passwords](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords.md), the newly created application can now be directly +In the [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md), the newly created application can now be directly linked. To do this, mark the record to be linked and open the "Connect application" menu in the "Start" tab via the ribbon. This will open a list of all the available applications. It is now possible here to link to the previously created application "VMware". diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md index 050d6d12f6..e3657fa029 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/learning_the_applications/start_parameter/start_parameter.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/learningtheapplications/start_parameter.md @@ -1,3 +1,9 @@ +--- +title: "Start Parameter" +description: "Start Parameter" +sidebar_position: 10 +--- + # Start Parameter ## Start parameters for SSO applications⚓︎ diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/_category_.json new file mode 100644 index 0000000000..82ef1e3691 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "RDP and SSH Applications", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "rdp_and_ssh_applications" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/rdp_and_ssh_applications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/rdp_and_ssh_applications.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md index 557c4e281c..4943e3e402 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/rdp_and_ssh_applications.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/rdp_and_ssh_applications.md @@ -1,3 +1,9 @@ +--- +title: "RDP and SSH Applications" +description: "RDP and SSH Applications" +sidebar_position: 20 +--- + # RDP and SSH Applications **RDP and SSH applications** can be used "embedded" inside Netwrix Password Secure. Starting one of @@ -38,6 +44,6 @@ NOTE: The file extension may first have to be enabled via the settings. ## Keyboard shortcuts Netwrix Password Secure supports various -[Keyboard shortcuts](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/keyboard_shortcuts.md). For +[Keyboard shortcuts](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md). For example transferring user name and password to the corresponding application. However, it should be noted that this only works if the application is opened directly from Netwrix Password Secure diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md index fa3bb6bfac..13ed174b2b 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/recording_a_session.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/rdpandsshapplications/recording_a_session.md @@ -1,3 +1,9 @@ +--- +title: "Recording a session" +description: "Recording a session" +sidebar_position: 10 +--- + # Recording a session ## What is session recording? @@ -68,4 +74,4 @@ When are indicators set? If desired, recordings can be automatically cleaned up. This option can be configured on the **Server Manager**. Further information can be found in the section -[Managing databases](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/managing_databases.md)s. +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md)s. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_module.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_module.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md index 3d7db53a0d..3709b99b52 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_module.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md @@ -1,3 +1,9 @@ +--- +title: "Client Module" +description: "Client Module" +sidebar_position: 20 +--- + # Client Module ## What are modules? diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/_category_.json new file mode 100644 index 0000000000..9cf6aada7f --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Discovery Service", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "discovery_service" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_1.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_1.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md index 511192e843..85402e3a73 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_1.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/configuration_1.md @@ -1,10 +1,16 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 20 +--- + # Configuration ## The Discovery Service module When this module is opened in Netwrix Password Secure, **there are no entries displayed in the Discovery Service** module at the beginning. The entries need to be generated using a -[System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md). +[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ![discovery service entries](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/configuration/configuration_ds-1-en.webp) @@ -17,7 +23,7 @@ NOTE: The information can be grouped together using the column editor. ## Network Scan -A **Discovery Service Task** is used to add a new [Discovery Service](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovery_service.md) and +A **Discovery Service Task** is used to add a new [Discovery Service](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md) and is then correspondingly configured for a **Network Scan**. Depending on the configuration of the **Network Scan**, the following types are discovered: @@ -91,7 +97,7 @@ information. is then automatically taken over and executed by the accessible servers on the list. The list is searched from top to bottom to find an accessible server. 3. **Tags**: The use of tags is described in more detail in the section - [Tag manager](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/tag_manager.md). A special tag can be + [Tag manager](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md). A special tag can be entered here for the **Discovery Service Task**. After the **Discovery Service Task** has been configured, a connection test is performed when the diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md similarity index 98% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md index 27aa839e30..fbc0c65c77 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/converting_entries/converting_entries.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/converting_entries.md @@ -1,3 +1,9 @@ +--- +title: "Converting entries" +description: "Converting entries" +sidebar_position: 40 +--- + # Converting entries An important element for the **Discovery Service** is the **Conversion Wizard**. It processes the diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/created_password/created_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/created_password/created_passwords.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md index 2edf378adf..c0ba058a5c 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/created_password/created_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/created_passwords.md @@ -1,3 +1,9 @@ +--- +title: "Created passwords" +description: "Created passwords" +sidebar_position: 50 +--- + # Created passwords After clicking on **Finish**, the **passwords** and the **Password Resets** (in accordance with the diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/deleting_entries/deleting_entries.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/deleting_entries/deleting_entries.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md index d13bba37c8..de6c1b4d5b 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/deleting_entries/deleting_entries.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/deleting_entries.md @@ -1,3 +1,9 @@ +--- +title: "Deleting entries" +description: "Deleting entries" +sidebar_position: 60 +--- + # Deleting entries After creating an automatic **Password Reset** via the **Conversion Wizard**, the data is no longer diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md similarity index 98% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md index 4b7e578dab..91e15a84b6 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovered_entries/discovered_entries.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovered_entries.md @@ -1,3 +1,9 @@ +--- +title: "Discovered entries" +description: "Discovered entries" +sidebar_position: 30 +--- + # Discovered entries The entries for the **Discovery Service** are discovered using a **Discovery Service Task**. It can diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovery_service.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovery_service.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md index 2d669c9ea3..d9dc37f534 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/discovery_service.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/discovery_service.md @@ -1,3 +1,9 @@ +--- +title: "Discovery Service" +description: "Discovery Service" +sidebar_position: 100 +--- + # Discovery Service ## The problem diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_1.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md similarity index 89% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_1.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md index 1876005c93..d25b8241a1 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/logbook/logbook_1.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/logbook_1.md @@ -1,10 +1,16 @@ +--- +title: "Logbook" +description: "Logbook" +sidebar_position: 70 +--- + # Logbook The logbook in the footer of the **Discovery Service Task** is extremely helpful for checking the **Discovery Service Task**. Information about the progress of the **Discovery Service Task** is displayed here. The data is displayed both in the **footer** and also in the **logbook module** (although in more detail here). To display the footer, the user requires the **user right**: Global -settings in the [User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md) in the category: +settings in the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) in the category: "Footer area" - "Show logbook in the footer area (activated)" ## Show in footer @@ -28,7 +34,7 @@ If an error occurs during the execution of the **Discovery Service Task**, this ## Display in the logbook In general, the **logbook module** displays more detailed information about the **Discovery Service -Task**. The [Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md) can be used to select which data +Task**. The [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) can be used to select which data is displayed. The same **events** as for the footer for the **Discovery Service Task** are also used here. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/requirements/requirements.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/requirements.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/requirements/requirements.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/requirements.md index a72c93231d..bcb85dff67 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/discoveryservice/requirements/requirements.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/discoveryservice/requirements.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 10 +--- + # Requirements ## Relevant rights diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md index ea674bef95..4ec243bdcd 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/documents/documents.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md @@ -1,3 +1,9 @@ +--- +title: "Documents" +description: "Documents" +sidebar_position: 20 +--- + # Documents ## What are documents? @@ -48,7 +54,7 @@ The heart of each document management system is the ability to capture and archi documents or files. All versions of a document can be compared with each other and historical versions can be restored if necessary. Netwrix Password Secure provides this functionality via the history in the ribbon, as well as in the footer area for ​​the detailed view of a document. This can -be used in the same way as the [History](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history.md). The interplay between the +be used in the same way as the [History](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md). The interplay between the document-specific event logbook and the history provides a complete list of all information that is relevant to the handling of sensitive data. Version management can be used to restore any historical versions of a document. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/_category_.json new file mode 100644 index 0000000000..3b8a4fc8f6 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Forms", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "forms" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/change_form.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/change_form.md index 37b765c2cd..e60820a25f 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/change_form.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/change_form.md @@ -1,3 +1,9 @@ +--- +title: "Change form" +description: "Change form" +sidebar_position: 10 +--- + # Change form ## Changing forms diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md similarity index 91% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md index 71404043f2..8b0e324dfa 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md @@ -1,3 +1,9 @@ +--- +title: "Forms" +description: "Forms" +sidebar_position: 60 +--- + # Forms ## What are forms? @@ -29,8 +35,8 @@ individual requirements. ![forms](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_2-em.webp) The associated preview for the form selected in -[List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md) appears in the -[Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md). Both the field name and also +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) appears in the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). Both the field name and also the field type are visible. ## Creating new forms @@ -48,7 +54,7 @@ relevant buttons in the ribbon. The following field settings thus appear for the field type "Password": "Mandatory field, reveal only with reason, check only generated passwords and password policy". These can now be defined as desired. (**Note**: It is possible to select -[Password rules](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md) within the field settings; +[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) within the field settings; they are defined as part of the options in the main menu) **CAUTION:** If a form has been created, it can then be selected for use when creating new records. @@ -94,7 +100,7 @@ the RDP session. ![updated form](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms_7-en.webp) NOTE: The **forms module** is based on the -[Web Application](/docs/passwordsecure/9.2/configuration/web_applicaiton/web_application.md) module of the same name. Both modules +[Web Application](/docs/passwordsecure/9.2/configuration/webapplication/web_application.md) module of the same name. Both modules have a different scope and design but are almost identical to use. ## Standard form diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md index 9d575e0581..1d99e4f98e 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md @@ -1,3 +1,9 @@ +--- +title: "Logbook" +description: "Logbook" +sidebar_position: 70 +--- + # Logbook ## What is a logbook? @@ -43,10 +49,10 @@ completed in a traceable and audit-proof manner to prevent falsification. NOTE: If desired, the logbook can be automatically cleaned up. This option can be configured on the Server Manager. Further information can be found in the section -[Managing databases](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/managing_databases.md). +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md). ## Transferring to a Syslog server The logbook can also be completely transferred to a -[Syslog](/docs/passwordsecure/9.2/configuration/server_manager/database_properties/syslog.md) server. Further information on this +[Syslog](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md) server. Further information on this subject can be found in the section Syslog. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md new file mode 100644 index 0000000000..81e256df25 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md @@ -0,0 +1,78 @@ +--- +title: "Notifications" +description: "Notifications" +sidebar_position: 30 +--- + +# Notifications + +## What are notifications? + +With the notification system, you are always up-to-date on all events that you consider important. +Almost all modules allow users to configure notifications. All configured messages are only created +for the currently registered Netwrix Password Secure user. It is not possible to create a +notification for another user. Each user can and should define himself which passwords, which +triggers as well as changes are important and informative for him. The configuration of visibility +is explained in a similar way to the other modules in one place +[Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) + +![Notifications modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) + +NOTE: The reading pane is deactivated in this module by default. It can be activated in the +"Display" tab in the ribbon. + +## Module-specific ribbon functions + +There are also some ribbon functionalities that are exclusively available for the notification +module. In particular, the function **Forward important notifications to email addresses** enables +administrators and users to maintain control and transparency independent of the location. + +![Ribbon notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_2-en.webp) + +### Mark notifications as read + +The two buttons on the ribbon enable you to mark notifications as read/unread. In particular, the +filter criterion available in this context (see following screenshot) enables fast sorting according +to current and also historical notifications. + +![filter notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_3-en.webp) + +It is possible to mark the notifications as read/unread via the ribbon and also via the context menu +that is accessed using the right mouse button. If the corresponding setting has been activated, +opening a notification will also mean that it is marked as read. + +## Manual configuration of notifications + +Irrespective of the selected module, permissions can be configured manually for objects. The +following dialogue can be opened via the ribbon in the "Actions" tab: + +![Manual configuration of notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_5-en.webp) + +- **Notification**: Definition for the trigger +- **Value**: Defines whether a notification should be created for the previously defined trigger. In + the example for the "Apple" record, this only occurs when the record is edited. +- **Event type**: The event type for the generated notifications can be either "Info", "Warning" or + "Error". This information can also be used e.g. as an additional filter criterion. + +In contrast to previous editions, it is best to configure the notifications manually. This ensures +that a notification is really only triggered for relevant events. + +## Other triggers for notifications + +As well as manually configurable notifications, there are other triggers in Netwrix Password Secure +which will result in notifications. + +- [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md): Requests + to release sealed records are handled via the notification system +- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)s: If reports are automatically + created via the system tasks, these are also made available in the form of a notification. If this + type of notification is selected, it can be directly opened via the corresponding button that + appears on the ribbon. + +![Ribbon functions notifications](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications_6-en.webp) + +## Automatic deletion of old notifications + +If desired, notifications can be automatically cleaned up. This option can be configured on the +**Server Manager**. Further information can be found in the section +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md). diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/_category_.json new file mode 100644 index 0000000000..7f4d6b5f64 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Organisational structure", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "organisational_structure" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/_category_.json new file mode 100644 index 0000000000..5efafacf63 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Directory services", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "directory_services" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/_category_.json new file mode 100644 index 0000000000..74abd1d2fd --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Directory link", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "active_directory_link" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md index 3f4329fff8..2af4c8d6d2 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md @@ -1,3 +1,9 @@ +--- +title: "Active Directory link" +description: "Active Directory link" +sidebar_position: 10 +--- + # Active Directory link ## What are active directory profiles? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end-to-end_encryption.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end-to-end_encryption.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md index 71721dbc2b..b41ad39f25 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end-to-end_encryption.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md @@ -1,8 +1,14 @@ +--- +title: "End-to-end encryption" +description: "End-to-end encryption" +sidebar_position: 10 +--- + # End-to-end encryption ## Maximum encryption -[Active Directory link](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers +[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) with active end-to-end encryption currently offers **maximum security**. Only users, organisational units and roles are imported. The permissions and the hierarchical relationship between the individual objects needs to be separately configured in Netwrix Password Secure. The advantage offered by end-to-end encryption is that Active Directory is diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md index 6a65401715..5c79c66fb5 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md @@ -1,8 +1,14 @@ +--- +title: "Masterkey mode" +description: "Masterkey mode" +sidebar_position: 20 +--- + # Masterkey mode ## Maximum convenience -In contrast to [End-to-end encryption](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/end-to-end_encryption.md), which places the main focus on +In contrast to [End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md), which places the main focus on security, Masterkey mode provides the maximum level of convenience. It not only imports users, organisational units and roles but also their links and affiliations. It can be synchronized to update the information and affiliations. **In this scenario, Active Directory is used as a leading @@ -73,10 +79,10 @@ connection is not possible, deactivate SecureSocketsLayer and try again. **CAUTION:** The master key is added in form of a certificate. It is **essential to back up** the generated certificate! If the database is being moved to another server, the certificate also needs to be transferred! Further information can be found in the section -[Certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md). +[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md). NOTE: You can now use the option to integrate a RADIUS server. Read more in -[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/radius_authentication.md). +[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md). ## Import @@ -177,7 +183,7 @@ roles already exist in Netwrix Password Secure or have also been imported. Users who are imported using this mode can log in with the domain password. Please note that no domain needs to be specified when logging in. Of course, the login process can also be supplemented with -[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/multifactor_authentication_ac.md). +[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). NOTE: Logging on using Kerberos works "automatically". As long as the corresponding Kerberos server is accessible, the users in the domain authenticate themselves via Kerberos using their domain @@ -226,7 +232,7 @@ the synchronization runs in the background. A hint indicates that the process ha ### Synchronization via system tasks The synchronization can also be carried out automatically. This is made possible via the -[System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md). +[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). ### Deleting or removing users diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/radius_authentication.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/radius_authentication.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md index 6d640b816c..375df8a41b 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/radius_authentication.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md @@ -1,3 +1,9 @@ +--- +title: "RADIUS authentication" +description: "RADIUS authentication" +sidebar_position: 30 +--- + # RADIUS authentication ## What is the RADIUS authentication? diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md new file mode 100644 index 0000000000..bad86ef5f7 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/directory_services.md @@ -0,0 +1,16 @@ +--- +title: "Directory services" +description: "Directory services" +sidebar_position: 30 +--- + +# Directory services + +It is possible to use existing user and group structures from external directories with Netwrix +Password Secure. + +Choose your preferred integration method: + +- [Microsoft Entra ID connection](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md) + +- [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/_category_.json new file mode 100644 index 0000000000..9604774739 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Microsoft Entra ID connection", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "entra_id_connection" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/entra_id_connection.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md similarity index 98% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/entra_id_connection.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md index 9ab33b07a4..8861e365dc 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/entra_id_connection.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/entra_id_connection.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Entra ID connection" +description: "Microsoft Entra ID connection" +sidebar_position: 20 +--- + # Microsoft Entra ID connection More and more companies use cloud services. Therefore, also the management of users is outsourced. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/microsoft_entra_id_faq.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/microsoft_entra_id_faq.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md index d1c84b27d4..8825ca490e 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/entra_id/microsoft_entra_id_faq.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/entraidconnection/microsoft_entra_id_faq.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Entra ID Services FAQ" +description: "Microsoft Entra ID Services FAQ" +sidebar_position: 10 +--- + # Microsoft Entra ID Services FAQ ## Is it possible to migrate from LDAP to Entra ID? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md index a4a2288475..ae527c2e96 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/firstfactor/first_factor.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/first_factor.md @@ -1,3 +1,9 @@ +--- +title: "First factor" +description: "First factor" +sidebar_position: 40 +--- + # First factor ## What is meant by first factor? @@ -38,7 +44,7 @@ In addition, the smartcard certificate must of course also be valid on the serve ## Requirement For Fido2 it is mandatory that -SMTP ([Advanced settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/advanced_settings.md)) is configured. +SMTP ([Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md)) is configured. In addition, an e-mail address must be stored for the AD users. Furthermore, the URL of the Web Application must be stored in the Server Manager: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/_category_.json new file mode 100644 index 0000000000..5ab4bd9aa4 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Managing users", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "managing_users" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md new file mode 100644 index 0000000000..c508ef9250 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md @@ -0,0 +1,86 @@ +--- +title: "Managing users" +description: "Managing users" +sidebar_position: 10 +--- + +# Managing users + +## How are users managed in Netwrix Password Secure? + +The way in which users are managed is highly dependent on whether Active Directory is connected or +not. In Master Key mode, Active Directory remains the leading system. Accordingly, users are then +also managed in the AD. If Netwrix Password Secure is the leading system, e.g. in end-to-end mode, +users are managed in the organisational structures module. More details are provided in the relevant +sections. + +## Relevant rights + +The following options are required to add local users. + +### User rights + +Can add new users -Display organisational structure module + +## Adding local users + +In general, new users are added in the same way as creating a local organisational unit. Therefore, +only the differences will be covered below. + +### Creating users + +![create user](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/create-user-wc.webp) + +- **Allocated roles**: New users can directly be allocated one or more rolls when they are created +- **Change password on next login**: The user will be requested to change their user password on the + next login (obligatory) +- **Account is deactivated**: The user is created with the status "deactivated". The account is thus + not useable. The write rights for a user can be set/removed with this option. In editing mode, the + account can also be deactivated during ongoing operation. +- **Restricted user**: Controlling entities exist in many companies that are only tasked with + checking the integrity and hierarchies of various pieces of information with one another but are + not required to productively work with the information themselves. This could be a data protection + officer or also an administrator in some cases. This would be the case if an administrator was + responsible for issuing permissions to other people but should not be able to view the data + themselves. The property **restricted user** is used to limit the visibility of the password + field. It thus deals with purely administrative users or controlling entities. + +NOTE: Restricted users cannot view any passwords + +### Configuring rights + +The second tab of the wizard allows you to define the permissions for the newly created user. If an +allocated organisational unit or a rights template group was defined in the first tab, the new user +will inherit its permissions. Here, these permissions can be adapted if desired. + +### Configuring user rights + +Users always receive their user rights via role, which is either user-specific or global (see user +rights). If no role is defined in the first tab "Create user", the third tab will thus contain +globally defined user rights. + +## Importing users + +Importing from Active Directory can be carried out in two ways that are described in a separate +section. + +## User licenses + +There are two different types of licenses, **Advanced view** and **Basic view** licenses. In all +other editions you can only purchase Advanced view licenses. Please note that licensed Basic view +users are not able to use the Advanced view. However, Advanced view Users can also switch to the +Basic view. + +**CAUTION:** For licensing reasons, it is not intended to switch from a Advanced view user to a +Basic view user! + +Our sales team will be happy to answer any questions you may have about licensing. + +Display data to which the user is authorized In order to display the data to which a user is +authorized, you must right-click on the corresponding user in the organisational structure. In the +context menu that opens, you will find the following options under **displaying data records**: + +Password -Documents -Forms -Rolls -Uses -Password Reset -System Tasks -Seal templates + +NOTE: All authorizations for a data record are taken into account, regardless of whether you are +authorized by a role or the user. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_logging_in.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_logging_in.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md index 3c920c54cb..8216e7e42f 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/user_passwords_logging_in.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/user_passwords_logging_in.md @@ -1,3 +1,9 @@ +--- +title: "User passwords / logging in to client" +description: "User passwords / logging in to client" +sidebar_position: 10 +--- + # User passwords / logging in to client ## User passwords @@ -54,7 +60,7 @@ automatically deactivated after the user has successfully logged in and changed ### Security of passwords To guarantee that passwords are sufficiently strong, it is recommended that corresponding -[Password rules](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md) are created. It is +[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) are created. It is especially important to ensure here that user names are excluded. The password rule then still needs to be defined as a user password rule. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/_category_.json new file mode 100644 index 0000000000..6af5368eaf --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Multifactor authentication", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "multifactor_authentication" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md index 854de8bcd0..501fafce25 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md @@ -1,3 +1,9 @@ +--- +title: "Multifactor authentication" +description: "Multifactor authentication" +sidebar_position: 50 +--- + # Multifactor authentication ## What is multifactor authentication? @@ -29,7 +35,7 @@ important that these rights exist before Multifactor Authentication is set up. ## Configuration of multifactor authentication -In the [Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md) module, you select the user and +In the [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) module, you select the user and the interface "Multifactor authentication" in the ribbon. ![TOTP](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication_3-en.webp) @@ -70,7 +76,7 @@ Now just select the desired certificate from the list to confirm the process. ## Yubico One Time Password The configuration of multifactor authentication using Yubico One Time Password is described -in[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/multifactor_authentication_ac.md). +in[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). ## Delete Multifactor Authentication (MFA) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/otp/otp_(one-time-password).md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md similarity index 86% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/otp/otp_(one-time-password).md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md index c2290254f3..7be3d97af0 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/otp/otp_(one-time-password).md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/otp_(one-time-password).md @@ -1,3 +1,9 @@ +--- +title: "OTP (One-Time-Password)" +description: "OTP (One-Time-Password)" +sidebar_position: 20 +--- + # OTP (One-Time-Password) ## Using OTP in Netwrix Password Secure @@ -30,7 +36,7 @@ As soon as the secret has been deposited and the password saved, the setup is co 1. Set up OTP 2. Create - [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/html_webviewer_export.md) + [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) 3. Open the created HTML WebViewer How to use the HTML WebViewer can be read in the chapter with the same name. @@ -41,7 +47,7 @@ NOTE: The special feature of the Emergency WebViewer is that the stored OTP secr displayed. In order to use the One-Time-Password in the -[EmergencyWebViewer](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/emergency_webviewer.md) +[EmergencyWebViewer](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md) you have to proceed as follows: 1. Set up OTP diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubicoyubikey.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubicoyubikey.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md index 94def75ecb..495b52dc59 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubicoyubikey.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/yubicoyubikey.md @@ -1,3 +1,9 @@ +--- +title: "Yubico / Yubikey" +description: "Yubico / Yubikey" +sidebar_position: 10 +--- + # Yubico / Yubikey ## Setting up multifactor authentication @@ -45,7 +51,7 @@ this endpoint. ## Configuring multifactor authentication for users Multifactor authentication can be configured in the Netwrix Password Secure client. It can be done -by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/account.md) +by the user themselves in **Backstage** in the [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) menu. In order to configure the Yubikey, simply select **Yubico OTP**. ![setup second factor](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/yubico/yubico_yubikey_6-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md new file mode 100644 index 0000000000..27f22433ed --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md @@ -0,0 +1,113 @@ +--- +title: "Organisational structure" +description: "Organisational structure" +sidebar_position: 40 +--- + +# Organisational structure + +## What are organisational structures? + +The storage of passwords or documents always takes place according to the defined organisational +structures. The module enables complex structures to be defined, which later form the basis for the +systematic storage of data. It is often possible to define them on the basis of already existing +organization diagrams for the company or department. It is also possible to use other criteria, such +as the function / activity performed, as the basis for creating hierarchies. It is always up to the +customer themselves to decide which structure is most useful for the purpose of the application. + +![Organizational structure modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_1-en.webp) + +## Relevant rights + +The following options are required for adding new organisational structures. + +### User rights + +- Can add new organisational units +- Display organisational structure module + +## Module-specific ribbon functions + +The operation of the ribbon differs fundamentally in a couple of aspects to how it works in other +modules. The following section will focus on only those elements of the ribbon that differ. The +remaining actions have already be explained for the password module. + +![create new user/organisational unit](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_2-en.webp) + +- **New organisational unit/user**: New organisational units or new users can be added via the + ribbon, the keyboard shortcut "CTRL + N" or also the context menu that is accessed using the right + mouse button. Due to its complexity, there is a separate section for this function: + [User management](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md) +- **Drag & Drop**: If this option has been activated, it is possible to move users or organisational + units in list view via drag & drop +- **Permissions**: The configuration of permissions within the organisational structure is important + both for the administration of the structure and also as the basis for the permissions in + accordance with + [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md). + The benefits of + [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) are + explained in a separate section. +- **Settings**: The settings can be configured for both users and also organisational units. More + information on [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)… +- **Active Directory**: The connection to Active Directory is explained in a dedicated section + [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +- **Microsoft Entra ID**: The connection to Microsoft Entra ID is explained in a dedicated section +- **Multi Factor authentication**: Additional security during login is provided through positive + authentication based on another factor. More on this subject… +- **Reset password**: Administrators can reset the passwords with which users log in to Netwrix + Password Secure to a defined value. Naturally, this is only possible if the connection to Active + Directory is configured + via[End-to-end encryption](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/end-to-end_encryption.md). In the + alternative [Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), the + authentication is linked to the correct entry of the AD password. + +NOTE: To reset a user password, membership for the user is a prerequisite. + +The example below shows the configuration of a user where only the user themselves is a member. + +![permission for user](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_3-en.webp) + +This configuration means that the user password cannot be reset by administrators. The disadvantage +is that if the password is lost there is no technical solution for "resetting" the password in the +system. + +**CAUTION:** It is not recommended to configure the permissions so that only the user themselves has +membership. No other interventions can be made if the password is then lost. + +## Adding local organisational units + +Both users and also organisational units themselves can be added as usual via the ribbon +(alternatively via Ctrl + N or via the context menu). These processes are supported by various +wizards. The example below shows the creation of a new organisational unit: + +### Create organisational unit + +![Add new organisational unit](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_4-en.webp) + +- **Allocated organisational unit**: If the new object is defined as a **main organisational unit**, + it is not allocated to an existing organisational unit +- **Rights template group**: If an already existing organisational unit was selected under + "allocated organisational unit", you can select one of the existing rights template groups. + +NOTE: The organisational unit marked in list view will be used as a default. This applies to the +fields "allocated organisational unit" and also "rights template". + +### Create role + +![Create role](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_5-en.webp) + +When creating a new organisational unit, the second tab in the wizard enables you to directly create +a new role. This role will not only be created but also given "read permission" to the newly created +organisational unit. + +### Configuring rights + +![Configuring rights](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organizational_structures_6-en.webp) + +The third tab of the wizard allows you to define the permissions for the newly created +organisational unit. If an allocated organisational unit or a rights template group was defined in +the first tab, the new organisational unit will inherit its permissions. These permissions can be +adapted if desired. + +NOTE: The **organisational structure** module is based on the Web Application module of the same +name. Both modules have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/_category_.json new file mode 100644 index 0000000000..d844547bfe --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Permissions for organisational structures", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "permissions_for_organisational" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/inheriting_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/inheriting_permissions.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md index 765624e68e..b7e7e17e6d 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/inheriting_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/inheriting_permissions.md @@ -1,3 +1,9 @@ +--- +title: "Inheriting permissions" +description: "Inheriting permissions" +sidebar_position: 10 +--- + # Inheriting permissions ## What is inherited in organisational structures? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organisational.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organisational.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md index 74f6f231de..0c4ddfdd05 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organisational.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md @@ -1,3 +1,9 @@ +--- +title: "Permissions for organisational structures" +description: "Permissions for organisational structures" +sidebar_position: 20 +--- + # Permissions for organisational structures ## Relevance @@ -7,13 +13,13 @@ organisational structures. In addition, there are **two mechanisms** that direct permissions for organisational structures. 1. **Limiting visibility**: It was already explained in the section on - [Visibility](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md) + [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) that selectively withholding information is a very effective - [Protective mechanisms](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms.md). + [Protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md). Configuration of the visibility is carried out directly when issuing permissions to organisational structures. 2. **Inheriting permissions for records**: - [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance_from_organizational.md) + [Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md) is defined as a system standard. This means that there is no difference between the permissions for an organisational structure and the permissions for data that is stored in these organisational structures. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/_category_.json new file mode 100644 index 0000000000..a3d9a19b3d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Password Reset", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "password_reset" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/configuration_2.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/configuration_2.md index 6a9abe5b1c..c1c8c0bb5a 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/configuration/configuration_2.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/configuration_2.md @@ -1,3 +1,9 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 20 +--- + # Configuration ## Creating a Password Reset diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/heartbeat/heartbeat.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/heartbeat.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/heartbeat/heartbeat.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/heartbeat.md index 31d90d8958..cbcbeb5a1a 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/heartbeat/heartbeat.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/heartbeat.md @@ -1,3 +1,9 @@ +--- +title: "Heartbeat" +description: "Heartbeat" +sidebar_position: 50 +--- + # Heartbeat ## What is the heartbeat? @@ -29,7 +35,7 @@ The testing process using the heartbeat can be executed via various methods. The heartbeat is always carried out before the first resetting process using a Password Reset. After the script has run, the testing process is carried out again. Further information on this process -can also be found in the section [Rollback](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/rollback/rollback.md). +can also be found in the section [Rollback](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md). ### Manual testing @@ -39,8 +45,8 @@ data**. The currently marked password is always tested. ### Automatic testing via the password settings It is also possible to configure the heartbeat to run cyclically. It can be configured either via -the [User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md) or directly in the -[Password settings](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings.md). +the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) or directly in the +[Password settings](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md). ## Results of the tests @@ -49,7 +55,7 @@ The results of the test can be viewed in the **passwords module**. ![result heartbeat](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/heartbeat/heartbeat_1-en.webp) The date when it was last executed can be seen at the top of the -[Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md). The success of the testing +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). The success of the testing process is indicated alongside using a coloured icon. Further information can be displayed by moving the mouse over the icon. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/logbook_entries/logbook_entries_under_password.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md similarity index 92% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/logbook_entries/logbook_entries_under_password.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md index 5232639910..6b9cc63df7 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/logbook_entries/logbook_entries_under_password.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/logbook_entries_under_password.md @@ -1,3 +1,9 @@ +--- +title: "Logbook entries under Password Reset" +description: "Logbook entries under Password Reset" +sidebar_position: 70 +--- + # Logbook entries under Password Reset Subsequently all possible logbook entries in connection with Password Reset are listed diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md index b0a7af4fa2..535d5eed13 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md @@ -1,3 +1,9 @@ +--- +title: "Password Reset" +description: "Password Reset" +sidebar_position: 90 +--- + # Password Reset ## What is a Password Reset? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/requirements/requirements_1.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/requirements_1.md similarity index 85% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/requirements/requirements_1.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/requirements_1.md index 82ffee7606..8d2e1ac0d6 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/requirements/requirements_1.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/requirements_1.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 10 +--- + # Requirements ## Relevant rights diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md new file mode 100644 index 0000000000..0ae75b175c --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/rollback.md @@ -0,0 +1,29 @@ +--- +title: "Rollback" +description: "Rollback" +sidebar_position: 60 +--- + +# Rollback + +## What is a rollback? + +If an error occurs while running a script, a rollback is initiated. This ensures that the original +password is restored. + +## When does a rollback run? + +The following diagram shows when and according to which criteria a rollback is initiated: + +![rollback run](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/rollback/rollback_1-en.webp) + +## Procedure + +If a rollback needs to be run, all scripts for the Password Reset are executed once again. The last +password in the history is used for this process. No new historical entry is created after the +rollback. + +## Logbook + +The logbook can be used to see if a rollback has been run and if it was successful. After a +rollback, the password should be checked once again as a precaution. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md new file mode 100644 index 0000000000..1f4b3570c3 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md @@ -0,0 +1,82 @@ +--- +title: "Scripts" +description: "Scripts" +sidebar_position: 30 +--- + +# Scripts + +## Available scripts + +The following scripts are supplied and can be directly used. In all scripts, a password is firstly +selected in the upper section. This is not the password that will be reset on the target system. +Instead, a user should be entered here that can complete the rest of the process on the target +system. This password thus requires administrative rights to the target system. + +A delay can also be configured in every script. This may be necessary, for example, if a password is +changed in AD and it is firstly distributed to other controllers. + +![new script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_1-en.webp) + +## Active Directory Password Reset + +This script is responsible for changing passwords for Active Directory users (domain users). Access +to Active Directory is configured here under **Hostname**. + +![Active Directory Password Reset](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_2-en.webp) + +## Service accounts + +This script changes the access data within a service. Both the user and also the password can be +changed. The **host name** – i.e. the target computer – and the **service name** are saved here. + +![Service accounts scripts](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_3-en.webp) + +Please note that the **display name** for the **service** needs to be used. + +![display name service](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_4-en.webp) + +The access data in the associated password can be saved as follows: + +### Local user + +[Username] [Username] .[Username] [Computer][Username] + +### Active Directory user + +[Domain][Username] + +## Windows user + +This script can be used to reset the passwords for local Windows users. Only the **host name** needs +to be saved here. + +![Windows user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_5-en.webp) + +## Linux user + +Linux users can also be reset in the same way as Windows users. It is also only necessary to enter +the **host name** and the **port** here. + +![Linux user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_6-en.webp) + +## MSSQL user + +This script resets passwords for local MSSQL users. It is only necessary to enter the **MSSQL +instance** and the **port**. + +![MSSQL user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_7-en.webp) + +The name of the MSSQL instance can be taken from the login window for the SQL Management Studio. + +![MSSQL user script](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_8-en.webp) + +If a domain user is being used to log in to the SQL server, the user needs to be managed via the +script **Active Directory user**. + +## Planned task + +The passwords for users of Windows Task Scheduler can be changed using this script. The **host +name** of the computer on which the task will run and the **name** of the task itself are entered. + +![planned task](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/password_safe_scripts_9-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/user-defined_scripts/user-defined_scripts.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md similarity index 92% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/user-defined_scripts/user-defined_scripts.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md index 4291b9c0ae..2a3c58fa5a 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/user-defined_scripts/user-defined_scripts.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/user-defined_scripts.md @@ -1,8 +1,14 @@ +--- +title: "User-defined scripts" +description: "User-defined scripts" +sidebar_position: 40 +--- + # User-defined scripts ## Individual solutions using your own scripts -If your requirements cannot be met using the [Scripts](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/scripts/scripts.md), it is also possible +If your requirements cannot be met using the [Scripts](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/scripts.md), it is also possible to create your own Powershell scripts. These scripts need to meet certain requirements to be used in Netwrix Password Secure. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/_category_.json new file mode 100644 index 0000000000..563e094d99 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Passwords", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "passwords" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md index bfeefc647d..28be8a2e89 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md @@ -1,3 +1,9 @@ +--- +title: "Creating new passwords" +description: "Creating new passwords" +sidebar_position: 10 +--- + # Creating new passwords ## What does creating new passwords/records mean? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md index 880979dae8..b80fc6c04a 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md @@ -1,3 +1,9 @@ +--- +title: "Form field permissions" +description: "Form field permissions" +sidebar_position: 40 +--- + # Form field permissions ## What are form field permissions? diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md new file mode 100644 index 0000000000..877eb36fcb --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/history.md @@ -0,0 +1,56 @@ +--- +title: "History" +description: "History" +sidebar_position: 60 +--- + +# History + +## What is the history? + +Alongside saving passwords and keeping them safe, the ability to trace changes to records also has +great relevance. The history maintains a seamless account of the versions for all form fields in a +record. Every change to records is separately recorded, saved and can thus also be restored. In +addition, it is always possible to compare historical values with the current version. The history +is thus an indispensable component of every security concept. + +## The history in the reading pane + +The optional footer area can be used to already display the history when in the reading pane. All of +the historical entries are listed and sorted in chronological order. + +![history in footer](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_1-en.webp) + +The different versions are displayed one below the other on the left. The info for each respective +version can then be seen alongside on the right. A quick view can be displayed via the **History** +in the ribbon or via a double click. + +![quick view history](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_2-en.webp) + +## Detailed history in the Extras + +The detailed history for the record marked in list view can be called up in the Start/Extras tab. + +![History](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_3-en.webp) + +The history for the marked record opens in a separate tab. In list view, all of the available +versions with the date and time of their last change are sorted in chronological order. + +![history list view](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_4-en.webp) + +## Comparison of versions + +At least two versions need to be selected in order to carry out a comparison. In list view, mark the +first version and then add another version via the “Add” button on the right of the reading pane to +compare with the first one. + +![comparison of history versions](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_5-en.webp) + +If deviations exist between the two versions, these will be highlighted in color. + +![difference between password history](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/history_6-en.webp) + +## Restoring versions + +A selected status can be restored via the ribbon. The current state is overwritten and added to the +history diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/moving_passwords.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/moving_passwords.md index 30db9f67bd..b988a2c143 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/moving_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/moving_passwords.md @@ -1,3 +1,9 @@ +--- +title: "Moving passwords" +description: "Moving passwords" +sidebar_position: 30 +--- + # Moving passwords ## What happens when records are moved? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md index 3cb1cfce45..6c01b2dbb9 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/password_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/password_settings.md @@ -1,3 +1,9 @@ +--- +title: "Password settings" +description: "Password settings" +sidebar_position: 50 +--- + # Password settings ## What are password settings? diff --git a/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md new file mode 100644 index 0000000000..c6ae519330 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md @@ -0,0 +1,115 @@ +--- +title: "Passwords" +description: "Passwords" +sidebar_position: 10 +--- + +# Passwords + +## What are passwords? + +In Netwrix Password Secure v8, the data record with the passwords represents the central data +object. The Passwords module provides administrators and users with central access to the passwords +for the purpose of handling this sensitive data that requires protection. Search filters in +combination with color-highlighted tags enable very focussed work. Various approaches can be used to +help apply the desired permissions to objects. Furthermore, the ergonomic structure of the module +helps all users to use Netwrix Password Secure in an efficient and targeted manner. + +![Password modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_1-en.webp) + +## Prerequisite + +The following user right is required for adding new passwords: + +- **Can add new passwords** + +## Module-specific ribbon functions + +The ribbon offers access to all possible actions relevant to the situation at all times. Especially +within the "Passwords" module, the ribbon plays a key role due to the numerous module-specific +functions. General information on the subject of the ribbon is available in the relevant section. +The module-specific ribbon functions will be explained below. + +![ribbon functions](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_2-en.webp) + +### New + +- **New password**: New passwords can be added via this icon in the ribbon, via the context menu + that is accessed using the right mouse button and via the shortcut (Ctrl + N). The next step is to + select a suitable form. +- **Open**: Opens the object marked in list view and provides further information about the record + in the reading pane. +- **Delete**: Deletes the object marked in list view. A log file entry is created (see logbook). +- **Reveal**: The function **Reveal** can be used for all records that have a password field. The + passwords in the reading pane will be revealed. In the example, the passwords have been revealed + and can be hidden again with the **Hide** button. + +![hide password](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_3-en.webp) + +### Actions + +- **Notifications**: Defining notifications enables a constant flow of information about any type of + interaction. The issuing of notifications is carried out in the module designed for this purpose. +- **Duplicate**: Duplicating creates an exact copy of the record in a new tab. +- **Move**: Moves the record marked in list view to another organisational structure. +- **Toggle** **Favorite**: The selected record is marked as a favorite. It is possible to switch + between all records and favorites at any time. +- **Quick view**: A modal window opens for the selected record for 15 seconds and displays all + available information **including the value of the password**. +- Notifications: A list of all configured notifications + +### Permissions + +- **Permissions**: The drop-down menu can be used to set both password permissions and also form + field permissions. This method only allows the manual setting of permissions for data (see + + authorization concept) + +- **Password masking**: Masking passwords that need to be protected from unauthorized users is an + important feature of the security concept in Netwrix Password Secure. +- **Seal**: The multi-eye principle in Netwrix Password Secure is covered in its own section. Seals. + +### Clipboard + +The clipboard is a key element in the ribbon. This only exists in the "Passwords" module. **Clicking +on the desired form field for a record in the ribbon** will copy it to the clipboard. + +![Clipboard](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_4-en.webp) + +The message in the style of the "Balloon Tips" in Windows shows that the password has now been saved +in the clipboard for 300 seconds. (Note: the time until the clipboard is cleared is 60 seconds by +default. In the present case, this has been adjusted via the user settings.) + +### Start + +Conveniently working with passwords is only possible via the efficient usage of automated accesses +via RDP, SSH, general Windows applications or websites. This makes it possible to dispense with +(unsecure) entries via "copy & paste". + +- **Open web page**: If an URL is saved in the record, this menu option can be used to directly open + it. +- **Applications**: If applications have been linked to records, they can be directly opened via the + "start menu". + +### Extras + +- **Create external link**: This option creates an external link for the record marked in list view. + A number of different options can be selected: + +![external link](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords_5-en.webp) + +**CAUTION:** If several sessions are opened on a client, an external link is always called in the +first session. + +- **History**: This icon opens the history for those records selected in list view in a new tab. Due + to the comprehensive recording of historical versions of passwords, it is now possible to compare + several versions with one another. +- **Print**: This option can be used to open the print function. +- **Export**: It is possible to export all the selected records and also the data defined by the + filter to a .csv file. +- **Change form**: It is possible to change the form used for individual records. "Mapping" of the + previous form fields can be directly carried out in the process. +- **Settings**: The password settings are described in a separate section. + +NOTE: The password module is based on the module of the same name in the Web Application. Both +modules have a different scope and design. However, they are almost identical to use. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/recycle_bin.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/recycle_bin.md similarity index 81% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/recycle_bin.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/recycle_bin.md index 188c36a256..1510b1ea5c 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/recycle_bin.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/recycle_bin.md @@ -1,3 +1,9 @@ +--- +title: "Recycle Bin" +description: "Recycle Bin" +sidebar_position: 70 +--- + # Recycle Bin This option allows you to view and permanently delete deleted passwords to which you are entitled. @@ -17,4 +23,4 @@ You will then be asked if you actually want to perform this action. ## Managing the Recycle Bin The management of the recycle bin can be found in chapter -[Bin](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/trash/trash.md). +[Bin](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/trash.md). diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/revealing_passwords.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/revealing_passwords.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/revealing_passwords.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/revealing_passwords.md index fe26fad7df..9e7ef5ab02 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/revealing_passwords.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/revealing_passwords.md @@ -1,3 +1,9 @@ +--- +title: "Revealing passwords" +description: "Revealing passwords" +sidebar_position: 20 +--- + # Revealing passwords ## What is involved in revealing passwords? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md similarity index 87% rename from docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md rename to docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md index 836939cf02..2d07d480e5 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md @@ -1,3 +1,9 @@ +--- +title: "Roles" +description: "Roles" +sidebar_position: 50 +--- + # Roles ## What are roles? @@ -36,14 +42,14 @@ between users and authorizations of any kind. ## Creating and granting permissions for new roles If you are in the **roles module**, the process for creating new roles is the same as for -[Creating new passwords](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/creating_new_passwords.md). Roles can be created via the +[Creating new passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/creating_new_passwords.md). Roles can be created via the ribbon and also via the context menu that is accessed using the right mouse button. ![creating new role](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_3-en.webp) ## Planning phase -Just like the [Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md), +Just like the [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md), you should also familiarize yourself with the intended role concepts. The mapping of structures present in a company is the starting point for the success of Netwrix Password Secure. You should design the roles in Netwrix Password Secure only once a detailed design has been drawn up, and all @@ -63,11 +69,11 @@ NOTE: This architecture makes nesting of roles obsolete. As well as being able to view the **members** in the permissions dialogue, a list of all members for a role is already made available in the -[Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md). All of the other users with +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md). All of the other users with permissions but without membership of the role are not taken into account. ![role overview](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles_4-en.webp) NOTE: The roles module is based on the -[Roles module](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/roles_module/roles_module.md) of the Web +[Roles module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md) of the Web Application. Both modules have a different scope and design but are almost identical to use. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/_category_.json new file mode 100644 index 0000000000..4230fa2e53 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Main menu", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "main_menu_fc" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/account.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/account.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md index 7edc44c7a5..8f15433c52 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/account.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md @@ -1,9 +1,15 @@ +--- +title: "Account" +description: "Account" +sidebar_position: 20 +--- + # Account ## What is an account? Users can configure all user-specific information in their account. It should be noted that if the -[Masterkey mode](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode.md) +[Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md) process is used, user data will always be taken from Active Directory – editing this information in Netwrix Password Secure is thus not possible. @@ -13,7 +19,7 @@ Netwrix Password Secure is thus not possible. All of the information in the contact and address sections can be defined under “Edit profile”. Some areas of the profile overlap with the **management of users.** This information is explained in -[Managing users](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/managingusers/managing_users.md). +[Managing users](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/managingusers/managing_users.md). NOTE: No changes can be made to users that were imported from AD using Master Key mode. In this case, all information will be imported from AD. @@ -45,7 +51,7 @@ terminated. Multifactor authentication provides additional protection through a second login authentication using a hardware token. The configuration is carried out via the ribbon in the “Security” section. See also in -[Multifactor authentication](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/multifactorauthentication/multifactor_authentication.md) +[Multifactor authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/multifactorauthentication/multifactor_authentication.md) ![installation_with_parameters_124](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/installation_with_parameters_124.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/administration.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/administration.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md index cab062167a..049c07e73c 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/administration/administration.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md @@ -1,3 +1,9 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 60 +--- + # Administration ## Sessions diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/_category_.json new file mode 100644 index 0000000000..badb938bf9 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Export", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "export" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md new file mode 100644 index 0000000000..b3ea4530f9 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md @@ -0,0 +1,56 @@ +--- +title: "Export" +description: "Export" +sidebar_position: 80 +--- + +# Export + +## What is an export? + +An export is used for extracting the data saved in the MSSQL database. Both selective (manual) and +automated [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) can extract information from +Netwrix Password Secure in this manner. + +**CAUTION:** Please note that extracting passwords is always associated with a weakening of the +security concept. The informative value of the logbook will suffer when data is exported because the +revision of this data will no longer be logged. This aspect needs to be taken into account +particularly in conjunction with the Netwrix Password Secure +[Export wizard](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md) because the export result is not separately secured +by a password. + +The export function is accessed via the Main menu/Export. There are two fundamental types of export +– the WebViewer export and the export wizard. However, the latter is divided into four +subcategories. + +![installation_with_parameters_63](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_63.webp) + +The [HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md) creates a HTML file +protected by a password. In contrast, the export wizard creates an open and unprotected .csv file. + +## Requirements + +Permissions are used to define whether a record can be exported or not. Various protective +mechanisms can be applied. Restrictions can be placed on either the record itself and also via user +rights + +- **The permissions for the record:** The permissions for the record define whether a record can be + exported + +![Export in the ribbon](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/installation_with_parameters_64-en.webp) + +In this example, the marked role IT employee does not have the required permissions to export the +record. In contrast, the IT manager does have the required permissions. In addition, the +administrator possesses all rights, including the right to export. + +#### Relevant right + +The following option is required. + +User right + +- Can export + +NOTE: If a record is exported, this user right and also the corresponding permissions for the record +must be set. The user right defines whether a user can generally export data, while the permissions +for the record define which records can be exported. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/export_wizard.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md similarity index 88% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/export_wizard.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md index 42cc2864a3..76743793d0 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/export_wizard.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export_wizard.md @@ -1,3 +1,9 @@ +--- +title: "Export wizard" +description: "Export wizard" +sidebar_position: 20 +--- + # Export wizard ## What export wizards are there? @@ -14,7 +20,7 @@ remaining three wizards function in the same way. ## What is the password export wizard? This wizard allows records to be exported in standard.csv format. In contrast to the -[HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/html_webviewer_export.md), the resulting file is +[HTML WebViewer export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md), the resulting file is not protected by a password. It goes without saying that this feature must be used carefully. ## Starting the password export wizard @@ -25,8 +31,8 @@ The export wizard can be accessed in a variety of different ways: for which the registered user has the required permissions. If the user is an administrator with permissions for all records, the export will include all passwords in the database. - **Starting via the ribbon:** The export can also be started via the - [Ribbon](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md) in the - [Passwords](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords.md) module. + [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) in the + [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md) module. ![Export ribbon](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/export_wizard/installation_with_parameters_75-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/html_webviewer_export.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/html_webviewer_export.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md index be205f1844..c6c1585c7e 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/export/html_webviewer-export/html_webviewer_export.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/html_webviewer_export.md @@ -1,10 +1,16 @@ +--- +title: "HTML WebViewer export" +description: "HTML WebViewer export" +sidebar_position: 10 +--- + # HTML WebViewer export ## What is a HTML WebViewer export? The **WebViewer** is an option inNetwrix Password Secure for exporting passwords in an encrypted **HTML file**. The records are selected using the -[Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md) function. The passwords for which the user +[Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) function. The passwords for which the user has the corresponding permissions are exported. They are displayed in a current browse that has **JavaScript activated**. @@ -12,7 +18,7 @@ has the corresponding permissions are exported. They are displayed in a current - Naturally, the HTML WebViewer file is **encrypted** - The export of the file is protected using a corresponding - [User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md) + [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) - The user requires the **export right** for the passwords ## Required rights diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/_category_.json new file mode 100644 index 0000000000..e42f1173a8 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Extras", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "extras" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md new file mode 100644 index 0000000000..3d1c733f5a --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md @@ -0,0 +1,23 @@ +--- +title: "Extras" +description: "Extras" +sidebar_position: 10 +--- + +# Extras + +## What are Extras? + +Netwrix Password Secure provides a diverse range of supporting features that do not directly provide +added value but mostly build on existing approaches and expand their functionalities. They are +work-saving features that in total simplify the process of working with Netwrix Password Secure. + +![installation_with_parameters_77_517x414](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/installation_with_parameters_77_517x414.webp) + +- [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) +- [Password generator](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md) +- [Reports](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md) +- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) +- [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) +- [Tag manager](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md) +- [Image management](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/image_manager.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/image_manager.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md index 7de96d03c2..71cfab85cf 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/image_manager.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md @@ -1,3 +1,9 @@ +--- +title: "Image management" +description: "Image management" +sidebar_position: 70 +--- + # Image management ## What is image management? @@ -38,7 +44,7 @@ NOTE: If there are several deposited, always use the first one. 2. Manual filing -In the main menu in [Extras](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/extras.md) you can find the image management. Here, you have the +In the main menu in [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md) you can find the image management. Here, you have the possibility to store icons and logos manually. ![Image management](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/installation_with_parameters_107-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/password_generator.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/password_generator.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md index 10f81cb9c9..4bd99c6030 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/password_generator.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md @@ -1,3 +1,9 @@ +--- +title: "Password generator" +description: "Password generator" +sidebar_position: 20 +--- + # Password generator ## What is the password generator? @@ -46,7 +52,7 @@ separated and whether to use LeetSpeak. Password rule -Already defined[Password rules](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md) can be utilised for the +Already defined[Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) can be utilised for the automatic generation of new passwords ## Multigenerator diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md similarity index 91% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md index 5c08af0aaa..165e82061a 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/password_rules.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md @@ -1,3 +1,9 @@ +--- +title: "Password rules" +description: "Password rules" +sidebar_position: 10 +--- + # Password rules ## What are password rules? @@ -25,8 +31,8 @@ a separate tab in the currently active module. ![installation_with_parameters_98](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_rules/installation_with_parameters_98.webp) In this screenshot, a total of 3 password rules are shown. As the rule “Very secure password” has -been selected in [List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md), the -[Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md) on the right displays the +been selected in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) on the right displays the configuration for this rule: - **General:** The Password length of 25 is the minimum number of characters that a password needs @@ -46,7 +52,7 @@ configuration for this rule: Once password rules have been defined, they can be productively used in two different ways: -- Use within the [Password generator](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/password_generator/password_generator.md) +- Use within the [Password generator](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_generator.md) - Default for the password field in a form: When a password field is defined in a form, one of the defined password rules can be set as the diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md new file mode 100644 index 0000000000..19169ba90b --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md @@ -0,0 +1,57 @@ +--- +title: "Reports" +description: "Reports" +sidebar_position: 30 +--- + +# Reports + +## What are reports? + +Comprehensive reporting is an important component of the ongoing monitoring of processes in Netwrix +Password Secure. Similar to selectively configurable +[Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md), reports also contain +information that can be selectively defined. The difference is mainly the trigger. Notifications are +linked to an event, which acts as the trigger for the notification. In contrast, reports enable +tabular lists of freely definable actions to be produced at any selected time – the trigger is thus +the creation of a report. This process can also be automated via +[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md). + +![reports](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_78-en.webp) + +NOTE: Reports only ever contain information for which the user has the required permissions. + +A separate tab for managing existing reports and creating new reports can be opened in the current +module via the Main menu/Extras/Reports. The module in which the report is opened is irrelevant, the +contents are always the same. + +![installation_with_parameters_79](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_79.webp) + +The filter on the left has no relevance in relation to reports. Although reports can also be +“tagged” in theory, filtering has no effect on the reports. In +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), there are currently three +configured report requests shown. + +#### Creating a report request + +New report requests can be created in list view via the ribbon or also the context menu that is +accessed using the right mouse button. The form for creating a new report request again opens in a +separate tab. Alongside a diverse range of variables, the report type can be defined using a +drop-down list. There are currently dozens of report types available. + +![installation_with_parameters_80](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_80.webp) + +The filter can be used to define the scope of the report e.g. to focus on a certain OU or simply a +selection of tags. Once saved, the report will now be shown in the list of report requests. + +###### Manually create reports + +You can now create a manual report via the ribbon. This will open in a separate tab and can be +displayed in the default web browser if desired. + +![installation_with_parameters_81](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/reports/installation_with_parameters_81.webp) + +Automated sending of reports via system tasks + +In general, reports are not manually created but are automatically sent to defined recipients. This +is apossible via system tasks, which can run processes of this nature at set times. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/seal_templates.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/seal_templates.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md index 277fec1ccc..3aff5d0f72 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/seal_templates.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md @@ -1,9 +1,15 @@ +--- +title: "Seal templates" +description: "Seal templates" +sidebar_position: 50 +--- + # Seal templates ## What are the seal templates? The configuration of -[Seals](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md) must be +[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) must be well-thought-out and error-free. It is absolutely essential to save the once-invested effort in the form of seal templates. The automation of ever-recurring tasks will, in this context, extremely speed up the timing of the work. Once defined, templates can be attached to data records in a few diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/_category_.json new file mode 100644 index 0000000000..2c51c5c2d4 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System tasks", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "system_tasks" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/emergency_webviewer.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/emergency_webviewer.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md index 3fe3313a18..deca27c313 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/emergency_webviewer/emergency_webviewer.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/emergency_webviewer.md @@ -1,9 +1,15 @@ +--- +title: "EmergencyWebViewer" +description: "EmergencyWebViewer" +sidebar_position: 10 +--- + # EmergencyWebViewer ## What is an Emergency WebViewer export? Safeguarding data is essential and this should be carried out using -[Backup management](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/backup_management.md). +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md). However, a backup is not sufficient in some cases e.g. if a backup cannot be directly restored due to a hardware problem. In these cases, **Netwrix Password Secure** offers the backup feature **Emergency WebViewer Export**. @@ -15,7 +21,7 @@ the core system of the backup mechanism. ## Creation of the file and key The **Emergency WebViewer Export** is created in Netwrix Password Secure as a -**[System tasks](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md)** and this task can be used to guarantee a regular backup of +**[System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md)** and this task can be used to guarantee a regular backup of the records (passwords) by entering an interval. When setting up the system task, the user thus defines the cycle at which the **Emergency WebViewer.html file** is created on the Server Manager. The existing file is overwritten in each case by the latest version at the defined interval. The @@ -30,7 +36,7 @@ a secure medium (USB stick, HDD, CD/DVD, …) and kept in a secure location! • Naturally, the HTML WebViewer file is encrypted • The export of the file is protected using a corresponding -[User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md) +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) • The file can only be encrypted using the **PrivateKey.prvkey** file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md similarity index 98% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md index fed1ceb5fd..99cb3115e3 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/system_tasks/system_tasks.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md @@ -1,3 +1,9 @@ +--- +title: "System tasks" +description: "System tasks" +sidebar_position: 40 +--- + # System tasks ## What are system tasks? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/tag_manager.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md similarity index 87% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/tag_manager.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md index c906097ef2..f32902fde9 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/tag_manager.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/tag_manager.md @@ -1,10 +1,16 @@ +--- +title: "Tag manager" +description: "Tag manager" +sidebar_position: 60 +--- + # Tag manager ## What is the tag manager? All existing tags can be viewed, edited and deleted directly in the tag manager. This can be achieved via the filter, within the “Edit mode” of a data set as well as via the main menu under the -group [Extras](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/extras.md). +group [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md). ![how to open the tag manager](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/tag_management/installation_with_parameters_103-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/trash/trash.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/trash.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/trash/trash.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/trash.md index 01865ec131..c00b249a86 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/trash/trash.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/trash.md @@ -1,3 +1,9 @@ +--- +title: "Bin" +description: "Bin" +sidebar_position: 80 +--- + # Bin Here the logged-in user can manage his recycle bin. All deleted passwords to which the user is diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/general_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/server_manager/main_menu/general_settings.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md index b3573d570d..51f8c4cfc6 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/general_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md @@ -1,3 +1,9 @@ +--- +title: "General settings" +description: "General settings" +sidebar_position: 30 +--- + # General settings ## What are general settings? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/import.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/import.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md index e9ff0b872b..e9935bf0d9 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/import.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md @@ -1,3 +1,9 @@ +--- +title: "Import" +description: "Import" +sidebar_position: 70 +--- + # Import ## What is an import? @@ -11,7 +17,7 @@ Both variants can be set up in the import wizard, which is started via the Main ## Requirements Whether the user is permitted to import data is controlled by the corresponding -[User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md). +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md). ![installation_with_parameters_58](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/import/installation_with_parameters_58.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md new file mode 100644 index 0000000000..06c90a49e3 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md @@ -0,0 +1,23 @@ +--- +title: "Main menu" +description: "Main menu" +sidebar_position: 30 +--- + +# Main menu + +## What is the Main menu/Backstage? + +All settings that are not linked to a particular module are defined in the Backstage (main menu). +This makes it easy to access the settings at any time and in any module. + +![Main menu](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/installation_with_parameters_56-en.webp) + +- [Extras](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/extras.md) +- [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) +- [General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md) +- [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) +- [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) +- [Administration](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/administration.md) +- [Import](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/import.md) +- [Export](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/export/export.md) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/_category_.json new file mode 100644 index 0000000000..2c2eb8b19a --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User rights", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "user_rights" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/overview_of_all_user_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md similarity index 99% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/overview_of_all_user_rights.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md index 3d29bfc91b..d8ebbdbc7d 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/overview_of_all_user_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/overview_of_all_user_rights.md @@ -1,3 +1,9 @@ +--- +title: "Overview of all user rights" +description: "Overview of all user rights" +sidebar_position: 10 +--- + # Overview of all user rights This section lists all of the existing user rights. If a right is explained in more detail in diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md index 44871bee63..517677f567 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md @@ -1,9 +1,15 @@ +--- +title: "User rights" +description: "User rights" +sidebar_position: 50 +--- + # User rights ## What are user rights? In the user rights, access to functionalities is configured. Amongst tother things, this category -includes both the visibility of individual [Client Module](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_module.md), as +includes both the visibility of individual [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md), as well as the use of the import, export or management of rights templates functions. A complete listing is directly visible in the user rights. @@ -11,7 +17,7 @@ listing is directly visible in the user rights. Managing all user rights exclusively at the level of the user would be a time intensive process and thus require a disproportionate amount of care and maintenance. In the same way as with the -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md), +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md), an approach can be used in which several users are grouped together. Nevertheless, it must still be possible to additionally address the specific requirements of individual users. Some functionalities, on the other hand, should be available to all users. In order to do this, Netwrix @@ -23,10 +29,10 @@ When it comes to user rights, the focus is always on the user. The user can rece one of the following three ways: 1. The **personal user right** only applies to a specific user. This is always configured via - the[Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md). + the[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). **User rights to role**s apply to all members of a role and are specified in the -[Roles](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md) +[Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) 1. The **global user right** applies to all users of a database without exception. You can configure it in the client settings. @@ -46,7 +52,7 @@ rights can be removed. ## Configuring the security level The **security level** is an essential element that is also specified in the user rights. This is -the basis for the configuration of the [User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md). +the basis for the configuration of the [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). ![installation_with_parameters_113](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_113.webp) @@ -54,7 +60,7 @@ the basis for the configuration of the [User settings](/docs/passwordsecure/9.2/ Due to the large number of possible configurations, the search function helps you to quickly find the desired configuration. This process is based as usual on the List -[Search](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md). +[Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md). ![installation_with_parameters_114](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_114.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/_category_.json new file mode 100644 index 0000000000..6ac028f85d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User settings", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "user_settings" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/overview_user_settings/overview_of_all_user_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md similarity index 99% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/overview_user_settings/overview_of_all_user_settings.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md index d40d438836..d0349be01b 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/overview_user_settings/overview_of_all_user_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/overview_of_all_user_settings.md @@ -1,3 +1,9 @@ +--- +title: "Overview of all settings" +description: "Overview of all settings" +sidebar_position: 10 +--- + # Overview of all settings This section lists all of the existing settings. If a setting is explained in more detail in another diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md similarity index 89% rename from docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md rename to docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md index 8c1168c35d..a92a19d6a5 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md @@ -1,3 +1,9 @@ +--- +title: "User settings" +description: "User settings" +sidebar_position: 40 +--- + # User settings ## What are user settings? @@ -10,7 +16,7 @@ can thus be linked to the presence of the required security level. ## Managing user settings -You can configure user settings similarly to [User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md). Here too, +You can configure user settings similarly to [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md). Here too, there are a total of three possibilities with which a user can define his settings or be configured from another location. For the sake of easy manageability, it is again a good idea to configure the users not individually, but to provide several equal users with settings. @@ -39,9 +45,9 @@ If you leave the personal settings on the outside, there are two ways to inherit 1. Global inheritance 2. Inheritance on the basis of membership in organisational units (OU) -Global settings are configured as usual in the [Main menu](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/main_menu_fc.md). The organisational +Global settings are configured as usual in the [Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md). The organisational units are inherited via the -[Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md). +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). All users who are assigned to an organisational unit inherit all user settings for this OU. In the present case, the users “Jones” and “Moore” inherit all settings from the “IT” organisational unit: @@ -49,7 +55,7 @@ present case, the users “Jones” and “Moore” inherit all settings from th The “Settings” button in the ribbon allows you to see the settings for both organisational units and users. The many setting options can be restricted by the known -[Search](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md) mechanisms. +[Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) mechanisms. ![installation_with_parameters_118](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_118.webp) @@ -68,6 +74,6 @@ combine similar options and thus make them available to the users. ![user settings](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/installation_with_parameters_119-en.webp) -The [User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md) define who has the required permissions to change +The [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) define who has the required permissions to change which security levels. As with all rights, this is achieved either through global inheritance, the role, or as a right granted directly to the user. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/_category_.json new file mode 100644 index 0000000000..3bcf4aaf6d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Operation and Setup", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "operation_and_setup" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/_category_.json new file mode 100644 index 0000000000..113bb86a6f --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dashboard and widgets", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "dashboard_and_widgets" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/dashboard_and_widgets.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/dashboard_and_widgets.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md index fc29826fc0..3d24185950 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/dashboard_and_widgets.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md @@ -1,3 +1,9 @@ +--- +title: "Dashboard and widgets" +description: "Dashboard and widgets" +sidebar_position: 80 +--- + # Dashboard and widgets ## What are dashboards and widgets? @@ -8,12 +14,12 @@ customizable info area, which visually prepares important events or facts ![Dashboard](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/installation_with_parameters_50-en.webp) -Dashboards are available in almost all [Client Module](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/client_module.md)s. A +Dashboards are available in almost all [Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md)s. A separate dashboard can be set for each individual module. **Widgets** correspond to the individual modules of the dashboard. There are various widgets, which can be individually defined and can be configured separately. In the above example, three widgets are enabled and provide information about current notifications, password quality, and user activity. The **maximum number of possible -widgets** is managed in the[User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md). +widgets** is managed in the[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). NOTE: You can close the dashboard using the button in the tab. You can open it again via **View** > **Show dashboard** in the ribbon. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/keyboard_shortcuts.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md similarity index 79% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/keyboard_shortcuts.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md index b90509dc86..d451dd06fa 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/dashboard_and_widgets/keyboard_shortcuts.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md @@ -1,10 +1,16 @@ +--- +title: "Keyboard shortcuts" +description: "Keyboard shortcuts" +sidebar_position: 10 +--- + # Keyboard shortcuts ## Functionality Some actions can be executed very efficiently using keyboard shortcuts. These are configured in the section of the same name within the **global -[User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md)** +[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md)** The following keyboard shortcuts are available: diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/_category_.json new file mode 100644 index 0000000000..dce4f41135 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Filter", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "filter" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced_filter_settings.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced_filter_settings.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md index bb62a34f50..7934199af0 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/advancedfiltersettings/advanced_filter_settings.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/advanced_filter_settings.md @@ -1,9 +1,15 @@ +--- +title: "Advanced filter settings" +description: "Advanced filter settings" +sidebar_position: 20 +--- + # Advanced filter settings ## Linking filters The two options for linking the filter criteria are very easy to explain using the example of -[Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md). The following options are available: +[Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). The following options are available: 1. Logical “Or operator” @@ -32,7 +38,7 @@ for this example. ## Filter tab in the ribbon -The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md). Here, it is +The filter management can also be found in the [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). Here, it is possible e.g. to expand the currently configured filter criteria, save the filter, or simply clear all currently applied filters. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/display_mode.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/display_mode.md similarity index 88% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/display_mode.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/display_mode.md index 435bb4b92e..63b7f0b5cc 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/display_mode.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/display_mode.md @@ -1,8 +1,14 @@ +--- +title: "Display mode" +description: "Display mode" +sidebar_position: 10 +--- + # Display mode ## What display modes exist? -In addition to the already described [Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md), it is possible to switch to structure +In addition to the already described [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), it is possible to switch to structure view. This alternative view enables you to filter solely on the basis of the organisational structure. Although this type of filtering is also possible in standard filter view, you are able to directly see the complete organisational structure in structure view. @@ -18,7 +24,7 @@ choice for users who want to work in a highly structural-based manner. ## Relevant options -There are three relevant [User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md) +There are three relevant [User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) associated with the display mode: ![installation_with_parameters_16](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/displaymode/installation_with_parameters_16.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md index c95d39c653..74acbbb204 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md @@ -1,3 +1,9 @@ +--- +title: "Filter" +description: "Filter" +sidebar_position: 20 +--- + # Filter ## What is a filter? @@ -24,11 +30,11 @@ The filter is an indispensable working tool because of the possibility to restri according to individual requirements. Consequently, all users can use the filter. It is, of course, possible to place restrictions for filter criteria. This means that the filter criteria available to individual employees can be restricted by means of -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md). -For example, an employee can only filter for the [Forms](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/forms/forms.md) password +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md). +For example, an employee can only filter for the [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) password if he has the read permission for that form. -**CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md). This means that any employee can +**CAUTION:** There are no permissions for [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md). This means that any employee can use any tags. The display order in the filter is determined by the frequency of use. This process is not critical to security, since tags do not grant any permissions. They are merely a supportive measure for filtering. diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md new file mode 100644 index 0000000000..62b438c495 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md @@ -0,0 +1,91 @@ +--- +title: "List view" +description: "List view" +sidebar_position: 30 +--- + +# List view + +## What is the list view? + +The list view is located centrally in the Netwrix Password Secure client, and is a key element of +daily work. There are also list views in Windows operating systems. If you click on a folder in +Windows Explorer, the contents of the folder are displayed in a list view. The same is true in +Netwrix Password Secure version 9. + +However, instead of folders, the content of the list view is defined by the currently applied +filter. \* This always means that the list view is the result of a filtered filter \*. For the +currently marked record in list view, all existing form fields are output to the reading pane. With +the two tabs “All” and “Favourites, the filter results can be further restricted. + +![List view](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_26-en.webp) + +At the bottom of the list view, the number of loaded records and the time required for this are +shown. + +NOTE: For more than 100 list elements, only the first 100 records are displayed by default. This is +to prevent excessive database queries where the results are unmanageable. In this case, it makes +sense to further refine the filter criteria. By pressing the “All” button in the header of the list +view, you can still manually switch to the complete list. + +## Searching in list view + +Through the search field, the results found by the filter can be further refined as required. After +you have entered the search term, the results are automatically limited to those records which +correspond to the criteria (after about half a second). The search used for the search is +highlighted in yellow. + +![installation_with_parameters_27](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_27.webp) + +## Detailed list view + +The default view displays only limited information about the records. However, the width of the list +view is flexible and can be adjusted by mouse. At a certain point, the view automatically changes to +the detailed list view, similar to the procedure in Microsoft Outlook. All form fields are displayed + +![Table view](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_28-en.webp) + +## Favourites + +Regularly used records can be marked as favourites. This process is carried out directly in the +[Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). A record marked as a favourite is indicated with a star in list view. + +![Favourite](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_29-en.webp) + +You can filter for favourites directly in the list view. For this purpose, simply switch to the +“Favourites” tab + +![installation_with_parameters_30](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_30.webp) + +#### Othersymbols + +Every record displayed in list view has multiple icons on the right. These give feedback in colour +about both the password quality and the [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) used. Mouseover tooltips provide +more precise details. + +![installation_with_parameters_31](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_31.webp) + +NOTE: The information visible underneath the password name is taken from the info field for the +associated form and will be explained separately + +## Workingwith records + +All records that correspond to the filter criteria are now displayed in list view. These can now be +opened, edited, or deleted via the ribbon. Many functions are also available directly from the +context menu. You can do this by right-clicking the record. Multiple selection is also possible. To +do this, simply highlight the desired objects by holding down the Ctrl key. + +![installation_with_parameters_32](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_32.webp) + +#### Opening and editing data sets + +By double-clicking, as with the context menu (right mouse button), all records can be opened from +the list view in a separate tab. Only in this view can you make changes. This detail view opens in a +separate tab, the list view is completely hidden + +![editing dataset](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/installation_with_parameters_33-en.webp) + +NOTE: Working with data records depends of course on the type of the data record. Whether passwords, +documents or organisational structures: The handling is partly very different. For more information, +please refer to the respective sections on the individual +[Client Module](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/client_module.md) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md new file mode 100644 index 0000000000..0578470ddd --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md @@ -0,0 +1,97 @@ +--- +title: "Operation and Setup" +description: "Operation and Setup" +sidebar_position: 10 +--- + +# Operation and Setup + +## Client structure + +The modular structure of the client ensure that the required functionalities are always in the same +place. Although the module selection gives access to the various areas of Netwrix Password Secure, +the control elements always remain at the positions specified for this purpose. This intuitive +operating concept ensures efficient work and a minimum of training time. + +![Operation](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation-and-setup-1-en.webp) + +![Dashboard](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation-and-setup-2-en.webp) + +1. [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) + +2. [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) + +3. [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) + +4. [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) + +5. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) + +6. [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) + +7. [Dashboard and widgets    ](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) + +## TABs + +Tabs offer yet another option within the to present related information in a separate area. This tab +navigation enables you to display, quickly access and switch between relevant information. The +results for a filter with specific criteria can thus be retained without the original result being +overwritten + +when a new filter is applied. In parallel, detailed information about records can also be found in +their own tabs. It is of course possible to adjust the order of the tabs via drag & drop according +to your individual requirements. + +![Dashboard](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/installation_with_parameters_2-en.webp) + +#### Standard tab + +Depending on the active module, the All passwords tab will be renamed to the corresponding module by +default. (All documents, all forms, etc.) + +![Standard tab](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/standard-tab-en.webp) + +Although the name suggests that all records in the database are displayed, the records displayed in +list view correspond to the criteria that have been defined in the filter. The tab closes and can be +restored by reusing the filter. + +## Client footer information + +Independently of the module chosen, various information is displayed in the footer area of the +client. The icons are also provided with a meaningful mouse-over text, which provides additional +information. + +- Connection to database +- Feedback in case connection is insecure +- Last name, first name (user name) of the logged-in user + +![installation_with_parameters_4](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/installation_with_parameters_4.webp) + +- [Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md) +- [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) +- [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) +- [Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) +- [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) +- [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) +- [Dashboard and widgets](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/dashboard_and_widgets.md) +- [Shortcut key](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/dashboardandwidgets/keyboard_shortcuts.md) + +## Orientation + +It is possible to change the alignment of the following objects: + +- [Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +- [Applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md) +- [Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md) +- [Reports](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/reports.md) +- [Documents](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/documents.md) +- [Forms](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/forms/forms.md) +- [Logbook](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md) +- [Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) +- [Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) +- [Password rules](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/password_rules.md) +- [Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) +- [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) +- [System tasks](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/systemtasks/system_tasks.md) +- Forwarding Rules +- Profil picture in the reading pane diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/print.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/print.md similarity index 98% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/print.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/print.md index 3a51de5157..7020806696 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/print/print.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/print.md @@ -1,3 +1,9 @@ +--- +title: "Print" +description: "Print" +sidebar_position: 70 +--- + # Print #### What can the print function do? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md similarity index 82% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md index bfce9481bc..9df93e22d7 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md @@ -1,3 +1,9 @@ +--- +title: "Reading pane" +description: "Reading pane" +sidebar_position: 40 +--- + # Reading pane ## What is the reading pane? @@ -5,7 +11,7 @@ The reading pane on the right side of the client always corresponds to the detailed view of the selected record in the list view and can be completely deactivated via the ribbon. In addition, you can configure here the arrangement of the reading pane – either on the right, or underneath the -[List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md). +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md). ![Reading area](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_34-en.webp) @@ -20,10 +26,10 @@ The reading pane is divided into two areas: 1. Details area -Depending on which record you have selected in [List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md), the -corresponding fields are displayed here. In the header, the assigned [Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md), as +Depending on which record you have selected in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the +corresponding fields are displayed here. In the header, the assigned [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md), as well as the -[Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md) +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) are displayed. **CAUTION:** It should be noted that the details area cannot be used for editing records! Although @@ -43,7 +49,7 @@ the quick view (space bar). Double clicking always opens a separate tab, the qui a modal window Visibility of the individual tabs within the footer section is secured via separate -[User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md): +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md): ![installation_with_parameters_37](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/installation_with_parameters_37.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md similarity index 85% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md index a11063bb7c..b8de229a0f 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md @@ -1,3 +1,9 @@ +--- +title: "Ribbon" +description: "Ribbon" +sidebar_position: 10 +--- + # Ribbon ## What is the ribbon? @@ -22,7 +28,7 @@ This ensures that the context menu can be kept lean. ## Access to the client main menu (backstage) The button at the top left of the ribbon provides access to the -[Main menu](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/main_menu_fc.md): +[Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md): ![installation_with_parameters_7](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_7.webp) @@ -30,14 +36,14 @@ The button at the top left of the ribbon provides access to the There are tabs in the header area of the ribbon that summarize all available operations. By default, module-independent **Start, View, and Filter** is available. If the footer of the -[Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md) is opened (1), further tabs will be visible in the +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) is opened (1), further tabs will be visible in the ribbon (2). These contain, according to the selection made in the footer, other possible actions. ![Ribbon Tabs](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/installation_with_parameters_8-en.webp) #### Content tabs -Double-clicking on an object in the [List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md) opens a new tab with its +Double-clicking on an object in the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) opens a new tab with its detailed view. Depending on which form field you have selected, the corresponding content tab opens in the ribbon. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md index d9bf3d271d..d39e27a475 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md @@ -1,3 +1,9 @@ +--- +title: "Search" +description: "Search" +sidebar_position: 60 +--- + # Search ## What is search? @@ -12,7 +18,7 @@ currently open. This is a full-text search that scans all fields and tags except ![quick search](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/installation_with_parameters_41-en.webp) -The fast search is closely linked to the [Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md), because search queries are +The fast search is closely linked to the [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md), because search queries are converted directly into one or several content filters. You can also separate search terms using spaces, for example, **Cook Daniel**. Note that this search creates two separate content filters, which are logically linked with “and” +. This means that both words must occur in the data record. @@ -32,7 +38,7 @@ swiss. The notation, which must be entered in the quick search, is: Delphi -swis 2. List search -With the list search in the header of the [List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md), the results of the +With the list search in the header of the [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), the results of the filter can be searched further. This type of search is available in almost every list. Scans only the currently filtered results. Password fields are not searched. The search is live, so the result is further refined with every additional character that is entered. Automatic “highlighting” takes diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md rename to docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md index 2e61899747..da5e650a0f 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md @@ -1,3 +1,9 @@ +--- +title: "Tags" +description: "Tags" +sidebar_position: 50 +--- + # Tags ## What are tags? diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/_category_.json new file mode 100644 index 0000000000..15e0af1775 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Permission concept and protective mechanisms", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "permission_concept_and_protective" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/_category_.json new file mode 100644 index 0000000000..bde6770d7b --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Automated setting of permissions", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "automated_setting_of_permissions" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated_setting_of_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated_setting_of_permissions.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md index f6e9e2d653..17306ca1b2 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated_setting_of_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md @@ -1,3 +1,9 @@ +--- +title: "Automated setting of permissions" +description: "Automated setting of permissions" +sidebar_position: 20 +--- + # Automated setting of permissions ## Reusing permissions diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance_from_organizational.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance_from_organizational.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md index 7dc68cbf64..f102993630 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance_from_organizational.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md @@ -1,3 +1,9 @@ +--- +title: "Inheritance from organisational structures" +description: "Inheritance from organisational structures" +sidebar_position: 10 +--- + # Inheritance from organisational structures ## Organisational structures as a basis @@ -5,7 +11,7 @@ The aim of organisational structures is to reflect the hierarchies and dependencies amongst employees that exist in a company. Permissions are granted to these structures as usual via the ribbon. Further information on this subject can be found in the section -[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organisational.md). +[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md). As a specific authorization concept is generally already used within organisational structures, this is also used as the basis for further permissions. This form of inheritance is technically equivalent to granting permissions based on **affiliations to a folder**. When creating a new @@ -77,7 +83,7 @@ The permissions for the “storage location” are simply used when creating new apply here: The value “organisational unit” must be selected in the settings for the inheritance of permissions -There must be no [Predefining rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md) for the +There must be no [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) for the affected organisational structure This process is illustrated in the following diagram: ![process for inheritance of permissions](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/inheritance_from_organisational_structures/inheritance-7-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/_category_.json new file mode 100644 index 0000000000..c53f3cdaa2 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manual setting of permissions", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "manual_setting_of_permissions" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual_setting_of_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md similarity index 85% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual_setting_of_permissions.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md index 0e234f4e45..86869a1abb 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual_setting_of_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md @@ -1,9 +1,15 @@ +--- +title: "Manual setting of permissions" +description: "Manual setting of permissions" +sidebar_position: 10 +--- + # Manual setting of permissions ## What is the manual setting of permissions for records? In contrast to the -[Automated setting of permissions](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/automated_settings/automated_setting_of_permissions.md), the +[Automated setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/automated_setting_of_permissions.md), the manual approach does not utilize any automatic processes. This method of setting permissions is thus carried out separately for every record – this process is not as recommended for newly created data. If you want to work effectively in the long term, the automatic setting of permissions should be @@ -14,7 +20,7 @@ records. In the previous section, it was clarified that permissions are granted either directly to the user or to several users grouped in a role. With this knowledge, the permissions can be set manually. In -the [Passwords](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords.md), there are three different ways to access +the [Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md), there are three different ways to access the permissions in the list view: 1. Icon in the ribbon @@ -28,14 +34,14 @@ or public. In case of personal data records, the user that is logged on is the o permissions! The author is created with all permissions for the record. As described in the -[Permission concept and protective mechanisms](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_and_protective.md), you can now +[Permission concept and protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md), you can now add roles and users. 'Right click - Add' inside the userlist or use the ribbon "User and roles" to add a user. The filter helps you to quickly find those users who should be granted permissions for the record in just a few steps. ![add user and role](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-2-en.webp) -The search [Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md)opens in a separate tab and can be +The search [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md)opens in a separate tab and can be configured as usual. ![seach filter](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-3-en.webp) @@ -49,7 +55,7 @@ By default, all added users or roles receive only the “Read” permission on t permission at the beginning is sufficient to view the fields of the data record and to use the password. "Write" permission allows you to edit a data record. **The permission “Authorize” is necessary to authorize other users to the record**. This is also a requirement for -the[Seals](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md). +the[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). ![setting all permissions example](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual-setting-of-permissions-4-en.webp) @@ -71,7 +77,7 @@ the risk significantly. Of course, the correct configuration of these templates The “add" permission holds a special position in the authorization concept. This permission controls whether a user/role is permitted e.g. to create a new record within an organisational structure. Consequently, this permission can only be set in the -[Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md). +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md). ## The owner permission diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple_editing_of_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple_editing_of_permissions.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md index f3d416d2d2..85354e9639 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple_editing_of_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md @@ -1,10 +1,16 @@ +--- +title: "Multiple editing of permissions" +description: "Multiple editing of permissions" +sidebar_position: 20 +--- + # Multiple editing of permissions ## How to edit multiple permissions? As part of the manual modification of permissions, it is also possible to edit multiple records at the same time. Various mechanisms can be used to select the records to be edited. You are able to -select the records in [List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md) or you can use +select the records in [List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) or you can use the filter as part of the multiple editing function. Both scenarios are described below. ### User permissions for batch processing diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md new file mode 100644 index 0000000000..8e12f145c5 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/right_templates.md @@ -0,0 +1,22 @@ +--- +title: "Right templates" +description: "Right templates" +sidebar_position: 10 +--- + +# Right templates + +## Using right templates + +Once they have been configured, permissions can be constantly reused. The functionality **Saving +permissions as a template** in the ribbon is used for this purpose. The templates are globally +available and can also be used for other records. + +NOTE: When saving templates, always select a name that will also allow it to be safely +differentiated from other templates if you have a large number of right templates. + +Nevertheless, the use of right templates merely reduces the amount of work and still envisages the +manual setting of permissions. Automatic process for the issuing of permissions also exist in +Netwrix Password Secure and will be covered in the section +[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) and also under +"[Inheritance from organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/automatedsettingofpermissions/inheritance_from_organizational.md)". diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_and_protective.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_and_protective.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md index 2cace19f0e..300b8bb87f 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_and_protective.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/permission_concept_and_protective.md @@ -1,16 +1,22 @@ +--- +title: "Permission concept and protective mechanisms" +description: "Permission concept and protective mechanisms" +sidebar_position: 40 +--- + # Permission concept and protective mechanisms ## What is the permission concept? With Netwrix Password Secure version 9 we provide the right solution to all conceivable demands -placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md) are a +placed on it with regards to permission management. [Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md) are a great way to efficiently manage multiple users without losing the overview. We've created multiple methods to manually or automatically manage your permissions. More information can be seen in the chapter -[Multiple editing of permissions](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/multiple_editing_of_permissions/multiple_editing_of_permissions.md) +[Multiple editing of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/multiple_editing_of_permissions.md) Alongside the definition of manual and automatic setting of permissions, the (optional) setting of -[Protective mechanisms](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms.md) forms +[Protective mechanisms](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md) forms part of the authorization concept. The protective mechanisms are thus downstream of the permissions. The interrelationships between all of these elements are illustrated in the following diagram. @@ -111,8 +117,8 @@ As a member of a role, it must have at least the “read” right for the role! Similar to the previous section Permission concept and protective mechanisms for roles, the configuration of a role will be illustrated using two users. The configuration is performed in the -[Roles](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md). By double-clicking on the role “IT-Consultants” in the -[List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md), you can open their detailed view. +[Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md). By double-clicking on the role “IT-Consultants” in the +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md), you can open their detailed view. ![roles list view](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/permission_concept_5-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/_category_.json new file mode 100644 index 0000000000..280c13033d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Predefining rights", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "predefining_rights" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md similarity index 80% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md index ba50f14d31..3c094b381e 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md @@ -1,8 +1,14 @@ +--- +title: "Predefining rights" +description: "Predefining rights" +sidebar_position: 30 +--- + # Predefining rights ## What are predefined rights? -[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/permissionsous/permissions_for_organisational.md) +[Permissions for organisational structures](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/permissionsfororganisational/permissions_for_organisational.md) can be carried out separately for every record. Although this method enables you to very closely control every intended permission structure, it is not really efficient. On the one hand, there is too much configuration work involved, while on the other hand, there is a danger that people who @@ -10,18 +16,18 @@ should also receive permissions to access data are forgotten. In addition, many even have the right to set permissions. “Predefining rights” is a suitable method to simplify the permissions and reduce error rates by using automated processes. This page covers the configuration of predefined rights, please also refer to the sections -[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights.md) +[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md) and their -[Scope of validity for predefined rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_for_predefined.md). +[Scope of validity for predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md). ## Organisational structures as a basis -[Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md) +[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) can be very useful in many areas in Netwrix Password Secure. In this example, they provide the basic framework for the automated granting of rights. In the broadest sense, these organisational structures should always be entered in accordance with existing departments in a company. The following example specifically focuses on an IT department. The following 3 hierarchies -([Roles](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/roles/roles.md)) have been defined within this IT department: +([Roles](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/roles.md)) have been defined within this IT department: - **IT employee** - **IT manager** @@ -31,7 +37,7 @@ following example specifically focuses on an IT department. The following 3 hier In general, a senior employee is granted more extensive rights than those granted to a trainee. This hierarchy and the associated permission structure can be predefined. In the -O[Organisational structure](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/organisational_structure.md) +O[Organisational structure](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/organisational_structure.md) module, we now select those OUs (departments) for which rights should be predefined and select \*predefine rights” in the ribbon. @@ -48,7 +54,7 @@ mouse click). This was already completed in the example. The role **IT employee* permission", the **IT manager** also has the "write permission" and the capability of managing permissions. **Administrators** possess all available permissions. Configuration of the permission structures is explained in -[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual_setting_of_permissions.md). +[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md). ![example permissions](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-3-en.webp) @@ -69,10 +75,10 @@ records. In the same way that permissions are defined within right templates, it is also possible to automatically set **tags**. Their configuration is carried out in the same way as issuing -[Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md) for records. +[Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) for records. ![tags for predefining rights](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefined-rights-5-en.webp) This process ensures that a special tag is automatically issued when using a certain template group. Example cases can be found in the -[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights.md). +[Working with predefined rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md). diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/relevant_user_rights/relevant_user_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/relevant_user_rights/relevant_user_rights.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md index 759bbe57a5..a2c085255c 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/relevant_user_rights/relevant_user_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/relevant_user_rights.md @@ -1,3 +1,9 @@ +--- +title: "Relevant user rights" +description: "Relevant user rights" +sidebar_position: 20 +--- + # Relevant user rights ## User rights for predefined rights diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_for_predefined.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md similarity index 91% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_for_predefined.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md index e8c03899c8..4056682574 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/scope_of_validity/scope_of_validity_for_predefined.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/scope_of_validity_for_predefined.md @@ -1,3 +1,9 @@ +--- +title: "Scope of validity for predefined rights" +description: "Scope of validity for predefined rights" +sidebar_position: 30 +--- + # Scope of validity for predefined rights In general, all of the predefined rights for an organisational structure are applied to all diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md similarity index 83% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md index e07710d2cc..de93f91d1f 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/working_with_predefining_rights/working_with_predefined_rights.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/working_with_predefined_rights.md @@ -1,8 +1,14 @@ +--- +title: "Working with predefined rights" +description: "Working with predefined rights" +sidebar_position: 10 +--- + # Working with predefined rights ## Using predefined rights when creating passwords -After you have configured [Predefining rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md), you can then use them to +After you have configured [Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md), you can then use them to create new records. Proceed here as follows: - Select the password module @@ -27,7 +33,7 @@ granted for the roles “IT management” and also “Administrators”. **The u When using rights templates, the permissions to be granted can be very quickly classified via a **color table**. The actual permissions can also be viewed as usual via the -[Ribbon](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/ribbon/ribbon.md). The following color key is used with the +[Ribbon](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/ribbon.md). The following color key is used with the associated permissions: | **Color** | **Permission** | @@ -46,9 +52,9 @@ management”. ## Conclusion -The [Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual_setting_of_permissions.md) enables +The [Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md) enables the configuration of rights for both existing and also new records. The option of -[Predefining rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md) represents a very efficient alternative. Instead of +[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md) represents a very efficient alternative. Instead of having to separately grant permissions for every record, a “preset” is defined once for each organisational structure. Once this has been done, it is sufficient in future to merely select the organisational structure when creating a record. The permissions are then set automatically. This diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/_category_.json new file mode 100644 index 0000000000..2b4a3080aa --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Protective mechanisms", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "protective_mechanisms" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md similarity index 88% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md index 5818a78764..87c960d8f5 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md @@ -1,3 +1,9 @@ +--- +title: "Password masking" +description: "Password masking" +sidebar_position: 30 +--- + # Password masking ## What is password masking? @@ -18,7 +24,7 @@ The following option is required to apply password masking. ### Required permissions -In the same way as for the [Seals](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md) configuration, the **authorize permission** +In the same way as for the [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) configuration, the **authorize permission** for the record is required to apply or remove the masking. Users who have the **authorize permission** for a record can continue to use the record without limitations after applying password masking. Password masking only applies to users without the "can apply password masking" right. @@ -34,8 +40,8 @@ permission, but not the permission **authorize**. ### Password masking via form field permissions As an alternative, you can also apply password masking via the -[Form field permissions](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/form_field_permissions.md). In the -[List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md) of a record, there is a separate +[Form field permissions](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/form_field_permissions.md). In the +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) of a record, there is a separate button in the ribbon for that purpose. Ensure that the password field is highlighted. ![form field permissions](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking_2-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md similarity index 80% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md index 32a17a273e..bab5ab5c6c 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/protective_mechanisms.md @@ -1,3 +1,9 @@ +--- +title: "Protective mechanisms" +description: "Protective mechanisms" +sidebar_position: 40 +--- + # Protective mechanisms ## What are protective mechanisms? @@ -9,16 +15,16 @@ certain information only available to selected employees. Nevertheless, it is st have protective mechanisms above and beyond the authorization concept in order to handle complex requirements. -- [Visibility](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md) is not separately configured but is instead directly +- [Visibility](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md) is not separately configured but is instead directly controlled via the authorization concept (read permission). Nevertheless, it represents an important component within the existing protective mechanisms and is why a separate section has been dedicated to this subject. -- By configuring [Temporary permissions](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/temporary_permissions/temporary_permissions.md), it is +- By configuring [Temporary permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md), it is possible to grant users or roles temporary access to data. -- [Password masking](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking.md) enables access to the system without +- [Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md) enables access to the system without having to reveal the passwords of users. The value of the password remains constantly hidden. - To link the release of highly sensitive access data to a double-check principle, it is possible to - use [Seals](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a + use [Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md). The configuration of users or roles with the permissions to issue a release is possible down to a granular level and is always adaptable to individual requirements. The following diagram shows a summary of how the existing protective mechanisms are integrated into @@ -27,7 +33,7 @@ the authorization concept. ![protective mechanism diagram](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/protective_mechanisms-en.webp) In the interplay of the -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md), +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md), almost all conceivable scenarios can be depicted. It is worth mentioning again that the authorization concept is already a very effective tool, with limited visibility of passwords and data records. This concept is present everywhere in Netwrix Password Secure, and will be explained diff --git a/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/_category_.json b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/_category_.json new file mode 100644 index 0000000000..bb90850646 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Seals", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "seals" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md similarity index 91% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md index b0af935773..dbbc09385c 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md @@ -1,3 +1,9 @@ +--- +title: "Release mechanism" +description: "Release mechanism" +sidebar_position: 20 +--- + # Release mechanism ## What is the release mechanism? @@ -35,12 +41,12 @@ displayed to the users with the required permissions to issue the release. All user with the required permissions to issue the release will be notified that the user has requested the seal. This can be viewed via the module -[Notifications](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/notifications/notifications.md), as well as in the Seal +[Notifications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/notifications.md), as well as in the Seal overview. ## 2. Granting a release -The [Seal overview](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview.md) can be opened via the seal symbol in the +The [Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) can be opened via the seal symbol in the ribbon directly from the mentioned notification. It is indicated by the corresponding icon that there is a need for action. All relevant data for a release are illustrated within the seal overview. The reason given in the release is also evident. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md index 0d62ee5ca7..290360d406 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md @@ -1,3 +1,9 @@ +--- +title: "Seal overview" +description: "Seal overview" +sidebar_position: 10 +--- + # Seal overview ## What is the seal overview? diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md index ac6755ba54..5e5bfee687 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md @@ -1,9 +1,15 @@ +--- +title: "Seals" +description: "Seals" +sidebar_position: 40 +--- + # Seals ## What are seals? Passwords are selectively made available to the different user groups by means of the -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md). +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md). Nevertheless, there are many scenarios in which the ability to view and use a record should be linked to a release issued in advance. In this context, the seal is an effective protective mechanism. This multi-eye principle protects passwords by securing them with granular release @@ -53,7 +59,7 @@ the configuration of the seal. All objects that are sealed are displayed at the beginning. Depending on the data record, this can be one object, or several. It is also possible to use existing -[Seal templates](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/seal_templates.md). Optionally, you can +[Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md). Optionally, you can enter a reason for each seal. #### 2. Multi-eye principle @@ -125,7 +131,7 @@ the breaking of a seal by a user, other users may still break it. #### 4. Saving the seal Before closing the wizard, it is possible to save the configuration for later use in the form of a -template. [Seal templates](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/seal_templates/seal_templates.md) can be +template. [Seal templates](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/seal_templates.md) can be optionally provided with a description for the purpose of overview. ![save seal](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_9-en.webp) @@ -135,9 +141,9 @@ optionally provided with a description for the purpose of overview. The permissions already present on the data set form the basis for any complex seal configurations. It is freely definable which users have to go through a release mechanism before accessing the password. The roles, which may be granted, are freely definable. An always accessible -[Seal overview](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview.md) allows all authorized persons to view the current -state of the seals. The section on the[Release mechanism](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism.md) +[Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) allows all authorized persons to view the current +state of the seals. The section on the[Release mechanism](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) describes in detail the individual steps, from the initial release request to the final release. -- [Seal overview](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals_overview/seal_overview.md) -- [Release mechanism](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/release_mechanism/release_mechanism.md) +- [Seal overview](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seal_overview.md) +- [Release mechanism](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/release_mechanism.md) diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/temporary_permissions/temporary_permissions.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/temporary_permissions/temporary_permissions.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md index 12ec302c34..1f78f16551 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/temporary_permissions/temporary_permissions.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/temporary_permissions.md @@ -1,3 +1,9 @@ +--- +title: "Temporary permissions" +description: "Temporary permissions" +sidebar_position: 20 +--- + # Temporary permissions ## What are temporary permissions? @@ -9,7 +15,7 @@ for a limited time, such as interns or trainees. ## Configuration When configuring the -[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/manual_settings/manual_setting_of_permissions.md), you can +[Manual setting of permissions](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/manualsettingofpermissions/manual_setting_of_permissions.md), you can specify a temporary release for each role. The start date as well as the end date is selected here. You can start the configuration using the **Extras** area in the ribbon. diff --git a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md similarity index 91% rename from docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md rename to docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md index 8c1113ea87..71bc6cd697 100644 --- a/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md +++ b/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/visibility.md @@ -1,12 +1,18 @@ +--- +title: "Visibility" +description: "Visibility" +sidebar_position: 10 +--- + # Visibility ## Visibility of data -The use of a [Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md) is generally the gateway to +The use of a [Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md) is generally the gateway to displaying existing records. Nevertheless, this aspect of the visibility of the records is closely interwoven with the existing permissions structure. Naturally, a user can always only see those records for which they have at least a read Permission. This doctrine should always be taken into -consideration when handling records. [Tags](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/tags/tags.md) are not +consideration when handling records. [Tags](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/tags.md) are not subject to any permissions and can thus always be used as filter criteria. Nevertheless, the delivered results will only contain those records for which the user themselves actually has permissions. A good example here is the tag “personal record”. Every user can mark their own record diff --git a/docs/passwordsecure/9.2/configuration/autofilladdon/_category_.json b/docs/passwordsecure/9.2/configuration/autofilladdon/_category_.json new file mode 100644 index 0000000000..52e6e25746 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/autofilladdon/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Autofill Add-on", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "autofill_add-on" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/autofill_add-on/autofill_add-on.md b/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md similarity index 92% rename from docs/passwordsecure/9.2/configuration/autofill_add-on/autofill_add-on.md rename to docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md index 4db55e714c..a0d0c25a90 100644 --- a/docs/passwordsecure/9.2/configuration/autofill_add-on/autofill_add-on.md +++ b/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md @@ -1,3 +1,9 @@ +--- +title: "Autofill Add-on" +description: "Autofill Add-on" +sidebar_position: 60 +--- + # Autofill Add-on ## What is the Autofill Add-on? @@ -5,9 +11,9 @@ The Autofill Add-on is responsible for the automatic entry of login data in applications. This enables logins without knowledge of the password, which can be a particularly valuable tool in combination with -[Password masking](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking.md). +[Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). The -[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md) +[Authorization and protection mechanisms](/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md) is used to define which users should receive access. However, the password remains hidden because it is entered by Netwrix Password Secure. diff --git a/docs/passwordsecure/9.2/configuration/autofill_add-on/configuration/configuration_autofill_add-on.md b/docs/passwordsecure/9.2/configuration/autofilladdon/configuration_autofill_add-on.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/autofill_add-on/configuration/configuration_autofill_add-on.md rename to docs/passwordsecure/9.2/configuration/autofilladdon/configuration_autofill_add-on.md index 297e96f0af..7997caed43 100644 --- a/docs/passwordsecure/9.2/configuration/autofill_add-on/configuration/configuration_autofill_add-on.md +++ b/docs/passwordsecure/9.2/configuration/autofilladdon/configuration_autofill_add-on.md @@ -1,3 +1,9 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 10 +--- + # Configuration ## Starting the Autofill Add-on diff --git a/docs/passwordsecure/9.2/configuration/basicview/_category_.json b/docs/passwordsecure/9.2/configuration/basicview/_category_.json new file mode 100644 index 0000000000..15a94b2924 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/basicview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "The Basic view", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "basic_view" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/basic_view/basic_view.md b/docs/passwordsecure/9.2/configuration/basicview/basic_view.md similarity index 85% rename from docs/passwordsecure/9.2/configuration/basic_view/basic_view.md rename to docs/passwordsecure/9.2/configuration/basicview/basic_view.md index d97f41b4cc..25cf0a47f9 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/basic_view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/basic_view.md @@ -1,3 +1,9 @@ +--- +title: "The Basic view" +description: "The Basic view" +sidebar_position: 30 +--- + # The Basic view ![light-client-en](/img/product_docs/passwordsecure/9.2/configuration/basic_view/light-client-en.webp) @@ -16,10 +22,10 @@ ideal tool for the daily handling of passwords. You don’t need any special permission to use the Basic view. However, the handling of the Basic views can be set via rights and settings. Read more in chapter -[To do for Administration](/docs/passwordsecure/9.2/configuration/basic_view/administration/to_do_for_administration.md). +[To do for Administration](/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md). #### Installation The Basic view is installed directly with the Web Application, so you don’t need any special installation. For further information, visit the -chapter[Installation Client](/docs/passwordsecure/9.2/installation/installation_client/installation_client.md) +chapter[Installation Client](/docs/passwordsecure/9.2/installation/installationclient/installation_client.md) diff --git a/docs/passwordsecure/9.2/configuration/basic_view/checklist/checklist_of_the_basic_view.md b/docs/passwordsecure/9.2/configuration/basicview/checklist_of_the_basic_view.md similarity index 92% rename from docs/passwordsecure/9.2/configuration/basic_view/checklist/checklist_of_the_basic_view.md rename to docs/passwordsecure/9.2/configuration/basicview/checklist_of_the_basic_view.md index 60e95f60ce..ab380f00f5 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/checklist/checklist_of_the_basic_view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/checklist_of_the_basic_view.md @@ -1,3 +1,9 @@ +--- +title: "Checklist of the Basic view" +description: "Checklist of the Basic view" +sidebar_position: 20 +--- + # Checklist of the Basic view ## Checklist for setting the Basic view diff --git a/docs/passwordsecure/9.2/configuration/basic_view/password_management/password_management.md b/docs/passwordsecure/9.2/configuration/basicview/password_management.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/basic_view/password_management/password_management.md rename to docs/passwordsecure/9.2/configuration/basicview/password_management.md index 7a34987b80..3ee98a55bd 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/password_management/password_management.md +++ b/docs/passwordsecure/9.2/configuration/basicview/password_management.md @@ -1,3 +1,9 @@ +--- +title: "Password management" +description: "Password management" +sidebar_position: 60 +--- + # Password management ## Creating passwords diff --git a/docs/passwordsecure/9.2/configuration/basic_view/start_and_login/start_and_login_basic_view.md b/docs/passwordsecure/9.2/configuration/basicview/start_and_login_basic_view.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/basic_view/start_and_login/start_and_login_basic_view.md rename to docs/passwordsecure/9.2/configuration/basicview/start_and_login_basic_view.md index 96525da7a8..9f059d9637 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/start_and_login/start_and_login_basic_view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/start_and_login_basic_view.md @@ -1,3 +1,9 @@ +--- +title: "Start and Login" +description: "Start and Login" +sidebar_position: 30 +--- + # Start and Login ## Starting the Web application diff --git a/docs/passwordsecure/9.2/configuration/basic_view/tab_system/tab_system.md b/docs/passwordsecure/9.2/configuration/basicview/tab_system.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/basic_view/tab_system/tab_system.md rename to docs/passwordsecure/9.2/configuration/basicview/tab_system.md index 6525e7b385..c59b5452e8 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/tab_system/tab_system.md +++ b/docs/passwordsecure/9.2/configuration/basicview/tab_system.md @@ -1,3 +1,9 @@ +--- +title: "Tab system" +description: "Tab system" +sidebar_position: 50 +--- + # Tab system ## What is the tab system? diff --git a/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/_category_.json b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/_category_.json new file mode 100644 index 0000000000..2477c2f261 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "To do for Administration", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "to_do_for_administration" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/basic_view/administration/errorcodes/errorcodes_of_the_lightclient.md b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/basic_view/administration/errorcodes/errorcodes_of_the_lightclient.md rename to docs/passwordsecure/9.2/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md index 5213b85ae7..861c674e56 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/administration/errorcodes/errorcodes_of_the_lightclient.md +++ b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/errorcodes_of_the_lightclient.md @@ -1,3 +1,9 @@ +--- +title: "Errorcodes of the Basic view" +description: "Errorcodes of the Basic view" +sidebar_position: 10 +--- + # Errorcodes of the Basic view ## Error codes for administration diff --git a/docs/passwordsecure/9.2/configuration/basic_view/administration/to_do_for_administration.md b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md similarity index 92% rename from docs/passwordsecure/9.2/configuration/basic_view/administration/to_do_for_administration.md rename to docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md index 626d1a89bd..1c837d0a3a 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/administration/to_do_for_administration.md +++ b/docs/passwordsecure/9.2/configuration/basicview/todoforadministration/to_do_for_administration.md @@ -1,3 +1,9 @@ +--- +title: "To do for Administration" +description: "To do for Administration" +sidebar_position: 10 +--- + # To do for Administration ## Conditions for using the Basic view @@ -48,7 +54,7 @@ FullClient. By clicking on the application, the end user can easily generate sec able to use the application, the user needs at least the authorization to **read**. Further information on this topic can be found in the chapter -[Applications](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/applications.md). +[Applications](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/applications.md). ![installation_with_parameters_155](/img/product_docs/passwordsecure/9.2/configuration/basic_view/administration/installation_with_parameters_155.webp) diff --git a/docs/passwordsecure/9.2/configuration/basic_view/view/view.md b/docs/passwordsecure/9.2/configuration/basicview/view.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/basic_view/view/view.md rename to docs/passwordsecure/9.2/configuration/basicview/view.md index a7e0d62452..e81bb3e94e 100644 --- a/docs/passwordsecure/9.2/configuration/basic_view/view/view.md +++ b/docs/passwordsecure/9.2/configuration/basicview/view.md @@ -1,3 +1,9 @@ +--- +title: "View" +description: "View" +sidebar_position: 40 +--- + # View ## The view of the Basic view @@ -54,5 +60,5 @@ Please point this out to your in-house administrator if this is not the case for Usually, the setup of logos/icons in the i**mage management** is done by the in-house administration. You can learn more about this in the FullClient -[Image management](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/extras/image_management/image_manager.md) +[Image management](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/extras/image_manager.md) documentation. diff --git a/docs/passwordsecure/9.2/configuration/browseraddons/_category_.json b/docs/passwordsecure/9.2/configuration/browseraddons/_category_.json new file mode 100644 index 0000000000..8b9ec7085c --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/browseraddons/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Browser Add-ons", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "browser_add-ons" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/browseradd-ons/applications/applications_add-on.md b/docs/passwordsecure/9.2/configuration/browseraddons/applications_add-on.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/browseradd-ons/applications/applications_add-on.md rename to docs/passwordsecure/9.2/configuration/browseraddons/applications_add-on.md index 7cdeb061a8..6b2d63b4a3 100644 --- a/docs/passwordsecure/9.2/configuration/browseradd-ons/applications/applications_add-on.md +++ b/docs/passwordsecure/9.2/configuration/browseraddons/applications_add-on.md @@ -1,3 +1,9 @@ +--- +title: "Applications" +description: "Applications" +sidebar_position: 10 +--- + # Applications ## What are applications? @@ -38,7 +44,7 @@ are used to enter information into the fields. It thus assigns fields in the rec associated fields on the website. This mapping process only needs to be configured once. The applications is responsible for entering data in the fields on the website from then on. In the following example, the data entry process is carried out from the client. Naturally, this is also -possible via [Browser Add-ons](/docs/passwordsecure/9.2/configuration/browseradd-ons/browser_add-ons.md). The procedure remains the same. +possible via [Browser Add-ons](/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md). The procedure remains the same. ![installation_with_parameters_143](/img/product_docs/passwordsecure/9.2/configuration/browseradd-ons/applications/installation_with_parameters_143.webp) diff --git a/docs/passwordsecure/9.2/configuration/browseradd-ons/browser_add-ons.md b/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md similarity index 98% rename from docs/passwordsecure/9.2/configuration/browseradd-ons/browser_add-ons.md rename to docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md index bc278102a7..00894ab826 100644 --- a/docs/passwordsecure/9.2/configuration/browseradd-ons/browser_add-ons.md +++ b/docs/passwordsecure/9.2/configuration/browseraddons/browser_add-ons.md @@ -1,3 +1,9 @@ +--- +title: "Browser Add-ons" +description: "Browser Add-ons" +sidebar_position: 50 +--- + # Browser Add-ons Passwords can also be used in the browser using the browser add-on. You can search for passwords in diff --git a/docs/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/how_to_save_passwords.md b/docs/passwordsecure/9.2/configuration/browseraddons/how_to_save_passwords.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/how_to_save_passwords.md rename to docs/passwordsecure/9.2/configuration/browseraddons/how_to_save_passwords.md index b9ab661494..158ba28c53 100644 --- a/docs/passwordsecure/9.2/configuration/browseradd-ons/how_to_save_passwords/how_to_save_passwords.md +++ b/docs/passwordsecure/9.2/configuration/browseraddons/how_to_save_passwords.md @@ -1,3 +1,9 @@ +--- +title: "How to save passwords" +description: "How to save passwords" +sidebar_position: 20 +--- + # How to save passwords This chapter describes how to store passwords via add-on. diff --git a/docs/passwordsecure/9.2/configuration/configuration.md b/docs/passwordsecure/9.2/configuration/configuration.md index f3688fc6ac..8125627f38 100644 --- a/docs/passwordsecure/9.2/configuration/configuration.md +++ b/docs/passwordsecure/9.2/configuration/configuration.md @@ -1,3 +1,9 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 40 +--- + # Configuration The following pages will provide you with in-depth information how to configure the different diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/_category_.json b/docs/passwordsecure/9.2/configuration/mobiledevices/_category_.json new file mode 100644 index 0000000000..69696042ea --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Mobile devices", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "mobile_devices" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/_category_.json b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/_category_.json new file mode 100644 index 0000000000..f4d1f53a0e --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Autofill", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_android/autofill_in_android.md b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_android.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_android/autofill_in_android.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_android.md index d9eda3d5c0..1bc304c41e 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_android/autofill_in_android.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_android.md @@ -1,3 +1,9 @@ +--- +title: "Autofill in Android" +description: "Autofill in Android" +sidebar_position: 20 +--- + # Autofill in Android With autofill, the credentials are transferred from the Netwrix Password Secure app directly to the diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_ios/autofill_in_ios.md b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_ios.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_ios/autofill_in_ios.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_ios.md index de8ac9ce46..bf098c6a41 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_ios/autofill_in_ios.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/autofill/autofill_in_ios.md @@ -1,3 +1,9 @@ +--- +title: "Autofill in iOS" +description: "Autofill in iOS" +sidebar_position: 10 +--- + # Autofill in iOS The most important comfort feature of the Netwrix Password Secure app is probably the autofill. With diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md b/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md index a29f916ba8..3f7642b534 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/mobile_devices.md @@ -1,3 +1,9 @@ +--- +title: "Mobile devices" +description: "Mobile devices" +sidebar_position: 70 +--- + # Mobile devices ## The new Netwrix Password Secure Mobile App – mobile and simple! diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/passwords/passwords_mobileapp.md b/docs/passwordsecure/9.2/configuration/mobiledevices/passwords_mobileapp.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/mobiledevices/passwords/passwords_mobileapp.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/passwords_mobileapp.md index 2e1c9fb017..4db7297a90 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/passwords/passwords_mobileapp.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/passwords_mobileapp.md @@ -1,3 +1,9 @@ +--- +title: "Password Management" +description: "Password Management" +sidebar_position: 50 +--- + # Password Management In principle, there are two types of passwords. **Global** and **personal** passwords. diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/security/securitymd.md b/docs/passwordsecure/9.2/configuration/mobiledevices/securitymd.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/mobiledevices/security/securitymd.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/securitymd.md index 754d32bfaf..2267b13359 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/security/securitymd.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/securitymd.md @@ -1,3 +1,9 @@ +--- +title: "Security" +description: "Security" +sidebar_position: 10 +--- + # Security #### Your security is our ambition diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/settings/settings_mobileapp.md b/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/mobiledevices/settings/settings_mobileapp.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md index 02798f1c75..0aa00cf719 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/settings/settings_mobileapp.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md @@ -1,3 +1,9 @@ +--- +title: "Settings" +description: "Settings" +sidebar_position: 70 +--- + # Settings As soon as you are logged in to the **Netwrix Password Secure App**, you can access the **settings** @@ -46,7 +52,7 @@ Synchronize now Starts the synchronization. This can also be started outside the settings at any time by simply swiping down. More information can also be found in the chapter -[Synchronization](/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization/synchronization.md). +[Synchronization](/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md). Fix sync errors diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/installation_of_the_app.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/installation_of_the_app.md deleted file mode 100644 index e5b781a434..0000000000 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/installation_of_the_app.md +++ /dev/null @@ -1,28 +0,0 @@ -# Installation of the App / Requirements - -The Netwrix Password Secure app is installed as usual via the Apple Store or Google Playstore. The -apps can be found under the following links: - -![App store](/img/product_docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/appstore-icon.webp) - -![Google Play](/img/product_docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/android-icon.webp) - -#### Requirements - -The **Netwrix Password Secure Apps** can be installed on the following systems: - -**iOS:** at least version 10.14 - -**Android:** at least version 8.0 - -**Web Application**: Since the app connects via the Web Application, it is mandatory to have it -installed. The documentation of the Web Application installation can be seen in the chapter -[Installation Web Application](/docs/passwordsecure/9.2/installation/installation_web_application/installation_web_application.md) - -**Port**: The connection is made via https port 443, which must be enabled on the server side. - -[User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md)**:** The users need the -right **Can synchronize with mobile devices.** - -[Database properties](/docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_properties.md): It must -be ensured that the Enable mobile synchronization option is set. diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/setup_mobile_device.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setup/setup_mobile_device.md deleted file mode 100644 index 5abf7e8e2a..0000000000 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/setup_mobile_device.md +++ /dev/null @@ -1,18 +0,0 @@ -# Setup - -## Requirements - -Netwrix Password Secure Mobile Apps automatically synchronize with an existing Netwrix Password -Secure database. The [Web Application](/docs/passwordsecure/9.2/configuration/web_applicaiton/web_application.md) is used as the -interface for this. This must therefore be installed. In addition, the database must be enabled for -use with mobile devices on the [Server Manager](/docs/passwordsecure/9.2/configuration/server_manager/server_manger.md). - -#### Setup and configuration - -The setup and initial configuration of the **Netwrix Password Secure App** is explained in the -following chapters: - -- [Installation of the App / Requirements](/docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/installation_of_the_app.md) -- [Linking the database](/docs/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/linking_the_database.md) -- [Biometric login](/docs/passwordsecure/9.2/configuration/mobiledevices/setup/biometric_login/biometric_login.md) -- [Setting up autofill](/docs/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/setting_up_autofill.md) diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/_category_.json b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/_category_.json new file mode 100644 index 0000000000..237f0e7607 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Setup", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "setup_mobile_device" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/biometric_login/biometric_login.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/biometric_login.md similarity index 87% rename from docs/passwordsecure/9.2/configuration/mobiledevices/setup/biometric_login/biometric_login.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/biometric_login.md index bbd5e9f441..3f143905e7 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/biometric_login/biometric_login.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/biometric_login.md @@ -1,3 +1,9 @@ +--- +title: "Biometric login" +description: "Biometric login" +sidebar_position: 30 +--- + # Biometric login Depending on the operating system used (iOS or Android), logging in to the app can also be done diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md new file mode 100644 index 0000000000..fca5e57b56 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md @@ -0,0 +1,34 @@ +--- +title: "Installation of the App / Requirements" +description: "Installation of the App / Requirements" +sidebar_position: 10 +--- + +# Installation of the App / Requirements + +The Netwrix Password Secure app is installed as usual via the Apple Store or Google Playstore. The +apps can be found under the following links: + +![App store](/img/product_docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/appstore-icon.webp) + +![Google Play](/img/product_docs/passwordsecure/9.2/configuration/mobiledevices/setup/installation_app/android-icon.webp) + +#### Requirements + +The **Netwrix Password Secure Apps** can be installed on the following systems: + +**iOS:** at least version 10.14 + +**Android:** at least version 8.0 + +**Web Application**: Since the app connects via the Web Application, it is mandatory to have it +installed. The documentation of the Web Application installation can be seen in the chapter +[Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) + +**Port**: The connection is made via https port 443, which must be enabled on the server side. + +[User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md)**:** The users need the +right **Can synchronize with mobile devices.** + +[Database properties](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md): It must +be ensured that the Enable mobile synchronization option is set. diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/linking_the_database.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/linking_the_database.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md index 4e0b835fa6..9fe5c30717 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/linking_database/linking_the_database.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md @@ -1,3 +1,9 @@ +--- +title: "Linking the database" +description: "Linking the database" +sidebar_position: 20 +--- + # Linking the database First, an existing database must be linked to the Netwrix Password Secure app in order to finally diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/setting_up_autofill.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/setting_up_autofill.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md index 6684733e91..45abf6c7e2 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/setup/setting_up_autofill/setting_up_autofill.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md @@ -1,3 +1,9 @@ +--- +title: "Setting up autofill" +description: "Setting up autofill" +sidebar_position: 40 +--- + # Setting up autofill The most important comfort feature of the Netwrix Password Secure App is probably the autofill, i.e. diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md new file mode 100644 index 0000000000..23b7acbd93 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setup_mobile_device.md @@ -0,0 +1,24 @@ +--- +title: "Setup" +description: "Setup" +sidebar_position: 20 +--- + +# Setup + +## Requirements + +Netwrix Password Secure Mobile Apps automatically synchronize with an existing Netwrix Password +Secure database. The [Web Application](/docs/passwordsecure/9.2/configuration/webapplication/web_application.md) is used as the +interface for this. This must therefore be installed. In addition, the database must be enabled for +use with mobile devices on the [Server Manager](/docs/passwordsecure/9.2/configuration/servermanger/server_manger.md). + +#### Setup and configuration + +The setup and initial configuration of the **Netwrix Password Secure App** is explained in the +following chapters: + +- [Installation of the App / Requirements](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/installation_of_the_app.md) +- [Linking the database](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/linking_the_database.md) +- [Biometric login](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/biometric_login.md) +- [Setting up autofill](/docs/passwordsecure/9.2/configuration/mobiledevices/setupmobiledevice/setting_up_autofill.md) diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization/synchronization.md b/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/mobiledevices/synchronization/synchronization.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md index ae9249d24b..4fd773198b 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization/synchronization.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/synchronization.md @@ -1,3 +1,9 @@ +--- +title: "Synchronization" +description: "Synchronization" +sidebar_position: 40 +--- + # Synchronization The synchronization of data between the mobile database and the server database is extremely @@ -7,7 +13,7 @@ automatically synchronized in the background. Synchronization logic First of all, it is important to note how the synchronization has been configured in the -[Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings/settings_mobileapp.md). A prerequisite for successful synchronization is that +[Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md). A prerequisite for successful synchronization is that the configured connection is available. This is done via https port 443, which must be enabled on the server side. Once the prerequisites have been met, there are the following triggers for synchronization: @@ -31,4 +37,4 @@ on both devices. Settings for synchronization -The configuration is described in the chapter [Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings/settings_mobileapp.md) +The configuration is described in the chapter [Settings](/docs/passwordsecure/9.2/configuration/mobiledevices/settings_mobileapp.md) diff --git a/docs/passwordsecure/9.2/configuration/mobiledevices/tabs/tabs.md b/docs/passwordsecure/9.2/configuration/mobiledevices/tabs.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/mobiledevices/tabs/tabs.md rename to docs/passwordsecure/9.2/configuration/mobiledevices/tabs.md index 9a6130f9dc..cfa528bac2 100644 --- a/docs/passwordsecure/9.2/configuration/mobiledevices/tabs/tabs.md +++ b/docs/passwordsecure/9.2/configuration/mobiledevices/tabs.md @@ -1,3 +1,9 @@ +--- +title: "Tabs" +description: "Tabs" +sidebar_position: 30 +--- + # Tabs Once you have successfully logged in, you will find yourself in the view where all the user's diff --git a/docs/passwordsecure/9.2/configuration/offlineclient/_category_.json b/docs/passwordsecure/9.2/configuration/offlineclient/_category_.json new file mode 100644 index 0000000000..2cd56829c8 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/offlineclient/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Offline Add-on", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "offline_client" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md b/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md index b5ff89d14c..5a7f508387 100644 --- a/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md +++ b/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md @@ -1,10 +1,16 @@ +--- +title: "Offline Add-on" +description: "Offline Add-on" +sidebar_position: 90 +--- + # Offline Add-on ## What is the Offline Add-on? The Offline Add-on enables you to work without an active connection to the Netwrix Password Secure server. If the corresponding setting has been configured -([Setup and sync](/docs/passwordsecure/9.2/configuration/offlineclient/setup/setup_and_sync.md)), the local copy of the server database will be +([Setup and sync](/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md)), the local copy of the server database will be automatically synchronized according to freely definable cycles. This ensures that you can always use a (relatively) up-to-date version of the database offline. @@ -25,22 +31,22 @@ together with the creation of the offline database. #### Operation Operation of the Offline Add-on is generally based on the -[Operation and setup](/docs/passwordsecure/9.2/configuration/server_manager/operation_and_setup/operation_and_setup_admin_client.md). +[Operation and setup](/docs/passwordsecure/9.2/configuration/servermanger/operation_and_setup_admin_client.md). Since the Offline Add-on only has a limited range of functions, the following must be taken into account with regards to its operation: - There is no dashboard - Only the password module is available - The filter is not available. Records are found using the - [Search](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/search/search.md) + [Search](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/search.md) - The automatic login data entry can be performed via the - [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofill_add-on/autofill_add-on.md), independently of the Offline Add-on + [Autofill Add-on](/docs/passwordsecure/9.2/configuration/autofilladdon/autofill_add-on.md), independently of the Offline Add-on ![Offline Client](/img/product_docs/passwordsecure/9.2/configuration/offlineclient/installation_with_parameters_264-en.webp) #### What data is synchronised? -[Seals](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md) +[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) enhance the security concept in Netwrix Password Secure to include a double-check principle that can be defined in fine detail. This means that releases for protected information are linked to the positive authentication of one or more users. Naturally, it is not possible to issue these releases diff --git a/docs/passwordsecure/9.2/configuration/offlineclient/setup/setup_and_sync.md b/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/offlineclient/setup/setup_and_sync.md rename to docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md index da81f3294e..645c62d3ae 100644 --- a/docs/passwordsecure/9.2/configuration/offlineclient/setup/setup_and_sync.md +++ b/docs/passwordsecure/9.2/configuration/offlineclient/setup_and_sync.md @@ -1,3 +1,9 @@ +--- +title: "Setup and sync" +description: "Setup and sync" +sidebar_position: 10 +--- + # Setup and sync ## Setting up the offline database @@ -16,8 +22,8 @@ initially created. ![Properties](/img/product_docs/passwordsecure/9.2/configuration/offlineclient/setup/installation_with_parameters_265-en.webp) You will find further information on this subject in the -sections:[ Creating databases](/docs/passwordsecure/9.2/configuration/server_manager/creatingdatabase/creating_databases.md) and -[Managing databases](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/managing_databases.md) +sections:[ Creating databases](/docs/passwordsecure/9.2/configuration/servermanger/creating_databases.md) and +[Managing databases](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md) User rights @@ -45,7 +51,7 @@ possible to use several offline databases with an Offline Add-on. In order to keep the data always consistent, the offline database must be synchronized regularly. Synchronization is automatically performed by the client in the background. The interval can be freely configured in the -[User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md). The synchronization is +[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md). The synchronization is completed every 30 minutes by default. When creating and editing records, it is also possible to synchronize outside of the synchronization cycle so that the changes are directly available offline. In addition, the synchronization can also be started manually in Backstage via “Account”. diff --git a/docs/passwordsecure/9.2/configuration/sdkapi/_category_.json b/docs/passwordsecure/9.2/configuration/sdkapi/_category_.json new file mode 100644 index 0000000000..ed7af24b66 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/sdkapi/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SDK / API", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "sdk__api" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/maintenance/migration_guide.md b/docs/passwordsecure/9.2/configuration/sdkapi/migration_guide.md similarity index 98% rename from docs/passwordsecure/9.2/maintenance/migration_guide.md rename to docs/passwordsecure/9.2/configuration/sdkapi/migration_guide.md index c7da451eb3..a194cc8bf7 100644 --- a/docs/passwordsecure/9.2/maintenance/migration_guide.md +++ b/docs/passwordsecure/9.2/configuration/sdkapi/migration_guide.md @@ -1,3 +1,9 @@ +--- +title: "migration_guide" +description: "migration_guide" +sidebar_position: 10 +--- + ## Migration Guide: Breaking Changes - API Login Overview: We've enhanced the login authentication process to offer a more dynamic and secure diff --git a/docs/passwordsecure/9.2/configuration/sdk_api/sdk__api.md b/docs/passwordsecure/9.2/configuration/sdkapi/sdk__api.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/sdk_api/sdk__api.md rename to docs/passwordsecure/9.2/configuration/sdkapi/sdk__api.md index 6f01d65a0d..a95dcf50cc 100644 --- a/docs/passwordsecure/9.2/configuration/sdk_api/sdk__api.md +++ b/docs/passwordsecure/9.2/configuration/sdkapi/sdk__api.md @@ -1,3 +1,9 @@ +--- +title: "SDK / API" +description: "SDK / API" +sidebar_position: 80 +--- + # SDK / API API: This interface can be used to "address Netwrix Password Secure externally" in order to, for diff --git a/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md b/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md deleted file mode 100644 index 3a87349bfe..0000000000 --- a/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md +++ /dev/null @@ -1,78 +0,0 @@ -# Certificates - -Various different certificates are used to guarantee the security of Netwrix Password Secure. The -certificates are essential for the smooth operation of Netwrix Password Secure. It is thus important -that they are carefully backed up. - -## What certificates are used? - -The individual certificates are described in the following sections: - -- [SSL connection certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/ssl_connection_certificates.md) -- [Database certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/database_certificates.md) -- [Master Key certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/master_key_certificates.md) -- [Discovery service certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/discovery_service_certificates.md)s -- [Password Reset certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/password_reset_certificates.md) - -## Calling up the certificate manager - -There are two ways to open the certificate manager. The certificates for each specific database can -be managed via the ribbon: - -![installation_with_parameters_196_647x73](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_196_647x73.webp) - -In the **Main menu**, it is also possible to start the certificate manager for all databases via the -**basic configuration:** - -![base configuration](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_197-en.webp) - -NOTE: Operation of the certificate manager is always the same. The only difference is whether the -certificates are displayed for each database or for all databases. - -#### Checking existing certificates - -After opening the certificate manager, all certificates specific to Netwrix Password Secure will be -displayed. Clicking on the certificate will display further information. - -![installation_with_parameters_198](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_198.webp) - -Double clicking on a certificate will open the Windows Certificate Manger to provide more detailed -information. - -![installation_with_parameters_199_423x396](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_199_423x396.webp) - -#### Required certificates / deleting no longer required certificates - -The overview will initially only display those certificates that are being used and are thus -required. Clicking on **All** will also display the no longer required certificates. For example, it -is possible that outdated certificates exist on the machine due to a test installation. These -certificates can be easily deleted via the corresponding button in the ribbon. - -![certificates-ac-4-en](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates-ac-4-en.webp) - -#### Importing certificates - -Previously backed up certificates can be integrated into the installation via the Import button. -This merely requires you to enter the desired .pfx file and its password. - -#### Exporting certificates - -The relevant certificates will be backed up by clicking on export. A password firstly needs to be -issued here. If a storage location has not yet been entered via the settings, you are firstly asked -to enter it. - -NOTE: SSL connection certificates are not included in this process and are also not backed up. These -certificates can be recreated if necessary. - -#### Settings - -You can define whether every certificate should be saved to its own file in the **settings**. If -this option has not been activated, all relevant certificates will be backed up in one file. In -addition, the storage location is defined in the settings. - -![installation_with_parameters_201_826x310](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_201_826x310.webp) - -#### Backing up certificates - -If you want to automatically back up the certificates on a cyclical basis, this can be done via the -backup system. Further information can be found in the section Backup management. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/syslog.md b/docs/passwordsecure/9.2/configuration/server_manager/database_properties/syslog.md deleted file mode 100644 index 84571361b1..0000000000 --- a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/syslog.md +++ /dev/null @@ -1,11 +0,0 @@ -# Syslog - -If desired, the server logs and also the -**[Logbook](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/logbook/logbook.md)** can be transferred to a Syslog -server. Double clicking on a database allows you to access its settings. The corresponding menu -items can be found there. - -![installation_with_parameters_232](/img/product_docs/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_232.webp) - -After activating the Syslog interface via the corresponding option, it is possible to configure the -Syslog server. If desired, the entire logbook can also be transferred via another option. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration.md b/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration.md deleted file mode 100644 index 5b70b9c609..0000000000 --- a/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration.md +++ /dev/null @@ -1,7 +0,0 @@ -# ECC Migration - -For a better overview the ECC migration is organized in two sections. One for the administrators and -one for the end user: - -- [Admin Manual](/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_administrator_manual.md) -- [User Manual](/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_user_manual.md) diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/main_menu.md b/docs/passwordsecure/9.2/configuration/server_manager/main_menu/main_menu.md deleted file mode 100644 index 7ab7348070..0000000000 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/main_menu.md +++ /dev/null @@ -1,12 +0,0 @@ -# Main menu - -## What is the main menu? - -The operation and structure of the Main menu/Backstage menu is the same for the -[Main menu](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/main_menu_fc.md) on the client. This area can be used -independently of the currently selected module. - -- [General settings](/docs/passwordsecure/9.2/configuration/server_manager/database_properties/general_settings_admin_client.md) -- [Backup settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_settings.md) -- [License settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/license_settings.md) -- [Advanced settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/advanced_settings.md) diff --git a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/database_settings.md b/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/database_settings.md deleted file mode 100644 index 0ca5329d10..0000000000 --- a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/database_settings.md +++ /dev/null @@ -1,19 +0,0 @@ -# Database settings - -To open the settings of a database, select it and click on "Settings" in the ribbon. Alternatively -you can open the context menu with the right mouse button and click on "Properties". In the next -step you will be asked to enter your admin password. After that a window with the settings will -open. - -#### Settings - -You can now make the following settings: - -- Authentication -- [Multifactor Authentication](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/multifactor_authentication_ac.md) -- [Session timeout     ](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session_timeout.md) -- [HSM connection via PKCS # 11](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/hsm_connection.md) -- Automatic cleanup -- SAML configuration -- Deletion of users -- More options diff --git a/docs/passwordsecure/9.2/configuration/servermanger/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/_category_.json new file mode 100644 index 0000000000..a78a651997 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Server Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "server_manger" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/server_manager/baseconfiguration/basic_configuration.md b/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/server_manager/baseconfiguration/basic_configuration.md rename to docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md index 16006d6299..af5c43308d 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/baseconfiguration/basic_configuration.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md @@ -1,3 +1,9 @@ +--- +title: "Basic configuration" +description: "Basic configuration" +sidebar_position: 10 +--- + # Basic configuration ## What is basic configuration? diff --git a/docs/passwordsecure/9.2/configuration/servermanger/certificates/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/certificates/_category_.json new file mode 100644 index 0000000000..1d195a83f7 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Certificates", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "certificates" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md b/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md new file mode 100644 index 0000000000..5e5d79f737 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md @@ -0,0 +1,84 @@ +--- +title: "Certificates" +description: "Certificates" +sidebar_position: 20 +--- + +# Certificates + +Various different certificates are used to guarantee the security of Netwrix Password Secure. The +certificates are essential for the smooth operation of Netwrix Password Secure. It is thus important +that they are carefully backed up. + +## What certificates are used? + +The individual certificates are described in the following sections: + +- [SSL connection certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/ssl_connection_certificates.md) +- [Database certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/database_certificates.md) +- [Master Key certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/master_key_certificates.md) +- [Discovery service certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/discovery_service_certificates.md)s +- [Password Reset certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/password_reset_certificates.md) + +## Calling up the certificate manager + +There are two ways to open the certificate manager. The certificates for each specific database can +be managed via the ribbon: + +![installation_with_parameters_196_647x73](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_196_647x73.webp) + +In the **Main menu**, it is also possible to start the certificate manager for all databases via the +**basic configuration:** + +![base configuration](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_197-en.webp) + +NOTE: Operation of the certificate manager is always the same. The only difference is whether the +certificates are displayed for each database or for all databases. + +#### Checking existing certificates + +After opening the certificate manager, all certificates specific to Netwrix Password Secure will be +displayed. Clicking on the certificate will display further information. + +![installation_with_parameters_198](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_198.webp) + +Double clicking on a certificate will open the Windows Certificate Manger to provide more detailed +information. + +![installation_with_parameters_199_423x396](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_199_423x396.webp) + +#### Required certificates / deleting no longer required certificates + +The overview will initially only display those certificates that are being used and are thus +required. Clicking on **All** will also display the no longer required certificates. For example, it +is possible that outdated certificates exist on the machine due to a test installation. These +certificates can be easily deleted via the corresponding button in the ribbon. + +![certificates-ac-4-en](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates-ac-4-en.webp) + +#### Importing certificates + +Previously backed up certificates can be integrated into the installation via the Import button. +This merely requires you to enter the desired .pfx file and its password. + +#### Exporting certificates + +The relevant certificates will be backed up by clicking on export. A password firstly needs to be +issued here. If a storage location has not yet been entered via the settings, you are firstly asked +to enter it. + +NOTE: SSL connection certificates are not included in this process and are also not backed up. These +certificates can be recreated if necessary. + +#### Settings + +You can define whether every certificate should be saved to its own file in the **settings**. If +this option has not been activated, all relevant certificates will be backed up in one file. In +addition, the storage location is defined in the settings. + +![installation_with_parameters_201_826x310](/img/product_docs/passwordsecure/9.2/configuration/server_manager/certificates/installation_with_parameters_201_826x310.webp) + +#### Backing up certificates + +If you want to automatically back up the certificates on a cyclical basis, this can be done via the +backup system. Further information can be found in the section Backup management. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/certificates/database_certificates.md b/docs/passwordsecure/9.2/configuration/servermanger/certificates/database_certificates.md similarity index 84% rename from docs/passwordsecure/9.2/configuration/server_manager/certificates/database_certificates.md rename to docs/passwordsecure/9.2/configuration/servermanger/certificates/database_certificates.md index 88603a773d..e617f5ffd7 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/certificates/database_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/database_certificates.md @@ -1,3 +1,9 @@ +--- +title: "Database certificates" +description: "Database certificates" +sidebar_position: 20 +--- + # Database certificates ## What is a database certificate? @@ -23,5 +29,5 @@ is also transferred! #### Exporting and importing the certificate -The section [Certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md) explains how to back up the certificate and link it +The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) explains how to back up the certificate and link it again. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/certificates/discovery_service_certificates.md b/docs/passwordsecure/9.2/configuration/servermanger/certificates/discovery_service_certificates.md similarity index 79% rename from docs/passwordsecure/9.2/configuration/server_manager/certificates/discovery_service_certificates.md rename to docs/passwordsecure/9.2/configuration/servermanger/certificates/discovery_service_certificates.md index 38edf72e9c..8172d2b179 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/certificates/discovery_service_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/discovery_service_certificates.md @@ -1,3 +1,9 @@ +--- +title: "Discovery service certificates" +description: "Discovery service certificates" +sidebar_position: 40 +--- + # Discovery service certificates ## What is a discovery service certificate? @@ -16,5 +22,5 @@ service certificate is also transferred!** #### Exporting and importing the certificate -The section [Certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md)explains how to back up the certificate and link it +The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it again. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/certificates/master_key_certificates.md b/docs/passwordsecure/9.2/configuration/servermanger/certificates/master_key_certificates.md similarity index 81% rename from docs/passwordsecure/9.2/configuration/server_manager/certificates/master_key_certificates.md rename to docs/passwordsecure/9.2/configuration/servermanger/certificates/master_key_certificates.md index bb475ae74e..fe5bd2de28 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/certificates/master_key_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/master_key_certificates.md @@ -1,9 +1,15 @@ +--- +title: "Master Key certificates" +description: "Master Key certificates" +sidebar_position: 30 +--- + # Master Key certificates #### What is a Master Key certificate? If Active Directory is accessed via -[Masterkey mode](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/masterkey_mode.md), +[Masterkey mode](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/masterkey_mode.md), a certificate will be created. This has the name Active Directory: Domain: diff --git a/docs/passwordsecure/9.2/configuration/server_manager/certificates/nps_server_encryption_certificate.md b/docs/passwordsecure/9.2/configuration/servermanger/certificates/nps_server_encryption_certificate.md similarity index 76% rename from docs/passwordsecure/9.2/configuration/server_manager/certificates/nps_server_encryption_certificate.md rename to docs/passwordsecure/9.2/configuration/servermanger/certificates/nps_server_encryption_certificate.md index 1fefef4f36..d785cfd06d 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/certificates/nps_server_encryption_certificate.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/nps_server_encryption_certificate.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Password Secure Server Encryption Certificate" +description: "Netwrix Password Secure Server Encryption Certificate" +sidebar_position: 60 +--- + # Netwrix Password Secure Server Encryption Certificate With the update to the version 8.16.0 the Netwrix Password Secure Server Encryption Certificate will diff --git a/docs/passwordsecure/9.2/configuration/server_manager/certificates/password_reset_certificates.md b/docs/passwordsecure/9.2/configuration/servermanger/certificates/password_reset_certificates.md similarity index 75% rename from docs/passwordsecure/9.2/configuration/server_manager/certificates/password_reset_certificates.md rename to docs/passwordsecure/9.2/configuration/servermanger/certificates/password_reset_certificates.md index 517492da28..44c1230e48 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/certificates/password_reset_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/password_reset_certificates.md @@ -1,8 +1,14 @@ +--- +title: "Password Reset certificates" +description: "Password Reset certificates" +sidebar_position: 50 +--- + # Password Reset certificates ## What is a Netwrix Password Secure certificate? -If a [Password Reset](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset.md) is created, +If a [Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) is created, a corresponding certificate is created. This ensures that the passwords are transferred in encrypted form. @@ -18,5 +24,5 @@ Reset certificate is also transferred! #### Exporting and importing the certificate -The section [Certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md)explains how to back up the certificate and link it +The section [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md)explains how to back up the certificate and link it again. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/certificates/ssl_connection_certificates.md b/docs/passwordsecure/9.2/configuration/servermanger/certificates/ssl_connection_certificates.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/server_manager/certificates/ssl_connection_certificates.md rename to docs/passwordsecure/9.2/configuration/servermanger/certificates/ssl_connection_certificates.md index 396510ef72..5bc81f88fa 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/certificates/ssl_connection_certificates.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/certificates/ssl_connection_certificates.md @@ -1,3 +1,9 @@ +--- +title: "SSL connection certificates" +description: "SSL connection certificates" +sidebar_position: 10 +--- + # SSL connection certificates ## What is an SSL connection certificate? @@ -39,7 +45,7 @@ NOTE: All information (including the IP address) are stored as DNS name. #### Using the Netwrix Password Secure certificate The name of the PSR certificate is **PSR8Server**. This can be done via the -[Basic configuration](/docs/passwordsecure/9.2/configuration/server_manager/baseconfiguration/basic_configuration.md) in the AdminConsole. The +[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md) in the AdminConsole. The certificate is saved locally under: Local computer -> own certificates -> certificates @@ -81,7 +87,7 @@ NOTE: The user logged in to the operating system requires rights to create certi #### Using your own certificate If a CA already exists, you can also use your own certificate. You can specify this within the -[Basic configuration](/docs/passwordsecure/9.2/configuration/server_manager/baseconfiguration/basic_configuration.md). Please note that a server +[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md). Please note that a server certificate for SSL encryption is used here. The CA must be configured so that all clients trust the certificate. It is necessary to adhere to the certification path. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/creatingdatabase/creating_databases.md b/docs/passwordsecure/9.2/configuration/servermanger/creating_databases.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/server_manager/creatingdatabase/creating_databases.md rename to docs/passwordsecure/9.2/configuration/servermanger/creating_databases.md index a164db9c78..64f82af0da 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/creatingdatabase/creating_databases.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/creating_databases.md @@ -1,3 +1,9 @@ +--- +title: "Creating databases" +description: "Creating databases" +sidebar_position: 40 +--- + # Creating databases ![installation_with_parameters_216](/img/product_docs/passwordsecure/9.2/configuration/server_manager/creatingdatabase/installation_with_parameters_216.webp) diff --git a/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/_category_.json new file mode 100644 index 0000000000..99ee9711b4 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Database properties", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "database_properties" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_firewall.md b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_firewall.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_firewall.md rename to docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_firewall.md index 2b4180c30f..47f7dd2043 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_firewall.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_firewall.md @@ -1,3 +1,9 @@ +--- +title: "Database firewall" +description: "Database firewall" +sidebar_position: 30 +--- + # Database firewall ## What is the database firewall? diff --git a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_properties.md b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md similarity index 77% rename from docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_properties.md rename to docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md index 7a08eef866..5f647e5c4a 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_properties.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md @@ -1,3 +1,9 @@ +--- +title: "Database properties" +description: "Database properties" +sidebar_position: 60 +--- + # Database properties The properties of a database can be opened by double-clicking on the database. No login to the @@ -9,9 +15,9 @@ database is required. The following options can be edited: -- [General settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/general_settings.md) -- [Syslog](/docs/passwordsecure/9.2/configuration/server_manager/database_properties/syslog.md) -- [Database firewall](/docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_firewall.md) +- [General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md) +- [Syslog](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md) +- [Database firewall](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_firewall.md) General Settings diff --git a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/general_settings_admin_client.md b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/general_settings_admin_client.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/server_manager/database_properties/general_settings_admin_client.md rename to docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/general_settings_admin_client.md index 80bfea6f2f..3e5928055f 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/database_properties/general_settings_admin_client.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/general_settings_admin_client.md @@ -1,3 +1,9 @@ +--- +title: "General settings" +description: "General settings" +sidebar_position: 10 +--- + # General settings ## What are general settings? diff --git a/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md new file mode 100644 index 0000000000..417ca39f6d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/syslog.md @@ -0,0 +1,17 @@ +--- +title: "Syslog" +description: "Syslog" +sidebar_position: 20 +--- + +# Syslog + +If desired, the server logs and also the +**[Logbook](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/logbook.md)** can be transferred to a Syslog +server. Double clicking on a database allows you to access its settings. The corresponding menu +items can be found there. + +![installation_with_parameters_232](/img/product_docs/passwordsecure/9.2/configuration/server_manager/database_properties/installation_with_parameters_232.webp) + +After activating the Syslog interface via the corresponding option, it is possible to configure the +Syslog server. If desired, the entire logbook can also be transferred via another option. diff --git a/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/_category_.json new file mode 100644 index 0000000000..45caf65f25 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Main menu", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "main_menu" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/advanced_settings.md b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md similarity index 92% rename from docs/passwordsecure/9.2/configuration/server_manager/main_menu/advanced_settings.md rename to docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md index e248477d69..c08fc16811 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/advanced_settings.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md @@ -1,3 +1,9 @@ +--- +title: "Advanced settings" +description: "Advanced settings" +sidebar_position: 40 +--- + # Advanced settings ## What are advanced settings? diff --git a/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/_category_.json new file mode 100644 index 0000000000..494288a0c3 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Backup settings", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "backup_settings" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated_deletion_of_backups.md b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/automated_deletion_of_backups.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated_deletion_of_backups.md rename to docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/automated_deletion_of_backups.md index 13cd221e7b..45179d0bb7 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/automatic_backup_cleanup/automated_deletion_of_backups.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/automated_deletion_of_backups.md @@ -1,3 +1,9 @@ +--- +title: "Automatic backup cleanup" +description: "Automatic backup cleanup" +sidebar_position: 20 +--- + # Automatic backup cleanup It is possible to delete backups automatically after a certain period of time. This can be useful if diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/backup_management.md b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/backup_management.md rename to docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md index dcacc37be6..3e6a0a5fcd 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/backup_management.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md @@ -1,3 +1,9 @@ +--- +title: "Backup management" +description: "Backup management" +sidebar_position: 10 +--- + # Backup management #### Introduction @@ -23,7 +29,7 @@ created once a week. Creating a backup schedule You can create a new schedule via the ribbon. This is facilitated by a wizard. All the information -entered under [Backup settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_settings.md) will be used by default. +entered under [Backup settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) will be used by default. A profile name is entered first. The desired databases are also selected. You also need to specify the directory for the backups. @@ -45,7 +51,7 @@ with a corresponding name and password. In addition, you can enter here whether the required certificates should be saved using a backup task. Further information can be found in the section -[Certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md). +[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md). ![installation_with_parameters_259](/img/product_docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/installation_with_parameters_259.webp) diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_settings.md b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md similarity index 87% rename from docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_settings.md rename to docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md index 95c3f5cd00..7355bb7741 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_settings.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md @@ -1,3 +1,9 @@ +--- +title: "Backup settings" +description: "Backup settings" +sidebar_position: 20 +--- + # Backup settings ## What are backup settings? diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/disaster_recovery/disaster_recovery_scenarios.md b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/disaster_recovery/disaster_recovery_scenarios.md rename to docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md index 5b27b813ed..cecd1d6234 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/disaster_recovery/disaster_recovery_scenarios.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/disaster_recovery_scenarios.md @@ -1,3 +1,9 @@ +--- +title: "Disaster recovery scenarios" +description: "Disaster recovery scenarios" +sidebar_position: 30 +--- + # Disaster recovery scenarios #### Finding a quick solution in the event of a disaster @@ -16,7 +22,7 @@ Creating backups It is of course essential in the event of a disaster that you can access a backup that is as up-to-date as possible. Therefore, it is necessary to regularly create -[Backup management](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/backup_management.md). +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md). Who is responsible in the event of a disaster? @@ -41,7 +47,7 @@ times. The following options are possible: - Create corresponding [Offline Add-on](/docs/passwordsecure/9.2/configuration/offlineclient/offline_client.md) - Periodically create a HTML WebViewer file with automatic delivery via a system task including e-mail forwarding which can be configured in - [Account](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/account.md) + [Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md) #### Disaster scenarios diff --git a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/license_settings.md b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/server_manager/main_menu/license_settings.md rename to docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md index b7760aafe3..c00e82913b 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/main_menu/license_settings.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md @@ -1,3 +1,9 @@ +--- +title: "License settings" +description: "License settings" +sidebar_position: 30 +--- + # License settings ## What are license settings? diff --git a/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/main_menu.md b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/main_menu.md new file mode 100644 index 0000000000..3226dfa20b --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/main_menu.md @@ -0,0 +1,18 @@ +--- +title: "Main menu" +description: "Main menu" +sidebar_position: 90 +--- + +# Main menu + +## What is the main menu? + +The operation and structure of the Main menu/Backstage menu is the same for the +[Main menu](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/main_menu_fc.md) on the client. This area can be used +independently of the currently selected module. + +- [General settings](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/general_settings_admin_client.md) +- [Backup settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_settings.md) +- [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md) +- [Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) diff --git a/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/_category_.json new file mode 100644 index 0000000000..fa9a46e09d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Managing databases", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "managing_databases" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/_category_.json new file mode 100644 index 0000000000..4d4f954e47 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Database settings", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "database_settings" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/database_settings.md b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/database_settings.md new file mode 100644 index 0000000000..2828ad39dc --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/database_settings.md @@ -0,0 +1,25 @@ +--- +title: "Database settings" +description: "Database settings" +sidebar_position: 10 +--- + +# Database settings + +To open the settings of a database, select it and click on "Settings" in the ribbon. Alternatively +you can open the context menu with the right mouse button and click on "Properties". In the next +step you will be asked to enter your admin password. After that a window with the settings will +open. + +#### Settings + +You can now make the following settings: + +- Authentication +- [Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md) +- [Session timeout     ](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md) +- [HSM connection via PKCS # 11](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md) +- Automatic cleanup +- SAML configuration +- Deletion of users +- More options diff --git a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/hsm_connection.md b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md similarity index 94% rename from docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/hsm_connection.md rename to docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md index eb30362e9f..5b406033a6 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/hsm_connection.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/hsm_connection.md @@ -1,3 +1,9 @@ +--- +title: "HSM connection via PKCS # 11" +description: "HSM connection via PKCS # 11" +sidebar_position: 30 +--- + # HSM connection via PKCS # 11 ## What is the HSM connection? diff --git a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/multifactor_authentication_ac.md b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/multifactor_authentication_ac.md rename to docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md index 2ec760fdc2..806e8773a8 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/multifactor_authentication_ac.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md @@ -1,3 +1,9 @@ +--- +title: "Multifactor Authentication" +description: "Multifactor Authentication" +sidebar_position: 10 +--- + # Multifactor Authentication ## What is multifactor authentication? diff --git a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session_timeout.md b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md similarity index 82% rename from docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session_timeout.md rename to docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md index 6cdd8d01f9..0077394eea 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/session_timeout.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/session_timeout.md @@ -1,3 +1,9 @@ +--- +title: "Session timeout" +description: "Session timeout" +sidebar_position: 20 +--- + # Session timeout Here you can set individually for each client when an inactive connection to the application server diff --git a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/managing_databases.md b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/server_manager/managing_databases/managing_databases.md rename to docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md index ee09dffb01..3480298f9c 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/managing_databases.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/managing_databases.md @@ -1,3 +1,9 @@ +--- +title: "Managing databases" +description: "Managing databases" +sidebar_position: 70 +--- + # Managing databases ## Managing a database @@ -21,7 +27,7 @@ required service, specify the respective access data. You must also configure va this case, you can specify on the client which methods will be used by the individual users. Further information on this subject can be found in the -section[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/server_manager/managing_databases/database_settings/multifactor_authentication_ac.md). +section[Multifactor Authentication](/docs/passwordsecure/9.2/configuration/servermanger/managingdatabases/databasesettings/multifactor_authentication_ac.md). PKCS#11 diff --git a/docs/passwordsecure/9.2/configuration/servermanger/msp/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/msp/_category_.json new file mode 100644 index 0000000000..048747ed4d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/msp/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "MSP", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "msp" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/_category_.json b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/_category_.json new file mode 100644 index 0000000000..e5ccaed2bd --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Changes in the Server Manager", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "changes_in_the_adminclient" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/changes_in_the_adminclient.md b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/changes_in_the_adminclient.md similarity index 89% rename from docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/changes_in_the_adminclient.md rename to docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/changes_in_the_adminclient.md index 725a499eee..a5796ae745 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/changes_in_the_adminclient.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/changes_in_the_adminclient.md @@ -1,3 +1,9 @@ +--- +title: "Changes in the Server Manager" +description: "Changes in the Server Manager" +sidebar_position: 10 +--- + # Changes in the Server Manager #### Navigation diff --git a/docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/cost_overview/cost_overview_module.md b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/cost_overview_module.md similarity index 84% rename from docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/cost_overview/cost_overview_module.md rename to docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/cost_overview_module.md index 9ce35c59a4..30ed0a4ce1 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/cost_overview/cost_overview_module.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/cost_overview_module.md @@ -1,3 +1,9 @@ +--- +title: "Cost overview module" +description: "Cost overview module" +sidebar_position: 20 +--- + # Cost overview module In the Cost overview module, all billed customers are displayed. Here you can see all changes in the diff --git a/docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/customers_module.md b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/customers_module.md similarity index 98% rename from docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/customers_module.md rename to docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/customers_module.md index df1628b60c..47f2cdf6ae 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/msp/changes_in_ac/customers_module/customers_module.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/msp/changesintheadminclient/customers_module.md @@ -1,3 +1,9 @@ +--- +title: "Customers module" +description: "Customers module" +sidebar_position: 10 +--- + # Customers module #### Creating a new customer diff --git a/docs/passwordsecure/9.2/configuration/server_manager/msp/msp.md b/docs/passwordsecure/9.2/configuration/servermanger/msp/msp.md similarity index 85% rename from docs/passwordsecure/9.2/configuration/server_manager/msp/msp.md rename to docs/passwordsecure/9.2/configuration/servermanger/msp/msp.md index ce99de1862..62296b76f3 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/msp/msp.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/msp/msp.md @@ -1,3 +1,9 @@ +--- +title: "MSP" +description: "MSP" +sidebar_position: 100 +--- + # MSP Whether you are a partner or an end user of Netwrix Password Secure - this help will support you in diff --git a/docs/passwordsecure/9.2/configuration/server_manager/operation_and_setup/operation_and_setup_admin_client.md b/docs/passwordsecure/9.2/configuration/servermanger/operation_and_setup_admin_client.md similarity index 96% rename from docs/passwordsecure/9.2/configuration/server_manager/operation_and_setup/operation_and_setup_admin_client.md rename to docs/passwordsecure/9.2/configuration/servermanger/operation_and_setup_admin_client.md index 38592ff39a..4c1406eb50 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/operation_and_setup/operation_and_setup_admin_client.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/operation_and_setup_admin_client.md @@ -1,3 +1,9 @@ +--- +title: "Operation and setup" +description: "Operation and setup" +sidebar_position: 80 +--- + # Operation and setup ## Structure of the Server Manager @@ -5,7 +11,7 @@ The structure of the Server Manager is based to a high degree on the structure of the actual client. The control elements such as the ribbon and the info and detail areas can be derived from the section dealing with the -client([Operation and Setup](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/operation_and_setup.md)). +client([Operation and Setup](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/operation_and_setup.md)). NOTE: An initial password is required for the first login on Server Manager. The password is “admin”. This password should be changed directly after login and carefully documented. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/server_manger.md b/docs/passwordsecure/9.2/configuration/servermanger/server_manger.md similarity index 88% rename from docs/passwordsecure/9.2/configuration/server_manager/server_manger.md rename to docs/passwordsecure/9.2/configuration/servermanger/server_manger.md index 4e4921f4ef..dc3545d03f 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/server_manger.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/server_manger.md @@ -1,3 +1,9 @@ +--- +title: "Server Manager" +description: "Server Manager" +sidebar_position: 10 +--- + # Server Manager ## What is the Server Manager? @@ -6,7 +12,7 @@ The Server Manager takes care of the central administration of the databases as configuration of the backup profiles. In addition, it provides the very important interface to the Netwrix Password Secure license server. Furthermore, it is used for the administration of globally defined settings, as well as the configuration of profiles for sending emails. -[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager/installation_server_manager.md) +[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md) ![Admin Client](/img/product_docs/passwordsecure/9.2/configuration/server_manager/installation_with_parameters_187-en.webp) diff --git a/docs/passwordsecure/9.2/configuration/server_manager/settlement_right_key/settlement_right_key.md b/docs/passwordsecure/9.2/configuration/servermanger/settlement_right_key.md similarity index 97% rename from docs/passwordsecure/9.2/configuration/server_manager/settlement_right_key/settlement_right_key.md rename to docs/passwordsecure/9.2/configuration/servermanger/settlement_right_key.md index bfb5d6bd29..5bdca51b79 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/settlement_right_key/settlement_right_key.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/settlement_right_key.md @@ -1,3 +1,9 @@ +--- +title: "Settlement right key" +description: "Settlement right key" +sidebar_position: 50 +--- + # Settlement right key #### Problem Description diff --git a/docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup_wizard.md b/docs/passwordsecure/9.2/configuration/servermanger/setup_wizard.md similarity index 84% rename from docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup_wizard.md rename to docs/passwordsecure/9.2/configuration/servermanger/setup_wizard.md index f1aefb6ae7..fbc3450d5a 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup_wizard.md +++ b/docs/passwordsecure/9.2/configuration/servermanger/setup_wizard.md @@ -1,3 +1,9 @@ +--- +title: "Setup wizard" +description: "Setup wizard" +sidebar_position: 30 +--- + # Setup wizard ## What is the setup wizard? @@ -10,7 +16,7 @@ individual points can also be changed later on. Separate sections are available The first step is to define the authentication password for the Server Manager. The initial password is “admin”. A new password needs to be entered during startup – this new password should be securely and properly documented. It can be subsequently changed in the -[General settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/general_settings.md). +[General settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/general_settings.md). ![setup-wizard-ac-en](/img/product_docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-en.webp) @@ -19,7 +25,7 @@ NOTE: The initial password is “admin”. #### License settings The second step is to complete the configuration for successively connecting to the licence server. -This step can also be carried out later “in the [License settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/license_settings.md) +This step can also be carried out later “in the [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md) ![setup-wizard-ac-2-en](/img/product_docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-2-en.webp) @@ -33,7 +39,7 @@ the corresponding button. #### Database server The configuration of the database server is also part of the -[Advanced settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/advanced_settings.md) and can also be edited there later on. +[Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) and can also be edited there later on. ![setup-wizard-ac-3-en](/img/product_docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-3-en.webp) @@ -47,7 +53,7 @@ The “Advanced” button allows you to specify a **Connection String.** #### SMTP server The last step is to configure the SMTP server via which all emails are sent. This is also part of -the [Advanced settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/advanced_settings.md) should it be necessary to make changes +the [Advanced settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/advanced_settings.md) should it be necessary to make changes later on. ![setup-wizard-ac-4-en](/img/product_docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup-wizard-ac-4-en.webp) @@ -64,5 +70,5 @@ module that need to be confirmed. **CAUTION:** It is recommended that you only confirm the security notes when the corresponding point has actually been carried out. It is absolutely essential to ensure that regular -[Backup management](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/backup_management.md) are created -and the [Certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md) are backed up. +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md) are created +and the [Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) are backed up. diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/applications/application.md b/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/applications/application.md deleted file mode 100644 index 3f68353a5a..0000000000 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/applications/application.md +++ /dev/null @@ -1,24 +0,0 @@ -# Application - -The following functions are currently available in the **Application module**: - -Web & SAML applications: - -- Create -- Manage -- Delete - -NOTE: A detailed explanation of how to configure SAML can be found in the chapter “Configuration of -SAML” - -General functions: - -- Notifications -- Duplicate -- Move -- Favorite -- Quick view -- Connect password - -NOTE: The Web Application module Applications is based on the client module of the same name -“Applications”. Both modules differ in scope and design, but the operation is almost identical. diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/functional_scope.md b/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/functional_scope.md deleted file mode 100644 index 5163a68ceb..0000000000 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/functional_scope.md +++ /dev/null @@ -1,22 +0,0 @@ -# Functional scope - -The **Web Application** will act as the basis for a constant enhancement. The current functional -scope will be explained at this point. For the purposes of clarity, the relevant modules will be -described in their own subsections. - -#### General functions - -- Global settings and User settings -- Global User rights - -#### Functions in the individual modules - -- [Password module](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/password_module/password_module.md) -- [Tag system](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/tag_system/tag_system.md) -- [Organisational structure module](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/organisational_structure.md) -- [Roles module](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/roles_module/roles_module.md) -- [Forms module](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/forms_module/forms_module.md) -- [Notifications](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/notifications/notifications.md) -- [Logbook](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/logbook/logbook_web_application.md) -- [Application](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/applications/application.md) -- [Documents](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/documents/documents_web_application.md) diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/notifications/notifications.md b/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/notifications/notifications.md deleted file mode 100644 index 80a098f56f..0000000000 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/notifications/notifications.md +++ /dev/null @@ -1,10 +0,0 @@ -# Notifications - -- The **permission module** exists of the following features: -- Filter function -- Seal function -- Mark message as read/unread -- Quick view (use button and space bar) - -The Web Application module permissions is based on the same called client module notifications. Both -modules differ in range and design. However, the handling is almost the same. diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/organisational_structure.md b/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/organisational_structure.md deleted file mode 100644 index 1d186d0205..0000000000 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/organisational_structure.md +++ /dev/null @@ -1,67 +0,0 @@ -# Organisational structure module - -The following functions are currently available in the **organisational structure module**: - -- Adding/editing/deleting/authorizing users / organisational structures -- Notifications -- Drag & Drop -- Filter -- Quick view -- User settings -- User rights -- Changing passwords -- Print - -NOTE: The Web Application module organisational structure is based on the client module of the same -name. Both modules have a different scope and design but are almost identical to use. - -## AD connection in the Web Application - -The Active Directory connection in the Web Application works similiar to the Client. In the chapter -[Active Directory link](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/active_directory_link.md) -you can find further information. - -![Organisational structure WebClient](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_160-en.webp) - -The Web Application offers the following functions: - -- Import -- Manual synchronisation -- Manage profiles - -###### Radius - -You can reach the Radius server, if the import is in the Masterkey mode. The Radius server will be -provided in the Active Directory profile and will therefore deliver the possible authentication -methods in future. You will find further informations in the -[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/organisationalstructures/directoryservices/activedirectorylink/radius_authentication.md) -chapter. - -![installation_with_parameters_161](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_161.webp) - -###### Predefining rights - -To **predefine rights** in the Web Application, the procedure is the same as in the Client. -[Predefining rights](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/predefining_rights.md)) - -Go to the module organisational structure to choose the organisation unit for which the rights shall -be predefined. Then choose **Predefine rights** in the menu bar. - -![installation_with_parameters_162](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_162.webp) - -**Creating the first template group:** A modal window will appear after clicking on the icon for -adding a new template group (green arrow) in which a meaningful name for the template group should -be entered. - -![installation_with_parameters_163](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_163.webp) - -Now you can add the appropriate roles and users. - -![installation_with_parameters_164](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_164.webp) - -You can add users and roles in different ways: - -- Add the appropriate roles and users at the toolbar under **Search and add**. -- Click on the loupe to see all the users and roles. - -![installation_with_parameters_165](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_165.webp) diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/tag_system/tag_system.md b/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/tag_system/tag_system.md deleted file mode 100644 index f471225956..0000000000 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/tag_system/tag_system.md +++ /dev/null @@ -1,7 +0,0 @@ -# Tag system - -The tag system currently offers the following functions: - -- Add -- Delete -- Edit diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/list_view.md b/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/list_view.md deleted file mode 100644 index 60d9adb832..0000000000 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/list_view.md +++ /dev/null @@ -1,17 +0,0 @@ -# List view - -## What is list view? - -The central element of the navigation in the Web Application is list view, which clearly presents -the filtered elements. As list view in the Web Application provides the same functions as list view -in the client, we refer you at this point to the -[List view](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/listview/list_view.md) section. - -![installation_with_parameters_176](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/installation_with_parameters_176.webp) - -#### Special features - -The list view differs from that on the client in the following areas: - -- List view cannot be individually configured -- There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/9.2/configuration/webapplication/_category_.json b/docs/passwordsecure/9.2/configuration/webapplication/_category_.json new file mode 100644 index 0000000000..c09eaf5cec --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Web Application", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "web_application" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md b/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md rename to docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md index aaf153aa13..9ba16c460c 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/authorization_and_protection_mechanisms.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/authorization_and_protection_mechanisms.md @@ -1,3 +1,9 @@ +--- +title: "Authorization and protection mechanisms" +description: "Authorization and protection mechanisms" +sidebar_position: 30 +--- + # Authorization and protection mechanisms ## Security and protection on the Web Application @@ -17,7 +23,7 @@ Password masking The password masking follows the familiar logic of the client. Due to this function, reference should be made to the chapter of -[Password masking](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/password_masking/password_masking.md). +[Password masking](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/password_masking.md). There are marginal differences in the operation. The privacy protection is fixed or edited via a button in the extended menu.. @@ -34,7 +40,7 @@ Seal The seals also correspond in function to the known logic of the client. In the chapter seal further explanations can be found. The -[Seals](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/seals/seals.md) +[Seals](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/protectivemechanisms/seals/seals.md) are configured in the extended menu via a button. ![installation_with_parameters_185](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/authorization_and_protection/installation_with_parameters_185.webp) diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/_category_.json b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/_category_.json new file mode 100644 index 0000000000..10f748e3bd --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Functional scope", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "functional_scope" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md new file mode 100644 index 0000000000..a2f807a1b2 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md @@ -0,0 +1,30 @@ +--- +title: "Application" +description: "Application" +sidebar_position: 80 +--- + +# Application + +The following functions are currently available in the **Application module**: + +Web & SAML applications: + +- Create +- Manage +- Delete + +NOTE: A detailed explanation of how to configure SAML can be found in the chapter “Configuration of +SAML” + +General functions: + +- Notifications +- Duplicate +- Move +- Favorite +- Quick view +- Connect password + +NOTE: The Web Application module Applications is based on the client module of the same name +“Applications”. Both modules differ in scope and design, but the operation is almost identical. diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/documents/documents_web_application.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md similarity index 89% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/documents/documents_web_application.md rename to docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md index ab06a91036..8a87958f40 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/documents/documents_web_application.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md @@ -1,3 +1,9 @@ +--- +title: "Documents" +description: "Documents" +sidebar_position: 90 +--- + # Documents The following functions are currently available in the **Document module:** diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/forms_module/forms_module.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md similarity index 82% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/forms_module/forms_module.md rename to docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md index 9a6f75929f..bbcc9fad6f 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/forms_module/forms_module.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md @@ -1,3 +1,9 @@ +--- +title: "Forms module" +description: "Forms module" +sidebar_position: 50 +--- + # Forms module The following functions are currently available in the **forms module**: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/functional_scope.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/functional_scope.md new file mode 100644 index 0000000000..c05b876c01 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/functional_scope.md @@ -0,0 +1,28 @@ +--- +title: "Functional scope" +description: "Functional scope" +sidebar_position: 10 +--- + +# Functional scope + +The **Web Application** will act as the basis for a constant enhancement. The current functional +scope will be explained at this point. For the purposes of clarity, the relevant modules will be +described in their own subsections. + +#### General functions + +- Global settings and User settings +- Global User rights + +#### Functions in the individual modules + +- [Password module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md) +- [Tag system](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md) +- [Organisational structure module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md) +- [Roles module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md) +- [Forms module](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/forms_module.md) +- [Notifications](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/notifications.md) +- [Logbook](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md) +- [Application](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/application.md) +- [Documents](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/documents_web_application.md) diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/logbook/logbook_web_application.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md similarity index 88% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/logbook/logbook_web_application.md rename to docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md index 60a30695ba..3308e1b963 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/logbook/logbook_web_application.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/logbook_web_application.md @@ -1,3 +1,9 @@ +--- +title: "Logbook" +description: "Logbook" +sidebar_position: 70 +--- + # Logbook The **logbook module** exists of the following features: diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/notifications.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/notifications.md new file mode 100644 index 0000000000..f598d3e458 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/notifications.md @@ -0,0 +1,16 @@ +--- +title: "Notifications" +description: "Notifications" +sidebar_position: 60 +--- + +# Notifications + +- The **permission module** exists of the following features: +- Filter function +- Seal function +- Mark message as read/unread +- Quick view (use button and space bar) + +The Web Application module permissions is based on the same called client module notifications. Both +modules differ in range and design. However, the handling is almost the same. diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/_category_.json b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/_category_.json new file mode 100644 index 0000000000..2f4190cfcb --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Organisational structure module", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "organisational_structure" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md new file mode 100644 index 0000000000..eb9882eb80 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/organisational_structure.md @@ -0,0 +1,73 @@ +--- +title: "Organisational structure module" +description: "Organisational structure module" +sidebar_position: 30 +--- + +# Organisational structure module + +The following functions are currently available in the **organisational structure module**: + +- Adding/editing/deleting/authorizing users / organisational structures +- Notifications +- Drag & Drop +- Filter +- Quick view +- User settings +- User rights +- Changing passwords +- Print + +NOTE: The Web Application module organisational structure is based on the client module of the same +name. Both modules have a different scope and design but are almost identical to use. + +## AD connection in the Web Application + +The Active Directory connection in the Web Application works similiar to the Client. In the chapter +[Active Directory link](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/active_directory_link.md) +you can find further information. + +![Organisational structure WebClient](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_160-en.webp) + +The Web Application offers the following functions: + +- Import +- Manual synchronisation +- Manage profiles + +###### Radius + +You can reach the Radius server, if the import is in the Masterkey mode. The Radius server will be +provided in the Active Directory profile and will therefore deliver the possible authentication +methods in future. You will find further informations in the +[RADIUS authentication](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/organisationalstructure/directoryservices/activedirectorylink/radius_authentication.md) +chapter. + +![installation_with_parameters_161](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_161.webp) + +###### Predefining rights + +To **predefine rights** in the Web Application, the procedure is the same as in the Client. +[Predefining rights](/docs/passwordsecure/9.2/configuration/advancedview/permissionconceptandprotective/predefiningrights/predefining_rights.md)) + +Go to the module organisational structure to choose the organisation unit for which the rights shall +be predefined. Then choose **Predefine rights** in the menu bar. + +![installation_with_parameters_162](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_162.webp) + +**Creating the first template group:** A modal window will appear after clicking on the icon for +adding a new template group (green arrow) in which a meaningful name for the template group should +be entered. + +![installation_with_parameters_163](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_163.webp) + +Now you can add the appropriate roles and users. + +![installation_with_parameters_164](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_164.webp) + +You can add users and roles in different ways: + +- Add the appropriate roles and users at the toolbar under **Search and add**. +- Click on the loupe to see all the users and roles. + +![installation_with_parameters_165](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/installation_with_parameters_165.webp) diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/user_management/user_management.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md similarity index 88% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/user_management/user_management.md rename to docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md index cc402ffae1..32091d75ca 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/organisational_structure/user_management/user_management.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/organisationalstructure/user_management.md @@ -1,3 +1,9 @@ +--- +title: "User management" +description: "User management" +sidebar_position: 10 +--- + # User management ## How are the users managed in the Web Application? diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/password_module/password_module.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/password_module/password_module.md rename to docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md index 90a41f943f..f2b835195d 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/password_module/password_module.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/password_module.md @@ -1,3 +1,9 @@ +--- +title: "Password module" +description: "Password module" +sidebar_position: 10 +--- + # Password module The **Password Module** currently provides the following functions: diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/roles_module/roles_module.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md similarity index 81% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/roles_module/roles_module.md rename to docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md index a4c62faa47..55a5e66583 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/roles_module/roles_module.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/roles_module.md @@ -1,3 +1,9 @@ +--- +title: "Roles module" +description: "Roles module" +sidebar_position: 40 +--- + # Roles module The following functions are currently available in the **roles module:** diff --git a/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md new file mode 100644 index 0000000000..8facda3781 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/tag_system.md @@ -0,0 +1,13 @@ +--- +title: "Tag system" +description: "Tag system" +sidebar_position: 20 +--- + +# Tag system + +The tag system currently offers the following functions: + +- Add +- Delete +- Edit diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/_category_.json b/docs/passwordsecure/9.2/configuration/webapplication/operation/_category_.json new file mode 100644 index 0000000000..69b8feec7d --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Operation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "operation" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/filter_or_structure/filter_or_structure_area.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md similarity index 86% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/filter_or_structure/filter_or_structure_area.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md index f0157ac3b5..41b65adff7 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/filter_or_structure/filter_or_structure_area.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md @@ -1,3 +1,9 @@ +--- +title: "Filter or structure area" +description: "Filter or structure area" +sidebar_position: 30 +--- + # Filter or structure area As is also the case on the client, it is possible to select between filter and structure. For this @@ -8,7 +14,7 @@ purpose, the following buttons are available on the navigation bar 1. Filter The filter on the Web Application is based on the -[Filter](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/filter/filter.md). Therefore, only those +[Filter](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/filter/filter.md). Therefore, only those characteristics specific to the Web Application will be described here. Using the filter diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/footer/footer.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md similarity index 93% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/footer/footer.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md index 2506122aa0..2c84e28b65 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/footer/footer.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md @@ -1,3 +1,9 @@ +--- +title: "Footer" +description: "Footer" +sidebar_position: 70 +--- + # Footer The footer displays various different information about the currently selected record in multiple diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/header/header.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md similarity index 88% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/header/header.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/header.md index b1e515a1b8..bad598c63a 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/header/header.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md @@ -1,3 +1,9 @@ +--- +title: "Header" +description: "Header" +sidebar_position: 10 +--- + # Header The header provides the following functions: @@ -35,4 +41,4 @@ clicking on it. The user who is currently logged in can be seen under account. You can log out by clicking on the account. It is also possible to call up the settings in -[Account](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/account/account.md). +[Account](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/account.md). diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md new file mode 100644 index 0000000000..255bbbb7de --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md @@ -0,0 +1,23 @@ +--- +title: "List view" +description: "List view" +sidebar_position: 50 +--- + +# List view + +## What is list view? + +The central element of the navigation in the Web Application is list view, which clearly presents +the filtered elements. As list view in the Web Application provides the same functions as list view +in the client, we refer you at this point to the +[List view](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/list_view.md) section. + +![installation_with_parameters_176](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/installation_with_parameters_176.webp) + +#### Special features + +The list view differs from that on the client in the following areas: + +- List view cannot be individually configured +- There are – as is usual in a browser – no context menus diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/menu_bar/menu.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md similarity index 91% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/menu_bar/menu.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md index ee0160ba19..31d5ae3b14 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/menu_bar/menu.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md @@ -1,3 +1,9 @@ +--- +title: "Menu" +description: "Menu" +sidebar_position: 40 +--- + # Menu ## What is the menu? @@ -78,10 +84,10 @@ advanced menu contains all functions. All of the additional functions can be found here. These functions correspond to the main client and will be described in the next section: -[Passwords](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwords/passwords.md) +[Passwords](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwords/passwords.md) 7. Password Reset The functions of the -[Password Reset](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/passwordreset/password_reset.md) can be found +[Password Reset](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/passwordreset/password_reset.md) can be found here. diff --git a/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/_category_.json b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/_category_.json new file mode 100644 index 0000000000..a2da549604 --- /dev/null +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigation bar", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigation_bar" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/navigation_bar.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md similarity index 89% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/navigation_bar.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md index 117a3b85d0..1b73cbf438 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/navigation_bar.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md @@ -1,3 +1,9 @@ +--- +title: "Navigation bar" +description: "Navigation bar" +sidebar_position: 20 +--- + # Navigation bar The navigation bar provides the following functions. diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/settings/settings_wc.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/settings_wc.md similarity index 85% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/settings/settings_wc.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/settings_wc.md index 2e6bb33ed8..04f2f062c0 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/settings/settings_wc.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/settings_wc.md @@ -1,6 +1,12 @@ +--- +title: "Settings" +description: "Settings" +sidebar_position: 20 +--- + # Settings -The settings are called up via the [Navigation bar](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/navigation_bar.md). The following options are +The settings are called up via the [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md). The following options are available: #### Language @@ -49,8 +55,8 @@ The following options can be managed via this menu item: - User settings The management of these settings is based on the client. Further information can be found under -global [User rights](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/user_rights.md) and -[User settings](/docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_settings/user_settings.md) +global [User rights](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/userrights/user_rights.md) and +[User settings](/docs/passwordsecure/9.2/configuration/advancedview/mainmenufc/usersettings/user_settings.md) The following settings are not available on the Web Application: diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/user_menu/user_menu_wc.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/user_menu_wc.md similarity index 91% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/user_menu/user_menu_wc.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/user_menu_wc.md index da28ac8308..ba7fe1da84 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/user_menu/user_menu_wc.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/user_menu_wc.md @@ -1,3 +1,9 @@ +--- +title: "User menu" +description: "User menu" +sidebar_position: 10 +--- + # User menu The user menu can be found in the upper right corner of the Web Application. A right click on the diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/operation.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/operation.md similarity index 78% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/operation.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/operation.md index e10c2382c3..41bd169fdd 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/operation.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/operation.md @@ -1,3 +1,9 @@ +--- +title: "Operation" +description: "Operation" +sidebar_position: 20 +--- + # Operation Operation of the Web Application has been based as far as possible on the operation of the Netwrix @@ -49,31 +55,31 @@ The Web Application is split into a number of sections that are described below. ![Operation](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/operation/installation_with_parameters_168-en.webp) -1. [Header](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/header/header.md) +1. [Header](/docs/passwordsecure/9.2/configuration/webapplication/operation/header.md) The header provides access to some essential functions. -2. [Navigation bar](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/navigation_bar/navigation_bar.md) +2. [Navigation bar](/docs/passwordsecure/9.2/configuration/webapplication/operation/navigationbar/navigation_bar.md) It is possible to switch between module and filter view on the navigation bar. -3. [Filter or structure area](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/filter_or_structure/filter_or_structure_area.md) +3. [Filter or structure area](/docs/passwordsecure/9.2/configuration/webapplication/operation/filter_or_structure_area.md) As is also the case on the client, it is possible to select between filter and structure. -4. [Menu](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/menu_bar/menu.md) +4. [Menu](/docs/passwordsecure/9.2/configuration/webapplication/operation/menu.md) The ribbon on the client has been replaced by a menu bar on the Web Application. -5. [List view](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/list_view/list_view.md) +5. [List view](/docs/passwordsecure/9.2/configuration/webapplication/operation/list_view.md) The records currently selected using the filter can be viewed in list view. -6. [Reading pane](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/reading_pane/reading_pane_webclient.md) +6. [Reading pane](/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md) The reading pane shows you details about the relevantly selected element. -7. [Footer](/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/footer/footer.md) +7. [Footer](/docs/passwordsecure/9.2/configuration/webapplication/operation/footer.md) Various information about the record is displayed in the footer. For example, logbook entries or the history. diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/reading_pane/reading_pane_webclient.md b/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md similarity index 76% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/operation/reading_pane/reading_pane_webclient.md rename to docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md index 1046f318a2..e2651e0e5e 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/operation/reading_pane/reading_pane_webclient.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/operation/reading_pane_webclient.md @@ -1,10 +1,16 @@ +--- +title: "Reading pane" +description: "Reading pane" +sidebar_position: 60 +--- + # Reading pane ## What is the reading pane? As with the list view, the reading pane on the Web Application is almost identical to that on the client. Therefore, we also refer you here to the corresponding -[Reading pane](/docs/passwordsecure/9.2/configuration/advanced_view/operation_and_setup/readingpane/reading_pane.md) section. +[Reading pane](/docs/passwordsecure/9.2/configuration/advancedview/operationandsetup/reading_pane.md) section. ![reading_pane](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/operation/reading_pane/reading_pane.webp) diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/problems/problems_with_the_server_connection.md b/docs/passwordsecure/9.2/configuration/webapplication/problems_with_the_server_connection.md similarity index 82% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/problems/problems_with_the_server_connection.md rename to docs/passwordsecure/9.2/configuration/webapplication/problems_with_the_server_connection.md index b47f935576..1e865a1aa2 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/problems/problems_with_the_server_connection.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/problems_with_the_server_connection.md @@ -1,3 +1,9 @@ +--- +title: "Problems with the server connection" +description: "Problems with the server connection" +sidebar_position: 40 +--- + # Problems with the server connection If no connection can be established from the Web Application, there are several possible causes: diff --git a/docs/passwordsecure/9.2/configuration/web_applicaiton/web_application.md b/docs/passwordsecure/9.2/configuration/webapplication/web_application.md similarity index 83% rename from docs/passwordsecure/9.2/configuration/web_applicaiton/web_application.md rename to docs/passwordsecure/9.2/configuration/webapplication/web_application.md index b6c17864de..632c7f9e25 100644 --- a/docs/passwordsecure/9.2/configuration/web_applicaiton/web_application.md +++ b/docs/passwordsecure/9.2/configuration/webapplication/web_application.md @@ -1,3 +1,9 @@ +--- +title: "Web Application" +description: "Web Application" +sidebar_position: 40 +--- + # Web Application ## What is the Web Application @@ -7,7 +13,7 @@ Secure version** **8.3.0. The completely newly developed \*Web Application** wil for the constant enhancement of the functional scope. The desired objective is to also provide the full functional scope of the client in the Web Application. The **Web Application** will thus be constantly enhanced. All of the currently available functions can be viewed in the -[Functional scope](/docs/passwordsecure/9.2/configuration/web_applicaiton/functional_scope/functional_scope.md) section. +[Functional scope](/docs/passwordsecure/9.2/configuration/webapplication/functionalscope/functional_scope.md) section. ![WebClient](/img/product_docs/passwordsecure/9.2/configuration/web_applicaiton/installation_with_parameters_159.webp) @@ -19,4 +25,4 @@ responsive design, it can also be used on all mobile devices such as tablets and The **Web Application** is based both optically and also in its operation on the Netwrix Password Secure client. As usual, users can only access the data for which they also have permissions. The installation is described in the section -[Installation Web Application](/docs/passwordsecure/9.2/installation/installation_web_application/installation_web_application.md) +[Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) diff --git a/docs/passwordsecure/9.2/enduser/_category_.json b/docs/passwordsecure/9.2/enduser/_category_.json new file mode 100644 index 0000000000..47348ad344 --- /dev/null +++ b/docs/passwordsecure/9.2/enduser/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Started for End Users", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/enduser/advancedview.md b/docs/passwordsecure/9.2/enduser/advancedview.md index f0b5f0fb67..4a2f16458c 100644 --- a/docs/passwordsecure/9.2/enduser/advancedview.md +++ b/docs/passwordsecure/9.2/enduser/advancedview.md @@ -1,3 +1,9 @@ +--- +title: "Outlook: Advanced View" +description: "Outlook: Advanced View" +sidebar_position: 50 +--- + # Outlook: Advanced View Curious about how you can manage your team in Netwrix Password Secure? diff --git a/docs/passwordsecure/9.2/enduser/browserextension.md b/docs/passwordsecure/9.2/enduser/browserextension.md index 7d49dd5541..30d406edb8 100644 --- a/docs/passwordsecure/9.2/enduser/browserextension.md +++ b/docs/passwordsecure/9.2/enduser/browserextension.md @@ -1,3 +1,9 @@ +--- +title: "Get the Browser Extension" +description: "Get the Browser Extension" +sidebar_position: 10 +--- + # Get the Browser Extension First, Netwrix Password Secure is designed to make and keep your passwords more secure. But this diff --git a/docs/passwordsecure/9.2/enduser/cleanuppasswords.md b/docs/passwordsecure/9.2/enduser/cleanuppasswords.md index 4e82a80443..4162bcdbc4 100644 --- a/docs/passwordsecure/9.2/enduser/cleanuppasswords.md +++ b/docs/passwordsecure/9.2/enduser/cleanuppasswords.md @@ -1,3 +1,9 @@ +--- +title: "Clean up Your Passwords" +description: "Clean up Your Passwords" +sidebar_position: 20 +--- + # Clean up Your Passwords For a clean relocation of passwords, it is important to clean up all your passwords beforehand. This diff --git a/docs/passwordsecure/9.2/enduser/createnewentry.md b/docs/passwordsecure/9.2/enduser/createnewentry.md index 14df01ede4..cb3aab50fb 100644 --- a/docs/passwordsecure/9.2/enduser/createnewentry.md +++ b/docs/passwordsecure/9.2/enduser/createnewentry.md @@ -1,3 +1,9 @@ +--- +title: "Create a New Entry from Scratch" +description: "Create a New Entry from Scratch" +sidebar_position: 30 +--- + # Create a New Entry from Scratch Follow the steps to create a new entry from scratch. diff --git a/docs/passwordsecure/9.2/enduser/organizepasswords.md b/docs/passwordsecure/9.2/enduser/organizepasswords.md index 5929885488..89e1f0dcd5 100644 --- a/docs/passwordsecure/9.2/enduser/organizepasswords.md +++ b/docs/passwordsecure/9.2/enduser/organizepasswords.md @@ -1,3 +1,9 @@ +--- +title: "Organize Your Passwords" +description: "Organize Your Passwords" +sidebar_position: 40 +--- + # Organize Your Passwords ## Add a Team Tab diff --git a/docs/passwordsecure/9.2/enduser/overview.md b/docs/passwordsecure/9.2/enduser/overview.md index 0688569d74..0c153f6537 100644 --- a/docs/passwordsecure/9.2/enduser/overview.md +++ b/docs/passwordsecure/9.2/enduser/overview.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started for End Users" +description: "Getting Started for End Users" +sidebar_position: 70 +--- + # Getting Started for End Users It is time to set up your new password management solution Netwrix Password Secure! The process diff --git a/docs/passwordsecure/9.2/faq/_category_.json b/docs/passwordsecure/9.2/faq/_category_.json new file mode 100644 index 0000000000..0c7ff6cade --- /dev/null +++ b/docs/passwordsecure/9.2/faq/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "FAQ", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/faq/security/_category_.json b/docs/passwordsecure/9.2/faq/security/_category_.json new file mode 100644 index 0000000000..1a38cad5e6 --- /dev/null +++ b/docs/passwordsecure/9.2/faq/security/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Security", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/faq/security/encryption/encryption.md b/docs/passwordsecure/9.2/faq/security/encryption.md similarity index 96% rename from docs/passwordsecure/9.2/faq/security/encryption/encryption.md rename to docs/passwordsecure/9.2/faq/security/encryption.md index 234db141ce..06ec693fb1 100644 --- a/docs/passwordsecure/9.2/faq/security/encryption/encryption.md +++ b/docs/passwordsecure/9.2/faq/security/encryption.md @@ -1,3 +1,9 @@ +--- +title: "Encryption" +description: "Encryption" +sidebar_position: 10 +--- + # Encryption ## Used Algorithms diff --git a/docs/passwordsecure/9.2/faq/security/high_availability/high_availability.md b/docs/passwordsecure/9.2/faq/security/high_availability.md similarity index 95% rename from docs/passwordsecure/9.2/faq/security/high_availability/high_availability.md rename to docs/passwordsecure/9.2/faq/security/high_availability.md index 6f41f7289a..1b3ad7ffad 100644 --- a/docs/passwordsecure/9.2/faq/security/high_availability/high_availability.md +++ b/docs/passwordsecure/9.2/faq/security/high_availability.md @@ -1,3 +1,9 @@ +--- +title: "High availability" +description: "High availability" +sidebar_position: 30 +--- + # High availability ## What is high availability? diff --git a/docs/passwordsecure/9.2/faq/security/penetration_test/penetration_tests.md b/docs/passwordsecure/9.2/faq/security/penetration_tests.md similarity index 91% rename from docs/passwordsecure/9.2/faq/security/penetration_test/penetration_tests.md rename to docs/passwordsecure/9.2/faq/security/penetration_tests.md index 1202f79c1c..bc05ed4133 100644 --- a/docs/passwordsecure/9.2/faq/security/penetration_test/penetration_tests.md +++ b/docs/passwordsecure/9.2/faq/security/penetration_tests.md @@ -1,3 +1,9 @@ +--- +title: "Penetration tests" +description: "Penetration tests" +sidebar_position: 20 +--- + # Penetration tests ## External Penetration tests diff --git a/docs/passwordsecure/9.2/installation/_category_.json b/docs/passwordsecure/9.2/installation/_category_.json new file mode 100644 index 0000000000..64ab617b78 --- /dev/null +++ b/docs/passwordsecure/9.2/installation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/installation/browser/installation_browser_add-on.md b/docs/passwordsecure/9.2/installation/browser/installation_browser_add-on.md deleted file mode 100644 index f990ec531f..0000000000 --- a/docs/passwordsecure/9.2/installation/browser/installation_browser_add-on.md +++ /dev/null @@ -1,8 +0,0 @@ -# Installation Browser Extension - -Following browser extensions can be installed:  - -- [Google Chrome](/docs/passwordsecure/9.2/installation/browser/google_chrome.md) -- [Microsoft Edge](/docs/passwordsecure/9.2/installation/browser/microsoft_edge.md) -- [Mozilla Firefox](/docs/passwordsecure/9.2/installation/browser/mozilla_firefox.md) -- [Safari](/docs/passwordsecure/9.2/installation/browser/safari.md) diff --git a/docs/passwordsecure/9.2/installation/installation.md b/docs/passwordsecure/9.2/installation/installation.md index e93e031d4e..7250488faa 100644 --- a/docs/passwordsecure/9.2/installation/installation.md +++ b/docs/passwordsecure/9.2/installation/installation.md @@ -1,3 +1,9 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 20 +--- + # Installation The following pages will provide you with all the information how to install the different Netwrix diff --git a/docs/passwordsecure/9.2/installation/installation_server_manager/installation_server_manager.md b/docs/passwordsecure/9.2/installation/installation_server_manager.md similarity index 91% rename from docs/passwordsecure/9.2/installation/installation_server_manager/installation_server_manager.md rename to docs/passwordsecure/9.2/installation/installation_server_manager.md index 13d4d451bf..67a3e71599 100644 --- a/docs/passwordsecure/9.2/installation/installation_server_manager/installation_server_manager.md +++ b/docs/passwordsecure/9.2/installation/installation_server_manager.md @@ -1,3 +1,9 @@ +--- +title: "Installation Server Manager" +description: "Installation Server Manager" +sidebar_position: 20 +--- + # Installation Server Manager ## Guide @@ -15,7 +21,7 @@ First you are required to read and accept the license terms. These can also be p The next step is to define the location. The suggested location can be retained. If you want to use Netwrix Password Secure as an identity provider -[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/configuration_of_saml/configuration_of_saml.md) +[Configuration of SAML](/docs/passwordsecure/9.2/configuration/advancedview/clientmodule/applications/configuration_of_saml.md) must be selected. Otherwise, it will not be installed. ![Password Secure Server Setup](/img/product_docs/passwordsecure/9.2/installation/installation_server_manager/installation-admin-client-3-en.webp) diff --git a/docs/passwordsecure/9.2/installation/installationbrowseraddon/_category_.json b/docs/passwordsecure/9.2/installation/installationbrowseraddon/_category_.json new file mode 100644 index 0000000000..e654bf472d --- /dev/null +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Browser Extension", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation_browser_add-on" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/installation/browser/google_chrome.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md similarity index 90% rename from docs/passwordsecure/9.2/installation/browser/google_chrome.md rename to docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md index fce4c12b05..277b83e401 100644 --- a/docs/passwordsecure/9.2/installation/browser/google_chrome.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md @@ -1,3 +1,9 @@ +--- +title: "Google Chrome" +description: "Google Chrome" +sidebar_position: 10 +--- + # Google Chrome ## Installing the add-on diff --git a/docs/passwordsecure/9.2/installation/installationbrowseraddon/installation_browser_add-on.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/installation_browser_add-on.md new file mode 100644 index 0000000000..4da7a236b8 --- /dev/null +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/installation_browser_add-on.md @@ -0,0 +1,14 @@ +--- +title: "Installation Browser Extension" +description: "Installation Browser Extension" +sidebar_position: 50 +--- + +# Installation Browser Extension + +Following browser extensions can be installed:  + +- [Google Chrome](/docs/passwordsecure/9.2/installation/installationbrowseraddon/google_chrome.md) +- [Microsoft Edge](/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md) +- [Mozilla Firefox](/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md) +- [Safari](/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md) diff --git a/docs/passwordsecure/9.2/installation/browser/microsoft_edge.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md similarity index 86% rename from docs/passwordsecure/9.2/installation/browser/microsoft_edge.md rename to docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md index 7655091737..a99cf6bff1 100644 --- a/docs/passwordsecure/9.2/installation/browser/microsoft_edge.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/microsoft_edge.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Edge" +description: "Microsoft Edge" +sidebar_position: 20 +--- + # Microsoft Edge ## Installing the add-on diff --git a/docs/passwordsecure/9.2/installation/browser/mozilla_firefox.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md similarity index 86% rename from docs/passwordsecure/9.2/installation/browser/mozilla_firefox.md rename to docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md index 41fa47fc3b..f42bc00077 100644 --- a/docs/passwordsecure/9.2/installation/browser/mozilla_firefox.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/mozilla_firefox.md @@ -1,3 +1,9 @@ +--- +title: "Mozilla Firefox" +description: "Mozilla Firefox" +sidebar_position: 30 +--- + # Mozilla Firefox ## Installing the add-on diff --git a/docs/passwordsecure/9.2/installation/browser/safari.md b/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md similarity index 84% rename from docs/passwordsecure/9.2/installation/browser/safari.md rename to docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md index 73f6cd7614..1c91616943 100644 --- a/docs/passwordsecure/9.2/installation/browser/safari.md +++ b/docs/passwordsecure/9.2/installation/installationbrowseraddon/safari.md @@ -1,3 +1,9 @@ +--- +title: "Safari" +description: "Safari" +sidebar_position: 40 +--- + # Safari ## Installing the add-on diff --git a/docs/passwordsecure/9.2/installation/installationclient/_category_.json b/docs/passwordsecure/9.2/installation/installationclient/_category_.json new file mode 100644 index 0000000000..81712fa0bb --- /dev/null +++ b/docs/passwordsecure/9.2/installation/installationclient/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Client", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation_client" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/installation/installation_client/installation_client.md b/docs/passwordsecure/9.2/installation/installationclient/installation_client.md similarity index 97% rename from docs/passwordsecure/9.2/installation/installation_client/installation_client.md rename to docs/passwordsecure/9.2/installation/installationclient/installation_client.md index 03df50c93e..dbf9d0546a 100644 --- a/docs/passwordsecure/9.2/installation/installation_client/installation_client.md +++ b/docs/passwordsecure/9.2/installation/installationclient/installation_client.md @@ -1,3 +1,9 @@ +--- +title: "Installation Client" +description: "Installation Client" +sidebar_position: 30 +--- + # Installation Client ## Guide diff --git a/docs/passwordsecure/9.2/installation/installation_client/installation_with_parameters.md b/docs/passwordsecure/9.2/installation/installationclient/installation_with_parameters.md similarity index 92% rename from docs/passwordsecure/9.2/installation/installation_client/installation_with_parameters.md rename to docs/passwordsecure/9.2/installation/installationclient/installation_with_parameters.md index f5bff66d67..0e05de97f5 100644 --- a/docs/passwordsecure/9.2/installation/installation_client/installation_with_parameters.md +++ b/docs/passwordsecure/9.2/installation/installationclient/installation_with_parameters.md @@ -1,3 +1,9 @@ +--- +title: "Installation with parameters" +description: "Installation with parameters" +sidebar_position: 10 +--- + # Installation with parameters ## What is installation with parameters? diff --git a/docs/passwordsecure/9.2/installation/installationwebapplication/_category_.json b/docs/passwordsecure/9.2/installation/installationwebapplication/_category_.json new file mode 100644 index 0000000000..c328f38534 --- /dev/null +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Web Application", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation_web_application" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/installation/installation_web_application/apache.md b/docs/passwordsecure/9.2/installation/installationwebapplication/apache.md similarity index 96% rename from docs/passwordsecure/9.2/installation/installation_web_application/apache.md rename to docs/passwordsecure/9.2/installation/installationwebapplication/apache.md index 59f93b4d3b..2be47933ec 100644 --- a/docs/passwordsecure/9.2/installation/installation_web_application/apache.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/apache.md @@ -1,3 +1,9 @@ +--- +title: "Apache" +description: "Apache" +sidebar_position: 10 +--- + # Apache In order to integrate the Web Application onto an Apache server, it is first necessary to enter all diff --git a/docs/passwordsecure/9.2/installation/installation_web_application/installation_web_application.md b/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md similarity index 94% rename from docs/passwordsecure/9.2/installation/installation_web_application/installation_web_application.md rename to docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md index 2e2943c916..7f39c393d9 100644 --- a/docs/passwordsecure/9.2/installation/installation_web_application/installation_web_application.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md @@ -1,3 +1,9 @@ +--- +title: "Installation Web Application" +description: "Installation Web Application" +sidebar_position: 40 +--- + # Installation Web Application **CAUTION:** This guide focuses on the initial installation of the Web Application and is not @@ -7,7 +13,7 @@ relevant for further updates. ### System requirements -Please ensured that all [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver.md)r requirements have been met. +Please ensured that all [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md)r requirements have been met. ### SSL certificate diff --git a/docs/passwordsecure/9.2/installation/installation_web_application/microsoft_iis.md b/docs/passwordsecure/9.2/installation/installationwebapplication/microsoft_iis.md similarity index 97% rename from docs/passwordsecure/9.2/installation/installation_web_application/microsoft_iis.md rename to docs/passwordsecure/9.2/installation/installationwebapplication/microsoft_iis.md index 544200bd5a..7f6f37d4ed 100644 --- a/docs/passwordsecure/9.2/installation/installation_web_application/microsoft_iis.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/microsoft_iis.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft IIS" +description: "Microsoft IIS" +sidebar_position: 20 +--- + # Microsoft IIS If the Web Application is being operated on a Microsoft IIS web server, there are two methods for diff --git a/docs/passwordsecure/9.2/installation/installation_web_application/nginx.md b/docs/passwordsecure/9.2/installation/installationwebapplication/nginx.md similarity index 96% rename from docs/passwordsecure/9.2/installation/installation_web_application/nginx.md rename to docs/passwordsecure/9.2/installation/installationwebapplication/nginx.md index dc5d7117a4..88d24a244b 100644 --- a/docs/passwordsecure/9.2/installation/installation_web_application/nginx.md +++ b/docs/passwordsecure/9.2/installation/installationwebapplication/nginx.md @@ -1,3 +1,9 @@ +--- +title: "nginx" +description: "nginx" +sidebar_position: 30 +--- + # nginx In order to integrate the Web Application onto an nginx server, it is first necessary to enter all diff --git a/docs/passwordsecure/9.2/installation/requirements/_category_.json b/docs/passwordsecure/9.2/installation/requirements/_category_.json new file mode 100644 index 0000000000..af267b40ba --- /dev/null +++ b/docs/passwordsecure/9.2/installation/requirements/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Requirements", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/installation/requirements/application_server.md b/docs/passwordsecure/9.2/installation/requirements/application_server.md index 46a1e0067c..bb16428681 100644 --- a/docs/passwordsecure/9.2/installation/requirements/application_server.md +++ b/docs/passwordsecure/9.2/installation/requirements/application_server.md @@ -1,3 +1,9 @@ +--- +title: "Application server" +description: "Application server" +sidebar_position: 10 +--- + # Application server #### System Components diff --git a/docs/passwordsecure/9.2/installation/requirements/client_configuration.md b/docs/passwordsecure/9.2/installation/requirements/client_configuration.md index 9e2d612c70..a04c4f5141 100644 --- a/docs/passwordsecure/9.2/installation/requirements/client_configuration.md +++ b/docs/passwordsecure/9.2/installation/requirements/client_configuration.md @@ -1,3 +1,9 @@ +--- +title: "Client configuration" +description: "Client configuration" +sidebar_position: 30 +--- + # Client configuration #### System Components diff --git a/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md b/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md index 7efbb0477e..89a0dc7ea5 100644 --- a/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md +++ b/docs/passwordsecure/9.2/installation/requirements/mobile_apps.md @@ -1,3 +1,9 @@ +--- +title: "Mobile Apps" +description: "Mobile Apps" +sidebar_position: 50 +--- + # Mobile Apps #### Required Version diff --git a/docs/passwordsecure/9.2/installation/requirements/mssql_server.md b/docs/passwordsecure/9.2/installation/requirements/mssql_server.md index 309e569d84..2bbab17206 100644 --- a/docs/passwordsecure/9.2/installation/requirements/mssql_server.md +++ b/docs/passwordsecure/9.2/installation/requirements/mssql_server.md @@ -1,3 +1,9 @@ +--- +title: "MSSQL Server" +description: "MSSQL Server" +sidebar_position: 20 +--- + # MSSQL Server #### Required Version diff --git a/docs/passwordsecure/9.2/installation/requirements/webserver/_category_.json b/docs/passwordsecure/9.2/installation/requirements/webserver/_category_.json new file mode 100644 index 0000000000..9b0df2001b --- /dev/null +++ b/docs/passwordsecure/9.2/installation/requirements/webserver/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Webserver", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "webserver" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/installation/requirements/browser.md b/docs/passwordsecure/9.2/installation/requirements/webserver/browser.md similarity index 90% rename from docs/passwordsecure/9.2/installation/requirements/browser.md rename to docs/passwordsecure/9.2/installation/requirements/webserver/browser.md index 2f2ba2f015..0a3d03a546 100644 --- a/docs/passwordsecure/9.2/installation/requirements/browser.md +++ b/docs/passwordsecure/9.2/installation/requirements/webserver/browser.md @@ -1,3 +1,9 @@ +--- +title: "Browser" +description: "Browser" +sidebar_position: 10 +--- + # Browser #### Required Version diff --git a/docs/passwordsecure/9.2/installation/requirements/webserver.md b/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md similarity index 95% rename from docs/passwordsecure/9.2/installation/requirements/webserver.md rename to docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md index 59f539f7b8..9da45043de 100644 --- a/docs/passwordsecure/9.2/installation/requirements/webserver.md +++ b/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md @@ -1,3 +1,9 @@ +--- +title: "Webserver" +description: "Webserver" +sidebar_position: 40 +--- + # Webserver #### System Components diff --git a/docs/passwordsecure/9.2/introduction/_category_.json b/docs/passwordsecure/9.2/introduction/_category_.json new file mode 100644 index 0000000000..7a06add9de --- /dev/null +++ b/docs/passwordsecure/9.2/introduction/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Introduction", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "introduction" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/welcome/introduction.md b/docs/passwordsecure/9.2/introduction/introduction.md similarity index 77% rename from docs/passwordsecure/9.2/welcome/introduction.md rename to docs/passwordsecure/9.2/introduction/introduction.md index 12a153a76d..cc345d7181 100644 --- a/docs/passwordsecure/9.2/welcome/introduction.md +++ b/docs/passwordsecure/9.2/introduction/introduction.md @@ -1,3 +1,9 @@ +--- +title: "Introduction" +description: "Introduction" +sidebar_position: 10 +--- + # Introduction ## Welcome to the official Netwrix Password Secure documentation! diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/_category_.json b/docs/passwordsecure/9.2/introduction/versionhistory/_category_.json new file mode 100644 index 0000000000..ffb42b5dc3 --- /dev/null +++ b/docs/passwordsecure/9.2/introduction/versionhistory/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Version History", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "version_history" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.0.30423.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.0.30423.md similarity index 94% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.0.0.30423.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.0.30423.md index 081b697589..52340922cc 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.0.30423.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.0.30423.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.0.0.30423" +description: "Version 9.0.0.30423" +sidebar_position: 100 +--- + # Version 9.0.0.30423 ## New diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.1.30479.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md similarity index 87% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.0.1.30479.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md index 2dd4742458..9b52d3b21f 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.1.30479.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.0.1.30479" +description: "Version 9.0.1.30479" +sidebar_position: 90 +--- + # Version 9.0.1.30479 ## Fixed diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.2.30602.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.2.30602.md similarity index 92% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.0.2.30602.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.2.30602.md index 30baa20a51..1d1c737d0a 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.2.30602.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.2.30602.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.0.2.30602" +description: "Version 9.0.2.30602" +sidebar_position: 80 +--- + # Version 9.0.2.30602 ## New diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.3.30606.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.3.30606.md new file mode 100644 index 0000000000..dbcbacc840 --- /dev/null +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.3.30606.md @@ -0,0 +1,13 @@ +--- +title: "Version 9.0.3.30606" +description: "Version 9.0.3.30606" +sidebar_position: 70 +--- + +# Version 9.0.3.30606 + +## Fixed + +#### DesktopClient + +- The PuTTY Client has been updated to version 0.81. diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.0.30996.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md similarity index 97% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.1.0.30996.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md index fc8711d3e8..6cf5f533f7 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.0.30996.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.1.0.30996" +description: "Version 9.1.0.30996" +sidebar_position: 60 +--- + # Version 9.1.0.30996 ## New diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.1.31138.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.1.31138.md similarity index 96% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.1.1.31138.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.1.31138.md index 3cd85f5d94..87e4f7f741 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.1.31138.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.1.31138.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.1.1.31138" +description: "Version 9.1.1.31138" +sidebar_position: 50 +--- + # Version 9.1.1.31138 ## New diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.2.31276.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md similarity index 93% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.1.2.31276.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md index 2980442991..c6b4e456fc 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.2.31276.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.1.2.31276" +description: "Version 9.1.2.31276" +sidebar_position: 40 +--- + # Version 9.1.2.31276 ## New diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.3.31365.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md similarity index 93% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.1.3.31365.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md index f3ea38ee57..262cc7f39e 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.1.3.31365.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.1.3.31365" +description: "Version 9.1.3.31365" +sidebar_position: 30 +--- + # Version 9.1.3.31365 ## New diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.2.0.32454.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.0.32454.md similarity index 96% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.2.0.32454.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.0.32454.md index 03ef7d929b..379e22192a 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.2.0.32454.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.0.32454.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.2.0.32454" +description: "Version 9.2.0.32454" +sidebar_position: 20 +--- + # Version 9.2.0.32454 ## New diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.2.1.32530.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md similarity index 91% rename from docs/passwordsecure/9.2/welcome/version_history/version_9.2.1.32530.md rename to docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md index 402af0183b..b66370d1fd 100644 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.2.1.32530.md +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md @@ -1,3 +1,9 @@ +--- +title: "Version 9.2.1.32530" +description: "Version 9.2.1.32530" +sidebar_position: 10 +--- + # Version 9.2.1.32530 ## New diff --git a/docs/passwordsecure/9.2/introduction/versionhistory/version_history.md b/docs/passwordsecure/9.2/introduction/versionhistory/version_history.md new file mode 100644 index 0000000000..5b93905c11 --- /dev/null +++ b/docs/passwordsecure/9.2/introduction/versionhistory/version_history.md @@ -0,0 +1,39 @@ +--- +title: "Version History" +description: "Version History" +sidebar_position: 30 +--- + +# Version History + +The previously released versions and the corresponding changelogs can be found in the following +sections. + +- [Version 9.2.1.32530](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.1.32530.md) + +- [Version 9.2.0.32454](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.2.0.32454.md) + +- [Version 9.1.3.31365](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.3.31365.md) + +- [Version 9.1.2.31276](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.2.31276.md) + +- [Version 9.1.1.31138](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.1.31138.md) + +- [Version 9.1.0.30996](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.1.0.30996.md) + +- [Version 9.0.3.30606](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.3.30606.md) + +- [Version 9.0.2.30602](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.2.30602.md) + +- [Version 9.0.1.30479](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.1.30479.md) + +- [Version 9.0.0.30423](/docs/passwordsecure/9.2/introduction/versionhistory/version_9.0.0.30423.md) + +- [Version 8.16.6.30233](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.6.30233.md) + +- [Version 8.16.5.30226](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.5.30226.md) +- [Version 8.16.4.30125](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.4.30125.md) +- [Version 8.16.3.29968](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.3.29968.md) +- [Version 8.16.3.29968](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.3.29968.md) +- [Version 8.16.1.29875](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.1.29875.md) +- [Version 8.16.0.29823](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.0.29823.md) diff --git a/docs/passwordsecure/9.2/welcome/whats_new.md b/docs/passwordsecure/9.2/introduction/whats_new.md similarity index 89% rename from docs/passwordsecure/9.2/welcome/whats_new.md rename to docs/passwordsecure/9.2/introduction/whats_new.md index 6b3654b96f..ff3275a75f 100644 --- a/docs/passwordsecure/9.2/welcome/whats_new.md +++ b/docs/passwordsecure/9.2/introduction/whats_new.md @@ -1,3 +1,9 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 20 +--- + # What's New ## New Netwrix Community! diff --git a/docs/passwordsecure/9.2/welcome/whypasswordsecure.md b/docs/passwordsecure/9.2/introduction/whypasswordsecure.md similarity index 91% rename from docs/passwordsecure/9.2/welcome/whypasswordsecure.md rename to docs/passwordsecure/9.2/introduction/whypasswordsecure.md index 10d9dbc933..7e51524b26 100644 --- a/docs/passwordsecure/9.2/welcome/whypasswordsecure.md +++ b/docs/passwordsecure/9.2/introduction/whypasswordsecure.md @@ -1,3 +1,9 @@ +--- +title: "Why Netwrix Password Secure?" +description: "Why Netwrix Password Secure?" +sidebar_position: 10 +--- + # Why Netwrix Password Secure? ## Users depend on passwords diff --git a/docs/passwordsecure/9.2/maintenance/_category_.json b/docs/passwordsecure/9.2/maintenance/_category_.json new file mode 100644 index 0000000000..01a1e6dd4d --- /dev/null +++ b/docs/passwordsecure/9.2/maintenance/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Maintenance", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/maintenance/eccmigration/_category_.json b/docs/passwordsecure/9.2/maintenance/eccmigration/_category_.json new file mode 100644 index 0000000000..615b99fa82 --- /dev/null +++ b/docs/passwordsecure/9.2/maintenance/eccmigration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "ECC Migration", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "ecc_migration" + } +} \ No newline at end of file diff --git a/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration.md b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration.md new file mode 100644 index 0000000000..a153677b72 --- /dev/null +++ b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration.md @@ -0,0 +1,13 @@ +--- +title: "ECC Migration" +description: "ECC Migration" +sidebar_position: 30 +--- + +# ECC Migration + +For a better overview the ECC migration is organized in two sections. One for the administrators and +one for the end user: + +- [Admin Manual](/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md) +- [User Manual](/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md) diff --git a/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_administrator_manual.md b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md similarity index 95% rename from docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_administrator_manual.md rename to docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md index a914231d18..d4d548ae09 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_administrator_manual.md +++ b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_administrator_manual.md @@ -1,3 +1,9 @@ +--- +title: "Admin Manual" +description: "Admin Manual" +sidebar_position: 10 +--- + # Admin Manual ## Preparation @@ -5,7 +11,7 @@ Before you execute the migration, you must ensure that the following preparations have been made: - Installation of the latest Netwrix Password Secure-Server, Native Client and Web Client -- Check in the [Database properties](/docs/passwordsecure/9.2/configuration/server_manager/database_properties/database_properties.md) if the **offline +- Check in the [Database properties](/docs/passwordsecure/9.2/configuration/servermanger/databaseproperties/database_properties.md) if the **offline access** and the **mobile synchronization** are allowed If that should be the case, **contact your users and make sure that they have to synchronize the Offline Add-on and the mobile app**. diff --git a/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_user_manual.md b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md similarity index 90% rename from docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_user_manual.md rename to docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md index 9ce5e5261a..fcf8071e97 100644 --- a/docs/passwordsecure/9.2/configuration/server_manager/ecc_migration/ecc_migration_user_manual.md +++ b/docs/passwordsecure/9.2/maintenance/eccmigration/ecc_migration_user_manual.md @@ -1,3 +1,9 @@ +--- +title: "User Manual" +description: "User Manual" +sidebar_position: 20 +--- + # User Manual ## Preparation: diff --git a/docs/passwordsecure/9.2/maintenance/moving_the_server.md b/docs/passwordsecure/9.2/maintenance/moving_the_server.md index dc4421dbca..0a50e61df7 100644 --- a/docs/passwordsecure/9.2/maintenance/moving_the_server.md +++ b/docs/passwordsecure/9.2/maintenance/moving_the_server.md @@ -1,3 +1,9 @@ +--- +title: "Moving the server" +description: "Moving the server" +sidebar_position: 20 +--- + # Moving the server ## Preparations @@ -15,19 +21,19 @@ installed on the new machine first. It is necessary to observe the The Netwrix Password Secure application server is installed next (see [Application server](/docs/passwordsecure/9.2/installation/requirements/application_server.md)). The installation itself is described under -[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager/installation_server_manager.md). +[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md). #### 3. Basic configuration After the server has been installed, the -[Basic configuration](/docs/passwordsecure/9.2/configuration/server_manager/baseconfiguration/basic_configuration.md) is +[Basic configuration](/docs/passwordsecure/9.2/configuration/servermanger/basic_configuration.md) is completed. A new configuration database will be created on the SQL server as a result. If you want to retain the old SQL server, it is necessary to give the configuration database a new name. #### 4. Deactivating the old server The license first needs to be deactivated before it can be activated on the new server (see options -under [License settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/license_settings.md). Now stop +under [License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md). Now stop the server so that nothing more can be changed in the database. ## Backing up the data @@ -51,7 +57,7 @@ selected in the following window. #### 3. Backing up the server certificate It is essential that the all available -[Certificates](/docs/passwordsecure/9.2/configuration/server_manager/certificates/certificates.md) are backed up. +[Certificates](/docs/passwordsecure/9.2/configuration/servermanger/certificates/certificates.md) are backed up. Depending on the installation, a different number of certificates are required here. ## Configuring the new server @@ -79,7 +85,7 @@ Manager. #### 2. Setting up the server After the backup has been installed on the new database, you can be start the Server Manager and run -the setup wizard. The [Setup wizard](/docs/passwordsecure/9.2/configuration/server_manager/setupwizard/setup_wizard.md) is +the setup wizard. The [Setup wizard](/docs/passwordsecure/9.2/configuration/servermanger/setup_wizard.md) is used for (amongst other things) reactivating the license. It is now possible to enter all of the desired configurations for the server. diff --git a/docs/passwordsecure/9.2/maintenance/update.md b/docs/passwordsecure/9.2/maintenance/update.md index 93495385f8..dc4d636070 100644 --- a/docs/passwordsecure/9.2/maintenance/update.md +++ b/docs/passwordsecure/9.2/maintenance/update.md @@ -1,3 +1,9 @@ +--- +title: "Update" +description: "Update" +sidebar_position: 10 +--- + # Update ## Reasons for regular updates @@ -31,12 +37,12 @@ still active. If the software maintenance package has expired, you are only perm versions that were released during the term of the software maintenance package. Therefore, you should check whether the software maintenance package is still active before an update. This can be easily checked on the Server Manager under -[License settings](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/license_settings.md). +[License settings](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/license_settings.md). ### Creating a backup An update always involves making a profound change to the existing software. A corresponding -[Backup management](/docs/passwordsecure/9.2/configuration/server_manager/main_menu/backup_settings/backup_management/backup_management.md) +[Backup management](/docs/passwordsecure/9.2/configuration/servermanger/mainmenu/backupsettings/backup_management.md) should thus be created directly before the update to ensure that no data is lost if a serious problem arises. @@ -71,7 +77,7 @@ to be restarted. It is thus recommended that the Netwrix Password Secure service the update. Further information on the installation wizard can be found in the section -[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager/installation_server_manager.md). +[Installation Server Manager](/docs/passwordsecure/9.2/installation/installation_server_manager.md). ### Patch level update for the databases @@ -90,7 +96,7 @@ be carried out using the installation parameters. ### Updating the Web Application The application server must firstly be updated. A new Web Application -([Installation Web Application](/docs/passwordsecure/9.2/installation/installation_web_application/installation_web_application.md) +([Installation Web Application](/docs/passwordsecure/9.2/installation/installationwebapplication/installation_web_application.md) is then created according to the instructions for the web server being used. The document directory on the web server should now be completely emptied. The Web Application is then unzipped and copied to the document directory on the corresponding web server. @@ -101,5 +107,5 @@ been installed and it must be deleted without fail after a successful update. NOTE: If the Web Application is used, the module: `proxy_wstunnel` must be installed when using Apache. With IIS the `WebSocket Protocol` becomes necessary. Further information can be found in the -chapter [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver.md). This applies to version 8.5.0.14896 +chapter [Webserver](/docs/passwordsecure/9.2/installation/requirements/webserver/webserver.md). This applies to version 8.5.0.14896 or newer. diff --git a/docs/passwordsecure/9.2/installation/requirements/msp_system.md b/docs/passwordsecure/9.2/msp_system.md similarity index 95% rename from docs/passwordsecure/9.2/installation/requirements/msp_system.md rename to docs/passwordsecure/9.2/msp_system.md index 1c3da7e569..43371e0260 100644 --- a/docs/passwordsecure/9.2/installation/requirements/msp_system.md +++ b/docs/passwordsecure/9.2/msp_system.md @@ -1,3 +1,9 @@ +--- +title: "MSP System" +description: "MSP System" +sidebar_position: 30 +--- + # MSP System To ensure optimal operation, we recommend that the following hardware resources are made available: diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.3.30606.md b/docs/passwordsecure/9.2/welcome/version_history/version_9.0.3.30606.md deleted file mode 100644 index 7a1079897b..0000000000 --- a/docs/passwordsecure/9.2/welcome/version_history/version_9.0.3.30606.md +++ /dev/null @@ -1,7 +0,0 @@ -# Version 9.0.3.30606 - -## Fixed - -#### DesktopClient - -- The PuTTY Client has been updated to version 0.81. diff --git a/docs/passwordsecure/9.2/welcome/version_history/version_history.md b/docs/passwordsecure/9.2/welcome/version_history/version_history.md deleted file mode 100644 index 107e639670..0000000000 --- a/docs/passwordsecure/9.2/welcome/version_history/version_history.md +++ /dev/null @@ -1,33 +0,0 @@ -# Version History - -The previously released versions and the corresponding changelogs can be found in the following -sections. - -- [Version 9.2.1.32530](/docs/passwordsecure/9.2/welcome/version_history/version_9.2.1.32530.md) - -- [Version 9.2.0.32454](/docs/passwordsecure/9.2/welcome/version_history/version_9.2.0.32454.md) - -- [Version 9.1.3.31365](/docs/passwordsecure/9.2/welcome/version_history/version_9.1.3.31365.md) - -- [Version 9.1.2.31276](/docs/passwordsecure/9.2/welcome/version_history/version_9.1.2.31276.md) - -- [Version 9.1.1.31138](/docs/passwordsecure/9.2/welcome/version_history/version_9.1.1.31138.md) - -- [Version 9.1.0.30996](/docs/passwordsecure/9.2/welcome/version_history/version_9.1.0.30996.md) - -- [Version 9.0.3.30606](/docs/passwordsecure/9.2/welcome/version_history/version_9.0.3.30606.md) - -- [Version 9.0.2.30602](/docs/passwordsecure/9.2/welcome/version_history/version_9.0.2.30602.md) - -- [Version 9.0.1.30479](/docs/passwordsecure/9.2/welcome/version_history/version_9.0.1.30479.md) - -- [Version 9.0.0.30423](/docs/passwordsecure/9.2/welcome/version_history/version_9.0.0.30423.md) - -- [Version 8.16.6.30233](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.6.30233.md) - -- [Version 8.16.5.30226](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.5.30226.md) -- [Version 8.16.4.30125](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.4.30125.md) -- [Version 8.16.3.29968](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.3.29968.md) -- [Version 8.16.3.29968](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.3.29968.md) -- [Version 8.16.1.29875](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.1.29875.md) -- [Version 8.16.0.29823](/docs/passwordsecure/9.2/welcome/version_history/version_8.16.0.29823.md) diff --git a/docs/platgovnetsuite/agent/_category_.json b/docs/platgovnetsuite/agent/_category_.json new file mode 100644 index 0000000000..47421dbda3 --- /dev/null +++ b/docs/platgovnetsuite/agent/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Agent Overview", + "position": 130, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "agent_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/financial_controls/agent_clear_incident.md b/docs/platgovnetsuite/agent/agent_clear_incident.md similarity index 91% rename from docs/platgovnetsuite/financial_controls/agent_clear_incident.md rename to docs/platgovnetsuite/agent/agent_clear_incident.md index c29a39d50e..951109622c 100644 --- a/docs/platgovnetsuite/financial_controls/agent_clear_incident.md +++ b/docs/platgovnetsuite/agent/agent_clear_incident.md @@ -1,3 +1,9 @@ +--- +title: "Clearing a Control Incident" +description: "Clearing a Control Incident" +sidebar_position: 50 +--- + # Clearing a Control Incident Unresolved Control Incidents are filtered and displayed under the Unresolved Control Incidents diff --git a/docs/platgovnetsuite/financial_controls/agent_creating_preapproved_change_request.md b/docs/platgovnetsuite/agent/agent_creating_preapproved_change_request.md similarity index 95% rename from docs/platgovnetsuite/financial_controls/agent_creating_preapproved_change_request.md rename to docs/platgovnetsuite/agent/agent_creating_preapproved_change_request.md index ee139ca244..7496c4da97 100644 --- a/docs/platgovnetsuite/financial_controls/agent_creating_preapproved_change_request.md +++ b/docs/platgovnetsuite/agent/agent_creating_preapproved_change_request.md @@ -1,7 +1,13 @@ +--- +title: "Creating an Agent Preapproved Change Request" +description: "Creating an Agent Preapproved Change Request" +sidebar_position: 40 +--- + # Creating an Agent Preapproved Change Request You can create a custom change request form for an Agent Preapproved Change Request. Refer to -[Using Custom Change Request Forms](/docs/platgovnetsuite/change_management/use_custom_cr_forms.md) for information on +[Using Custom Change Request Forms](/docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md) for information on implementing your custom form. Here are the steps to create a pre-approved change request for a control: diff --git a/docs/platgovnetsuite/financial_controls/agent_example_set_control.md b/docs/platgovnetsuite/agent/agent_example_set_control.md similarity index 98% rename from docs/platgovnetsuite/financial_controls/agent_example_set_control.md rename to docs/platgovnetsuite/agent/agent_example_set_control.md index 6cc70084f3..ca17261dfe 100644 --- a/docs/platgovnetsuite/financial_controls/agent_example_set_control.md +++ b/docs/platgovnetsuite/agent/agent_example_set_control.md @@ -1,3 +1,9 @@ +--- +title: "Example: Set an Agent Control" +description: "Example: Set an Agent Control" +sidebar_position: 60 +--- + # Example: Set an Agent Control Here is the process to create a control to monitor changes: diff --git a/docs/platgovnetsuite/financial_controls/agent_example_unresolved_control_incident.md b/docs/platgovnetsuite/agent/agent_example_unresolved_control_incident.md similarity index 88% rename from docs/platgovnetsuite/financial_controls/agent_example_unresolved_control_incident.md rename to docs/platgovnetsuite/agent/agent_example_unresolved_control_incident.md index 6cc7ecb8a7..3b6c4d5487 100644 --- a/docs/platgovnetsuite/financial_controls/agent_example_unresolved_control_incident.md +++ b/docs/platgovnetsuite/agent/agent_example_unresolved_control_incident.md @@ -1,3 +1,9 @@ +--- +title: "Example: Unresolved Control Incident" +description: "Example: Unresolved Control Incident" +sidebar_position: 70 +--- + # Example: Unresolved Control Incident A modification has been made to the **Purchase Limit** and **Purchase Approval Limit** for Luigi diff --git a/docs/platgovnetsuite/financial_controls/agent_getting_started.md b/docs/platgovnetsuite/agent/agent_getting_started.md similarity index 96% rename from docs/platgovnetsuite/financial_controls/agent_getting_started.md rename to docs/platgovnetsuite/agent/agent_getting_started.md index f43becb31d..e5af4dada3 100644 --- a/docs/platgovnetsuite/financial_controls/agent_getting_started.md +++ b/docs/platgovnetsuite/agent/agent_getting_started.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started with Agent" +description: "Getting Started with Agent" +sidebar_position: 10 +--- + # Getting Started with Agent Before you set up your Agent controls, determine the roles you require and decide what types of diff --git a/docs/platgovnetsuite/financial_controls/agent_lookback.md b/docs/platgovnetsuite/agent/agent_lookback.md similarity index 96% rename from docs/platgovnetsuite/financial_controls/agent_lookback.md rename to docs/platgovnetsuite/agent/agent_lookback.md index 0e45368e5c..28a2ad7483 100644 --- a/docs/platgovnetsuite/financial_controls/agent_lookback.md +++ b/docs/platgovnetsuite/agent/agent_lookback.md @@ -1,3 +1,9 @@ +--- +title: "Using Agent Lookback" +description: "Using Agent Lookback" +sidebar_position: 30 +--- + # Using Agent Lookback _Agent Lookback_ gives **Enterprise** license customers the capability to run an agent control from diff --git a/docs/platgovnetsuite/financial_controls/agent_overview.md b/docs/platgovnetsuite/agent/agent_overview.md similarity index 97% rename from docs/platgovnetsuite/financial_controls/agent_overview.md rename to docs/platgovnetsuite/agent/agent_overview.md index 74696e3afc..6df7a599b7 100644 --- a/docs/platgovnetsuite/financial_controls/agent_overview.md +++ b/docs/platgovnetsuite/agent/agent_overview.md @@ -1,3 +1,9 @@ +--- +title: "Agent Overview" +description: "Agent Overview" +sidebar_position: 130 +--- + # Agent Overview Agent allows you to monitor and manage the creation, deletion, or change of key records and fields diff --git a/docs/platgovnetsuite/financial_controls/agent_supported_records.md b/docs/platgovnetsuite/agent/agent_supported_records.md similarity index 77% rename from docs/platgovnetsuite/financial_controls/agent_supported_records.md rename to docs/platgovnetsuite/agent/agent_supported_records.md index 62a69393b4..4c47bf0792 100644 --- a/docs/platgovnetsuite/financial_controls/agent_supported_records.md +++ b/docs/platgovnetsuite/agent/agent_supported_records.md @@ -1,3 +1,9 @@ +--- +title: "Records Supported by Agent Searches and Controls" +description: "Records Supported by Agent Searches and Controls" +sidebar_position: 20 +--- + # Records Supported by Agent Searches and Controls Records supported by Agent searches and controls: diff --git a/docs/platgovnetsuite/api/api_overview.md b/docs/platgovnetsuite/api/api_overview.md deleted file mode 100644 index 395261c20a..0000000000 --- a/docs/platgovnetsuite/api/api_overview.md +++ /dev/null @@ -1,37 +0,0 @@ -# Integration API - -The Integration API enables external access to Customization and Change Request objects. Third party -application are able to integrate via these APIs. - -- **Customizations** -- **Change Requests** can be created, updated, retrieved and deleted. -- **ERD** and **Impact Analysis** tools are available. - -- [Customizations API](/docs/platgovnetsuite/api/customizations_api.md) can be retrieved from your NetSuite account and can be - added and removed from your Change Requests. Here is the Customization API command: - - - [Get Customizations](/docs/platgovnetsuite/api/get_customizations.md): Returns customizations based on your filters. - -- [Change Request API](/docs/platgovnetsuite/api/change_request_api.md) can be created, updated, retrieved and deleted. The - ERD and Impact Analysis tools are available. Here are the Change Request API commands: - - - [Get Change Request](/docs/platgovnetsuite/api/get_change_request.md): Returns the change request associated with an - External ID. - - [Add/Update Customizations in a Change Request](/docs/platgovnetsuite/api/add_update_change_request.md): adds/updates - customization and/or proposed customizations. - - [Delete Customizations in a Change Request](/docs/platgovnetsuite/api/delete_customizations_change_request.md): removes - customizations and/or proposed customizations. - - [Get ERD](/docs/platgovnetsuite/api/get_erd.md): returns ERD URL links for each customization. - - [Get Impact Analysis](/docs/platgovnetsuite/api/get_impact_analysis.md): returns the impact analysis data for each - customization. Customizations are categorized as _Safe to Modify_, _Not Safe to Modify_, and - _Inactive_. - - [Push Change Request](/docs/platgovnetsuite/api/push_change_request.md): pushes the external ticket details and creates - an equivalent change request. - -## Postman Links - -Both the Customizations and Change Requests API documentation are published in -[Postman](http://postman.com/). You can try out the API commands in the Postman interface. - -- [Customizations](https://documenter.getpostman.com/view/30883336/2s9YeABubu) API -- [Change Requests](https://documenter.getpostman.com/view/30883336/2s9YeABubr) API diff --git a/docs/platgovnetsuite/api/change_request_api.md b/docs/platgovnetsuite/api/change_request_api.md deleted file mode 100644 index 68b6f795c1..0000000000 --- a/docs/platgovnetsuite/api/change_request_api.md +++ /dev/null @@ -1,21 +0,0 @@ -# Change Request API - -The Change Request API provides external access to retrieve customization from a NetSuite account. - -Here are the Change Request API commands: - -- [Get Change Request](/docs/platgovnetsuite/api/get_change_request.md): Returns the change request associated with an - External ID. -- [Add/Update Customizations in a Change Request](/docs/platgovnetsuite/api/add_update_change_request.md): adds/updates - customization and/or proposed customizations. -- [Delete Customizations in a Change Request](/docs/platgovnetsuite/api/delete_customizations_change_request.md): removes - customizations and/or proposed customizations. -- [Get ERD](/docs/platgovnetsuite/api/get_erd.md): returns ERD URL links for each customization. -- [Get Impact Analysis](/docs/platgovnetsuite/api/get_impact_analysis.md): returns the impact analysis data for each - customization. Customizations are categorized as _Safe to Modify_, _Not Safe to Modify_, and - _Inactive_. -- [Push Change Request](/docs/platgovnetsuite/api/push_change_request.md): pushes the external ticket details and creates an - equivalent change request. - -Try the [Change Requests](https://documenter.getpostman.com/view/30883336/2s9YeABubr) API in -Postman, where you can try out and test the commands. diff --git a/docs/platgovnetsuite/api/customizations_api.md b/docs/platgovnetsuite/api/customizations_api.md deleted file mode 100644 index 43e70c084b..0000000000 --- a/docs/platgovnetsuite/api/customizations_api.md +++ /dev/null @@ -1,10 +0,0 @@ -# Customizations API - -The Customizations API provides external access to retrieve customization from a NetSuite account. - -Customizations API command: - -- [Get Customizations](/docs/platgovnetsuite/api/get_customizations.md) - -Try the [Customizations](https://documenter.getpostman.com/view/30883336/2s9YeABubu) API in Postman. -The **Get Customizations** API is published to Postman, where you can try it out and test it. diff --git a/docs/platgovnetsuite/archive/_category_.json b/docs/platgovnetsuite/archive/_category_.json new file mode 100644 index 0000000000..e0d357f9e5 --- /dev/null +++ b/docs/platgovnetsuite/archive/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Archive", + "position": 190, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-0_release_notes.md b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-0_release_notes.md similarity index 96% rename from docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-0_release_notes.md rename to docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-0_release_notes.md index e177258972..a0e9213208 100644 --- a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-0_release_notes.md +++ b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-0_release_notes.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Strongpoint for Netsuite 7.0 Release Notes" +description: "Netwrix Strongpoint for Netsuite 7.0 Release Notes" +sidebar_position: 40 +--- + # Netwrix Strongpoint for Netsuite 7.0 Release Notes ## Core 7.0.3 @@ -155,7 +161,7 @@ Authentication (TBA) credentials for your account. Once created, they are availa selection when performing your tasks. Token-Based Authentication is set up through NetSuite. Refer to -[Setting up Token-Based Authentication](/docs/platgovnetsuite/integrations/jira_integration.md). +[Setting up Token-Based Authentication](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md). 1. Open **Jira**. 2. Open your **Projects** page: diff --git a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-1_release_notes.md b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-1_release_notes.md similarity index 97% rename from docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-1_release_notes.md rename to docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-1_release_notes.md index 7587b20ee5..6f5ab5fbaa 100644 --- a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-1_release_notes.md +++ b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-1_release_notes.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Strongpoint for Netsuite 7.1 Release Notes" +description: "Netwrix Strongpoint for Netsuite 7.1 Release Notes" +sidebar_position: 30 +--- + # Netwrix Strongpoint for Netsuite 7.1 Release Notes ## Core 7.1.2.1 @@ -11,7 +17,7 @@ November 30, 2023 - Improved handling of custom employee center roles across the Strongpoint spiders. - Bundle updates were enabling **Automatic Synchronization** between Strongpoint and Jira, changing settings where **Automatic Synchronization** was disabled. **Automatic Synchronization** defaults - to enabled for new installations. Refer to [Jira](/docs/platgovnetsuite/integrations/jira_integration.md) topic for + to enabled for new installations. Refer to [Jira](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) topic for more information. - Enhanced handling of nonmaterial changes for fields using html coding. Special symbols ( < > & " ) in fields do not generate non-compliant change logs. @@ -228,7 +234,7 @@ Authentication (TBA) credentials for your account. Once created, they are availa selection when performing your tasks. Token-Based Authentication is set up through NetSuite. Refer to -[Setting up Token-Based Authentication](/docs/platgovnetsuite/integrations/jira_integration.md). +[Setting up Token-Based Authentication](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md). 1. Open **Jira**. 2. Open your **Projects** page: diff --git a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-2_release_notes.md b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-2_release_notes.md similarity index 93% rename from docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-2_release_notes.md rename to docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-2_release_notes.md index 7286123cc0..4c57498cba 100644 --- a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-2_release_notes.md +++ b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-2_release_notes.md @@ -1,3 +1,9 @@ +--- +title: "Core 7.2" +description: "Core 7.2" +sidebar_position: 20 +--- + # Core 7.2 Netwrix Strongpoint for NetSuite 7.2 Release Notes @@ -8,7 +14,7 @@ December 22, 2023 **New:** **Strongpoint Integration API** -Strongpoint is excited to release an [Integration API](/docs/platgovnetsuite/api/api_overview.md) to enable your +Strongpoint is excited to release an [Integration API](/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md) to enable your developers to support your ticketing systems! Customers enthusiastically embraced our Strongpoint pre-built integrations for Jira, ServiceNow and Zendesk. The API makes this integration functionality available to everyone. Integrating your systems with your Strongpoint account helps @@ -20,7 +26,7 @@ Here are the API highlights: your Change Requests. - **Change Requests** can be created, updated, retrieved and deleted. - **ERD** and **Impact Analysis** tools are available. -- API commands are documented in the [Integration API](/docs/platgovnetsuite/api/api_overview.md) section of this +- API commands are documented in the [Integration API](/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md) section of this guide. - API commands are available in [Postman](http://postman.com/), where you can try them out and test them. There are Postman links in this guide. diff --git a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-3_release_notes.md b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-3_release_notes.md similarity index 96% rename from docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-3_release_notes.md rename to docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-3_release_notes.md index dfc0860b38..b47545c2ea 100644 --- a/docs/platgovnetsuite/release_notes/netwrix_strongpoint_netsuite_7-3_release_notes.md +++ b/docs/platgovnetsuite/archive/netwrix_strongpoint_netsuite_7-3_release_notes.md @@ -1,3 +1,9 @@ +--- +title: "Core 7.3.2" +description: "Core 7.3.2" +sidebar_position: 10 +--- + # Core 7.3.2 Netwrix Strongpoint for Netsuite 7.3 Release Notes @@ -69,7 +75,7 @@ information will not have changed. New: Jira On-Prem Atlassian is discontinuing support for the Jira On-Prem solution. Jira Cloud will be the only -supported option. You can use the Strongpoint [Integration API](/docs/platgovnetsuite/api/api_overview.md) to create +supported option. You can use the Strongpoint [Integration API](/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md) to create your own integration with your ticketing system. **Resolved Issues** diff --git a/docs/platgovnetsuite/automatedsearchcleanup/_category_.json b/docs/platgovnetsuite/automatedsearchcleanup/_category_.json new file mode 100644 index 0000000000..f048e27b9d --- /dev/null +++ b/docs/platgovnetsuite/automatedsearchcleanup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Automated Search Clean Up", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "automated_search_cleanup" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/clean_up/automated_search_cleanup.md b/docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup.md similarity index 98% rename from docs/platgovnetsuite/clean_up/automated_search_cleanup.md rename to docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup.md index a2f2dd328e..b681d01b66 100644 --- a/docs/platgovnetsuite/clean_up/automated_search_cleanup.md +++ b/docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup.md @@ -1,9 +1,15 @@ +--- +title: "Automated Search Clean Up" +description: "Automated Search Clean Up" +sidebar_position: 60 +--- + # Automated Search Clean Up The Automated Search Clean Up feature runs as scheduled, or on demand, using custom rules to find and manage Saved Searches. Accumulated searches contribute to inefficiency in NetSuite accounts. -Review the [Automated Search Clean Up Considerations](/docs/platgovnetsuite/clean_up/automated_search_cleanup_considerations.md) +Review the [Automated Search Clean Up Considerations](/docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup_considerations.md) prior to using this feature. Saved Searches are powerful customizations used throughout NetSuite and interconnected to other diff --git a/docs/platgovnetsuite/clean_up/automated_search_cleanup_considerations.md b/docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup_considerations.md similarity index 87% rename from docs/platgovnetsuite/clean_up/automated_search_cleanup_considerations.md rename to docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup_considerations.md index f8e1567308..011f9f8039 100644 --- a/docs/platgovnetsuite/clean_up/automated_search_cleanup_considerations.md +++ b/docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup_considerations.md @@ -1,7 +1,13 @@ +--- +title: "Automated Search Clean Up Considerations" +description: "Automated Search Clean Up Considerations" +sidebar_position: 10 +--- + # Automated Search Clean Up Considerations This list describes some of the special cases encountered when using the -[Automated Search Clean Up](/docs/platgovnetsuite/clean_up/automated_search_cleanup.md) tool +[Automated Search Clean Up](/docs/platgovnetsuite/automatedsearchcleanup/automated_search_cleanup.md) tool 1. When an archived search contains **Date** filters, you must have the same date format preference as the Company’s date preference to accurately restore the filter. diff --git a/docs/platgovnetsuite/bundle_removal/investigating_through_saved_searches.md b/docs/platgovnetsuite/bundle_removal/investigating_through_saved_searches.md deleted file mode 100644 index c269d5c801..0000000000 --- a/docs/platgovnetsuite/bundle_removal/investigating_through_saved_searches.md +++ /dev/null @@ -1,27 +0,0 @@ -# Investigating Through Saved Searches - -After running all the mass updates and CSV imports (where needed), you can build six saved searches, -one for each scenario. Within each scenario you can easily identify all the customizations for -further investigation. - -Included in the results columns of these saved searches, you will find the following fields: - -- **Name**: to identify the customization. -- **ScriptID**: to locate the customization. -- **Type**: to know more about the customization. -- **Date Last Used ([DLU](/docs/platgovnetsuite/clean_up/date_last_used.md))**: to know the last time the customization - was used. - -The columns show the existing relationships for the customizations that use: - -- Parent -- Scripts -- Searches/Mass Updates -- Workflows -- Data Sources -- Forms -- List - ![Results columns of Saved Searches](/img/product_docs/platgovnetsuite/bundle_removal/results_saved_searches.webp) - -**Next Step:** -[](/docs/platgovnetsuite/bundle_removal/exporting_information_to_excel.md)[Exporting Information to Excel](/docs/platgovnetsuite/bundle_removal/exporting_information_to_excel.md) diff --git a/docs/platgovnetsuite/bundleremoval/_category_.json b/docs/platgovnetsuite/bundleremoval/_category_.json new file mode 100644 index 0000000000..20480dd4bd --- /dev/null +++ b/docs/platgovnetsuite/bundleremoval/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Bundle Removal Overview", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "bundle_removal_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/bundle_removal/bundle_removal_overview.md b/docs/platgovnetsuite/bundleremoval/bundle_removal_overview.md similarity index 96% rename from docs/platgovnetsuite/bundle_removal/bundle_removal_overview.md rename to docs/platgovnetsuite/bundleremoval/bundle_removal_overview.md index b0033bc321..c0a2e0a6e6 100644 --- a/docs/platgovnetsuite/bundle_removal/bundle_removal_overview.md +++ b/docs/platgovnetsuite/bundleremoval/bundle_removal_overview.md @@ -1,3 +1,9 @@ +--- +title: "Bundle Removal Overview" +description: "Bundle Removal Overview" +sidebar_position: 80 +--- + # Bundle Removal Overview We can help you remove bundles from NetSuite in the safest and best possible manner by using mass diff --git a/docs/platgovnetsuite/bundle_removal/categorizing_customizations.md b/docs/platgovnetsuite/bundleremoval/categorizing_customizations.md similarity index 95% rename from docs/platgovnetsuite/bundle_removal/categorizing_customizations.md rename to docs/platgovnetsuite/bundleremoval/categorizing_customizations.md index 796d363d33..28001ae34e 100644 --- a/docs/platgovnetsuite/bundle_removal/categorizing_customizations.md +++ b/docs/platgovnetsuite/bundleremoval/categorizing_customizations.md @@ -1,3 +1,9 @@ +--- +title: "Categorizing Customizations" +description: "Categorizing Customizations" +sidebar_position: 30 +--- + # Categorizing Customizations Part of the bundle removal process is to categorize all the customizations in your account, this is @@ -42,7 +48,7 @@ summary criteria for this type of search. `{custrecord_flo_searches.custrecord_flo_cleanup_status}` = 'To Be Cleaned Up' THEN 1 ELSE 0 END | 6. Click **Preview**.This step takes some time.Troubleshooting: - [Saved Search Times Out](/docs/platgovnetsuite/troubleshooting/saved_search_times_out.md) + [Saved Search Times Out](/docs/platgovnetsuite/reportabug/saved_search_times_out.md) ## Export and Import the CSV File @@ -109,7 +115,7 @@ summary criteria for this type of search. Sum | CASE WHEN`{custrecord_flo_searches.custrecord_flo_cleanup_status}` = 'To Be Cleaned Up' OR TO_NUMBER(NVL(`{custrecord_flo_searches}`,0)) < 1 THEN 0 ELSE 1 END | 6. Click **Preview**.This step takes some time.Troubleshooting: - [Saved Search Times Out](/docs/platgovnetsuite/troubleshooting/saved_search_times_out.md) + [Saved Search Times Out](/docs/platgovnetsuite/reportabug/saved_search_times_out.md) ## Export and Import the CSV File @@ -136,4 +142,4 @@ summary criteria for this type of search. 12. Choose **Save & Run**. **Next Step:** -[](/docs/platgovnetsuite/bundle_removal/creating_four_mass_updates.md)[Creating Four Mass Updates](/docs/platgovnetsuite/bundle_removal/creating_four_mass_updates.md) +[Creating Four Mass Updates](/docs/platgovnetsuite/bundleremoval/creating_four_mass_updates.md) diff --git a/docs/platgovnetsuite/bundle_removal/creating_custom_list_and_fields.md b/docs/platgovnetsuite/bundleremoval/creating_custom_list_and_fields.md similarity index 90% rename from docs/platgovnetsuite/bundle_removal/creating_custom_list_and_fields.md rename to docs/platgovnetsuite/bundleremoval/creating_custom_list_and_fields.md index be7242b52d..6f03198dbf 100644 --- a/docs/platgovnetsuite/bundle_removal/creating_custom_list_and_fields.md +++ b/docs/platgovnetsuite/bundleremoval/creating_custom_list_and_fields.md @@ -1,3 +1,9 @@ +--- +title: "Creating a Custom List and Fields" +description: "Creating a Custom List and Fields" +sidebar_position: 20 +--- + # Creating a Custom List and Fields Seven custom fields and one custom list needs to be created for the bundle’s customization records. @@ -39,4 +45,4 @@ belongs to and six different check boxes, one for each scenario. 6. Click **Save** -**Next Step:** [Categorizing Customizations](/docs/platgovnetsuite/bundle_removal/categorizing_customizations.md) +**Next Step:** [Categorizing Customizations](/docs/platgovnetsuite/bundleremoval/categorizing_customizations.md) diff --git a/docs/platgovnetsuite/bundle_removal/creating_four_mass_updates.md b/docs/platgovnetsuite/bundleremoval/creating_four_mass_updates.md similarity index 95% rename from docs/platgovnetsuite/bundle_removal/creating_four_mass_updates.md rename to docs/platgovnetsuite/bundleremoval/creating_four_mass_updates.md index 4f14191e95..170259b787 100644 --- a/docs/platgovnetsuite/bundle_removal/creating_four_mass_updates.md +++ b/docs/platgovnetsuite/bundleremoval/creating_four_mass_updates.md @@ -1,3 +1,9 @@ +--- +title: "Creating Four Mass Updates" +description: "Creating Four Mass Updates" +sidebar_position: 40 +--- + # Creating Four Mass Updates Once you have created the first two mass updates and the two saved searches, you need to follow a @@ -82,4 +88,4 @@ This mass update captures all the bundle components referenced by non bundle com 9. Click **Save** **Next Step:** -[](/docs/platgovnetsuite/bundle_removal/investigating_through_saved_searches.md)[Investigating Through Saved Searches](/docs/platgovnetsuite/bundle_removal/investigating_through_saved_searches.md) +[Investigating Through Saved Searches](/docs/platgovnetsuite/bundleremoval/investigating_through_saved_searches.md) diff --git a/docs/platgovnetsuite/bundle_removal/creating_two_mass_updates.md b/docs/platgovnetsuite/bundleremoval/creating_two_mass_updates.md similarity index 94% rename from docs/platgovnetsuite/bundle_removal/creating_two_mass_updates.md rename to docs/platgovnetsuite/bundleremoval/creating_two_mass_updates.md index 944441158a..1f90e72cef 100644 --- a/docs/platgovnetsuite/bundle_removal/creating_two_mass_updates.md +++ b/docs/platgovnetsuite/bundleremoval/creating_two_mass_updates.md @@ -1,3 +1,9 @@ +--- +title: "Creating Two Mass Updates" +description: "Creating Two Mass Updates" +sidebar_position: 10 +--- + # Creating Two Mass Updates ## First Mass Update @@ -53,4 +59,4 @@ Customization to **To Be Investigated**. It identifies everything needing invest 7. Enter the **Clean Up Status**: **Under Investigation** 8. Click **Save** -**Next Step:** [Creating a Custom List and Fields](/docs/platgovnetsuite/bundle_removal/creating_custom_list_and_fields.md) +**Next Step:** [Creating a Custom List and Fields](/docs/platgovnetsuite/bundleremoval/creating_custom_list_and_fields.md) diff --git a/docs/platgovnetsuite/bundle_removal/exporting_information_to_excel.md b/docs/platgovnetsuite/bundleremoval/exporting_information_to_excel.md similarity index 86% rename from docs/platgovnetsuite/bundle_removal/exporting_information_to_excel.md rename to docs/platgovnetsuite/bundleremoval/exporting_information_to_excel.md index af197b87eb..4928b0df45 100644 --- a/docs/platgovnetsuite/bundle_removal/exporting_information_to_excel.md +++ b/docs/platgovnetsuite/bundleremoval/exporting_information_to_excel.md @@ -1,3 +1,9 @@ +--- +title: "Exporting Information to Excel" +description: "Exporting Information to Excel" +sidebar_position: 60 +--- + # Exporting Information to Excel You can export the information from the removal scenarios to Excel and then search for the @@ -27,4 +33,4 @@ To find the relationships that only exist within the bundle: 3. This shows you the bundle components that are being used so you are aware of what will be removed when the bundle is gone. These are the records that need to be replicated. -**Next Step:** [](/docs/platgovnetsuite/bundle_removal/final_tasks.md)[Final Tasks](/docs/platgovnetsuite/bundle_removal/final_tasks.md) +**Next Step:** [Final Tasks](/docs/platgovnetsuite/bundleremoval/final_tasks.md) diff --git a/docs/platgovnetsuite/bundle_removal/final_tasks.md b/docs/platgovnetsuite/bundleremoval/final_tasks.md similarity index 86% rename from docs/platgovnetsuite/bundle_removal/final_tasks.md rename to docs/platgovnetsuite/bundleremoval/final_tasks.md index dbaff3b79d..70cbb34b64 100644 --- a/docs/platgovnetsuite/bundle_removal/final_tasks.md +++ b/docs/platgovnetsuite/bundleremoval/final_tasks.md @@ -1,3 +1,9 @@ +--- +title: "Final Tasks" +description: "Final Tasks" +sidebar_position: 70 +--- + # Final Tasks ## Reviewing Critical and Non Critical Sheets @@ -16,7 +22,7 @@ broken. Testing should occur in the sandbox environment first. Retest functionality after the bundle removal to ensure everything is working as expected. As part of the testing, run the -[Comparing Environments](/docs/platgovnetsuite/change_management/comparing_environments.md) tool to see all the +[Comparing Environments](/docs/platgovnetsuite/changemanagement/comparing_environments.md) tool to see all the differences after the bundle removal (sandbox vs. production). It helps you determine what needs to be moved to the production environment. diff --git a/docs/platgovnetsuite/bundleremoval/investigating_through_saved_searches.md b/docs/platgovnetsuite/bundleremoval/investigating_through_saved_searches.md new file mode 100644 index 0000000000..5d0187eb9f --- /dev/null +++ b/docs/platgovnetsuite/bundleremoval/investigating_through_saved_searches.md @@ -0,0 +1,33 @@ +--- +title: "Investigating Through Saved Searches" +description: "Investigating Through Saved Searches" +sidebar_position: 50 +--- + +# Investigating Through Saved Searches + +After running all the mass updates and CSV imports (where needed), you can build six saved searches, +one for each scenario. Within each scenario you can easily identify all the customizations for +further investigation. + +Included in the results columns of these saved searches, you will find the following fields: + +- **Name**: to identify the customization. +- **ScriptID**: to locate the customization. +- **Type**: to know more about the customization. +- **Date Last Used ([DLU](/docs/platgovnetsuite/cleanup/date_last_used.md))**: to know the last time the customization + was used. + +The columns show the existing relationships for the customizations that use: + +- Parent +- Scripts +- Searches/Mass Updates +- Workflows +- Data Sources +- Forms +- List + ![Results columns of Saved Searches](/img/product_docs/platgovnetsuite/bundle_removal/results_saved_searches.webp) + +**Next Step:** +[Exporting Information to Excel](/docs/platgovnetsuite/bundleremoval/exporting_information_to_excel.md) diff --git a/docs/platgovnetsuite/change_management/approving_change_request.md b/docs/platgovnetsuite/change_management/approving_change_request.md deleted file mode 100644 index ee6f5a071e..0000000000 --- a/docs/platgovnetsuite/change_management/approving_change_request.md +++ /dev/null @@ -1,30 +0,0 @@ -# Approving a Change Request - -Approvers are populated from the Change/Approval Policy for the Change Request. Approval -notifications are sent when the Change Request owner advances the status to **Pending Approval**. -Approvers must be [licensed](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) Platform Governance for -NetSuite users and have the correct -[role permissions](/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md) if they are using a custom -(non-Strongpoint) role. - -![change_request_approving_change_request](/img/product_docs/platgovnetsuite/change_management/change_request_approving_change_request.webp) - -1. Approver receives an email with a link to the Change Request. -2. When the Change Request opens, **Approve** and **Reject** buttons are available at the top of the - form: - - - If all approvers approve the Change Request, the status is changed to **Approved** or - **Approved (Override)** if an administrator approved it. Implement the changes specified by - the Change Request. - - If an approver rejects the Change Request, the status is changed to **Rejected**. You can - return the Change Request to **In Progress**, edit it, and reset it to **Pending Approval** if - there are errors or omissions. - -3. Change Request owner - [Completes and Validates the Change Request](/docs/platgovnetsuite/change_management/completing_validating_change_request.md). - -Administrators can approve a Change Request. The status is set to **Approved (Override)** and the -administrator's name is displayed in the **Approval Override By** field. - -Once the Change Request is approved, you cannot change the customizations attached to the Change -Request. diff --git a/docs/platgovnetsuite/change_management/change_and_approval_policy.md b/docs/platgovnetsuite/change_management/change_and_approval_policy.md deleted file mode 100644 index b1a3130c1b..0000000000 --- a/docs/platgovnetsuite/change_management/change_and_approval_policy.md +++ /dev/null @@ -1,86 +0,0 @@ -# Change and Approval Policy - -The Advanced Change Management system uses a set of policy records called Change and Approval -Policies. These Change and Approval Policies define: - -- Level of change management required for a given change, for example, modifying a script vs. a - search. -- Level of approval required -- Approvers - -The [Setting Up Policies](/docs/platgovnetsuite/change_management/setting_up_policies.md) topic has details on setting up the Change / -Approval Policies. - -When Process Issues or Change Requests are created, the impacted customizations and processes are -analyzed. The change policy that applies is identified based on the IT risk from the Customization -Record and the process risk from the Process Records. - -The Change and Approval Policy also determines the change level required for any detected changes to -be compliant. This ensures that even changes that do not go through the planned change management -process are analyzed against the policy for compliance. - -For example, a company may have multiple policies. For example: - -- **Default Policy** applies to any customization or process without a specific policy. Requires - scripted changes go through a relatively high level of review compared to non-scripted changes. -- **Financial Processes Policy** applies to the core financial processes. Under this policy, any - changes to the financial processes could require full development and testing and approval of the - CFO. -- **Critical Operational Processes Policy** applies to vital operational processes or customizations - such as those comprising a critical integration. This policy might require approval by the CFO as - well as the expert owners of the specific objects concerned. -- **Controls Policy** applies to key reports and controls listed on the policy that need specific - approval to modify and ensures there are no changes without a proper audit review. - -Once in place, the policies remind users of the level of change management required as well as -monitors the changes that do occur and raises alerts to IT if there are any change violations. - -You can create a custom change request form for a Policy Approval. Refer to -[Using Custom Change Request Forms](/docs/platgovnetsuite/change_management/use_custom_cr_forms.md) for information on implementing your -custom form. - -## Non-Material Changes - -Non-material changes are changes detected in objects that are not performed by a human and do not -have functional impact. You can review these changes on the -[Non-Material Changes report](/docs/platgovnetsuite/change_management/change_management_reports.md). - -Here is the criteria for non-material changes: - -- System generated changes. -- XML changes that do not directly affect the object definition. For example, Script Deployment - where it shows all related scripts that are deployed to the same record. -- Customization record changes that sets references to other customizations but there is no change - in actual record definition. For example, the list customization is added as dependency to the - field customization. -- When the **Internal Id** changes for a **Script Deployment** that belongs to a **Bundle with - Update Deployment** settings which deletes the original deployment and creates a new deployment - record on bundle updates. This **Internal Id** change is flagged as non-material because a - deletion log is created. -- Initial setting of **Bundle Id** to a customization record because some customizations (for - example, **custom record field**) do not have the bundle information within their metadata. -- **Scripting/Workflow to Field Update** when a script/workflow is added as reference in the field - customization record. The valid change is documented on the **Script** or **Workflow** instead of - the field. -- Change log is flagged as duplicate after confirming the actual change date and changed by for that - customization already exists. Duplicates can occur as changes are captured from different sources - such as object metadata, audit trail, history, and system notes -- Create logs of customization where duplicated customizations (same type, name, scriptid, and - name). -- **Script File Date** has changed because of bundle update but there is no change found in the file - contents and hash. - -## Managed and Non-Managed Bundles - -Platform Governance for NetSuite can process changes that are bundled together as a group. There are -different processes for **Managed Bundles** (changes pushed by a third party) and **Non-Managed -Bundles** (your own packaged changes). System generated **Manage Bundle** change requests are now -created with an approved status to be consistent with the change logs (compliant) that are attached -to it. - -| Change Type | Change Request | Action When Change Detected | Status | Report | -| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------- | -------------------------- | -| Non-managed Bundle push or manual change | An open and approved change request with the **Bundle ID** in the **Affected Bundle ID** field. **Type** must be **Bundle Update** | Attach the change logs to the change request. | Compliant | Compliant Changes | -| Non-managed Bundle push or manual change | No open and approved change request exists and the object requires a change request. **Type** must be **Bundle Update** | Marks the change as **Non-compliant**. | Non-compliant | Open Non-Compliant Changes | -| Managed Bundle change pushed to Production | An open and approved change request with the **Bundle ID** in the **Affected Bundle ID** field and change request **Type** is **Managed Bundle Update** | Attach the change logs to the change request. | Compliant | Managed Bundle Changes | -| Managed Bundle change pushed to Production | No open and approved change request exists and the object requires a change request. | Creates a change request of **Type** **Managed Bundle Update**, attaches the changes to the change request and marks the change logs as **Compliant**. | Compliant | Managed Bundle Changes | diff --git a/docs/platgovnetsuite/change_management/change_management_overview.md b/docs/platgovnetsuite/change_management/change_management_overview.md deleted file mode 100644 index c55b2a5d2b..0000000000 --- a/docs/platgovnetsuite/change_management/change_management_overview.md +++ /dev/null @@ -1,75 +0,0 @@ -# Change Management Overview - -Closed Loop Change Management and Compliance is an enhanced change management system for changes to -NetSuite accounts using the Platform Governance for NetSuite automated documentation and change -management system. - -We extend your current change management system to enable you to: - -- Establish change management policies for different types of objects and processes. -- Route changes for approval within NetSuite. -- Authenticate that changes to the system are in accordance with applicable policies. -- Enable Opportunistic Clearance if desired, to reduce low risk non-compliant changes. -- Detect and resolve non-compliant changes. -- Manage deployments and sandbox refreshes using best practices. - -Once a change request is complete, best practice is to change the status to **Completed**. If there -are multiple open change requests referencing the same object, any changes to the object result in -the change log being associated with the oldest of the approved change requests. - -## Plan, Approve and Deploy Changes - -### Initiate with a Process Issue - -A process issue can: - -- Enable anyone with permission and access to NetSuite to initiate a ticket. -- Enable management and IT staff to triage issues and enhancements to determine if a change request - should be created. -- Be attached to Customization and Process Records to automatically determine how risky the change - is and what level of change process is required for compliance. -- Be linked to subsequent Change Requests to provide end to end reporting of changes for audit - purposes. - -The Process issue is an optional step. If you have an established ticketing system, you can continue -to use that and reference the external ticket in the Change Request. - -### Plan with a Change Request - -Change Requests are used to plan and track changes to the system. - -They allow for common actions associated with change requests including: - -- Grouping process issues. -- Planning completion targets. -- Tracking the status. -- Managing approvals. - -The **Advanced Change Management** Module provides additional functionality: - -- Automatically define the change level required for compliance based on the appropriate - [Change and Approval Policy](/docs/platgovnetsuite/change_management/change_and_approval_policy.md). -- Identify impacts on other customizations. -- Attach and manage test scripts. -- Manage and record Pre and Post-Deployment [Environment Comparisons](/docs/platgovnetsuite/change_management/comparing_environments.md). -- Archive fields. -- Delete customizations. - -Change Management can be integrated with other change tracking systems using the External Change -Request Number field. It is beneficial to use the change records since they can be linked to -processes, customizations and clean up activities. - -### Confirm with a Deployment Record - -When tracking Full Software Development Lifecycle changes, the Deployment Record enables you to -track deployment approvals. Once a Change Request is approved, this documents a change is ready for -development. At this point, a new change request with the Stage Deployment Record can be created and -tracked. - -This enables: - -- Tracking of deployment activities. -- Documentation of approvals for deployment to document that any changes that occurred during - development have been approved and that the appropriate pre-deployment checks have been completed. - -This record is linked to the original change request to enable end to end reporting of the change. diff --git a/docs/platgovnetsuite/change_management/change_management_reports.md b/docs/platgovnetsuite/change_management/change_management_reports.md deleted file mode 100644 index 7a5af0ebcd..0000000000 --- a/docs/platgovnetsuite/change_management/change_management_reports.md +++ /dev/null @@ -1,190 +0,0 @@ -# Change Management Reports - -To access change management reports: - -Open **Strongpoint** > **Change Management Reports** and one of the available reports: - -- Policy Changes -- Open Non-Compliant Changes -- Resolved Non-Compliant Changes -- Compliant Changes -- Approval Override -- Managed Bundle/App Updates -- Platform Changes -- Non-Material Changes -- Deployed Changes -- What Changed - -## Policy Changes - -This report displays policy changes. This is used by change managers to monitor policies. - -The criteria for this report includes: - -- System Notes Type is Change - -## Open Non-Compliant Changes - -This report displays non-compliant changes that have not been resolved. This is used by change -managers to track changes that require action. - -The criteria for this report includes: - -- Non-Compliant Changes -- Status - Not Closed -- Manual changes and changes using a Bundle/App initiated by user - -The criteria for this report excludes: - -- Non-material changes -- Managed Bundle/App Changes - -## Resolved Non-Compliant Changes - -This report displays non-compliant changes that have been resolved. This is used by change managers -and auditors to review non-complaint changes that have been resolved. - -The criteria for this report includes: - -- Non-Compliant Changes -- Status is Closed -- Manual changes and changes using a Bundle/App initiated by user - -The criteria for this report excludes: - -- Non-material changes -- Managed Bundle/App Change - -## Compliant Changes - -This report displays changes that the system has automatically cleared as compliant. Compliant -changes are automatically marked as closed. This is used by Change Managers and auditors to review -changes that have been automatically cleared as compliant. - -The criteria for this report includes: - -- Compliant Changes -- Manual changes and changes using a Bundle/App initiated by user - -The criteria for this report excludes: - -- Non-material changes -- Managed Bundle/App Change - -## Approval Override - -This report displays changes with an Approval Override. This is used by Change Managers and auditors -to review changes that have been approved outside of the specified approval process. - -The criteria for this report includes: - -- System Notes: Context is UI -- System Notes: Field is Approval Status -- System Notes: New Value is Approved -- Status Bar State: None or Approved(Override) - -The criteria for this report excludes: - -- Managed Bundle/App Change - -## Managed Bundle/App Updates - -This report displays changes that have been initiated by managed or third-party Bundle or App -updates. - -- _Managed Bundle/Apps_ are pushed to target accounts by a third-party provider. -- _Third-Party Bundle/Apps_ are third-party products that can be updated on demand for target - accounts. These components have the same change evaluation as managed bundle/apps. Unmanaged - third-party bundles or apps must meet these conditions: - - 1. Installed from a **Production** account. - 2. Have a valid **Abstract Description**. - 3. Have a valid **Version Number**. - -The criteria for this report includes: - -- Compliant and Non-Compliant Changes -- Only changes with objects associated with Managed Bundles - -The criteria for this report excludes: - -- Non-material changes - -## Platform Changes - -This report displays platform changes to objects. - -The criteria for this report includes: - -- Non-material platform changes - -The criteria for this report excludes: - -- Non-material changes other than platform changes - -## Non-Material Changes - -This report displays changes to non-material objects. **Non-Material Object Changes** are changes -detected in the object definition not caused by human intervention and do not have any functional -impact. Examples include NetSuite internal IDs, object XML structure or JSON representation or -reordering values in a list. - -The criteria for this report includes: - -- Non-material changes - -The criteria for this report excludes: - -- Non-material Platform changes - -Here is the criteria for non-material changes: - -- System generated changes. -- XML changes that do not directly affect the object definition. For example, Script Deployment - where it shows all related scripts that are deployed to the same record. -- Customization record changes that sets references to other customizations but there is no change - in actual record definition. For example, the list customization is added as dependency to the - field customization. -- When the **Internal Id** changes for a **Script Deployment** that belongs to a **Bundle with - Update Deployment** settings which deletes the original deployment and creates a new deployment - record on bundle updates. This **Internal Id** change is flagged as non-material because a - deletion log is created. -- Initial setting of **Bundle Id** to a customization record because some customizations (for - example, **custom record field**) do not have the bundle information within their metadata. -- **Scripting/Workflow to Field Update** when a script/workflow is added as reference in the field - customization record. The valid change is documented on the **Script** or **Workflow** instead of - the field. -- Change log is flagged as duplicate after confirming the actual change date and changed by for that - customization already exists. Duplicates can occur as changes are captured from different sources - such as object metadata, audit trail, history, and system notes -- Create logs of customization where duplicated customizations (same type, name, scriptid, and - name). -- **Script File Date** has changed because of bundle update but there is no change found in the file - contents and hash. - -## Deployed Changes - -This report displays the deployed changes. - -The criteria for this report includes: - -- Non-material changes - -The criteria for this report excludes: - -- Non-compliance changes -- Managed Bundle/App Update - -## What Changed - -This report is used by Change Managers to view a complete listing of all changes in the system -excluding non-material changes. - -The criteria for this report includes: - -- Compliant and Non-Compliant Changes -- User driven and managed Bundle/App initiated changes - -The criteria for this report excludes: - -- Non-material changes diff --git a/docs/platgovnetsuite/change_management/creating_change_request.md b/docs/platgovnetsuite/change_management/creating_change_request.md deleted file mode 100644 index 5a36d503f4..0000000000 --- a/docs/platgovnetsuite/change_management/creating_change_request.md +++ /dev/null @@ -1,238 +0,0 @@ -# Creating a Change Request - -Before making any changes, it is important to understand the scope of the planned change, potential -impacts and the level of change required. Documentation is also available if you are using the old -[Change Request](/docs/platgovnetsuite/change_management/creating_change_request_old_form.md) form. Refer to -[Setting Preferred Forms](/docs/platgovnetsuite/customizations/setting_preferred_forms.md) for information on -designating your preferred Change Request form. - -SuiteCloud Development Framework (SDF) users can upload their Sandbox development file directly into -a production ITGC Change Request. The Change Request populates the scope with the existing -customizations and adds new ones to proposed customizations. - -If you want to see if the change would have an impact in your sandbox, you can also create a change -request in your sandbox account. - -## Create the Change Request - -1. Open **Strongpoint** > **Change Management Tools** > **ITGC Change Request** - The status bar displays the stage of the Change Request. A new change request displays _Not - Started_. -2. Enter information in the **Main** and **Scope** sections: - - ![change_request_new](/img/product_docs/platgovnetsuite/change_management/change_request_new.webp) - - - **Name**: Add a name to the change request. - - **Stage**: Select the type of change you want to make. - - **Change Overview**: Add a summary of the desired change. - - **Lookup Customization** launches a window where you can search for customizations in the - current account or a different account: - - Click **Change Account** to log into another account or sandbox and look up - customizations. You can use the **Set up TBA Credentials** procedure in - [Comparing Environments](/docs/platgovnetsuite/change_management/comparing_environments.md) to save your credentials for each - environment you use. - - Enter a **Name** and click **Lookup** to find a customization by all or part of a name. - For example, **a** shows everything beginning with **A**. - - Enter a **Script ID** and click **Lookup** to find a customization by all or part of a - Script ID. Uses **startswith** search operator and allows **%** wildcard. For example, - entering **%\_flo** returns customizations with **\_flo** in the script id. - - Select a **Type** and click **Lookup** to find all customizations of the selected type. - - Enter a **Bundle ID** and click **Lookup** to find a customization that belongs to the - Bundle. - - **Select User** from the list to search all customizations **Modified By** selected user. - This uses the **Change By** field in the change logs. The list is updated if the source - account is changed. The **User Not Determined** option is for logs without system notes, - where the user cannot be identified. **User Not Determined** can be used with the **From** - and **To** filters to search on the log creation date instead of the actual change date. - - Select dates in the **From** and/or **To** fields to search all customizations that were - changed on or after the **From** date or on or before the **To** date. Use both fields to - specify a search range. This uses the **Actual Change Date** field in the change logs. - - Enter a **Script File** name and click **Lookup** to find a customization by all or part - of the script file name. For example, **26** shows everything beginning with **26**. - - Use multiple filters to further refine your search. For example, **Name** starting with - **a** and **Type** of **List** show all **List** customizations starting with **A**. Once - the customizations are displayed: - - Hover over **Details** to see specifics of the customization. - - Click the box(es) to select one or more customizations. Check in the **Name** header to - toggle **Selecting** or **Deselecting All**.- Click **Add Selected Customizations**. If - the Customization (based on Script ID) exists in the current account it is added to the - **Customizations**. If it does not exist, it is added to the **Proposed Customizations**. - - **Customizations**: Use this field if you are changing objects that already exist in your - account. Can be used in conjunction with proposed customizations. Start typing in the entry - box for a single value, click the **Select Multiple** icon or click **Lookup Customization** - to search for customizations. - - **Add Customizations from SDF Zip file**: SuiteCloud Development Framework (SDF) users can - upload their Sandbox development file. The Change Request populates the scope with the - existing customizations and adds new ones to proposed customizations. - Click **Choose File** and navigate to your SDF zipped file. - - **Do Not ReSpider Automatically**: when unchecked, an Automatic ReSpider occurs when the - Change Request status is set to **Completed**. - The ReSpider ensures that all change logs are complete prior to changing the status. If - automatic ReSpidering is turned off, there is a risk of changes being marked as non-compliant - if the change logs are not complete when the user changes the status to **Completed**. The - default for the **Do Not ReSpider Automically** is set on the - [Configuration and Stats Change Management](/docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md) - tab. - - **Proposed Customizations**: Use this field when you are adding customizations that do not yet - exist in your account. You can add multiple Script IDs by separating them with commas. Can be - used in conjunction with customizations that already exist. - New **Entry** and **Transaction** forms can be pre-approved by adding the Script ID of the - form. The Script ID must match the Script ID set in **Customizations** > **Forms** > **Entry - Form** (prefix **custform** is automatically added for you on the **Custom Entry Form**). All - Customizations and Proposed Customizations are evaluated to determine the Change Level. The - highest **Change Level** is used for the Change Request. | Proposed Customization | Change - Level | | --- | --- | | customworkflow, customscript, customdeploy or anything with - extensions: .js .ssp .ss | Script Object Changes | | customsearch, customreport | Searches and - Reports | | customrole | User Role Changes | | Files with extensions: .html .txt | Web-Related - Changes | | Everything else | Other Changes | - - **Affected Process(es)**: Select any processes affected by this Change Request. Select - **Import From Processes** to automatically import affected processes. - - **Affected Bundle ID/APP ID**: Use this field to specify a bundle ID or SuiteApp ID. Separate - multiple IDs with commas. Note, this does not run the Impact Analysis. To run the Impact - Analysis, use the Lookup Customization feature with a **Bundle ID**. - -3. Click **In Progress** in the status bar to indicate you are working on the Change Request. -4. **Save** the Change Request. New sections and tabs are available once you save: - - 1. **Push to Jira** button is available if the - [Jira integration](/docs/platgovnetsuite/integrations/jira_integration.md) is available, and - [Allow NS to Push to Jira](/docs/platgovnetsuite/integrations/jira_integration.md) is enabled. When prompted, - select the Jira project and click **Push**. A Jira ticket is created. The ticket number is - added to the **Related Change Records** tab as an **External Change Request Number**. The - customizations are added to the new Jira ticket. - 2. **Download SDF Project** button downloads the Change Request as a zip file. - 3. The **Approval** section is visible. Click **Edit to** add **Additional Approvers** or - **Approver Notes**. Click **Save** if you make changes. - - ![change_request_new_saved](/img/product_docs/platgovnetsuite/change_management/change_request_new_saved.webp) - - 4. **Impact Analysis** is automatically run. The results are shown on the **Impact Analysis** - tab. In addition to all of the direct dependencies, indirect dependencies are also considered - to determine the change level for each customization. If there are multiple change levels, - the most stringent one is applied. - - | Indirect Dependency | Change Level | Impact Analysis Results | - | ------------------------------------------------------------------ | ----------------------------- | ----------------------- | - | Record referenced by a scripted field | Scripted Objects | Dependent Scripts | - | Search referenced by a scripted field | | | - | Custom Field referenced by another scripted field | | | - | Record referenced by a workflow related field | Workflows and Related Objects | Dependent Workflows | - | Search referenced by a workflow related field | | | - | Custom Field referenced by another workflow related field | | | - | List referenced by a search related field (in a filter or formula) | Formula Objects | Critical Searches | - - There are three categories for customizations: Review any warnings or issues with the - impacted customization record(s) before you make a change. - - - Can Be Safely Deleted or Modified - - Cannot Be Safely Deleted or Modified - - Inactive Customizations (Already Deleted) - - 5. The **ERD** tab opens the visual Entity Relationship Diagram where you can easily review the - dependencies for the Customizations affected by the change request. - 6. **Related Change Record** information results are shown on the **Related Change Records** - tab: - - - Created From - - Originated System - - Originating Case (shown if record is created from a Case record) - - Originating Case Company (shown if record is created from a Case record) - - External Change Request Number - - External Link - - Parent Change Request - -5. Click **Pending Approval** in the status bar when you are finished with the Change Request. A - confirmation prompt is displayed. When confirmed, Approval Notifications are sent to the - approvers. - - ![change_request_new_pendapprove](/img/product_docs/platgovnetsuite/change_management/change_request_new_pendapprove.webp) - -6. Approvers approve or reject the Change Request. **Deploy** is available for approved Change - Requests. - - ![change_request_new_approved](/img/product_docs/platgovnetsuite/change_management/change_request_new_approved.webp) - -7. Validate the Change Request. - -## Canceling a Change Request - -You can Cancel a Change Request: - -1. **Edit** the Change Request. -2. Click **Cancel CR**. -3. Confirm cancellation when prompted. -4. Click **Save**. - -Status is changed to **Cancelled CR**. - -## Status Bar States - -![change_request_bar_not_started](/img/product_docs/platgovnetsuite/change_management/change_request_bar_not_started.webp) - -New Change Request. Click **In Progress** to advance the status. - -Impact Analysis is run when the Change Request is Saved. - -![change_request_bar_inprogress](/img/product_docs/platgovnetsuite/change_management/change_request_bar_inprogress.webp) - -Change Request **In Progress**. - -Can be demoted to **Not Started**. - -Impact Analysis is run when the Change Request is Saved. - -When ready for approval, click **Pending Approval**. - -![change_request_bar_pending](/img/product_docs/platgovnetsuite/change_management/change_request_bar_pending.webp) - -Approvers are notified. - -Approval section added to the Change Request. - -Status can be demoted. - -Status promoted based on Approvers actions. - -![change_request_bar_approved](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved.webp) - -Status when all approvers have approved. - -Can be returned to a previous status or rejected. - -**Deploy** button is available. - -![change_request_bar_approved_partial](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_partial.webp) - -Status when Change Request is partially approved. Wait for all approvers to finish. - -![change_request_bar_approved_override](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_override.webp) - -Status when an administrator has approved in place of a specified approver. - -**Approval Override by** field displays the approver. - -**Deploy** button is available. - -![change_request_bar_approved_completed](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_completed.webp) - -Approved and Completed. - -Can be returned to a previous status. - -**Deploy** button not available. - -![change_request_bar_approved_canceled](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_canceled.webp) - -Approved and Canceled. - -Can be returned to a previous status. - -**Deploy** button not available. - -![change_request_bar_rejected](/img/product_docs/platgovnetsuite/change_management/change_request_bar_rejected.webp) - -Rejected and Completed. - -Can be returned to a previous status. - -**Deploy** button not available. diff --git a/docs/platgovnetsuite/change_management/creating_change_request_from_case.md b/docs/platgovnetsuite/change_management/creating_change_request_from_case.md deleted file mode 100644 index 5fb196c7ea..0000000000 --- a/docs/platgovnetsuite/change_management/creating_change_request_from_case.md +++ /dev/null @@ -1,17 +0,0 @@ -# Creating a Change Request from a Case - -If -[Enable Case to Change Request Workflow](/docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md) -is enabled, you can automatically create a Change Request directly from your Case: - -1. Open **Lists** > **Support** > **Cases**. -2. **View** a Case. -3. Click **Create Change Request**. - -The Change Request is created, populating the fields specified in the -[Case to Change Request Field Mapping](/docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md) -set up. The Change Request status is set to **Not Started**. - -If the **Create Change Request** button is not visible on the Case, the -[Enable Case to Change Request Workflow](/docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md) -is not enabled. Contact your system administrator. diff --git a/docs/platgovnetsuite/change_management/setting_up_policies.md b/docs/platgovnetsuite/change_management/setting_up_policies.md deleted file mode 100644 index f5b1184730..0000000000 --- a/docs/platgovnetsuite/change_management/setting_up_policies.md +++ /dev/null @@ -1,268 +0,0 @@ -# Setting Up Policies - -- Policy Information general information about the policy. -- Set Up a Default Policy procedure to set up your default policy and approvers. -- Change Controls reference information for the Change Controls tab. -- Approvals reference information for the Approvals tab. -- Process Policies reference information for the Process Policies tab. -- Customization Policies reference information for the Customization Policies tab. -- Control Policies reference information for the Control Policies tab. -- SoD Policies reference information for the SoD Policies tab. -- Set Up Additional Policies set up additional policies as required. - -## Policy Information - -- **Name**: Policy name. -- **Default Policy**: Checked if it is the default policy. -- **Enable Global Object Level Policy**: Disabled by default. Check to enable. - Change Policy picking process with **Global Object Level Policy** _disabled_: - - If customizations or customization processes are attached to specific policies, pick the most - stringent policy. - - If there are no object-specific policies, pick **Default Policy**. - Change Policy picking process with **Global Object Level Policy** _enabled_: - - If customizations or customization processes are attached to specific policies, pick the most - stringent policy. - - If there are no object-specific policies, look for policies that are not attached to any - customization or process. Compare the change level among all resulting policies and the - Default Policy, then pick the most stringent policy. -- **Parent Policy**: Parent policy information to help organize policies, does not impact the - process. This field is not available when editing the Default Policy. For child policies, it can - be changed when the policy is edited. -- **Owner**: Person who created the policy. -- **Inactive**: Checked if the policy is not active. -- **Log XML Only Change**: Checked to track online changes that occur in the XML, such as NetSuite - internal changes.Recommended to leave this unchecked due to the volume of false positives you - would need to manage. - -![changeandapprovalpolicy1](/img/product_docs/platgovnetsuite/change_management/changeandapprovalpolicy1.webp) - -## Set Up a Default Policy - -1. Open **Strongpoint** > **Change Management Tools** > **Change/Approval Policy** -2. Edit the **Default Policy** so that it has the following settings: - -- **Header**: Everything in the Header should remain the same including the name Default. -- **Change Controls:** - - ![Policy Default Change Controls](/img/product_docs/platgovnetsuite/change_management/policy_default_change_controls2.webp) - -- **Approvals**: Select the policy approvers on the Approvals tab. - -3. Click **Save** - -## Change Controls - -Each object type has an independent change level. The change level specifies what approval is -required for changes to the objects to be compliant with this policy. - -### Change Levels - -**No Logs Created**: changes to these objects update the customization documentation is updated but -does not create change logs. A warning text is displayed when the Administrator sets the change -level to **No Logs Created**. - -**Log Changes Only**: changes to these objects are automatically marked compliant. - -**Process Issue Only**: changes to these objects require an **Approved Process Issue** with a status -not set to **Completed**. - -**Change Request**: changes to these objects require an **Approved Change Request** with a status -not set to **Completed**. - -**Sandbox Development & Testing**: changes to these objects require an **Approved Change Request** -in the **Stage Deployment Record** with a status not set to **Completed**. - -**Full Software Development Lifecycle**: changes to these objects require an **Approved Change -Request** in the **Stage Deployment Record** with a status not set to **Completed**, and a parent -**Change Request** attached to the **Deployment Record**. - -To add new change levels, select **New** or use the **+** next to a field when editing the policy. - -### Object Types - -#### Complex Objects - -- **Scripted Objects**: Scripts, Workflows and any object upon with a script or workflow dependency. - Default: Log Changes Only -- **Formula Objects**: Fields used in Formulas. Default: Sandbox Development & Testing -- **Workflows and Related Objects**: Changes to Workflows, or any objects used by a Workflow. When - an object is used by a Script and a Workflow, we use the higher level between Scripted Objects, - and Workflows and Related Objects change controls. Default: Change Request -- **Integration Objects**: Changes to External Records, External Fields, External Systems, and - Integrations. Default: Log Changes Only -- **Non-Managed Bundle/App Deployments**: Bundle or SuiteApp Deploy into an account, updates of the - bundle or SuiteApp object are handled by object type. (Only non-managed bundles/Apps). Default: - Sandbox Development & Testing -- **Agent Controls**: Changes to Control Searches. Default: Log Changes Only -- **Mass Updates**: Changes to Mass Updates Default: Log Changes Only - -#### Other Configurable Objects - -- **Searches and Reports**: Searches and Reports not flagged as controls or scripted. Default: - Change Request -- **Fields**: Changes to custom fields. Default: Log Changes Only -- **Lists**: Changes to custom lists. Default: Log Changes Only -- **Records**: Changes to custom records. Default: Log Changes Only -- **Groups**: Changes to groups. Default: Log Changes Only -- **Forms and Template Changes**: Changes to Forms and Templates. Default: Log Changes Only -- **Web-Related Changes**: Objects affecting web objects, for example fields displayed in a site or - any part of SuiteCommerce Advanced. Default: Log Changes Only -- **Departments/Locations/Class**: Changes to department, location, or class. Default: Log Changes - Only -- **Subsidiaries**: Changes to subsidiary. Default: Log Changes Only - -#### Access and Setup - -- **User Roles**: Changes to role assignments on the Change Control. Default: Log Changes Only -- **User Role Assignment**: Changes to user role assignments on the Change Control. Default: Log - Changes Only -- **User Role Related Objects**: Changes related to user role changes on the Change Control. - Default: Log Changes Only -- **NetSuite SetUp and Preferences**: Changes to NetSuite setup objects including accounting lists, - segments, enabled features and preferences. Default: Log Changes Only -- **Accounting Lists**: Changes to accounting lists. Default: Log Changes Only -- **Custom Segments**: Changes to custom segments. Default: Log Changes Only -- **User Offboarding**: Available when [Enhanced User Provisioning](/docs/platgovnetsuite/change_management/user_provisioning.md) is - enabled. -- **User Onboarding**: Available when [Enhanced User Provisioning](/docs/platgovnetsuite/change_management/user_provisioning.md) is enabled. - -## Approvals - -Approvers initiate the change request and enable it to move to the next stage. - -![Policy Approvals tab](/img/product_docs/platgovnetsuite/change_management/policy_approvals_tab.webp) - -Policy Change Approvers - -This section is only applies to the default policy. - -- **Preliminary Approver (Policy Change)**: Specifies the preliminary approver required for a policy - change. They are listed as the first approver in the Change Request. -- **Final Approver (Policy Change)**: Specifies the final approver required for a policy change. The - person who needs to approve after all other approvals have been obtained. - - **NOTE:** Specifying a **Final Approver** locks the default policy and all child policies. If a - user attempts to change a policy, a notice is displayed. Click **Request Approval**. The form is - launched, with your proposed changes populated. - - ![Record Save Blocked](/img/product_docs/platgovnetsuite/change_management/record_save_blocked.webp) - -ITGC Approvers - -Groups are an efficient method to specify approvers. For example, if you need one approver from each -of several company functions, you can create a group for each functional area, and select a minimum -of 1 approval. Once each group has approved, the policy moves on to the **Final Approver**. - -- **Group Name**: enter a descriptive name to identify the approvers. -- **Approvers**: click in the entry box and select approvers from the available user list. -- **No Order Required**: check the box if approvers can approve in any order. If not checked, - approvers must approve in the order specified in the **Approvers** entry. -- **Min # of Approvals Required**: select the minimum number of approvers for the group. This option - is not available if **No Order Required** is not checked. -- **Add Row**: click to add another ITGC Approver Group. Click the red **X** to delete an existing - group. - -Final Approver - -- **Final Approver**: Specifies the final approver of changes affected by given policies. -- **No Order Required**: Check this box to allow concurrent approvers. If blank, approvals route in - order. Default is blank. -- **Max # of Approvals Required**: Specifies the maximum number of approvals to consider a change - complete. If blank, all approvers are required. -- **Change ID**: Opens a form displaying the **Name**, **Old ID** and an input field for the **New - ID**. **Change ID** is available as a button when you **Edit** the policy. - -## Process Policies - -Process Policies specify which processes the policy applies to and how they should be managed. -Process Policies are only applicable if you implement Manage Process Risk. - -- **Require Affected Process Approval**: Check to require approval from process owners on the Change - Request. Default is checked. -- **Include Process Editors as Alternates**: Check to include Process Editors as alternate - approvers. Process Editors are specified on the **Continuous** **Improvement** tab of the - **Process** record. Default is not checked. -- **Require Impacted Process Approval**: Check to require approval from process owners of related - objects. Often these owners are not specifically listed in the Change Request. Default is not - checked. -- **Require Parent Process Owner Approval**: Owners of processes at or above the parent level must - approve. Default is not checked. -- **New Process**: Launches the new Process form. - -## Customization Policies - -Customization Policies specifies the objects affected by the policy. - -- **Require Object Owner Approval**: Owner of the customization record. Likely the person who - created the object. Default is not checked. Recommend checking this box. -- **Require Impacted Customization Approval**: Owner of any impacted customization record in - NetSuite. Default is not checked. -- **View** and **Customization**: Select a View and navigate to a Customization. Click **Attach** to - add the selected customization to the Policy. -- **New Customization**: Launches the new Customization form. -- **Customize View**: Launches the Active Customizations Search results. - -## Control Policies - -Control Policies specify controls for this policy. - -- **Control Assignee Approval**: Checked if there is a control assignee in Control Policies. -- **Process Owner(s)**: Checked if there are any process owners in Control Policies. -- **Control Owner**: Checked if there is a control owner in Control Policies. - -## SoD Policies - -Segregation of Duties Policies specify the approvers for this policy. - -- **SoD Preliminary Approver**: One or more preliminary SoD approvers for changes affected by the - policy. -- **SoD Final Approver**: One or more final SoD approvers for changes affected by the policy. -- **Require Change Request**: If checked, a Change Request is Required for any changes to the - policy. - -## Set Up Additional Policies - -In some cases, you may want stricter controls on certain objects. For example, many of our public -companies create a specific policy for SOX related searches, since they want it tighter than Log -Only for those objects. To set up object specific policies, the initial spider must be complete, so -you can attach the Customization Record to the policy. - -To set up additional policies: - -1. Open **Strongpoint**> **Change Management Tools** > **Change/Approval Policy** > **New** -2. Enter the policy information. -3. Assign the **Change Levels** on the **Change Controls** tab. -4. Assign the **Approvers** on the **IT Policies** tab. -5. Click **Save** -6. Click **Edit** -7. Open the **Customization Policies** tab. - -![policy_add_customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) - -- Check **Require Object Owner Approval** if needed. -- Check **Require Impacted Customization Approval** if needed. - -8. Add Customizations. Attaching customizations to the policy is how Platform Governance for - NetSuite knows a particular policy should be applied to specific objects. If there are multiple - policies applied to specific objects, the higher change level is selected to keep the change - compliant. - -- Change the **View** to help locate the desired customization. -- Enter all of part of the customization in **Customization**, or click the double down arrow icon - to select the **List** option. -- Select the customization. -- Click **Attach**. - -9. Click **Save** when you are finished adding customizations to the Policy. - -Another method to add customization is through NetSuite's **Mass Update**. Here is the basic -process. Refer to the NetSuite help for more information on Mass Update. - -1. Open **Lists** > **Mass Updates** -2. Expand **General Updates** > **Custom Records** > **Customization** -3. Use the Criteria tab to locate and **Add** your customizations. -4. Open the **Mass Update Fields** tab. -5. Locate the **Change/ Approval Policy** field. (You can use your browser’s Find function.) -6. Check the box and select your new **Policy**. -7. **Save** and run the Mass Update. -8. Save your **Change Approval Policy**. diff --git a/docs/platgovnetsuite/change_management/using_change_logs.md b/docs/platgovnetsuite/change_management/using_change_logs.md deleted file mode 100644 index d9ab51353d..0000000000 --- a/docs/platgovnetsuite/change_management/using_change_logs.md +++ /dev/null @@ -1,140 +0,0 @@ -# Using Change Logs - -Change Logs allow you to see the type of change, who made the change and view the system notes of -the NetSuite record. Change Logs are accessed from the -[Change Management Reports](/docs/platgovnetsuite/change_management/change_management_reports.md). - -Once a change request is complete, best practice is to change the status to **Completed**. If there -are multiple open change requests referencing the same object, any changes to the object result in -the change log being associated with the oldest of the approved change requests. - -To open a Change Log: - -1. Open **Strongpoint** > **Change Management Reports** and select a report. -2. Click **View** beside the Change Log to open. - -![changelog-1](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) - -If the **Actual Change Date** is empty or **Change By** is set to **Could Not Be Determined** or -**Pending Autospider**, a **Refresh Changed By** button is available. When clicked, it populates -**Actual Change Date** and **Change By** fields. - -The button is only available for Object types where the **Actual Change Date** and **Change By** -fields can be retrieved. - -![Refresh Changed By](/img/product_docs/platgovnetsuite/change_management/change_log_refresh.webp) - -## Change Log Header - -Change Logs are different based on the type of change. These are the major fields. - -**Change Log Created**: Date the Change Log was created. - -**Deletion Date**: Date a customization was deleted. Used with deleted Script Deployments. - -**Actual Change Date**: Date of the system note entry reflecting the change date. There must be an -available system note to display the date. - -**Customization**: Linked customization(s) that have changed. - -**Deleted Customization**: Name of the deleted customization. Used with deleted Script Deployments. - -**Managed Bundle/App Customization**: Checked when customizations belong to a managed bundle. - -**Changed By**: User who made the change. There must be an available system note to display the -user. - -**Deleted By**: User who made the change. Used with deleted Script Deployments. - -**Field Name**: Name of the changed field. - -**Field Script ID**: Script ID of the changed field . - -**Non-Compliance**: Checked if the change is non-compliant. - -**Policy**: Policies associated with the Change Log. - -**Change Level**: Change level required by the policy. - -**Change Type**: Type of change based on the policy. - -**Change Overview**: Overview of the change. - -- When **Systemnotes.Type** is included as result column and one of the system note lines is - **Created**, the Change Overview displays: _``**\_created** _``\_. -- When there are no system notes columns, **Change Overview** displays - _``**\_changed** _``\_. -- Deleted records display _``\*\*\_deleted_\*\*``\_ -- For grouped results with multiple records, **Change Overview** displays **See Change Data Table - for details.** - -**Related Change Request**: Change request related to the change or used to perform regression -analysis of a non-compliant change. - -**Related Process Issue**: Process issue related to the change or used to resolve it. - -**Resolution Description**: Description of any steps taken to bring the change back into compliance. - -**Non-Material Clearance Reason**: Used when a change is evaluated as non-material. **Non-Material -Object Changes** are changes detected in the object definition not caused by human intervention and -do not have any functional impact. Examples include NetSuite internal IDs, object XML structure or -JSON representation or reordering values in a list. - -**Non-Material Checked**: Indicates if the change log has been evaluated as non-material. - -**Status**: Current state of the Change Log. This field is manually set, except it is automatically -set to complete when a compliant change is complete. - -**Operation**:The reason for the Change Log. For example, **edit** or **delete**. - -**System Note Available**: Indicates a system note was found. - -**Jira Ticket Link**: Link to the Jira ticket if used to create the Change Log. - -## Values Tab - -The **Values** tab displays the changes that occurred in the Change Log. - -**Diff. View**: Highlights the changes that occurred within specific fields. - -**Diff. Summary**: Displays the difference between the old value and the new value. - -**Data Error**: Checked if a data error occurred. - -![values_tab](/img/product_docs/platgovnetsuite/change_management/values_tab.webp) - -## Finding Users Who Have Made Changes - -When you want to find out who has made changes, you can run any of the Change Reports and view who -made a change in the **Change By** column. - -The **Change By** and **Actual Date** of the change logs are retrieved using System Notes Search for -supported record types. If a System Note is not available, **Change By** displays **Could Not Be -Determined** in the Report List. - -Recorded types that are not supported can be retrieved from the AutoSpider. - -| Supported Records for System Notes Search | Change By retrieved from the AutoSpider | -| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | -| Body Field Bundle Installation Script Client Script Column Field CRM Field Custom Record Field Entity Field Item Field Item Number Field Item Option Field Library Script File List Map/Reduce Script Mass Update Script Other Field Plug-in Script Portlet Script Record Restlet Script Scheduled Script Script Deployments Setup Preference\* Suitelet Script User Event Script User Role Workflow Workflow Action Script Deleted Objects\*\* | Bundle Custom Report Entry Form Mass Update Search Transaction Form User Role / Global Permission Changes | - -\* System notes can be retrieved for: Company Preferences, Company Information, Enable Features, -Account, Foreign Currency Variance Posting Rule, Nexus, Tax Code, Taxation Type, Fair Value Formula, -Fair Value Price List, Project Expense Type, and Item Revenue Category. - -\*\* Deleted by and actual delete date are available for: Workflow, Custom Record, List, Script -Deployment, and Script. - -## Viewing System Notes - -In an open Change Log: - -1. Click on a linked **Customization** to open the Customization Record. **Strongpoint Return Jira - Ticket Info (Suitelet Script)** in this example. - - ![Change Log Customization link](/img/product_docs/platgovnetsuite/change_management/change_log_customization_link.webp) - -2. Click **Go to Record** -3. Open **System Notes** - -![systemsnotes](/img/product_docs/platgovnetsuite/change_management/systemsnotes.webp) diff --git a/docs/platgovnetsuite/change_management_reports.md b/docs/platgovnetsuite/change_management_reports.md new file mode 100644 index 0000000000..f32952c777 --- /dev/null +++ b/docs/platgovnetsuite/change_management_reports.md @@ -0,0 +1,196 @@ +--- +title: "Change Management Reports" +description: "Change Management Reports" +sidebar_position: 90 +--- + +# Change Management Reports + +To access change management reports: + +Open **Strongpoint** > **Change Management Reports** and one of the available reports: + +- Policy Changes +- Open Non-Compliant Changes +- Resolved Non-Compliant Changes +- Compliant Changes +- Approval Override +- Managed Bundle/App Updates +- Platform Changes +- Non-Material Changes +- Deployed Changes +- What Changed + +## Policy Changes + +This report displays policy changes. This is used by change managers to monitor policies. + +The criteria for this report includes: + +- System Notes Type is Change + +## Open Non-Compliant Changes + +This report displays non-compliant changes that have not been resolved. This is used by change +managers to track changes that require action. + +The criteria for this report includes: + +- Non-Compliant Changes +- Status - Not Closed +- Manual changes and changes using a Bundle/App initiated by user + +The criteria for this report excludes: + +- Non-material changes +- Managed Bundle/App Changes + +## Resolved Non-Compliant Changes + +This report displays non-compliant changes that have been resolved. This is used by change managers +and auditors to review non-complaint changes that have been resolved. + +The criteria for this report includes: + +- Non-Compliant Changes +- Status is Closed +- Manual changes and changes using a Bundle/App initiated by user + +The criteria for this report excludes: + +- Non-material changes +- Managed Bundle/App Change + +## Compliant Changes + +This report displays changes that the system has automatically cleared as compliant. Compliant +changes are automatically marked as closed. This is used by Change Managers and auditors to review +changes that have been automatically cleared as compliant. + +The criteria for this report includes: + +- Compliant Changes +- Manual changes and changes using a Bundle/App initiated by user + +The criteria for this report excludes: + +- Non-material changes +- Managed Bundle/App Change + +## Approval Override + +This report displays changes with an Approval Override. This is used by Change Managers and auditors +to review changes that have been approved outside of the specified approval process. + +The criteria for this report includes: + +- System Notes: Context is UI +- System Notes: Field is Approval Status +- System Notes: New Value is Approved +- Status Bar State: None or Approved(Override) + +The criteria for this report excludes: + +- Managed Bundle/App Change + +## Managed Bundle/App Updates + +This report displays changes that have been initiated by managed or third-party Bundle or App +updates. + +- _Managed Bundle/Apps_ are pushed to target accounts by a third-party provider. +- _Third-Party Bundle/Apps_ are third-party products that can be updated on demand for target + accounts. These components have the same change evaluation as managed bundle/apps. Unmanaged + third-party bundles or apps must meet these conditions: + + 1. Installed from a **Production** account. + 2. Have a valid **Abstract Description**. + 3. Have a valid **Version Number**. + +The criteria for this report includes: + +- Compliant and Non-Compliant Changes +- Only changes with objects associated with Managed Bundles + +The criteria for this report excludes: + +- Non-material changes + +## Platform Changes + +This report displays platform changes to objects. + +The criteria for this report includes: + +- Non-material platform changes + +The criteria for this report excludes: + +- Non-material changes other than platform changes + +## Non-Material Changes + +This report displays changes to non-material objects. **Non-Material Object Changes** are changes +detected in the object definition not caused by human intervention and do not have any functional +impact. Examples include NetSuite internal IDs, object XML structure or JSON representation or +reordering values in a list. + +The criteria for this report includes: + +- Non-material changes + +The criteria for this report excludes: + +- Non-material Platform changes + +Here is the criteria for non-material changes: + +- System generated changes. +- XML changes that do not directly affect the object definition. For example, Script Deployment + where it shows all related scripts that are deployed to the same record. +- Customization record changes that sets references to other customizations but there is no change + in actual record definition. For example, the list customization is added as dependency to the + field customization. +- When the **Internal Id** changes for a **Script Deployment** that belongs to a **Bundle with + Update Deployment** settings which deletes the original deployment and creates a new deployment + record on bundle updates. This **Internal Id** change is flagged as non-material because a + deletion log is created. +- Initial setting of **Bundle Id** to a customization record because some customizations (for + example, **custom record field**) do not have the bundle information within their metadata. +- **Scripting/Workflow to Field Update** when a script/workflow is added as reference in the field + customization record. The valid change is documented on the **Script** or **Workflow** instead of + the field. +- Change log is flagged as duplicate after confirming the actual change date and changed by for that + customization already exists. Duplicates can occur as changes are captured from different sources + such as object metadata, audit trail, history, and system notes +- Create logs of customization where duplicated customizations (same type, name, scriptid, and + name). +- **Script File Date** has changed because of bundle update but there is no change found in the file + contents and hash. + +## Deployed Changes + +This report displays the deployed changes. + +The criteria for this report includes: + +- Non-material changes + +The criteria for this report excludes: + +- Non-compliance changes +- Managed Bundle/App Update + +## What Changed + +This report is used by Change Managers to view a complete listing of all changes in the system +excluding non-material changes. + +The criteria for this report includes: + +- Compliant and Non-Compliant Changes +- User driven and managed Bundle/App initiated changes + +The criteria for this report excludes: + +- Non-material changes diff --git a/docs/platgovnetsuite/changemanagement/_category_.json b/docs/platgovnetsuite/changemanagement/_category_.json new file mode 100644 index 0000000000..41db8404f8 --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Change Management Overview", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "change_management_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/changemanagement/approving_change_request.md b/docs/platgovnetsuite/changemanagement/approving_change_request.md new file mode 100644 index 0000000000..f8b9fba7a4 --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/approving_change_request.md @@ -0,0 +1,36 @@ +--- +title: "Approving a Change Request" +description: "Approving a Change Request" +sidebar_position: 120 +--- + +# Approving a Change Request + +Approvers are populated from the Change/Approval Policy for the Change Request. Approval +notifications are sent when the Change Request owner advances the status to **Pending Approval**. +Approvers must be [licensed](/docs/platgovnetsuite/installation/license_manager.md) Platform Governance for +NetSuite users and have the correct +[role permissions](/docs/platgovnetsuite/installation/setting_permissions.md) if they are using a custom +(non-Strongpoint) role. + +![change_request_approving_change_request](/img/product_docs/platgovnetsuite/change_management/change_request_approving_change_request.webp) + +1. Approver receives an email with a link to the Change Request. +2. When the Change Request opens, **Approve** and **Reject** buttons are available at the top of the + form: + + - If all approvers approve the Change Request, the status is changed to **Approved** or + **Approved (Override)** if an administrator approved it. Implement the changes specified by + the Change Request. + - If an approver rejects the Change Request, the status is changed to **Rejected**. You can + return the Change Request to **In Progress**, edit it, and reset it to **Pending Approval** if + there are errors or omissions. + +3. Change Request owner + [Completes and Validates the Change Request](/docs/platgovnetsuite/changemanagement/completing_validating_change_request.md). + +Administrators can approve a Change Request. The status is set to **Approved (Override)** and the +administrator's name is displayed in the **Approval Override By** field. + +Once the Change Request is approved, you cannot change the customizations attached to the Change +Request. diff --git a/docs/platgovnetsuite/change_management/approving_policy_changes.md b/docs/platgovnetsuite/changemanagement/approving_policy_changes.md similarity index 84% rename from docs/platgovnetsuite/change_management/approving_policy_changes.md rename to docs/platgovnetsuite/changemanagement/approving_policy_changes.md index 071768a69c..9f4eee6264 100644 --- a/docs/platgovnetsuite/change_management/approving_policy_changes.md +++ b/docs/platgovnetsuite/changemanagement/approving_policy_changes.md @@ -1,3 +1,9 @@ +--- +title: "Approving Policy Changes" +description: "Approving Policy Changes" +sidebar_position: 50 +--- + # Approving Policy Changes 1. Open **Strongpoint** > **Change Management Tools** > **Policy Change Approval (Beta) @@ -13,8 +19,8 @@ ![change_request_bar_approved_override](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_override.webp) 6. Click **Pending Approval** to begin the normal approval process. Approvers must be - [licensed](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) Platform Governance for NetSuite users - and have the correct [role permissions](/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md) if they + [licensed](/docs/platgovnetsuite/installation/license_manager.md) Platform Governance for NetSuite users + and have the correct [role permissions](/docs/platgovnetsuite/installation/setting_permissions.md) if they are using a custom (non-Strongpoint) role. 7. Approvers can use the link in the email notification to **Approve** or **Reject** the Policy Change. diff --git a/docs/platgovnetsuite/changemanagement/change_and_approval_policy.md b/docs/platgovnetsuite/changemanagement/change_and_approval_policy.md new file mode 100644 index 0000000000..28a13ee4cd --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/change_and_approval_policy.md @@ -0,0 +1,92 @@ +--- +title: "Change and Approval Policy" +description: "Change and Approval Policy" +sidebar_position: 10 +--- + +# Change and Approval Policy + +The Advanced Change Management system uses a set of policy records called Change and Approval +Policies. These Change and Approval Policies define: + +- Level of change management required for a given change, for example, modifying a script vs. a + search. +- Level of approval required +- Approvers + +The [Setting Up Policies](/docs/platgovnetsuite/changemanagement/setting_up_policies.md) topic has details on setting up the Change / +Approval Policies. + +When Process Issues or Change Requests are created, the impacted customizations and processes are +analyzed. The change policy that applies is identified based on the IT risk from the Customization +Record and the process risk from the Process Records. + +The Change and Approval Policy also determines the change level required for any detected changes to +be compliant. This ensures that even changes that do not go through the planned change management +process are analyzed against the policy for compliance. + +For example, a company may have multiple policies. For example: + +- **Default Policy** applies to any customization or process without a specific policy. Requires + scripted changes go through a relatively high level of review compared to non-scripted changes. +- **Financial Processes Policy** applies to the core financial processes. Under this policy, any + changes to the financial processes could require full development and testing and approval of the + CFO. +- **Critical Operational Processes Policy** applies to vital operational processes or customizations + such as those comprising a critical integration. This policy might require approval by the CFO as + well as the expert owners of the specific objects concerned. +- **Controls Policy** applies to key reports and controls listed on the policy that need specific + approval to modify and ensures there are no changes without a proper audit review. + +Once in place, the policies remind users of the level of change management required as well as +monitors the changes that do occur and raises alerts to IT if there are any change violations. + +You can create a custom change request form for a Policy Approval. Refer to +[Using Custom Change Request Forms](/docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md) for information on implementing your +custom form. + +## Non-Material Changes + +Non-material changes are changes detected in objects that are not performed by a human and do not +have functional impact. You can review these changes on the +[Non-Material Changes report](/docs/platgovnetsuite/change_management_reports.md). + +Here is the criteria for non-material changes: + +- System generated changes. +- XML changes that do not directly affect the object definition. For example, Script Deployment + where it shows all related scripts that are deployed to the same record. +- Customization record changes that sets references to other customizations but there is no change + in actual record definition. For example, the list customization is added as dependency to the + field customization. +- When the **Internal Id** changes for a **Script Deployment** that belongs to a **Bundle with + Update Deployment** settings which deletes the original deployment and creates a new deployment + record on bundle updates. This **Internal Id** change is flagged as non-material because a + deletion log is created. +- Initial setting of **Bundle Id** to a customization record because some customizations (for + example, **custom record field**) do not have the bundle information within their metadata. +- **Scripting/Workflow to Field Update** when a script/workflow is added as reference in the field + customization record. The valid change is documented on the **Script** or **Workflow** instead of + the field. +- Change log is flagged as duplicate after confirming the actual change date and changed by for that + customization already exists. Duplicates can occur as changes are captured from different sources + such as object metadata, audit trail, history, and system notes +- Create logs of customization where duplicated customizations (same type, name, scriptid, and + name). +- **Script File Date** has changed because of bundle update but there is no change found in the file + contents and hash. + +## Managed and Non-Managed Bundles + +Platform Governance for NetSuite can process changes that are bundled together as a group. There are +different processes for **Managed Bundles** (changes pushed by a third party) and **Non-Managed +Bundles** (your own packaged changes). System generated **Manage Bundle** change requests are now +created with an approved status to be consistent with the change logs (compliant) that are attached +to it. + +| Change Type | Change Request | Action When Change Detected | Status | Report | +| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------- | -------------------------- | +| Non-managed Bundle push or manual change | An open and approved change request with the **Bundle ID** in the **Affected Bundle ID** field. **Type** must be **Bundle Update** | Attach the change logs to the change request. | Compliant | Compliant Changes | +| Non-managed Bundle push or manual change | No open and approved change request exists and the object requires a change request. **Type** must be **Bundle Update** | Marks the change as **Non-compliant**. | Non-compliant | Open Non-Compliant Changes | +| Managed Bundle change pushed to Production | An open and approved change request with the **Bundle ID** in the **Affected Bundle ID** field and change request **Type** is **Managed Bundle Update** | Attach the change logs to the change request. | Compliant | Managed Bundle Changes | +| Managed Bundle change pushed to Production | No open and approved change request exists and the object requires a change request. | Creates a change request of **Type** **Managed Bundle Update**, attaches the changes to the change request and marks the change logs as **Compliant**. | Compliant | Managed Bundle Changes | diff --git a/docs/platgovnetsuite/changemanagement/change_management_overview.md b/docs/platgovnetsuite/changemanagement/change_management_overview.md new file mode 100644 index 0000000000..f7d5e093eb --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/change_management_overview.md @@ -0,0 +1,81 @@ +--- +title: "Change Management Overview" +description: "Change Management Overview" +sidebar_position: 100 +--- + +# Change Management Overview + +Closed Loop Change Management and Compliance is an enhanced change management system for changes to +NetSuite accounts using the Platform Governance for NetSuite automated documentation and change +management system. + +We extend your current change management system to enable you to: + +- Establish change management policies for different types of objects and processes. +- Route changes for approval within NetSuite. +- Authenticate that changes to the system are in accordance with applicable policies. +- Enable Opportunistic Clearance if desired, to reduce low risk non-compliant changes. +- Detect and resolve non-compliant changes. +- Manage deployments and sandbox refreshes using best practices. + +Once a change request is complete, best practice is to change the status to **Completed**. If there +are multiple open change requests referencing the same object, any changes to the object result in +the change log being associated with the oldest of the approved change requests. + +## Plan, Approve and Deploy Changes + +### Initiate with a Process Issue + +A process issue can: + +- Enable anyone with permission and access to NetSuite to initiate a ticket. +- Enable management and IT staff to triage issues and enhancements to determine if a change request + should be created. +- Be attached to Customization and Process Records to automatically determine how risky the change + is and what level of change process is required for compliance. +- Be linked to subsequent Change Requests to provide end to end reporting of changes for audit + purposes. + +The Process issue is an optional step. If you have an established ticketing system, you can continue +to use that and reference the external ticket in the Change Request. + +### Plan with a Change Request + +Change Requests are used to plan and track changes to the system. + +They allow for common actions associated with change requests including: + +- Grouping process issues. +- Planning completion targets. +- Tracking the status. +- Managing approvals. + +The **Advanced Change Management** Module provides additional functionality: + +- Automatically define the change level required for compliance based on the appropriate + [Change and Approval Policy](/docs/platgovnetsuite/changemanagement/change_and_approval_policy.md). +- Identify impacts on other customizations. +- Attach and manage test scripts. +- Manage and record Pre and Post-Deployment [Environment Comparisons](/docs/platgovnetsuite/changemanagement/comparing_environments.md). +- Archive fields. +- Delete customizations. + +Change Management can be integrated with other change tracking systems using the External Change +Request Number field. It is beneficial to use the change records since they can be linked to +processes, customizations and clean up activities. + +### Confirm with a Deployment Record + +When tracking Full Software Development Lifecycle changes, the Deployment Record enables you to +track deployment approvals. Once a Change Request is approved, this documents a change is ready for +development. At this point, a new change request with the Stage Deployment Record can be created and +tracked. + +This enables: + +- Tracking of deployment activities. +- Documentation of approvals for deployment to document that any changes that occurred during + development have been approved and that the appropriate pre-deployment checks have been completed. + +This record is linked to the original change request to enable end to end reporting of the change. diff --git a/docs/platgovnetsuite/change_management/changing_deactivating_policies.md b/docs/platgovnetsuite/changemanagement/changing_deactivating_policies.md similarity index 92% rename from docs/platgovnetsuite/change_management/changing_deactivating_policies.md rename to docs/platgovnetsuite/changemanagement/changing_deactivating_policies.md index 639f370b54..19c5aa010e 100644 --- a/docs/platgovnetsuite/change_management/changing_deactivating_policies.md +++ b/docs/platgovnetsuite/changemanagement/changing_deactivating_policies.md @@ -1,3 +1,9 @@ +--- +title: "Changing or Deactivating Policies" +description: "Changing or Deactivating Policies" +sidebar_position: 40 +--- + # Changing or Deactivating Policies Policy records determine the non compliance level of changes. Given that changes to these records diff --git a/docs/platgovnetsuite/change_management/comparing_environments.md b/docs/platgovnetsuite/changemanagement/comparing_environments.md similarity index 97% rename from docs/platgovnetsuite/change_management/comparing_environments.md rename to docs/platgovnetsuite/changemanagement/comparing_environments.md index f262c62fe3..425cc880c7 100644 --- a/docs/platgovnetsuite/change_management/comparing_environments.md +++ b/docs/platgovnetsuite/changemanagement/comparing_environments.md @@ -1,3 +1,9 @@ +--- +title: "Comparing Environments" +description: "Comparing Environments" +sidebar_position: 170 +--- + # Comparing Environments Compare Environments is a powerful tool to locate customization differences between accounts. It is @@ -37,7 +43,7 @@ Environments and to use the **Change Account** feature on a Change Requests. Repeat this process for all environments you use for environment compare or looking up customizations with the **Change Account** feature on a Change Request. Refer to -[Creating a Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md). +[Creating a Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md). ## Run Compare Environments diff --git a/docs/platgovnetsuite/change_management/completing_validating_change_request.md b/docs/platgovnetsuite/changemanagement/completing_validating_change_request.md similarity index 78% rename from docs/platgovnetsuite/change_management/completing_validating_change_request.md rename to docs/platgovnetsuite/changemanagement/completing_validating_change_request.md index 0695785ca0..9d666878cd 100644 --- a/docs/platgovnetsuite/change_management/completing_validating_change_request.md +++ b/docs/platgovnetsuite/changemanagement/completing_validating_change_request.md @@ -1,3 +1,9 @@ +--- +title: "Completing and Validating a Change Request" +description: "Completing and Validating a Change Request" +sidebar_position: 130 +--- + # Completing and Validating a Change Request Once the changes are complete, validate the Change Request and mark it **Complete**. @@ -11,9 +17,9 @@ Once the changes are complete, validate the Change Request and mark it **Complet ![deployment_validation](/img/product_docs/platgovnetsuite/change_management/deployment_validation.webp) 5. Click **Run Compare Tool**. Validate the changes are what you expected. Refer to - [Comparing Environments](/docs/platgovnetsuite/change_management/comparing_environments.md) for details. + [Comparing Environments](/docs/platgovnetsuite/changemanagement/comparing_environments.md) for details. 6. View the **Open Non-Compliant Changes** or **Compliant Changes** - [Change Management Reports](/docs/platgovnetsuite/change_management/change_management_reports.md). + [Change Management Reports](/docs/platgovnetsuite/change_management_reports.md). 7. When all changes are validated, click **Complete** on the Change Request status bar to mark it **Completed**. diff --git a/docs/platgovnetsuite/changemanagement/creating_change_request.md b/docs/platgovnetsuite/changemanagement/creating_change_request.md new file mode 100644 index 0000000000..297e512f48 --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/creating_change_request.md @@ -0,0 +1,244 @@ +--- +title: "Creating a Change Request" +description: "Creating a Change Request" +sidebar_position: 70 +--- + +# Creating a Change Request + +Before making any changes, it is important to understand the scope of the planned change, potential +impacts and the level of change required. Documentation is also available if you are using the old +[Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request_old_form.md) form. Refer to +[Setting Preferred Forms](/docs/platgovnetsuite/customization/setting_preferred_forms.md) for information on +designating your preferred Change Request form. + +SuiteCloud Development Framework (SDF) users can upload their Sandbox development file directly into +a production ITGC Change Request. The Change Request populates the scope with the existing +customizations and adds new ones to proposed customizations. + +If you want to see if the change would have an impact in your sandbox, you can also create a change +request in your sandbox account. + +## Create the Change Request + +1. Open **Strongpoint** > **Change Management Tools** > **ITGC Change Request** + The status bar displays the stage of the Change Request. A new change request displays _Not + Started_. +2. Enter information in the **Main** and **Scope** sections: + + ![change_request_new](/img/product_docs/platgovnetsuite/change_management/change_request_new.webp) + + - **Name**: Add a name to the change request. + - **Stage**: Select the type of change you want to make. + - **Change Overview**: Add a summary of the desired change. + - **Lookup Customization** launches a window where you can search for customizations in the + current account or a different account: + - Click **Change Account** to log into another account or sandbox and look up + customizations. You can use the **Set up TBA Credentials** procedure in + [Comparing Environments](/docs/platgovnetsuite/changemanagement/comparing_environments.md) to save your credentials for each + environment you use. + - Enter a **Name** and click **Lookup** to find a customization by all or part of a name. + For example, **a** shows everything beginning with **A**. + - Enter a **Script ID** and click **Lookup** to find a customization by all or part of a + Script ID. Uses **startswith** search operator and allows **%** wildcard. For example, + entering **%\_flo** returns customizations with **\_flo** in the script id. + - Select a **Type** and click **Lookup** to find all customizations of the selected type. + - Enter a **Bundle ID** and click **Lookup** to find a customization that belongs to the + Bundle. + - **Select User** from the list to search all customizations **Modified By** selected user. + This uses the **Change By** field in the change logs. The list is updated if the source + account is changed. The **User Not Determined** option is for logs without system notes, + where the user cannot be identified. **User Not Determined** can be used with the **From** + and **To** filters to search on the log creation date instead of the actual change date. + - Select dates in the **From** and/or **To** fields to search all customizations that were + changed on or after the **From** date or on or before the **To** date. Use both fields to + specify a search range. This uses the **Actual Change Date** field in the change logs. + - Enter a **Script File** name and click **Lookup** to find a customization by all or part + of the script file name. For example, **26** shows everything beginning with **26**. + - Use multiple filters to further refine your search. For example, **Name** starting with + **a** and **Type** of **List** show all **List** customizations starting with **A**. Once + the customizations are displayed: + - Hover over **Details** to see specifics of the customization. + - Click the box(es) to select one or more customizations. Check in the **Name** header to + toggle **Selecting** or **Deselecting All**.- Click **Add Selected Customizations**. If + the Customization (based on Script ID) exists in the current account it is added to the + **Customizations**. If it does not exist, it is added to the **Proposed Customizations**. + - **Customizations**: Use this field if you are changing objects that already exist in your + account. Can be used in conjunction with proposed customizations. Start typing in the entry + box for a single value, click the **Select Multiple** icon or click **Lookup Customization** + to search for customizations. + - **Add Customizations from SDF Zip file**: SuiteCloud Development Framework (SDF) users can + upload their Sandbox development file. The Change Request populates the scope with the + existing customizations and adds new ones to proposed customizations. + Click **Choose File** and navigate to your SDF zipped file. + - **Do Not ReSpider Automatically**: when unchecked, an Automatic ReSpider occurs when the + Change Request status is set to **Completed**. + The ReSpider ensures that all change logs are complete prior to changing the status. If + automatic ReSpidering is turned off, there is a risk of changes being marked as non-compliant + if the change logs are not complete when the user changes the status to **Completed**. The + default for the **Do Not ReSpider Automically** is set on the + [Configuration and Stats Change Management](/docs/platgovnetsuite/installation/installation_settings_report.md) + tab. + - **Proposed Customizations**: Use this field when you are adding customizations that do not yet + exist in your account. You can add multiple Script IDs by separating them with commas. Can be + used in conjunction with customizations that already exist. + New **Entry** and **Transaction** forms can be pre-approved by adding the Script ID of the + form. The Script ID must match the Script ID set in **Customizations** > **Forms** > **Entry + Form** (prefix **custform** is automatically added for you on the **Custom Entry Form**). All + Customizations and Proposed Customizations are evaluated to determine the Change Level. The + highest **Change Level** is used for the Change Request. | Proposed Customization | Change + Level | | --- | --- | | customworkflow, customscript, customdeploy or anything with + extensions: .js .ssp .ss | Script Object Changes | | customsearch, customreport | Searches and + Reports | | customrole | User Role Changes | | Files with extensions: .html .txt | Web-Related + Changes | | Everything else | Other Changes | + - **Affected Process(es)**: Select any processes affected by this Change Request. Select + **Import From Processes** to automatically import affected processes. + - **Affected Bundle ID/APP ID**: Use this field to specify a bundle ID or SuiteApp ID. Separate + multiple IDs with commas. Note, this does not run the Impact Analysis. To run the Impact + Analysis, use the Lookup Customization feature with a **Bundle ID**. + +3. Click **In Progress** in the status bar to indicate you are working on the Change Request. +4. **Save** the Change Request. New sections and tabs are available once you save: + + 1. **Push to Jira** button is available if the + [Jira integration](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) is available, and + [Allow NS to Push to Jira](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) is enabled. When prompted, + select the Jira project and click **Push**. A Jira ticket is created. The ticket number is + added to the **Related Change Records** tab as an **External Change Request Number**. The + customizations are added to the new Jira ticket. + 2. **Download SDF Project** button downloads the Change Request as a zip file. + 3. The **Approval** section is visible. Click **Edit to** add **Additional Approvers** or + **Approver Notes**. Click **Save** if you make changes. + + ![change_request_new_saved](/img/product_docs/platgovnetsuite/change_management/change_request_new_saved.webp) + + 4. **Impact Analysis** is automatically run. The results are shown on the **Impact Analysis** + tab. In addition to all of the direct dependencies, indirect dependencies are also considered + to determine the change level for each customization. If there are multiple change levels, + the most stringent one is applied. + + | Indirect Dependency | Change Level | Impact Analysis Results | + | ------------------------------------------------------------------ | ----------------------------- | ----------------------- | + | Record referenced by a scripted field | Scripted Objects | Dependent Scripts | + | Search referenced by a scripted field | | | + | Custom Field referenced by another scripted field | | | + | Record referenced by a workflow related field | Workflows and Related Objects | Dependent Workflows | + | Search referenced by a workflow related field | | | + | Custom Field referenced by another workflow related field | | | + | List referenced by a search related field (in a filter or formula) | Formula Objects | Critical Searches | + + There are three categories for customizations: Review any warnings or issues with the + impacted customization record(s) before you make a change. + + - Can Be Safely Deleted or Modified + - Cannot Be Safely Deleted or Modified + - Inactive Customizations (Already Deleted) + + 5. The **ERD** tab opens the visual Entity Relationship Diagram where you can easily review the + dependencies for the Customizations affected by the change request. + 6. **Related Change Record** information results are shown on the **Related Change Records** + tab: + + - Created From + - Originated System + - Originating Case (shown if record is created from a Case record) + - Originating Case Company (shown if record is created from a Case record) + - External Change Request Number + - External Link + - Parent Change Request + +5. Click **Pending Approval** in the status bar when you are finished with the Change Request. A + confirmation prompt is displayed. When confirmed, Approval Notifications are sent to the + approvers. + + ![change_request_new_pendapprove](/img/product_docs/platgovnetsuite/change_management/change_request_new_pendapprove.webp) + +6. Approvers approve or reject the Change Request. **Deploy** is available for approved Change + Requests. + + ![change_request_new_approved](/img/product_docs/platgovnetsuite/change_management/change_request_new_approved.webp) + +7. Validate the Change Request. + +## Canceling a Change Request + +You can Cancel a Change Request: + +1. **Edit** the Change Request. +2. Click **Cancel CR**. +3. Confirm cancellation when prompted. +4. Click **Save**. + +Status is changed to **Cancelled CR**. + +## Status Bar States + +![change_request_bar_not_started](/img/product_docs/platgovnetsuite/change_management/change_request_bar_not_started.webp) + +New Change Request. Click **In Progress** to advance the status. + +Impact Analysis is run when the Change Request is Saved. + +![change_request_bar_inprogress](/img/product_docs/platgovnetsuite/change_management/change_request_bar_inprogress.webp) + +Change Request **In Progress**. + +Can be demoted to **Not Started**. + +Impact Analysis is run when the Change Request is Saved. + +When ready for approval, click **Pending Approval**. + +![change_request_bar_pending](/img/product_docs/platgovnetsuite/change_management/change_request_bar_pending.webp) + +Approvers are notified. + +Approval section added to the Change Request. + +Status can be demoted. + +Status promoted based on Approvers actions. + +![change_request_bar_approved](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved.webp) + +Status when all approvers have approved. + +Can be returned to a previous status or rejected. + +**Deploy** button is available. + +![change_request_bar_approved_partial](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_partial.webp) + +Status when Change Request is partially approved. Wait for all approvers to finish. + +![change_request_bar_approved_override](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_override.webp) + +Status when an administrator has approved in place of a specified approver. + +**Approval Override by** field displays the approver. + +**Deploy** button is available. + +![change_request_bar_approved_completed](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_completed.webp) + +Approved and Completed. + +Can be returned to a previous status. + +**Deploy** button not available. + +![change_request_bar_approved_canceled](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_canceled.webp) + +Approved and Canceled. + +Can be returned to a previous status. + +**Deploy** button not available. + +![change_request_bar_rejected](/img/product_docs/platgovnetsuite/change_management/change_request_bar_rejected.webp) + +Rejected and Completed. + +Can be returned to a previous status. + +**Deploy** button not available. diff --git a/docs/platgovnetsuite/changemanagement/creating_change_request_from_case.md b/docs/platgovnetsuite/changemanagement/creating_change_request_from_case.md new file mode 100644 index 0000000000..a87a33ee6e --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/creating_change_request_from_case.md @@ -0,0 +1,23 @@ +--- +title: "Creating a Change Request from a Case" +description: "Creating a Change Request from a Case" +sidebar_position: 90 +--- + +# Creating a Change Request from a Case + +If +[Enable Case to Change Request Workflow](/docs/platgovnetsuite/installation/installation_settings_report.md) +is enabled, you can automatically create a Change Request directly from your Case: + +1. Open **Lists** > **Support** > **Cases**. +2. **View** a Case. +3. Click **Create Change Request**. + +The Change Request is created, populating the fields specified in the +[Case to Change Request Field Mapping](/docs/platgovnetsuite/installation/installation_settings_report.md) +set up. The Change Request status is set to **Not Started**. + +If the **Create Change Request** button is not visible on the Case, the +[Enable Case to Change Request Workflow](/docs/platgovnetsuite/installation/installation_settings_report.md) +is not enabled. Contact your system administrator. diff --git a/docs/platgovnetsuite/change_management/creating_change_request_old_form.md b/docs/platgovnetsuite/changemanagement/creating_change_request_old_form.md similarity index 90% rename from docs/platgovnetsuite/change_management/creating_change_request_old_form.md rename to docs/platgovnetsuite/changemanagement/creating_change_request_old_form.md index a10bfa4e3f..0ddc222841 100644 --- a/docs/platgovnetsuite/change_management/creating_change_request_old_form.md +++ b/docs/platgovnetsuite/changemanagement/creating_change_request_old_form.md @@ -1,8 +1,14 @@ +--- +title: "Creating a Change Request with the Old Form" +description: "Creating a Change Request with the Old Form" +sidebar_position: 100 +--- + # Creating a Change Request with the Old Form These are the steps to create a Change Request using the old form. Refer to -[Creating a Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md) for the new form. Refer to -[Setting Preferred Forms](/docs/platgovnetsuite/customizations/setting_preferred_forms.md) for information on +[Creating a Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md) for the new form. Refer to +[Setting Preferred Forms](/docs/platgovnetsuite/customization/setting_preferred_forms.md) for information on designating your preferred Change Request form. Before making any changes, it is important to understand the scope of the planned change, potential diff --git a/docs/platgovnetsuite/change_management/example_sample_change.md b/docs/platgovnetsuite/changemanagement/example_sample_change.md similarity index 95% rename from docs/platgovnetsuite/change_management/example_sample_change.md rename to docs/platgovnetsuite/changemanagement/example_sample_change.md index 60edcc44e7..3c2905ff97 100644 --- a/docs/platgovnetsuite/change_management/example_sample_change.md +++ b/docs/platgovnetsuite/changemanagement/example_sample_change.md @@ -1,3 +1,9 @@ +--- +title: "Example: Walkthrough Sample Changes" +description: "Example: Walkthrough Sample Changes" +sidebar_position: 160 +--- + # Example: Walkthrough Sample Changes ## New Object Compliant Change with a Change Request diff --git a/docs/platgovnetsuite/change_management/multi_environment_change_management.md b/docs/platgovnetsuite/changemanagement/multi_environment_change_management.md similarity index 94% rename from docs/platgovnetsuite/change_management/multi_environment_change_management.md rename to docs/platgovnetsuite/changemanagement/multi_environment_change_management.md index dc7d62c394..f28fd3a373 100644 --- a/docs/platgovnetsuite/change_management/multi_environment_change_management.md +++ b/docs/platgovnetsuite/changemanagement/multi_environment_change_management.md @@ -1,3 +1,9 @@ +--- +title: "Multi-Environment Change Management" +description: "Multi-Environment Change Management" +sidebar_position: 190 +--- + # Multi-Environment Change Management Multi-Environment Change Management helps you manage changes between your Production and @@ -56,7 +62,7 @@ they have an audit trail and approvals can be shown. 2. Enter the login credentials of the **Target** and **Source** Accounts. 3. Set the **Comparison Type** to **Target Newer than Source**. 4. Click the **Compare** button. - Refer to [Comparing Environments](/docs/platgovnetsuite/change_management/comparing_environments.md) for more details. + Refer to [Comparing Environments](/docs/platgovnetsuite/changemanagement/comparing_environments.md) for more details. ## Create the Deployment Record @@ -82,7 +88,7 @@ In your Production environment: 2. Enter the login credentials of the **Target** and **Source** Accounts. 3. Set the **Comparison Type** to **Target Newer than Source**. 4. Click the **Compare** button. - Refer to [Comparing Environments](/docs/platgovnetsuite/change_management/comparing_environments.md) for more details. + Refer to [Comparing Environments](/docs/platgovnetsuite/changemanagement/comparing_environments.md) for more details. ## Completing the Process diff --git a/docs/platgovnetsuite/changemanagement/opportunisticclearance/_category_.json b/docs/platgovnetsuite/changemanagement/opportunisticclearance/_category_.json new file mode 100644 index 0000000000..adc98d0248 --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/opportunisticclearance/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Opportunistic Clearance", + "position": 180, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "opportunistic_clearance" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/change_management/example_deploy_script_related_approved_change.md b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_deploy_script_related_approved_change.md similarity index 79% rename from docs/platgovnetsuite/change_management/example_deploy_script_related_approved_change.md rename to docs/platgovnetsuite/changemanagement/opportunisticclearance/example_deploy_script_related_approved_change.md index d9a326c291..157ee55d53 100644 --- a/docs/platgovnetsuite/change_management/example_deploy_script_related_approved_change.md +++ b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_deploy_script_related_approved_change.md @@ -1,3 +1,9 @@ +--- +title: "Example: Deployment or Library Script Changes related to an Approved Script Change" +description: "Example: Deployment or Library Script Changes related to an Approved Script Change" +sidebar_position: 10 +--- + # Example: Deployment or Library Script Changes related to an Approved Script Change Use Case diff --git a/docs/platgovnetsuite/change_management/example_field_changes_related_approved_change.md b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_field_changes_related_approved_change.md similarity index 83% rename from docs/platgovnetsuite/change_management/example_field_changes_related_approved_change.md rename to docs/platgovnetsuite/changemanagement/opportunisticclearance/example_field_changes_related_approved_change.md index 176e2c50e3..78e1d81837 100644 --- a/docs/platgovnetsuite/change_management/example_field_changes_related_approved_change.md +++ b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_field_changes_related_approved_change.md @@ -1,3 +1,9 @@ +--- +title: "Example: Field Changes Related to an Approved Record Change" +description: "Example: Field Changes Related to an Approved Record Change" +sidebar_position: 20 +--- + # Example: Field Changes Related to an Approved Record Change **Use Case** diff --git a/docs/platgovnetsuite/change_management/example_record_changes_related_approved_change.md b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_record_changes_related_approved_change.md similarity index 80% rename from docs/platgovnetsuite/change_management/example_record_changes_related_approved_change.md rename to docs/platgovnetsuite/changemanagement/opportunisticclearance/example_record_changes_related_approved_change.md index 44441c063c..0fb66bb66a 100644 --- a/docs/platgovnetsuite/change_management/example_record_changes_related_approved_change.md +++ b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_record_changes_related_approved_change.md @@ -1,3 +1,9 @@ +--- +title: "Example: Record Changes Related to an Approved Record Change" +description: "Example: Record Changes Related to an Approved Record Change" +sidebar_position: 30 +--- + # Example: Record Changes Related to an Approved Record Change **Use Case** diff --git a/docs/platgovnetsuite/change_management/example_search_changes_related_approved_change.md b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_search_changes_related_approved_change.md similarity index 81% rename from docs/platgovnetsuite/change_management/example_search_changes_related_approved_change.md rename to docs/platgovnetsuite/changemanagement/opportunisticclearance/example_search_changes_related_approved_change.md index 2341126cb0..d8229df36c 100644 --- a/docs/platgovnetsuite/change_management/example_search_changes_related_approved_change.md +++ b/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_search_changes_related_approved_change.md @@ -1,3 +1,9 @@ +--- +title: "Example: Search Changes Related to an Approved Workflow Change" +description: "Example: Search Changes Related to an Approved Workflow Change" +sidebar_position: 40 +--- + # Example: Search Changes Related to an Approved Workflow Change **Use Case** diff --git a/docs/platgovnetsuite/change_management/opportunistic_clearance.md b/docs/platgovnetsuite/changemanagement/opportunisticclearance/opportunistic_clearance.md similarity index 84% rename from docs/platgovnetsuite/change_management/opportunistic_clearance.md rename to docs/platgovnetsuite/changemanagement/opportunisticclearance/opportunistic_clearance.md index bf540554eb..8079c909e6 100644 --- a/docs/platgovnetsuite/change_management/opportunistic_clearance.md +++ b/docs/platgovnetsuite/changemanagement/opportunisticclearance/opportunistic_clearance.md @@ -1,3 +1,9 @@ +--- +title: "Opportunistic Clearance" +description: "Opportunistic Clearance" +sidebar_position: 180 +--- + # Opportunistic Clearance Many non-compliant change logs are generated due to one or more related objects not being included @@ -27,14 +33,14 @@ Deployment or library script changes must meet these rules to be automatically c - Customization is a deployment or library script with one of the following: - Script has an Open Approved Change Request. - Main script has an Open Approved Change Request. -- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/change_management/setting_up_policies.md). +- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/changemanagement/setting_up_policies.md). If all rules are met, the Change Request is attached to the Change Log and the log is compliant. The **Resolution Description** in the Change Log is set to **Automatically cleared in existing Open Approved CR via related customization [\_**Object Name\* \*\*(**\*ScriptID**_)]\*\*. The \_Object Name_ and _ScriptID_ are inserted from the original Change Request. The deployment or library script does not need to be present in any Open Approved Change Request. -[Example Script Use Case](/docs/platgovnetsuite/change_management/example_deploy_script_related_approved_change.md) +[Example Script Use Case](/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_deploy_script_related_approved_change.md) ### Field Changes related to an Approved Record Change @@ -44,13 +50,13 @@ Field changes must meet these rules to be automatically cleared: - Field has an Open Approved Change Request - Field has no script or workflow dependencies and the parent record has an Open Approved Change Request. -- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/change_management/setting_up_policies.md). +- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/changemanagement/setting_up_policies.md). If all rules are met, the Change Request is attached to the Change Log and the log is compliant. The **Resolution Description** in the Change Log is set to **Automatically cleared in existing Open Approved CR via related customization [\_**Field Name**\_]**. The _Field Name_ is inserted from the original Change Request. The field does not need to be present in any Open Approved Change Request. -[Example Field Change Use Case](/docs/platgovnetsuite/change_management/example_field_changes_related_approved_change.md) +[Example Field Change Use Case](/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_field_changes_related_approved_change.md) ### Record Changes related to an Approved Field Change @@ -60,13 +66,13 @@ Record changes must meet these rules to be automatically cleared: - Record has an Open Approved Change Request - Record has no script **or** workflow dependencies and any field that has the record as a parent has an Open Approved Change Request. -- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/change_management/setting_up_policies.md). +- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/changemanagement/setting_up_policies.md). If all rules are met, the Change Request is attached to the Change Log and the log is compliant. The **Resolution Description** in the Change Log is set to **Automatically cleared in existing Open Approved CR via related customization [\_**Record Name**\_]**. The _Record Name_ is inserted from the original Change Request. The record does not need to be present in any Open Approved Change -Request. [Example Record Change Use Case](/docs/platgovnetsuite/change_management/example_record_changes_related_approved_change.md) +Request. [Example Record Change Use Case](/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_record_changes_related_approved_change.md) ### Search Changes related to an Approved Workflow Change @@ -76,10 +82,10 @@ Approved Workflow changes must meet these rules to be automatically cleared: - Search is used in a workflow. - Search is not used by any script. - Related Workflow has an Open Approved Change Request. -- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/change_management/setting_up_policies.md). +- Change Request **Stage** meets the required [Policy Change Level](/docs/platgovnetsuite/changemanagement/setting_up_policies.md). If all rules are met, the Change Request is attached to the Change Log and the log is compliant. The **Resolution Description** in the Change Log is set to **Automatically cleared in existing Open Approved CR via related customization** **[\_**Search Name**\_]**. The _Search Name_ is inserted from the original Change Request.The search does not need to be present in any Open Approved Change -Request.[ Example Search Change Use Case](/docs/platgovnetsuite/change_management/example_search_changes_related_approved_change.md) +Request.[ Example Search Change Use Case](/docs/platgovnetsuite/changemanagement/opportunisticclearance/example_search_changes_related_approved_change.md) diff --git a/docs/platgovnetsuite/change_management/resolving_non_compliant_changes.md b/docs/platgovnetsuite/changemanagement/resolving_non_compliant_changes.md similarity index 92% rename from docs/platgovnetsuite/change_management/resolving_non_compliant_changes.md rename to docs/platgovnetsuite/changemanagement/resolving_non_compliant_changes.md index 1b540cc70c..b4a8ccc290 100644 --- a/docs/platgovnetsuite/change_management/resolving_non_compliant_changes.md +++ b/docs/platgovnetsuite/changemanagement/resolving_non_compliant_changes.md @@ -1,9 +1,15 @@ +--- +title: "Resolving Non-Compliant Changes" +description: "Resolving Non-Compliant Changes" +sidebar_position: 150 +--- + # Resolving Non-Compliant Changes To access the Open Non-Compliant Changes Report: 1. Open **Strongpoint** > **Change Management Reports** > **Open NonCompliant Changes** - The Non-Compliant Changes Report gives you a list of the [Change Logs](/docs/platgovnetsuite/change_management/using_change_logs.md). You + The Non-Compliant Changes Report gives you a list of the [Change Logs](/docs/platgovnetsuite/changemanagement/using_change_logs.md). You can filter the report or sort by the column heads. ![Non-Compliant Change Report](/img/product_docs/platgovnetsuite/change_management/noncompliantreport.webp) @@ -14,7 +20,7 @@ To access the Open Non-Compliant Changes Report: retroactively attach a change request to a noncompliant change and get the necessary approvals for the change to be compliant. - 1. Create a New [Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md) or open an existing one. + 1. Create a New [Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md) or open an existing one. 2. Set it to **Pending Approval**. 3. Once it is approved and complete, set the **Status** of the Change Request to **Complete**. 4. **Edit** the Change Log from the report. diff --git a/docs/platgovnetsuite/change_management/setting_up_multi_stream_approval.md b/docs/platgovnetsuite/changemanagement/setting_up_multi_stream_approval.md similarity index 96% rename from docs/platgovnetsuite/change_management/setting_up_multi_stream_approval.md rename to docs/platgovnetsuite/changemanagement/setting_up_multi_stream_approval.md index 16250a09e6..fe412b3a79 100644 --- a/docs/platgovnetsuite/change_management/setting_up_multi_stream_approval.md +++ b/docs/platgovnetsuite/changemanagement/setting_up_multi_stream_approval.md @@ -1,3 +1,9 @@ +--- +title: "Setting Up Multi-Stream Approval" +description: "Setting Up Multi-Stream Approval" +sidebar_position: 60 +--- + # Setting Up Multi-Stream Approval This process enables an administrator to select approvers other than the IT Approvers outlined on diff --git a/docs/platgovnetsuite/changemanagement/setting_up_policies.md b/docs/platgovnetsuite/changemanagement/setting_up_policies.md new file mode 100644 index 0000000000..96a75a24d7 --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/setting_up_policies.md @@ -0,0 +1,274 @@ +--- +title: "Setting Up Policies" +description: "Setting Up Policies" +sidebar_position: 20 +--- + +# Setting Up Policies + +- Policy Information general information about the policy. +- Set Up a Default Policy procedure to set up your default policy and approvers. +- Change Controls reference information for the Change Controls tab. +- Approvals reference information for the Approvals tab. +- Process Policies reference information for the Process Policies tab. +- Customization Policies reference information for the Customization Policies tab. +- Control Policies reference information for the Control Policies tab. +- SoD Policies reference information for the SoD Policies tab. +- Set Up Additional Policies set up additional policies as required. + +## Policy Information + +- **Name**: Policy name. +- **Default Policy**: Checked if it is the default policy. +- **Enable Global Object Level Policy**: Disabled by default. Check to enable. + Change Policy picking process with **Global Object Level Policy** _disabled_: + - If customizations or customization processes are attached to specific policies, pick the most + stringent policy. + - If there are no object-specific policies, pick **Default Policy**. + Change Policy picking process with **Global Object Level Policy** _enabled_: + - If customizations or customization processes are attached to specific policies, pick the most + stringent policy. + - If there are no object-specific policies, look for policies that are not attached to any + customization or process. Compare the change level among all resulting policies and the + Default Policy, then pick the most stringent policy. +- **Parent Policy**: Parent policy information to help organize policies, does not impact the + process. This field is not available when editing the Default Policy. For child policies, it can + be changed when the policy is edited. +- **Owner**: Person who created the policy. +- **Inactive**: Checked if the policy is not active. +- **Log XML Only Change**: Checked to track online changes that occur in the XML, such as NetSuite + internal changes.Recommended to leave this unchecked due to the volume of false positives you + would need to manage. + +![changeandapprovalpolicy1](/img/product_docs/platgovnetsuite/change_management/changeandapprovalpolicy1.webp) + +## Set Up a Default Policy + +1. Open **Strongpoint** > **Change Management Tools** > **Change/Approval Policy** +2. Edit the **Default Policy** so that it has the following settings: + +- **Header**: Everything in the Header should remain the same including the name Default. +- **Change Controls:** + + ![Policy Default Change Controls](/img/product_docs/platgovnetsuite/change_management/policy_default_change_controls2.webp) + +- **Approvals**: Select the policy approvers on the Approvals tab. + +3. Click **Save** + +## Change Controls + +Each object type has an independent change level. The change level specifies what approval is +required for changes to the objects to be compliant with this policy. + +### Change Levels + +**No Logs Created**: changes to these objects update the customization documentation is updated but +does not create change logs. A warning text is displayed when the Administrator sets the change +level to **No Logs Created**. + +**Log Changes Only**: changes to these objects are automatically marked compliant. + +**Process Issue Only**: changes to these objects require an **Approved Process Issue** with a status +not set to **Completed**. + +**Change Request**: changes to these objects require an **Approved Change Request** with a status +not set to **Completed**. + +**Sandbox Development & Testing**: changes to these objects require an **Approved Change Request** +in the **Stage Deployment Record** with a status not set to **Completed**. + +**Full Software Development Lifecycle**: changes to these objects require an **Approved Change +Request** in the **Stage Deployment Record** with a status not set to **Completed**, and a parent +**Change Request** attached to the **Deployment Record**. + +To add new change levels, select **New** or use the **+** next to a field when editing the policy. + +### Object Types + +#### Complex Objects + +- **Scripted Objects**: Scripts, Workflows and any object upon with a script or workflow dependency. + Default: Log Changes Only +- **Formula Objects**: Fields used in Formulas. Default: Sandbox Development & Testing +- **Workflows and Related Objects**: Changes to Workflows, or any objects used by a Workflow. When + an object is used by a Script and a Workflow, we use the higher level between Scripted Objects, + and Workflows and Related Objects change controls. Default: Change Request +- **Integration Objects**: Changes to External Records, External Fields, External Systems, and + Integrations. Default: Log Changes Only +- **Non-Managed Bundle/App Deployments**: Bundle or SuiteApp Deploy into an account, updates of the + bundle or SuiteApp object are handled by object type. (Only non-managed bundles/Apps). Default: + Sandbox Development & Testing +- **Agent Controls**: Changes to Control Searches. Default: Log Changes Only +- **Mass Updates**: Changes to Mass Updates Default: Log Changes Only + +#### Other Configurable Objects + +- **Searches and Reports**: Searches and Reports not flagged as controls or scripted. Default: + Change Request +- **Fields**: Changes to custom fields. Default: Log Changes Only +- **Lists**: Changes to custom lists. Default: Log Changes Only +- **Records**: Changes to custom records. Default: Log Changes Only +- **Groups**: Changes to groups. Default: Log Changes Only +- **Forms and Template Changes**: Changes to Forms and Templates. Default: Log Changes Only +- **Web-Related Changes**: Objects affecting web objects, for example fields displayed in a site or + any part of SuiteCommerce Advanced. Default: Log Changes Only +- **Departments/Locations/Class**: Changes to department, location, or class. Default: Log Changes + Only +- **Subsidiaries**: Changes to subsidiary. Default: Log Changes Only + +#### Access and Setup + +- **User Roles**: Changes to role assignments on the Change Control. Default: Log Changes Only +- **User Role Assignment**: Changes to user role assignments on the Change Control. Default: Log + Changes Only +- **User Role Related Objects**: Changes related to user role changes on the Change Control. + Default: Log Changes Only +- **NetSuite SetUp and Preferences**: Changes to NetSuite setup objects including accounting lists, + segments, enabled features and preferences. Default: Log Changes Only +- **Accounting Lists**: Changes to accounting lists. Default: Log Changes Only +- **Custom Segments**: Changes to custom segments. Default: Log Changes Only +- **User Offboarding**: Available when [Enhanced User Provisioning](/docs/platgovnetsuite/changemanagement/user_provisioning.md) is + enabled. +- **User Onboarding**: Available when [Enhanced User Provisioning](/docs/platgovnetsuite/changemanagement/user_provisioning.md) is enabled. + +## Approvals + +Approvers initiate the change request and enable it to move to the next stage. + +![Policy Approvals tab](/img/product_docs/platgovnetsuite/change_management/policy_approvals_tab.webp) + +Policy Change Approvers + +This section is only applies to the default policy. + +- **Preliminary Approver (Policy Change)**: Specifies the preliminary approver required for a policy + change. They are listed as the first approver in the Change Request. +- **Final Approver (Policy Change)**: Specifies the final approver required for a policy change. The + person who needs to approve after all other approvals have been obtained. + + **NOTE:** Specifying a **Final Approver** locks the default policy and all child policies. If a + user attempts to change a policy, a notice is displayed. Click **Request Approval**. The form is + launched, with your proposed changes populated. + + ![Record Save Blocked](/img/product_docs/platgovnetsuite/change_management/record_save_blocked.webp) + +ITGC Approvers + +Groups are an efficient method to specify approvers. For example, if you need one approver from each +of several company functions, you can create a group for each functional area, and select a minimum +of 1 approval. Once each group has approved, the policy moves on to the **Final Approver**. + +- **Group Name**: enter a descriptive name to identify the approvers. +- **Approvers**: click in the entry box and select approvers from the available user list. +- **No Order Required**: check the box if approvers can approve in any order. If not checked, + approvers must approve in the order specified in the **Approvers** entry. +- **Min # of Approvals Required**: select the minimum number of approvers for the group. This option + is not available if **No Order Required** is not checked. +- **Add Row**: click to add another ITGC Approver Group. Click the red **X** to delete an existing + group. + +Final Approver + +- **Final Approver**: Specifies the final approver of changes affected by given policies. +- **No Order Required**: Check this box to allow concurrent approvers. If blank, approvals route in + order. Default is blank. +- **Max # of Approvals Required**: Specifies the maximum number of approvals to consider a change + complete. If blank, all approvers are required. +- **Change ID**: Opens a form displaying the **Name**, **Old ID** and an input field for the **New + ID**. **Change ID** is available as a button when you **Edit** the policy. + +## Process Policies + +Process Policies specify which processes the policy applies to and how they should be managed. +Process Policies are only applicable if you implement Manage Process Risk. + +- **Require Affected Process Approval**: Check to require approval from process owners on the Change + Request. Default is checked. +- **Include Process Editors as Alternates**: Check to include Process Editors as alternate + approvers. Process Editors are specified on the **Continuous** **Improvement** tab of the + **Process** record. Default is not checked. +- **Require Impacted Process Approval**: Check to require approval from process owners of related + objects. Often these owners are not specifically listed in the Change Request. Default is not + checked. +- **Require Parent Process Owner Approval**: Owners of processes at or above the parent level must + approve. Default is not checked. +- **New Process**: Launches the new Process form. + +## Customization Policies + +Customization Policies specifies the objects affected by the policy. + +- **Require Object Owner Approval**: Owner of the customization record. Likely the person who + created the object. Default is not checked. Recommend checking this box. +- **Require Impacted Customization Approval**: Owner of any impacted customization record in + NetSuite. Default is not checked. +- **View** and **Customization**: Select a View and navigate to a Customization. Click **Attach** to + add the selected customization to the Policy. +- **New Customization**: Launches the new Customization form. +- **Customize View**: Launches the Active Customizations Search results. + +## Control Policies + +Control Policies specify controls for this policy. + +- **Control Assignee Approval**: Checked if there is a control assignee in Control Policies. +- **Process Owner(s)**: Checked if there are any process owners in Control Policies. +- **Control Owner**: Checked if there is a control owner in Control Policies. + +## SoD Policies + +Segregation of Duties Policies specify the approvers for this policy. + +- **SoD Preliminary Approver**: One or more preliminary SoD approvers for changes affected by the + policy. +- **SoD Final Approver**: One or more final SoD approvers for changes affected by the policy. +- **Require Change Request**: If checked, a Change Request is Required for any changes to the + policy. + +## Set Up Additional Policies + +In some cases, you may want stricter controls on certain objects. For example, many of our public +companies create a specific policy for SOX related searches, since they want it tighter than Log +Only for those objects. To set up object specific policies, the initial spider must be complete, so +you can attach the Customization Record to the policy. + +To set up additional policies: + +1. Open **Strongpoint**> **Change Management Tools** > **Change/Approval Policy** > **New** +2. Enter the policy information. +3. Assign the **Change Levels** on the **Change Controls** tab. +4. Assign the **Approvers** on the **IT Policies** tab. +5. Click **Save** +6. Click **Edit** +7. Open the **Customization Policies** tab. + +![policy_add_customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) + +- Check **Require Object Owner Approval** if needed. +- Check **Require Impacted Customization Approval** if needed. + +8. Add Customizations. Attaching customizations to the policy is how Platform Governance for + NetSuite knows a particular policy should be applied to specific objects. If there are multiple + policies applied to specific objects, the higher change level is selected to keep the change + compliant. + +- Change the **View** to help locate the desired customization. +- Enter all of part of the customization in **Customization**, or click the double down arrow icon + to select the **List** option. +- Select the customization. +- Click **Attach**. + +9. Click **Save** when you are finished adding customizations to the Policy. + +Another method to add customization is through NetSuite's **Mass Update**. Here is the basic +process. Refer to the NetSuite help for more information on Mass Update. + +1. Open **Lists** > **Mass Updates** +2. Expand **General Updates** > **Custom Records** > **Customization** +3. Use the Criteria tab to locate and **Add** your customizations. +4. Open the **Mass Update Fields** tab. +5. Locate the **Change/ Approval Policy** field. (You can use your browser’s Find function.) +6. Check the box and select your new **Policy**. +7. **Save** and run the Mass Update. +8. Save your **Change Approval Policy**. diff --git a/docs/platgovnetsuite/change_management/setting_up_subsidiary_policies.md b/docs/platgovnetsuite/changemanagement/setting_up_subsidiary_policies.md similarity index 93% rename from docs/platgovnetsuite/change_management/setting_up_subsidiary_policies.md rename to docs/platgovnetsuite/changemanagement/setting_up_subsidiary_policies.md index 77ded1d7db..bc9652aabb 100644 --- a/docs/platgovnetsuite/change_management/setting_up_subsidiary_policies.md +++ b/docs/platgovnetsuite/changemanagement/setting_up_subsidiary_policies.md @@ -1,3 +1,9 @@ +--- +title: "Setting Up Subsidiary Policies" +description: "Setting Up Subsidiary Policies" +sidebar_position: 30 +--- + # Setting Up Subsidiary Policies Subsidiary Approval enables you to set subsidiary-specific policies based on the employees using a diff --git a/docs/platgovnetsuite/change_management/use_custom_cr_forms.md b/docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md similarity index 86% rename from docs/platgovnetsuite/change_management/use_custom_cr_forms.md rename to docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md index 23f877c0c6..ed6e8b86e4 100644 --- a/docs/platgovnetsuite/change_management/use_custom_cr_forms.md +++ b/docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md @@ -1,3 +1,9 @@ +--- +title: "Using Custom Change Request Forms" +description: "Using Custom Change Request Forms" +sidebar_position: 80 +--- + # Using Custom Change Request Forms You can create custom change request forms for ITGC, Agent Pre-Approval, SoD Rule Change, SoD diff --git a/docs/platgovnetsuite/change_management/user_provisioning.md b/docs/platgovnetsuite/changemanagement/user_provisioning.md similarity index 96% rename from docs/platgovnetsuite/change_management/user_provisioning.md rename to docs/platgovnetsuite/changemanagement/user_provisioning.md index 32c021b99c..58069b14f2 100644 --- a/docs/platgovnetsuite/change_management/user_provisioning.md +++ b/docs/platgovnetsuite/changemanagement/user_provisioning.md @@ -1,3 +1,9 @@ +--- +title: "Using Enhanced User Provisioning" +description: "Using Enhanced User Provisioning" +sidebar_position: 110 +--- + # Using Enhanced User Provisioning Access management for onboarding/offboarding and access change is streamlined into a new, efficient @@ -17,7 +23,7 @@ Tools** > **ITGC Change Request**. When you view the Change Log, you see **Chan **User Role Assignment Change** instead of **User Onboarding**. You can create a custom change request form for User Provisioning. Refer to -[Using Custom Change Request Forms](/docs/platgovnetsuite/change_management/use_custom_cr_forms.md) for information on implementing your +[Using Custom Change Request Forms](/docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md) for information on implementing your custom form. ## Enable Enhanced User Provisioning diff --git a/docs/platgovnetsuite/changemanagement/using_change_logs.md b/docs/platgovnetsuite/changemanagement/using_change_logs.md new file mode 100644 index 0000000000..edc370f709 --- /dev/null +++ b/docs/platgovnetsuite/changemanagement/using_change_logs.md @@ -0,0 +1,146 @@ +--- +title: "Using Change Logs" +description: "Using Change Logs" +sidebar_position: 140 +--- + +# Using Change Logs + +Change Logs allow you to see the type of change, who made the change and view the system notes of +the NetSuite record. Change Logs are accessed from the +[Change Management Reports](/docs/platgovnetsuite/change_management_reports.md). + +Once a change request is complete, best practice is to change the status to **Completed**. If there +are multiple open change requests referencing the same object, any changes to the object result in +the change log being associated with the oldest of the approved change requests. + +To open a Change Log: + +1. Open **Strongpoint** > **Change Management Reports** and select a report. +2. Click **View** beside the Change Log to open. + +![changelog-1](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) + +If the **Actual Change Date** is empty or **Change By** is set to **Could Not Be Determined** or +**Pending Autospider**, a **Refresh Changed By** button is available. When clicked, it populates +**Actual Change Date** and **Change By** fields. + +The button is only available for Object types where the **Actual Change Date** and **Change By** +fields can be retrieved. + +![Refresh Changed By](/img/product_docs/platgovnetsuite/change_management/change_log_refresh.webp) + +## Change Log Header + +Change Logs are different based on the type of change. These are the major fields. + +**Change Log Created**: Date the Change Log was created. + +**Deletion Date**: Date a customization was deleted. Used with deleted Script Deployments. + +**Actual Change Date**: Date of the system note entry reflecting the change date. There must be an +available system note to display the date. + +**Customization**: Linked customization(s) that have changed. + +**Deleted Customization**: Name of the deleted customization. Used with deleted Script Deployments. + +**Managed Bundle/App Customization**: Checked when customizations belong to a managed bundle. + +**Changed By**: User who made the change. There must be an available system note to display the +user. + +**Deleted By**: User who made the change. Used with deleted Script Deployments. + +**Field Name**: Name of the changed field. + +**Field Script ID**: Script ID of the changed field . + +**Non-Compliance**: Checked if the change is non-compliant. + +**Policy**: Policies associated with the Change Log. + +**Change Level**: Change level required by the policy. + +**Change Type**: Type of change based on the policy. + +**Change Overview**: Overview of the change. + +- When **Systemnotes.Type** is included as result column and one of the system note lines is + **Created**, the Change Overview displays: _``**\_created** _``\_. +- When there are no system notes columns, **Change Overview** displays + _``**\_changed** _``\_. +- Deleted records display _``\*\*\_deleted_\*\*``\_ +- For grouped results with multiple records, **Change Overview** displays **See Change Data Table + for details.** + +**Related Change Request**: Change request related to the change or used to perform regression +analysis of a non-compliant change. + +**Related Process Issue**: Process issue related to the change or used to resolve it. + +**Resolution Description**: Description of any steps taken to bring the change back into compliance. + +**Non-Material Clearance Reason**: Used when a change is evaluated as non-material. **Non-Material +Object Changes** are changes detected in the object definition not caused by human intervention and +do not have any functional impact. Examples include NetSuite internal IDs, object XML structure or +JSON representation or reordering values in a list. + +**Non-Material Checked**: Indicates if the change log has been evaluated as non-material. + +**Status**: Current state of the Change Log. This field is manually set, except it is automatically +set to complete when a compliant change is complete. + +**Operation**:The reason for the Change Log. For example, **edit** or **delete**. + +**System Note Available**: Indicates a system note was found. + +**Jira Ticket Link**: Link to the Jira ticket if used to create the Change Log. + +## Values Tab + +The **Values** tab displays the changes that occurred in the Change Log. + +**Diff. View**: Highlights the changes that occurred within specific fields. + +**Diff. Summary**: Displays the difference between the old value and the new value. + +**Data Error**: Checked if a data error occurred. + +![values_tab](/img/product_docs/platgovnetsuite/change_management/values_tab.webp) + +## Finding Users Who Have Made Changes + +When you want to find out who has made changes, you can run any of the Change Reports and view who +made a change in the **Change By** column. + +The **Change By** and **Actual Date** of the change logs are retrieved using System Notes Search for +supported record types. If a System Note is not available, **Change By** displays **Could Not Be +Determined** in the Report List. + +Recorded types that are not supported can be retrieved from the AutoSpider. + +| Supported Records for System Notes Search | Change By retrieved from the AutoSpider | +| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | +| Body Field Bundle Installation Script Client Script Column Field CRM Field Custom Record Field Entity Field Item Field Item Number Field Item Option Field Library Script File List Map/Reduce Script Mass Update Script Other Field Plug-in Script Portlet Script Record Restlet Script Scheduled Script Script Deployments Setup Preference\* Suitelet Script User Event Script User Role Workflow Workflow Action Script Deleted Objects\*\* | Bundle Custom Report Entry Form Mass Update Search Transaction Form User Role / Global Permission Changes | + +\* System notes can be retrieved for: Company Preferences, Company Information, Enable Features, +Account, Foreign Currency Variance Posting Rule, Nexus, Tax Code, Taxation Type, Fair Value Formula, +Fair Value Price List, Project Expense Type, and Item Revenue Category. + +\*\* Deleted by and actual delete date are available for: Workflow, Custom Record, List, Script +Deployment, and Script. + +## Viewing System Notes + +In an open Change Log: + +1. Click on a linked **Customization** to open the Customization Record. **Strongpoint Return Jira + Ticket Info (Suitelet Script)** in this example. + + ![Change Log Customization link](/img/product_docs/platgovnetsuite/change_management/change_log_customization_link.webp) + +2. Click **Go to Record** +3. Open **System Notes** + +![systemsnotes](/img/product_docs/platgovnetsuite/change_management/systemsnotes.webp) diff --git a/docs/platgovnetsuite/clean_up/cleanup_customizations_no_active_owner.md b/docs/platgovnetsuite/clean_up/cleanup_customizations_no_active_owner.md deleted file mode 100644 index afd09d2743..0000000000 --- a/docs/platgovnetsuite/clean_up/cleanup_customizations_no_active_owner.md +++ /dev/null @@ -1,16 +0,0 @@ -# Clean Up Customizations with Inactive Owner - -Ownership of the customizations is important for clean up and accountability in the system. Owners -can become inactive if they quit using the system, or if their licenses have been marked -[Inactive](/docs/platgovnetsuite/installing_strongpoint/managing_users.md). The report criteria excludes Customization -types where owner does not apply. - -1. Open **Strongpoint** > **Clean Up** > **Inactive Owner** -2. Click **Edit** next to each Customization to change. You can right-click on **Edit** and select - Open link in a new tab or window to keep your results page available. -3. Select a new **Owner**. -4. Click **Save** - -Using multi-line direct list editing does not update the actual customization record. Best practice -is to edit the customization record so your changes are not overwritten during the next spider -process. diff --git a/docs/platgovnetsuite/clean_up/cleanup_overview.md b/docs/platgovnetsuite/clean_up/cleanup_overview.md deleted file mode 100644 index 7e5be2f411..0000000000 --- a/docs/platgovnetsuite/clean_up/cleanup_overview.md +++ /dev/null @@ -1,147 +0,0 @@ -# Clean Up Overview - -Clean up involves some or all of the following steps: - -1. Identify and remove unused customizations (searches, records, fields, scripts): - -- Completely unused -- Useless or inefficient - -2. Identify and fix improperly set-up customizations (for example, fields with generic script ids or - fields with no help). -3. Describe each object (search, field, script,workflow). -4. Assign true and meaningful owners. -5. Assign customizations to high-level processes. -6. Optimize scripts, workflows and processes. - -### Clean Up Tools - -Platform Governance for NetSuite has a series of built in Clean Up Tools to enable Administrators to -clean up their NetSuite account in an organized and efficient manner. The tools can be accessed from -**Strongpoint**> **Clean Up** or from **Strongpoint** > **Strongpoint Overview**. - -There are many types of clean up, but they generally follow the same process: - -1. Select the Approach and Tools -2. Analyze the Results -3. Organize the Results -4. Create Change Requests (if required) -5. Manage the Change or Clean Up as Appropriate -6. ReSpider - -Always check the **Last Date Spidered** on any object and re-spider that object if necessary to -ensure the information about that object is up to date. - -### Select the Approach and Tools - -There are many clean up and documentation tools available such as: - -- Unused Customizations -- Unused Scripts -- Inactive Owner -- Default ID - -Unused fields and unused fields by form do not include fields that do not store a value since there -is no Date Last Used for those objects. - -All the “Unused” tools with the exception of Unused Bundles do not include customizations from -bundles. For example, even if a field is not used, it is highly unlikely that you will delete a -field from a bundle. You would likely want to analyze the bundle usage as a whole when cleaning up. - -Consider deleting unused customizations, such as fields that have not been used in years and are not -used by any other customization, before moving onto other clean up activities. - -### Analyze the Results - -Most of the tools have the following columns. They might be in slightly different orders or omitted -based on the type of clean up. - -![cleanupfields](/img/product_docs/platgovnetsuite/clean_up/cleanupfields.webp) - -Sample Result: - -- **Edit/View:** enables you to edit or view the Customization Record for that customization. -- **Name**: the name of the customization. -- **Type**: type of customization if showing multiple types. -- **Parent**: the parent of the customization if applicable. -- **Clean Up Classification:** The clean up status. -- **Process/Steps**: processes or steps linked to the customization. -- **Quick Add Process:** enables you to link the customization to a process through direct list - editing. Multiple customizations can be added to processes in bulk. - -Other columns may include: - -- **Owner**: owner of that customization. If the owner is “Default Strongpoint User,” this means - that the owner is no longer active in the NetSuite account, so could not be linked to that - customization. -- **Link**: takes you to the actual customization. -- **ScriptID**: shows you the Script ID. -- **Description**: the customization description. - -The next three items are critical for understanding what impact changes to the customization may -have throughout the system. Being able to quickly and holistically see the impacted customizations -greatly reduces the risk of things breaking as a result of your changes. - -1. **Scripts**: displays the scripts that use that customization. -2. **Searches/Mass Updates**: displays the searches/ mass updates that use that customization. -3. **Workflows**: displays the workflows that use that customization. - -Change Requests can be created and managed through: - -- **Create Change Request**: enables you to create a new change request with a link to the - customization or customization selected. -- **Related Change Requests**: displays the change requests that the customization is linked to. - -### Organize the Results - -The results can be sorted and filtered and are required to group and manage the output for -subsequent steps. You may chose to clean up based on process or record type. - -Every Customization record has a Clean-Up Status field that enables us to track the status of the -clean-up process for that object. - -The statuses are: - -- **To Be Cleaned Up**: We are planning to clean this up, but aren’t doing so yet. -- **Send Request Info Emails**: This status triggers an email warning that the customization is - about to be deleted. -- **Under Investigation**: A holdings status when we are deciding what to do. -- **Disabled/Hidden**:Tracks that the customization has been disabled. -- **Archive**: Tracks that the data / set-up was archived. -- **Deleted**: Tracks that the customization has been deleted. The doc will be inactivated. -- **Ignore**: Removes it from the searches. -- **Specific tasks**: Fix Script Id and Reassign Owner. - -![faq-clean-up-status](/img/product_docs/platgovnetsuite/clean_up/faq-clean-up-status.webp) - -You can report on these statuses to organize your work. - -### Create Change Requests (if required) - -Some changes such as deletion, changes to scriptID and Help impact the customization itself. For -these types of changes we recommend creating a Change Request. - -However, for Clean Up, you can create new change requests and assign them to the customizations. In -the results view, “Create Change Request” creates a new change request. Once that is added to that -customization it will appear under “Related Change Requests”. You can have multiple customizations -assigned to multiple change requests as appropriate. - -![faq-clean-up-create-change-req](/img/product_docs/platgovnetsuite/clean_up/faq-clean-up-create-change-req.webp) - -### Manage the Change or Clean Up as Appropriate - -You can find more information about how to use the Change Request under Change Management. Once the -appropriate investigations are conducted and approvals are obtained the customization can be changed -as appropriate based on company policies and procedures. - -Some of the items being changed, such as the description or owner, can be direct list edited or bulk -edited like any other NetSuite data directly in a view such as Unused Fields. - -The Change Request has archiving and deletion tools to help clean up the account, for example, -[deleting unused customizations](/docs/platgovnetsuite/clean_up/cleanup_unused_customizations.md). - -### ReSpider - -At the end of the process of updating the customization record, the account should be re-spidered to -update the Customization Records that document the customizations that were changed. It can be -re-spidered just for a particular record type that is all that was changed. diff --git a/docs/platgovnetsuite/clean_up/date_last_used.md b/docs/platgovnetsuite/clean_up/date_last_used.md deleted file mode 100644 index 1edced5700..0000000000 --- a/docs/platgovnetsuite/clean_up/date_last_used.md +++ /dev/null @@ -1,85 +0,0 @@ -# Date Last Used - -Date Last Used (DLU) enables you to see what customizations have not been used recently and could be -deleted. - -Date Last Used (DLU) is captured for changes triggered by users or other customizations. Platform -Governance for NetSuite uses a System Notes search to retrieve the date last used for Fields, Saved -Searches and Records. DLU values are intended to be reasonably accurate. Complete accuracy for some -objects would require excessive processing. - -DLU is not available for display only fields. -DLU is not reliable for fields with no parent record. -DLU is not reliable in sandbox accounts as fields do not get actively used. -DLU is not reliable until the initial spider is complete, including the Make Joins. - -Date Last Used is intended to be used for clean up and is set up to be accurate within a month. -Higher levels of accuracy would require significantly more processing capacity. **The Last Used -Status** displays additional information: - -| Last Used Status | Description | -| -------------------------------------- | ----------------------------------------------------------------------------------------- | -| Use Not Checked Yet | Initial Value when a script has not yet run for a new customization. | -| Managed Bundle Object | Customization is from a Managed Bundle, not monitored in the Unused Customization Report. | -| Use Date Not Supported for This Object | DLU cannot be determined because of API limitations. | -| Used in the last 6 months | Retrieved DLU is on or after last 6 months. | -| No Use Detected | Retrieved DLU is prior to last 6 months. | - -Date Last Used for customizations is calculated in a number of different ways: - -Each night it checks all of the fields and scripts that were actually used and updates the Date Last -Used field. - -**Fields**: - -- Either the actual date of the last write to that field or date last modified of the last record - that has this populated. Can search all fields that don’t store the value. -- If it cannot find a date for a field anywhere in the database, it puts in a default date - (12/31/1969) to show that this was checked. This makes searching easier -- Periodically it checks all fields that have no date last used or a date last used of more than 1 - month ago and updates the date with an approximate date based on the date last modified of the - last record with that field used. -- DLU for fields should not be blank, so a blank DLU indicates that some scripts may not have run or - Platform Governance for NetSuite was unable to retrieve the missing data. Please contact Netwrix - Support. - -**Searches**: - -- For searches the DLU is the last time search was used that is listed in search metadata. -- Blank DLU indicates a search that have not been used since the time when NetSuite started - capturing in 2009. -- Search “Date Last Used” are checked depending upon the Time To Live specified for searches. -- Searches run in Dashboard Portlets does not update the DLU. DLU cannot be determined for searches - only used through Portlets. - -**Scripts:** - -- For scripts the DLU is the last execution date as determined by audit, error or debug logs in - server execution log. In order to get accurate data while maximizing performance, Netwrix - recommends setting all deployments to AUDIT logging status and setting at least one Audit tag. See - [Script Management](/docs/platgovnetsuite/script_management/script_mgmt_overview.md) for details. -- Blank DLU for scripts indicates that it has not been used since Platform Governance for NetSuite - was installed OR it is set in error mode and has not thrown an error. - -**Workflows**: - -- DLU is captured nightly for workflows if **Keep Instance and History** is set to **Always** - (default is **Only When Testing**) and **Enable Logging** is selected (default is **Off**) for - each workflow. - -The Saved Search **Strongpoint Unused Workflow Customizations** (customsearch_flo_unused_wf) finds -workflows and displays the **Keep Instance and History** value, enabling you to quickly see which -workflows can track the DLU. To edit the value, open the Customization record and change the value. - -Key columns in the search results: - -- **Keep Instance and History** - Must be **Always** for the DLU Spider to detect the workflow's - instance from the last 6 months. -- **Release Status** - Normally workflows in Released status are actively used. Other statuses are - Suspended, Not Initiating, and Testing. -- **Date Last Used Spidering Complete** (For the Last 6 Months) - Value is **Yes** when the DLU - spider has finished from at most 6 months previous. **No** means the DLU spider has not finished - yet. The DLU spider can take several days to finish It executes daily on a subset of dates until - it reaches 6 months. - -![Unused Workflow Customizations Search Results](/img/product_docs/platgovnetsuite/clean_up/unused_workflow_results.webp) diff --git a/docs/platgovnetsuite/clean_up/update_field_description_and_help.md b/docs/platgovnetsuite/clean_up/update_field_description_and_help.md deleted file mode 100644 index 4b88e5feca..0000000000 --- a/docs/platgovnetsuite/clean_up/update_field_description_and_help.md +++ /dev/null @@ -1,16 +0,0 @@ -# Update Field Description and Help - -Documentation only changes are always compliant. If -[Opportunistic Clearance](/docs/platgovnetsuite/change_management/opportunistic_clearance.md) is on, this object change -is reported in the Change Log as **Documentation Change** for the **Change Type** and the -**Resolution** set to _Automatically cleared documentation change. Only Help or Description -changed_. The Change Log is closed. - -1. Open **Strongpoint** > **Clean Up** > **Update Field Description and Help**You can filter the - results or check **Description/Help is Empty** to focus the **Field List**. Click on a column - heading in the **Field List** to sort the list by the selected column. - - ![cust_ui_help_update](/img/product_docs/platgovnetsuite/clean_up/cust_ui_help_update.webp) - -2. Add or edit **Description** and **Help** text. -3. Click **Update** diff --git a/docs/platgovnetsuite/cleanup/_category_.json b/docs/platgovnetsuite/cleanup/_category_.json new file mode 100644 index 0000000000..b0fee82dc7 --- /dev/null +++ b/docs/platgovnetsuite/cleanup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Clean Up Overview", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "cleanup_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/clean_up/archive_fields.md b/docs/platgovnetsuite/cleanup/archive_fields.md similarity index 90% rename from docs/platgovnetsuite/clean_up/archive_fields.md rename to docs/platgovnetsuite/cleanup/archive_fields.md index 041318c584..98c29add7f 100644 --- a/docs/platgovnetsuite/clean_up/archive_fields.md +++ b/docs/platgovnetsuite/cleanup/archive_fields.md @@ -1,3 +1,9 @@ +--- +title: "Archive Fields" +description: "Archive Fields" +sidebar_position: 70 +--- + # Archive Fields When cleaning up your account with Platform Governance for NetSuite clean up tools, you may find @@ -25,5 +31,5 @@ Click on the **Archive Customizations** if you find your customizations under ** Deleted or Modified** and under **Warning it says Not Archived** ![archivefields2](/img/product_docs/platgovnetsuite/clean_up/archivefields2.webp)7. Once your customizations are processed and archived, your customizations are listed under **Can be -Safely Deleted or Modified**. Your [archive folder](/docs/platgovnetsuite/clean_up/set_up_archive_folder.md) has the CSV file you +Safely Deleted or Modified**. Your [archive folder](/docs/platgovnetsuite/cleanup/set_up_archive_folder.md) has the CSV file you can download. The file name has the field type and the script ID. diff --git a/docs/platgovnetsuite/cleanup/cleanup_customizations_no_active_owner.md b/docs/platgovnetsuite/cleanup/cleanup_customizations_no_active_owner.md new file mode 100644 index 0000000000..2894ea567e --- /dev/null +++ b/docs/platgovnetsuite/cleanup/cleanup_customizations_no_active_owner.md @@ -0,0 +1,22 @@ +--- +title: "Clean Up Customizations with Inactive Owner" +description: "Clean Up Customizations with Inactive Owner" +sidebar_position: 20 +--- + +# Clean Up Customizations with Inactive Owner + +Ownership of the customizations is important for clean up and accountability in the system. Owners +can become inactive if they quit using the system, or if their licenses have been marked +[Inactive](/docs/platgovnetsuite/installation/managing_users.md). The report criteria excludes Customization +types where owner does not apply. + +1. Open **Strongpoint** > **Clean Up** > **Inactive Owner** +2. Click **Edit** next to each Customization to change. You can right-click on **Edit** and select + Open link in a new tab or window to keep your results page available. +3. Select a new **Owner**. +4. Click **Save** + +Using multi-line direct list editing does not update the actual customization record. Best practice +is to edit the customization record so your changes are not overwritten during the next spider +process. diff --git a/docs/platgovnetsuite/clean_up/cleanup_default_ids.md b/docs/platgovnetsuite/cleanup/cleanup_default_ids.md similarity index 90% rename from docs/platgovnetsuite/clean_up/cleanup_default_ids.md rename to docs/platgovnetsuite/cleanup/cleanup_default_ids.md index c63c6b5bfb..c86236c58b 100644 --- a/docs/platgovnetsuite/clean_up/cleanup_default_ids.md +++ b/docs/platgovnetsuite/cleanup/cleanup_default_ids.md @@ -1,3 +1,9 @@ +--- +title: "Clean Up Scripts with Default IDs" +description: "Clean Up Scripts with Default IDs" +sidebar_position: 30 +--- + # Clean Up Scripts with Default IDs Default IDs significantly increase the cost and risks associated with any development work, and are diff --git a/docs/platgovnetsuite/cleanup/cleanup_overview.md b/docs/platgovnetsuite/cleanup/cleanup_overview.md new file mode 100644 index 0000000000..2e26c2fd6e --- /dev/null +++ b/docs/platgovnetsuite/cleanup/cleanup_overview.md @@ -0,0 +1,153 @@ +--- +title: "Clean Up Overview" +description: "Clean Up Overview" +sidebar_position: 50 +--- + +# Clean Up Overview + +Clean up involves some or all of the following steps: + +1. Identify and remove unused customizations (searches, records, fields, scripts): + +- Completely unused +- Useless or inefficient + +2. Identify and fix improperly set-up customizations (for example, fields with generic script ids or + fields with no help). +3. Describe each object (search, field, script,workflow). +4. Assign true and meaningful owners. +5. Assign customizations to high-level processes. +6. Optimize scripts, workflows and processes. + +### Clean Up Tools + +Platform Governance for NetSuite has a series of built in Clean Up Tools to enable Administrators to +clean up their NetSuite account in an organized and efficient manner. The tools can be accessed from +**Strongpoint**> **Clean Up** or from **Strongpoint** > **Strongpoint Overview**. + +There are many types of clean up, but they generally follow the same process: + +1. Select the Approach and Tools +2. Analyze the Results +3. Organize the Results +4. Create Change Requests (if required) +5. Manage the Change or Clean Up as Appropriate +6. ReSpider + +Always check the **Last Date Spidered** on any object and re-spider that object if necessary to +ensure the information about that object is up to date. + +### Select the Approach and Tools + +There are many clean up and documentation tools available such as: + +- Unused Customizations +- Unused Scripts +- Inactive Owner +- Default ID + +Unused fields and unused fields by form do not include fields that do not store a value since there +is no Date Last Used for those objects. + +All the “Unused” tools with the exception of Unused Bundles do not include customizations from +bundles. For example, even if a field is not used, it is highly unlikely that you will delete a +field from a bundle. You would likely want to analyze the bundle usage as a whole when cleaning up. + +Consider deleting unused customizations, such as fields that have not been used in years and are not +used by any other customization, before moving onto other clean up activities. + +### Analyze the Results + +Most of the tools have the following columns. They might be in slightly different orders or omitted +based on the type of clean up. + +![cleanupfields](/img/product_docs/platgovnetsuite/clean_up/cleanupfields.webp) + +Sample Result: + +- **Edit/View:** enables you to edit or view the Customization Record for that customization. +- **Name**: the name of the customization. +- **Type**: type of customization if showing multiple types. +- **Parent**: the parent of the customization if applicable. +- **Clean Up Classification:** The clean up status. +- **Process/Steps**: processes or steps linked to the customization. +- **Quick Add Process:** enables you to link the customization to a process through direct list + editing. Multiple customizations can be added to processes in bulk. + +Other columns may include: + +- **Owner**: owner of that customization. If the owner is “Default Strongpoint User,” this means + that the owner is no longer active in the NetSuite account, so could not be linked to that + customization. +- **Link**: takes you to the actual customization. +- **ScriptID**: shows you the Script ID. +- **Description**: the customization description. + +The next three items are critical for understanding what impact changes to the customization may +have throughout the system. Being able to quickly and holistically see the impacted customizations +greatly reduces the risk of things breaking as a result of your changes. + +1. **Scripts**: displays the scripts that use that customization. +2. **Searches/Mass Updates**: displays the searches/ mass updates that use that customization. +3. **Workflows**: displays the workflows that use that customization. + +Change Requests can be created and managed through: + +- **Create Change Request**: enables you to create a new change request with a link to the + customization or customization selected. +- **Related Change Requests**: displays the change requests that the customization is linked to. + +### Organize the Results + +The results can be sorted and filtered and are required to group and manage the output for +subsequent steps. You may chose to clean up based on process or record type. + +Every Customization record has a Clean-Up Status field that enables us to track the status of the +clean-up process for that object. + +The statuses are: + +- **To Be Cleaned Up**: We are planning to clean this up, but aren’t doing so yet. +- **Send Request Info Emails**: This status triggers an email warning that the customization is + about to be deleted. +- **Under Investigation**: A holdings status when we are deciding what to do. +- **Disabled/Hidden**:Tracks that the customization has been disabled. +- **Archive**: Tracks that the data / set-up was archived. +- **Deleted**: Tracks that the customization has been deleted. The doc will be inactivated. +- **Ignore**: Removes it from the searches. +- **Specific tasks**: Fix Script Id and Reassign Owner. + +![faq-clean-up-status](/img/product_docs/platgovnetsuite/clean_up/faq-clean-up-status.webp) + +You can report on these statuses to organize your work. + +### Create Change Requests (if required) + +Some changes such as deletion, changes to scriptID and Help impact the customization itself. For +these types of changes we recommend creating a Change Request. + +However, for Clean Up, you can create new change requests and assign them to the customizations. In +the results view, “Create Change Request” creates a new change request. Once that is added to that +customization it will appear under “Related Change Requests”. You can have multiple customizations +assigned to multiple change requests as appropriate. + +![faq-clean-up-create-change-req](/img/product_docs/platgovnetsuite/clean_up/faq-clean-up-create-change-req.webp) + +### Manage the Change or Clean Up as Appropriate + +You can find more information about how to use the Change Request under Change Management. Once the +appropriate investigations are conducted and approvals are obtained the customization can be changed +as appropriate based on company policies and procedures. + +Some of the items being changed, such as the description or owner, can be direct list edited or bulk +edited like any other NetSuite data directly in a view such as Unused Fields. + +The Change Request has archiving and deletion tools to help clean up the account, for example, +[deleting unused customizations](/docs/platgovnetsuite/cleanup/cleanup_unused_customizations.md). + +### ReSpider + +At the end of the process of updating the customization record, the account should be re-spidered to +update the Customization Records that document the customizations that were changed. It can be +re-spidered just for a particular record type that is all that was changed. diff --git a/docs/platgovnetsuite/clean_up/cleanup_unused_customizations.md b/docs/platgovnetsuite/cleanup/cleanup_unused_customizations.md similarity index 98% rename from docs/platgovnetsuite/clean_up/cleanup_unused_customizations.md rename to docs/platgovnetsuite/cleanup/cleanup_unused_customizations.md index 4b32f0fd96..2904ef455c 100644 --- a/docs/platgovnetsuite/clean_up/cleanup_unused_customizations.md +++ b/docs/platgovnetsuite/cleanup/cleanup_unused_customizations.md @@ -1,3 +1,9 @@ +--- +title: "Clean Up Unused Customizations" +description: "Clean Up Unused Customizations" +sidebar_position: 10 +--- + # Clean Up Unused Customizations Platform Governance for NetSuite has powerful tools to analyze, organize and delete unused diff --git a/docs/platgovnetsuite/cleanup/date_last_used.md b/docs/platgovnetsuite/cleanup/date_last_used.md new file mode 100644 index 0000000000..7f7d418264 --- /dev/null +++ b/docs/platgovnetsuite/cleanup/date_last_used.md @@ -0,0 +1,91 @@ +--- +title: "Date Last Used" +description: "Date Last Used" +sidebar_position: 50 +--- + +# Date Last Used + +Date Last Used (DLU) enables you to see what customizations have not been used recently and could be +deleted. + +Date Last Used (DLU) is captured for changes triggered by users or other customizations. Platform +Governance for NetSuite uses a System Notes search to retrieve the date last used for Fields, Saved +Searches and Records. DLU values are intended to be reasonably accurate. Complete accuracy for some +objects would require excessive processing. + +DLU is not available for display only fields. +DLU is not reliable for fields with no parent record. +DLU is not reliable in sandbox accounts as fields do not get actively used. +DLU is not reliable until the initial spider is complete, including the Make Joins. + +Date Last Used is intended to be used for clean up and is set up to be accurate within a month. +Higher levels of accuracy would require significantly more processing capacity. **The Last Used +Status** displays additional information: + +| Last Used Status | Description | +| -------------------------------------- | ----------------------------------------------------------------------------------------- | +| Use Not Checked Yet | Initial Value when a script has not yet run for a new customization. | +| Managed Bundle Object | Customization is from a Managed Bundle, not monitored in the Unused Customization Report. | +| Use Date Not Supported for This Object | DLU cannot be determined because of API limitations. | +| Used in the last 6 months | Retrieved DLU is on or after last 6 months. | +| No Use Detected | Retrieved DLU is prior to last 6 months. | + +Date Last Used for customizations is calculated in a number of different ways: + +Each night it checks all of the fields and scripts that were actually used and updates the Date Last +Used field. + +**Fields**: + +- Either the actual date of the last write to that field or date last modified of the last record + that has this populated. Can search all fields that don’t store the value. +- If it cannot find a date for a field anywhere in the database, it puts in a default date + (12/31/1969) to show that this was checked. This makes searching easier +- Periodically it checks all fields that have no date last used or a date last used of more than 1 + month ago and updates the date with an approximate date based on the date last modified of the + last record with that field used. +- DLU for fields should not be blank, so a blank DLU indicates that some scripts may not have run or + Platform Governance for NetSuite was unable to retrieve the missing data. Please contact Netwrix + Support. + +**Searches**: + +- For searches the DLU is the last time search was used that is listed in search metadata. +- Blank DLU indicates a search that have not been used since the time when NetSuite started + capturing in 2009. +- Search “Date Last Used” are checked depending upon the Time To Live specified for searches. +- Searches run in Dashboard Portlets does not update the DLU. DLU cannot be determined for searches + only used through Portlets. + +**Scripts:** + +- For scripts the DLU is the last execution date as determined by audit, error or debug logs in + server execution log. In order to get accurate data while maximizing performance, Netwrix + recommends setting all deployments to AUDIT logging status and setting at least one Audit tag. See + [Script Management](/docs/platgovnetsuite/scriptmgmt/script_mgmt_overview.md) for details. +- Blank DLU for scripts indicates that it has not been used since Platform Governance for NetSuite + was installed OR it is set in error mode and has not thrown an error. + +**Workflows**: + +- DLU is captured nightly for workflows if **Keep Instance and History** is set to **Always** + (default is **Only When Testing**) and **Enable Logging** is selected (default is **Off**) for + each workflow. + +The Saved Search **Strongpoint Unused Workflow Customizations** (customsearch_flo_unused_wf) finds +workflows and displays the **Keep Instance and History** value, enabling you to quickly see which +workflows can track the DLU. To edit the value, open the Customization record and change the value. + +Key columns in the search results: + +- **Keep Instance and History** - Must be **Always** for the DLU Spider to detect the workflow's + instance from the last 6 months. +- **Release Status** - Normally workflows in Released status are actively used. Other statuses are + Suspended, Not Initiating, and Testing. +- **Date Last Used Spidering Complete** (For the Last 6 Months) - Value is **Yes** when the DLU + spider has finished from at most 6 months previous. **No** means the DLU spider has not finished + yet. The DLU spider can take several days to finish It executes daily on a subset of dates until + it reaches 6 months. + +![Unused Workflow Customizations Search Results](/img/product_docs/platgovnetsuite/clean_up/unused_workflow_results.webp) diff --git a/docs/platgovnetsuite/clean_up/restore_fields.md b/docs/platgovnetsuite/cleanup/restore_fields.md similarity index 95% rename from docs/platgovnetsuite/clean_up/restore_fields.md rename to docs/platgovnetsuite/cleanup/restore_fields.md index f37160ac41..91fd24f452 100644 --- a/docs/platgovnetsuite/clean_up/restore_fields.md +++ b/docs/platgovnetsuite/cleanup/restore_fields.md @@ -1,3 +1,9 @@ +--- +title: "Restore Fields" +description: "Restore Fields" +sidebar_position: 80 +--- + # Restore Fields There is not a direct restore tool for fields, however you can get your archived fields back using diff --git a/docs/platgovnetsuite/clean_up/set_up_archive_folder.md b/docs/platgovnetsuite/cleanup/set_up_archive_folder.md similarity index 93% rename from docs/platgovnetsuite/clean_up/set_up_archive_folder.md rename to docs/platgovnetsuite/cleanup/set_up_archive_folder.md index 64402cce66..5e3ced4858 100644 --- a/docs/platgovnetsuite/clean_up/set_up_archive_folder.md +++ b/docs/platgovnetsuite/cleanup/set_up_archive_folder.md @@ -1,3 +1,9 @@ +--- +title: "Set Up the Archive Folder" +description: "Set Up the Archive Folder" +sidebar_position: 60 +--- + # Set Up the Archive Folder Advanced Change Management allows data within customization to be archived during the Clean Up diff --git a/docs/platgovnetsuite/cleanup/update_field_description_and_help.md b/docs/platgovnetsuite/cleanup/update_field_description_and_help.md new file mode 100644 index 0000000000..4e0c7b1a04 --- /dev/null +++ b/docs/platgovnetsuite/cleanup/update_field_description_and_help.md @@ -0,0 +1,22 @@ +--- +title: "Update Field Description and Help" +description: "Update Field Description and Help" +sidebar_position: 40 +--- + +# Update Field Description and Help + +Documentation only changes are always compliant. If +[Opportunistic Clearance](/docs/platgovnetsuite/changemanagement/opportunisticclearance/opportunistic_clearance.md) is on, this object change +is reported in the Change Log as **Documentation Change** for the **Change Type** and the +**Resolution** set to _Automatically cleared documentation change. Only Help or Description +changed_. The Change Log is closed. + +1. Open **Strongpoint** > **Clean Up** > **Update Field Description and Help**You can filter the + results or check **Description/Help is Empty** to focus the **Field List**. Click on a column + heading in the **Field List** to sort the list by the selected column. + + ![cust_ui_help_update](/img/product_docs/platgovnetsuite/clean_up/cust_ui_help_update.webp) + +2. Add or edit **Description** and **Help** text. +3. Click **Update** diff --git a/docs/platgovnetsuite/customization/_category_.json b/docs/platgovnetsuite/customization/_category_.json new file mode 100644 index 0000000000..dff80d4dd4 --- /dev/null +++ b/docs/platgovnetsuite/customization/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Customizations Overview", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "customization_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/customizations/customization_overview.md b/docs/platgovnetsuite/customization/customization_overview.md similarity index 89% rename from docs/platgovnetsuite/customizations/customization_overview.md rename to docs/platgovnetsuite/customization/customization_overview.md index e412cbd871..61cfee1b6b 100644 --- a/docs/platgovnetsuite/customizations/customization_overview.md +++ b/docs/platgovnetsuite/customization/customization_overview.md @@ -1,3 +1,9 @@ +--- +title: "Customizations Overview" +description: "Customizations Overview" +sidebar_position: 40 +--- + # Customizations Overview Customization records are documentation about each customization. They are automatically built and diff --git a/docs/platgovnetsuite/customizations/identify_impacted_objects.md b/docs/platgovnetsuite/customization/identify_impacted_objects.md similarity index 96% rename from docs/platgovnetsuite/customizations/identify_impacted_objects.md rename to docs/platgovnetsuite/customization/identify_impacted_objects.md index 564c887d19..595791ba1c 100644 --- a/docs/platgovnetsuite/customizations/identify_impacted_objects.md +++ b/docs/platgovnetsuite/customization/identify_impacted_objects.md @@ -1,3 +1,9 @@ +--- +title: "Identifying Impacted Objects" +description: "Identifying Impacted Objects" +sidebar_position: 40 +--- + # Identifying Impacted Objects You can find impacted objects in several ways: @@ -80,7 +86,7 @@ name brings up the customization record. ## ERD Search Form The ERD search form enables you to search by different record types. You can also use it to create a -Process Issue or a Change Request. Refer to [Enabling the ERD Search](/docs/platgovnetsuite/customizations/using_erd.md). +Process Issue or a Change Request. Refer to [Enabling the ERD Search](/docs/platgovnetsuite/customization/using_erd.md). From the ERD Search Form, you can search by: diff --git a/docs/platgovnetsuite/customizations/integration_record.md b/docs/platgovnetsuite/customization/integration_record.md similarity index 91% rename from docs/platgovnetsuite/customizations/integration_record.md rename to docs/platgovnetsuite/customization/integration_record.md index cbb29b9540..f7580b9b72 100644 --- a/docs/platgovnetsuite/customizations/integration_record.md +++ b/docs/platgovnetsuite/customization/integration_record.md @@ -1,3 +1,9 @@ +--- +title: "Integration Records" +description: "Integration Records" +sidebar_position: 70 +--- + # Integration Records Platform Governance for NetSuite documents your NetSuite integrations, creating an **Integration diff --git a/docs/platgovnetsuite/customizations/pdf_html_templates.md b/docs/platgovnetsuite/customization/pdf_html_templates.md similarity index 93% rename from docs/platgovnetsuite/customizations/pdf_html_templates.md rename to docs/platgovnetsuite/customization/pdf_html_templates.md index 59bde59c34..c714517bbb 100644 --- a/docs/platgovnetsuite/customizations/pdf_html_templates.md +++ b/docs/platgovnetsuite/customization/pdf_html_templates.md @@ -1,3 +1,9 @@ +--- +title: "Advanced PDF / HTML Templates" +description: "Advanced PDF / HTML Templates" +sidebar_position: 60 +--- + # Advanced PDF / HTML Templates These templates customize print and email transactions, improving the NetSuite standard templates. diff --git a/docs/platgovnetsuite/customizations/setting_preferred_forms.md b/docs/platgovnetsuite/customization/setting_preferred_forms.md similarity index 85% rename from docs/platgovnetsuite/customizations/setting_preferred_forms.md rename to docs/platgovnetsuite/customization/setting_preferred_forms.md index 82bac961b2..a17ec9a76c 100644 --- a/docs/platgovnetsuite/customizations/setting_preferred_forms.md +++ b/docs/platgovnetsuite/customization/setting_preferred_forms.md @@ -1,3 +1,9 @@ +--- +title: "Setting Preferred Forms" +description: "Setting Preferred Forms" +sidebar_position: 50 +--- + # Setting Preferred Forms You can set the preferred form to use for specific tasks. diff --git a/docs/platgovnetsuite/customization/understanding_customization_record.md b/docs/platgovnetsuite/customization/understanding_customization_record.md new file mode 100644 index 0000000000..082a821a0e --- /dev/null +++ b/docs/platgovnetsuite/customization/understanding_customization_record.md @@ -0,0 +1,101 @@ +--- +title: "Understanding the Customization Record" +description: "Understanding the Customization Record" +sidebar_position: 10 +--- + +# Understanding the Customization Record + +Customization records are the documentation about each customization. They are normally built and +maintained by the Spiders. They enable you to search the customizations and attach them to +processes. + +Customization records tell you: + +- What customizations exist (or used to exist) in an account. +- Who is using the customizations. +- Which customizations are being used. +- What joins exist between customizations. +- Detailed automated documentation (search filters and formulas, related fields, scripts, searches + and records). + +A Customization is a meta record of the NetSuite customization that is created by the spider +process. Links to other customizations and processes are captured and managed in this record. + +## Understanding the Customization Record + +Selecting **Strongpoint**> **Customizations** > **Customization** opens a list of customization +records, or move the mouse further right to create a **New** customization or to **Search** for a +customization. + +### Fields + +The main section of the Customization Record summarizes the key information for the object. + +- **Base Record**: Displays the linked parent record. For Saved Searches it displays the Object + Type. +- **Owner**: Displays the current owner of the record. +- **Description**: Displays the record description. If description is blank, you can click **Edit** + to manually enter it. +- **Type**: Displays the record's NetSuite Object Type. +- **Internal Id**: Displays the record’s internal ID. +- **Scriptid**: Displays the record’s Script ID. +- **Related Objects**: Summarizes the related object dependencies by object type. Click links to + open detailed view. For example, there could be multiple scripts and workflows that depend on this + object. Click links to open detailed view as shown. + +![cust_ui_related_objects](/img/product_docs/platgovnetsuite/customizations/cust_ui_related_objects.webp) + +### Buttons + +- **Edit**: Opens the record for editing. +- **Back**: returns to the customization list. +- **Respider** **Now**: This button triggers the Spider and updates the documentation for this + specific record. +- **Go to Record**: Displays the actual record from NetSuite. +- **Create Test**: Opens a new Test Record for the customization. + +### Tabs + +The tabs provide detailed information about the customization: + +- **Detailed Metadata**: Details about the customization including Fields, Values, Bundle / SuiteApp + information, [Date Last Used](/docs/platgovnetsuite/cleanup/date_last_used.md), Last Used Status, and who uses the + customization. Information varies depending on the customization type. For example, Workflow + customizations include States, Actions, and Workflow Fields not applicable when viewing Field + customizations. +- **ERD**: Displays the Entity-Relationship Diagram centered around this customization. +- **Clean Up**: Comments, classification and clean up status associated with the customization. + Search records have additional fields for Automated Search Clean Up alerts, rules, and status. +- **Change Log**: Displays the change log for the customization. +- **Related Change Log**: Displays any related change logs for the customization. +- **SoD**: Displays Segregation of Duties details for user role customizations. +- **Controls**: Displays searches enabling you to set the search as a Control. + +#### Bundle / SuiteApp Information + +This information is available on the Detailed Metadata tab for all customization types. They appear +on the +[Managed Bundle/App Updates](/docs/platgovnetsuite/change_management_reports.md#managed-bundleapp-updates) +report. + +- _Managed Bundle/SuiteApps_ are pushed to target accounts by a third-party provider. +- _Third-Party Bundle/SuiteApps_ are third-party products that can be updated on demand for target + accounts. These components have the same change evaluation as managed bundle/apps. Unmanaged + third-party bundles or apps must meet these conditions: + + 1. Installed from a **Production** account. + 2. Have a valid **Abstract Description**. + 3. Have a valid **Version Number**. + +#### Detailed Metadata tab + +![cust_ui_detailed_metadata](/img/product_docs/platgovnetsuite/customizations/cust_ui_detailed_metadata.webp) + +#### Detailed Metadata tab for Script Customizations + +![cust_ui_detailed_metadata_scripts](/img/product_docs/platgovnetsuite/customizations/cust_ui_detailed_metadata_scripts.webp) + +#### Detailed Metadata tab with Data Sources Integration + +![cust_ui_detailed_metadata_data_sources](/img/product_docs/platgovnetsuite/customizations/cust_ui_detailed_metadata_data_sources.webp) diff --git a/docs/platgovnetsuite/customization/using_erd.md b/docs/platgovnetsuite/customization/using_erd.md new file mode 100644 index 0000000000..5343e696bb --- /dev/null +++ b/docs/platgovnetsuite/customization/using_erd.md @@ -0,0 +1,63 @@ +--- +title: "Using the ERD" +description: "Using the ERD" +sidebar_position: 20 +--- + +# Using the ERD + +The Entity Relationship Diagram, **ERD** is a visual representation of your Customizations where you +can easily review the relationships and dependencies. The ERD is easily accessible: + +- **Strongpoint** > **Customizations** > **ERD View** +- ERD Search, refer to Enabling the ERD Search on the Dashboard +- Tabs on various pages, for example, Customization record, Change Requests, and Process Issues. + +The ERD provides a way to look at customizations by record type. A left click on the customization +name brings up the customization record. + +1. Open **Strongpoint**> **Customizations** > **ERD View** +2. Select a **Record Type** from the list. +3. Add any options: + + - **Field Name Filter**: enter all or part of a field name to filter the results. + - **Date Last Used Filter**: enter a date range to filter the results. + - **Hide standard fields without relationships**: check this box to hide all standard fields + that do not have relationships from the results. + - **Hide all standard fields**: check this box to hide all standard fields from the results. + - **Hide all fields without custom relationships**: check this box to hide all unused fields + that do not have custom relationships from the results. + - **Hide Unused fields**: check this box to hide all unused fields from the results, based on + the DLU. + +4. Click **Show Record ERD**. + + ![erd-view](/img/product_docs/platgovnetsuite/customizations/erd-view.webp) + +5. Click on any item to expand the view. For large lists, click **More** to see the additional + items. + External sources headers are highlighted in green. + + ![ERD with an External Source](/img/product_docs/platgovnetsuite/customizations/celigo_erd.webp) + +6. Click **Open Record** on any Customization to open the actual record. + +## Enabling the ERD Search on the Dashboard + +To enable the ERD Search: + +1. From NetSuite **Home**, go to **Personalize** (On the right-hand side of the page.) +2. Select **Custom Portlet**. (If it shows many Custom Portlets, you can pick any one of them.) +3. Choose **Set Up** +4. Under **Custom Content**, select **Strongpoint ERD Search Form** +5. Click **Save** + +![erdsearchform-1](/img/product_docs/platgovnetsuite/customizations/erdsearchform-1.webp) + +From the ERD Search Form, you can search by: + +- Customization Type +- Script ID +- Name +- Parent +- Quick Add diff --git a/docs/platgovnetsuite/customizations/understanding_customization_record.md b/docs/platgovnetsuite/customizations/understanding_customization_record.md deleted file mode 100644 index ed0af563b6..0000000000 --- a/docs/platgovnetsuite/customizations/understanding_customization_record.md +++ /dev/null @@ -1,95 +0,0 @@ -# Understanding the Customization Record - -Customization records are the documentation about each customization. They are normally built and -maintained by the Spiders. They enable you to search the customizations and attach them to -processes. - -Customization records tell you: - -- What customizations exist (or used to exist) in an account. -- Who is using the customizations. -- Which customizations are being used. -- What joins exist between customizations. -- Detailed automated documentation (search filters and formulas, related fields, scripts, searches - and records). - -A Customization is a meta record of the NetSuite customization that is created by the spider -process. Links to other customizations and processes are captured and managed in this record. - -## Understanding the Customization Record - -Selecting **Strongpoint**> **Customizations** > **Customization** opens a list of customization -records, or move the mouse further right to create a **New** customization or to **Search** for a -customization. - -### Fields - -The main section of the Customization Record summarizes the key information for the object. - -- **Base Record**: Displays the linked parent record. For Saved Searches it displays the Object - Type. -- **Owner**: Displays the current owner of the record. -- **Description**: Displays the record description. If description is blank, you can click **Edit** - to manually enter it. -- **Type**: Displays the record's NetSuite Object Type. -- **Internal Id**: Displays the record’s internal ID. -- **Scriptid**: Displays the record’s Script ID. -- **Related Objects**: Summarizes the related object dependencies by object type. Click links to - open detailed view. For example, there could be multiple scripts and workflows that depend on this - object. Click links to open detailed view as shown. - -![cust_ui_related_objects](/img/product_docs/platgovnetsuite/customizations/cust_ui_related_objects.webp) - -### Buttons - -- **Edit**: Opens the record for editing. -- **Back**: returns to the customization list. -- **Respider** **Now**: This button triggers the Spider and updates the documentation for this - specific record. -- **Go to Record**: Displays the actual record from NetSuite. -- **Create Test**: Opens a new Test Record for the customization. - -### Tabs - -The tabs provide detailed information about the customization: - -- **Detailed Metadata**: Details about the customization including Fields, Values, Bundle / SuiteApp - information, [Date Last Used](/docs/platgovnetsuite/clean_up/date_last_used.md), Last Used Status, and who uses the - customization. Information varies depending on the customization type. For example, Workflow - customizations include States, Actions, and Workflow Fields not applicable when viewing Field - customizations. -- **ERD**: Displays the Entity-Relationship Diagram centered around this customization. -- **Clean Up**: Comments, classification and clean up status associated with the customization. - Search records have additional fields for Automated Search Clean Up alerts, rules, and status. -- **Change Log**: Displays the change log for the customization. -- **Related Change Log**: Displays any related change logs for the customization. -- **SoD**: Displays Segregation of Duties details for user role customizations. -- **Controls**: Displays searches enabling you to set the search as a Control. - -#### Bundle / SuiteApp Information - -This information is available on the Detailed Metadata tab for all customization types. They appear -on the -[Managed Bundle/App Updates](/docs/platgovnetsuite/change_management/change_management_reports.md#managed-bundleapp-updates) -report. - -- _Managed Bundle/SuiteApps_ are pushed to target accounts by a third-party provider. -- _Third-Party Bundle/SuiteApps_ are third-party products that can be updated on demand for target - accounts. These components have the same change evaluation as managed bundle/apps. Unmanaged - third-party bundles or apps must meet these conditions: - - 1. Installed from a **Production** account. - 2. Have a valid **Abstract Description**. - 3. Have a valid **Version Number**. - -#### Detailed Metadata tab - -![cust_ui_detailed_metadata](/img/product_docs/platgovnetsuite/customizations/cust_ui_detailed_metadata.webp) - -#### Detailed Metadata tab for Script Customizations - -![cust_ui_detailed_metadata_scripts](/img/product_docs/platgovnetsuite/customizations/cust_ui_detailed_metadata_scripts.webp) - -#### Detailed Metadata tab with Data Sources Integration - -![cust_ui_detailed_metadata_data_sources](/img/product_docs/platgovnetsuite/customizations/cust_ui_detailed_metadata_data_sources.webp) diff --git a/docs/platgovnetsuite/customizations/using_erd.md b/docs/platgovnetsuite/customizations/using_erd.md deleted file mode 100644 index 46edac6ead..0000000000 --- a/docs/platgovnetsuite/customizations/using_erd.md +++ /dev/null @@ -1,57 +0,0 @@ -# Using the ERD - -The Entity Relationship Diagram, **ERD** is a visual representation of your Customizations where you -can easily review the relationships and dependencies. The ERD is easily accessible: - -- **Strongpoint** > **Customizations** > **ERD View** -- ERD Search, refer to Enabling the ERD Search on the Dashboard -- Tabs on various pages, for example, Customization record, Change Requests, and Process Issues. - -The ERD provides a way to look at customizations by record type. A left click on the customization -name brings up the customization record. - -1. Open **Strongpoint**> **Customizations** > **ERD View** -2. Select a **Record Type** from the list. -3. Add any options: - - - **Field Name Filter**: enter all or part of a field name to filter the results. - - **Date Last Used Filter**: enter a date range to filter the results. - - **Hide standard fields without relationships**: check this box to hide all standard fields - that do not have relationships from the results. - - **Hide all standard fields**: check this box to hide all standard fields from the results. - - **Hide all fields without custom relationships**: check this box to hide all unused fields - that do not have custom relationships from the results. - - **Hide Unused fields**: check this box to hide all unused fields from the results, based on - the DLU. - -4. Click **Show Record ERD**. - - ![erd-view](/img/product_docs/platgovnetsuite/customizations/erd-view.webp) - -5. Click on any item to expand the view. For large lists, click **More** to see the additional - items. - External sources headers are highlighted in green. - - ![ERD with an External Source](/img/product_docs/platgovnetsuite/customizations/celigo_erd.webp) - -6. Click **Open Record** on any Customization to open the actual record. - -## Enabling the ERD Search on the Dashboard - -To enable the ERD Search: - -1. From NetSuite **Home**, go to **Personalize** (On the right-hand side of the page.) -2. Select **Custom Portlet**. (If it shows many Custom Portlets, you can pick any one of them.) -3. Choose **Set Up** -4. Under **Custom Content**, select **Strongpoint ERD Search Form** -5. Click **Save** - -![erdsearchform-1](/img/product_docs/platgovnetsuite/customizations/erdsearchform-1.webp) - -From the ERD Search Form, you can search by: - -- Customization Type -- Script ID -- Name -- Parent -- Quick Add diff --git a/docs/platgovnetsuite/faq.md b/docs/platgovnetsuite/faq.md index 554b25f6c9..1e15814e0f 100644 --- a/docs/platgovnetsuite/faq.md +++ b/docs/platgovnetsuite/faq.md @@ -1,3 +1,9 @@ +--- +title: "FAQ" +description: "FAQ" +sidebar_position: 200 +--- + # FAQ Platform Governance for NetSuite is a stress-free change management and compliance software for diff --git a/docs/platgovnetsuite/installation/_category_.json b/docs/platgovnetsuite/installation/_category_.json new file mode 100644 index 0000000000..01901be930 --- /dev/null +++ b/docs/platgovnetsuite/installation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation Overview", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installation_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/installation/features_by_license_type.md b/docs/platgovnetsuite/installation/features_by_license_type.md new file mode 100644 index 0000000000..a9917ef047 --- /dev/null +++ b/docs/platgovnetsuite/installation/features_by_license_type.md @@ -0,0 +1,69 @@ +--- +title: "Features by License Type" +description: "Features by License Type" +sidebar_position: 80 +--- + +# Features by License Type + +Lists the menus and menu items based on license type. + +Menus and items not available for your license type are automatically hidden. + +- Documentation and Optimization +- Intelligent Change Management +- Enterprise + +## Documentation and Optimization + +| **Standard Menus** | **Menu Items** | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Strongpoint Overview | | +| Strongpoint Support | User Guide Contact Support License Manager Installation Settings Stop Strongpoint Scripts Start Strongpoint Scripts | +| Tools | Strongpoint Spider Strongpoint SQL Library Standard Field Impact Analysis | +| Customization | ERD View Customization Quick Search Customization Impact Search Form | +| Clean Up | Open Clean-Up Status View Unused Customizations Unused Scripts Inactive Owner Default ID (eg custbody8) Clean-Up Status: Awaiting Info Update Field Description and Help | +| Automated Search Clean Up | Search Clean Up Rules Search Clean Up Status Archived Searches Retained Searches Searches To Be Archived | +| Script Management | Critical Scripts Utilization Error Report Yesterday's Script Errors Released Scripts in DEBUG Log Status Last Run Date By Script Active Script Deployments Not In AUDIT Log Status Scripts With No Audit Tags Tagged Scripts With No Data | +| **Optional Menus** | **Menu Items** | +| --- | --- | +| Manage Process | Process Processes Missing Overview Processes Missing Description Processes With No Test Scripts Process Participants | +| Map Customizations | Bundles with No Process Scripts with No Process Scripted Objects with No Process Workflows with No Process Workflow Objects with No Process Custom Records with No Process Custom Record Fields with No Process Active Searches with No Process Customizations with No Process | +| Process Issues | Process Issue Process Issue Overview | +| User Management | Employees with Standard Roles Employees with Unused Logins Employee Permission Changes | +| Integrations | Salesforce Connector Mapping Tool External Systems ERD External Systems External Customizations External Mapped Customizations Strongpoint Integration Processes Changes to External Customizations | +| Archives | Customization Archive Process Archive Processes Pending Deletion (3 Days) | + +## Intelligent Change Management + +| **Standard Menus** | **Menu Items** | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Change Management Tools | Change / Approval Policy New ITGC Change request [Beta] Change Request Compare Environments | +| Change Management Reports | Policy Changes Open Noncompliant Changes Resolved Noncompliant Changes Compliant Changes Approval Override Managed Bundle Changes Platform Changes What Changed Non-Material Changes1 Consolidated Change By Type Deployed Changes | +| **Optional Menus** | **Menu Items** | +| --- | --- | +| Testing | Test Record Tests Overview Processes with No Test Script Untested Customizations | +| Implementation | Implementation Assignments and Status Planned Customizations Processes with No Work Instructions Improvement Projects | + +1 **Non-Material Object Changes** are changes detected in the object definition not caused by human +intervention and do not have any functional impact. Examples include NetSuite internal IDs, object +XML structure or JSON representation or reordering values in a list. + +All of the Documentation and Optimization menu items are available to the Intelligent Change +Management license. + +## Enterprise + +All of the Documentation and Optimization and Intelligent Change Management menu items are available +to the Enterprise license. + +| **Standard Menus** | **Menu Items** | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Financial Controls | Controls Control Change Requests Unresolved Control Incidents Resolved Control Incidents Results Pre-Approved Control Incidents | +| SoD Rule | SoD Rule Library | +| SoD Risk Management | SoD Risk Analysis SoD Risk and Control Matrix | +| SoD Processing Status | SoD Processing Status | +| SoD Incident Management Reports | Unresolved SoD Incidents Resolved SoD Incidents Compliant SoD Incidents SoD Incidents (Resolved/Unresolved) by Employee SoD Blocked Incidents (Resolved/Unresolved) by Employee | +| SoD Audit Report | SoD Rules with Blocking On SoD Rules Status Changes User Role SoD Violations | +| SoD Change Management | SoD Pre-Approval Change Request New SoD Change Request New SoD Rule Change | +| SoD Employee Access Reports | Employee Access Review Report Employees With Administrator Role Employees Roles Assigned/Changed Employees Permissions Assigned/Changed | diff --git a/docs/platgovnetsuite/installing_strongpoint/go_live_faq.md b/docs/platgovnetsuite/installation/go_live_faq.md similarity index 92% rename from docs/platgovnetsuite/installing_strongpoint/go_live_faq.md rename to docs/platgovnetsuite/installation/go_live_faq.md index b507072b3e..1f7db09253 100644 --- a/docs/platgovnetsuite/installing_strongpoint/go_live_faq.md +++ b/docs/platgovnetsuite/installation/go_live_faq.md @@ -1,3 +1,9 @@ +--- +title: "Go Live Frequently Asked Questions" +description: "Go Live Frequently Asked Questions" +sidebar_position: 110 +--- + # Go Live Frequently Asked Questions Here is a list of common questions customers have asked after they Go Live. @@ -51,7 +57,7 @@ Customizations can be added to any open Change Request. On the Change Request, c Customization** to launch a window where you can search for customizations, or enter existing customizations in the **Customizations** field. The **Proposed Customizations** are for new customizations that do not exist in any account. Refer to -[Creating a Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md) for details. +[Creating a Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md) for details. ## Search for Customizations @@ -98,7 +104,7 @@ If the AutoSpider is not run, your Change Logs will be missing the **Changed by* Change Date** fields. When the Change Log is newly created, the fields contain **Pending AutoSpider**. If too many days go by, the fields change to **Could not be determined**. -Refer to [Setting Up the AutoSpider and Alerts](/docs/platgovnetsuite/installing_strongpoint/running_the_spider.md) for details. +Refer to [Setting Up the AutoSpider and Alerts](/docs/platgovnetsuite/installation/running_the_spider.md) for details. ## New Script Deployments on Non-Compliant Changes Report @@ -111,7 +117,7 @@ Deployment Record on the Change Request. To properly add and deploy a script: 4. Add the Deployment Record to the Change Request. 5. Deploy the script. -If your site uses [Opportunistic Clearance](/docs/platgovnetsuite/change_management/opportunistic_clearance.md), the +If your site uses [Opportunistic Clearance](/docs/platgovnetsuite/changemanagement/opportunisticclearance/opportunistic_clearance.md), the deployment record is handled automatically. You should make sure you understand all of the ramifications of Opportunistic Clearance prior to enabling it for your account. @@ -134,4 +140,4 @@ No action is required to fix this situation. ## You do not have a Valid License Message If a user sees a License message, you need to grant them a license. Refer to the -[License Manager](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) topic. +[License Manager](/docs/platgovnetsuite/installation/license_manager.md) topic. diff --git a/docs/platgovnetsuite/installation/installation_overview.md b/docs/platgovnetsuite/installation/installation_overview.md new file mode 100644 index 0000000000..18bbcb8d4e --- /dev/null +++ b/docs/platgovnetsuite/installation/installation_overview.md @@ -0,0 +1,28 @@ +--- +title: "Installation Overview" +description: "Installation Overview" +sidebar_position: 20 +--- + +# Installation Overview + +Installing Platform Governance for NetSuite is straight forward. Follow the steps in these topics to +install the bundle, set access for the Strongpoint tab on the NetSuite toolbar, and manage users. +There is a **Next Step** link at the end of each installation topic. + +The bundle is installed using processor architecture for scheduled scripts. All deployments are set +to low priority. + +1. [Installing Strongpoint](/docs/platgovnetsuite/installation/installing_strongpoint.md) +2. [Running the Spider](/docs/platgovnetsuite/installation/running_the_spider.md) +3. [Setting Up AutoSpider and Alerts](/docs/platgovnetsuite/installation/setting_up_auto_spider_alerts.md) +4. [Managing Users](/docs/platgovnetsuite/installation/managing_users.md) +5. [Setting Access to the Strongpoint Tab](/docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md) +6. [Setting Role Permissions](/docs/platgovnetsuite/installation/setting_permissions.md) + +Once your installation is complete, you can review the +[Installation Settings](/docs/platgovnetsuite/installation/installation_settings_report.md) report. + +Optional menu items are hidden by default to keep the menus clean and easy to use. If users do not +see a menu item, they can turn it on through [Menu Management](/docs/platgovnetsuite/installation/managing_menus.md), assuming the +feature is included in your [License Type](/docs/platgovnetsuite/installation/features_by_license_type.md). diff --git a/docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md b/docs/platgovnetsuite/installation/installation_settings_report.md similarity index 92% rename from docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md rename to docs/platgovnetsuite/installation/installation_settings_report.md index 5bbc734b89..3496dec492 100644 --- a/docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md +++ b/docs/platgovnetsuite/installation/installation_settings_report.md @@ -1,3 +1,9 @@ +--- +title: "Installation Settings Report" +description: "Installation Settings Report" +sidebar_position: 100 +--- + # Installation Settings Report Your **Installation Settings** report provides a comprehensive and live view of the Platform @@ -69,7 +75,7 @@ Accesses change management features: - **Enable Opportunistic Clearance**: enables automatic clearance of qualifying low risk non-compliant changes. Default is off. - **Enable Case to Change Request Workflow**: enables the workflow - [Create Change Request from Case](/docs/platgovnetsuite/change_management/creating_change_request_from_case.md), + [Create Change Request from Case](/docs/platgovnetsuite/changemanagement/creating_change_request_from_case.md), based on the provided mappings. **Change Request Field Mapping** includes an optional Formula to handle complex fields. After the **Enable Case to Change Request Workflow** is enabled, a **Create Change Request** button is available on the **Case** record (**Lists** > **Support** > @@ -78,7 +84,7 @@ Accesses change management features: ![Example of a Formula in the Case to Change Request Field Mapping](/img/product_docs/platgovnetsuite/installing_strongpoint/casetocrformula.webp) - **Do Not ReSpider Automatically**: sets the default condition for the **Do Not ReSpider Automatically** setting on the - [ITGC Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md). The default is + [ITGC Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md). The default is unchecked. When enabled, an automatic ReSpider occurs when a Change Request status is changed to **Completed**. This starts the ReSpider and ensures that all change logs are complete prior to @@ -86,7 +92,7 @@ Accesses change management features: marked as non-compliant if the change logs are not complete when the user changes the status to **Completed**. - **Enhanced User Provisioning**: enables access management for onboarding/offboarding and access - change using the **[User Access Change Request](/docs/platgovnetsuite/change_management/user_provisioning.md)**. + change using the **[User Access Change Request](/docs/platgovnetsuite/changemanagement/user_provisioning.md)**. - **Enable Auto-Provisioning**: automatically implement the onboarding changes approved though the **User Provisioning Change Request** when **Enhanced User Provisioning** is enabled. - **Enable Auto-Role Removal**: automatically implement the offboarding changes approved though the @@ -101,7 +107,7 @@ Accesses change management features: - **SoD Rule Change** - **CR Email Template**: if you customize your **SoD Exemption Approval** or **SoD Rule Change Approval** CR Templates, add them here so they are not overwritten when the next bundle is - installed. Refer to [Advanced PDF / HTML Templates](/docs/platgovnetsuite/customizations/pdf_html_templates.md). + installed. Refer to [Advanced PDF / HTML Templates](/docs/platgovnetsuite/customization/pdf_html_templates.md). ![CR Email Template section on the Installation Settings Change Management tab](/img/product_docs/platgovnetsuite/installing_strongpoint/change_management_cr_email_template.webp) ### Installation @@ -140,15 +146,15 @@ the page drop down icon to create a new User Note. ### Jira Integration Specifies the Jira credentials to use when Jira and Platform Governance for NetSuite are integrated. -Refer to [Jira Integration](/docs/platgovnetsuite/integrations/jira_integration.md) for more information. +Refer to [Jira Integration](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) for more information. ### ServiceNow Integration Specifies the ServiceNow credentials to use when ServiceNow and Platform Governance for NetSuite are -integrated. Refer to [ServiceNow Integration](/docs/platgovnetsuite/integrations/servicenow_integration.md) for more +integrated. Refer to [ServiceNow Integration](/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_integration.md) for more information. ### Menu Management Enables hiding menu items you do not use, to improve navigation. Refer to -[Managing Menus](/docs/platgovnetsuite/installing_strongpoint/managing_menus.md) for more information. +[Managing Menus](/docs/platgovnetsuite/installation/managing_menus.md) for more information. diff --git a/docs/platgovnetsuite/installation/installing_strongpoint.md b/docs/platgovnetsuite/installation/installing_strongpoint.md new file mode 100644 index 0000000000..83dfbe9946 --- /dev/null +++ b/docs/platgovnetsuite/installation/installing_strongpoint.md @@ -0,0 +1,73 @@ +--- +title: "Installing Platform Governance for NetSuite" +description: "Installing Platform Governance for NetSuite" +sidebar_position: 10 +--- + +# Installing Platform Governance for NetSuite + +To get Platform Governance for NetSuite up and running, you need to do the following: + +1. [Install the bundle](#install-the-bundle) using the correct bundle name and the bundle ID. +2. [Set the number of rows in list segments](#set-the-number-of-row-in-list-segments) to 1,000. This + is a NetSuite best practice +3. [Assign a Strongpoint License](#assign-a-license). +4. [Run the spider](running_the_spider). The spider scans your account in a standardized manner. A + series of scheduled scripts is run to document the connections between the customizations. + +Starting with Version 6.2.5, queues and priority allocation are deprecated. The bundle is now +installed using processor architecture for scheduled scripts. All deployments are set to low +priority. + +## Install the Bundle + +The Bundle ID has been updated due to NetSuite changes. + +1. Log into your NetSuite account with the administrator role. +2. Open **Customization** > **SuiteBundler** > **Search & Install Bundles** +3. Enter **294336** in **Keywords** +4. Click **Search** + + ![Search for the Strongpoint Bundle](/img/product_docs/platgovnetsuite/installing_strongpoint/searchandinstallbundles.webp) + +5. Click **Strongpoint** +6. Click **Install** to start the bundle installation. +7. Verify the installation is complete. Open **Customization** > **SuiteBundler** > **Search & + Install Bundles** > **List** + In the **Installed Bundles** list, the **Strongpoint** bundle is marked with a green check in the + **Status** column when the bundle is installed. + + ![Verify Strongpoint Bundle Installation](/img/product_docs/platgovnetsuite/installing_strongpoint/verify_bundle_install.webp) + +## Set the Number of Row in List Segments + +It is important that you set your NUMBER OF ROWS IN LIST SEGMENTS to 1,000. This is a NetSuite best +practice and critical for the proper spidering of your workflows. If you are unable to edit this +field, refer to +[Cannot Change the Number of Rows in List Segments](/docs/platgovnetsuite/reportabug/list_segments_not_editable.md) + +To set the Number of Rows in List Segments: + +1. Select **Set Preferences** from **Home** on the NetSuite main menu. +2. Go to **Optimizing NetSuite**. +3. Set the value to **1,000**. +4. Click **Save**. + +If the field is grayed out, it should be set as a **Company Preference:** + +1. Select **Company Preferences** from **Set Up** > **General Preferences** on the NetSuite main + menu. +2. Find the field **Number of Rows in List Segments** +3. Set the value to **1,000** +4. Click **Save** + +## Assign a License + +1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** +2. Click **View**. +3. Click **New Licensed User**. +4. Click **Edit** by your name. +5. Select **Full** for **License Type**. +6. Click **Save**. + +**Next Step:** [Running the Spider](running_the_spider) diff --git a/docs/platgovnetsuite/installation/license_manager.md b/docs/platgovnetsuite/installation/license_manager.md new file mode 100644 index 0000000000..28f19bc9c9 --- /dev/null +++ b/docs/platgovnetsuite/installation/license_manager.md @@ -0,0 +1,67 @@ +--- +title: "License Manager" +description: "License Manager" +sidebar_position: 70 +--- + +# License Manager + +The License Manager is where you manage your Platform Governance for NetSuite license and licensed +users. Contact your customer service representative if you need modifications to your license. + +If the **Take Web Site Offline for Maintenance** option is changed, you must use the +**Strongpoint** > **Strongpoint Support** > **License Manager** > **Get Lic. Number** + Or re-push the bundle to update the Spider link. + +## Add a New License + +1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** +2. Depending on your account settings, you may have to click **View** to see the account record. + + ![Add a New License.](/img/product_docs/platgovnetsuite/installing_strongpoint/license_new.webp) + +3. Click **Get Lic. Number** if the **License Number** is blank. If the License Number is not blank, + continue with the next step. +4. Click **New Licensed User**. + + ![Add a licensed user](/img/product_docs/platgovnetsuite/installing_strongpoint/license_new_user.webp) + +5. Select a **User**. +6. Set **License Type** to **Full**. +7. Click **Save**. + +## Edit or View an Existing License + +1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** +2. Click **Edit** if you need to modify your **Weekly Reports Recipients** or your **License + Number** or click **View** to [Manage Users](/docs/platgovnetsuite/installation/managing_users.md). +3. Click **Save** if you make changes. + +## License Manager Buttons and Fields + +Some buttons and fields are only visible when you **Edit** the License. + +- **Change ID**: changes the NetSuite ID of the license. +- **Get Lic. Number**: click to update your license if you have made modifications such as + renewing, adding seats, or adding modules. This feature is available after Netwrix notifies you + your license modifications are complete. +- **Full License End Date**: displays the end date of the current subscription. +- **Full License Count**: displays the number of **Full** licenses active in your account. +- **License Number**: displays your license. +- **License Type**: displays your purchased License Type, controlling what + [Features](/docs/platgovnetsuite/installation/features_by_license_type.md) you can access. License Types are **Documentation and + Optimization**, **Intelligent Change Management** and **Enterprise**. +- **Edition**: displays your NetSuite Edition. +- **Subsidiaries**: displays the number of operating subsidiaries you have in your OneWorld account. + Platform Governance for NetSuite does not count subsidiaries that are only used for financial + transactions or as an elimination subsidiary. +- **View**: select **Strongpoint Licensed Users** to filter the view and see the user information. +- **Licensed User**: select a user number and click the Open icon that appears if you hover next to + the field to open the user record. +- **New Licensed User**: opens the **Licensed User** form. +- **Edit**: opens the **Licensed User** form for the selected **User**. + +Click on a column heading to toggle the sort order based on the column contents. By default, the +records are sorted alphabetically by **User** name. + +NetSuite displays 25 records per page. Use the drop down to select other pages of records. diff --git a/docs/platgovnetsuite/installing_strongpoint/managing_menus.md b/docs/platgovnetsuite/installation/managing_menus.md similarity index 94% rename from docs/platgovnetsuite/installing_strongpoint/managing_menus.md rename to docs/platgovnetsuite/installation/managing_menus.md index 61a133e597..d2fb383351 100644 --- a/docs/platgovnetsuite/installing_strongpoint/managing_menus.md +++ b/docs/platgovnetsuite/installation/managing_menus.md @@ -1,3 +1,9 @@ +--- +title: "Managing Menus" +description: "Managing Menus" +sidebar_position: 90 +--- + # Managing Menus Menus can be personalized by hiding menu items you do not use. Hiding items only affects the current diff --git a/docs/platgovnetsuite/installation/managing_users.md b/docs/platgovnetsuite/installation/managing_users.md new file mode 100644 index 0000000000..1b4b65b752 --- /dev/null +++ b/docs/platgovnetsuite/installation/managing_users.md @@ -0,0 +1,38 @@ +--- +title: "Managing Users" +description: "Managing Users" +sidebar_position: 40 +--- + +# Managing Users + +Users are managed through the **[**License Manager**](/docs/platgovnetsuite/installation/license_manager.md)**. + +## Add a User: + +1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** +2. Click **View** +3. Click **New Licensed User** +4. Open the **User** dropdown. Select an existing NetSuite user name or select New to open a new + **Employee** Form. +5. Select the **License Type**. +6. Click **Save**. + +## Edit a User + +1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** +2. Click **View** +3. Select **Strongpoint Licensed Users** from **View**. +4. Click **Edit** by the User name. +5. Change the information and click **Save**. + +## Inactivate a Licensed User + +1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** +2. Click **View** +3. Select **Strongpoint Licensed Users** from **View**. +4. Click **Edit** by the User name. +5. Click to mark the **Inactive** box. +6. Click **Save**. + +**Next Step:** [Setting Tab Access](/docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md) diff --git a/docs/platgovnetsuite/installing_strongpoint/redeploy_scripts_sandbox.md b/docs/platgovnetsuite/installation/redeploy_scripts_sandbox.md similarity index 89% rename from docs/platgovnetsuite/installing_strongpoint/redeploy_scripts_sandbox.md rename to docs/platgovnetsuite/installation/redeploy_scripts_sandbox.md index 89b6634a39..d7e757aba1 100644 --- a/docs/platgovnetsuite/installing_strongpoint/redeploy_scripts_sandbox.md +++ b/docs/platgovnetsuite/installation/redeploy_scripts_sandbox.md @@ -1,3 +1,9 @@ +--- +title: "Redeploy Scripts After Sandbox Refresh" +description: "Redeploy Scripts After Sandbox Refresh" +sidebar_position: 120 +--- + # Redeploy Scripts After Sandbox Refresh NetSuite has removed the scheduled status on scripts after a sandbox is refreshed. This stops the diff --git a/docs/platgovnetsuite/installing_strongpoint/running_the_spider.md b/docs/platgovnetsuite/installation/running_the_spider.md similarity index 97% rename from docs/platgovnetsuite/installing_strongpoint/running_the_spider.md rename to docs/platgovnetsuite/installation/running_the_spider.md index 9b22da7864..a493a73033 100644 --- a/docs/platgovnetsuite/installing_strongpoint/running_the_spider.md +++ b/docs/platgovnetsuite/installation/running_the_spider.md @@ -1,10 +1,16 @@ +--- +title: "Running the Spider" +description: "Running the Spider" +sidebar_position: 20 +--- + # Running the Spider The first time the spider is run the entire account is scanned. Subsequent spider runs scan the changes since the last run. The **Strongpoint** tab is only available to Administrators unless you specifically add it to other -roles. Refer to [Setting Access and Permissions](/docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md) for more +roles. Refer to [Setting Access and Permissions](/docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md) for more information. You must keep this window open for the spider to complete. Do not change roles or accounts during @@ -158,4 +164,4 @@ Spiders that run during off peak hours begin running at the hour set on the scri 5:00 pm based on the company timezone if not set. Negative Spiders are run sequentially. -**Next Step:** [ Setting Up the AutoSpider and Alerts](/docs/platgovnetsuite/installing_strongpoint/setting_up_auto_spider_alerts.md) +**Next Step:** [ Setting Up the AutoSpider and Alerts](/docs/platgovnetsuite/installation/setting_up_auto_spider_alerts.md) diff --git a/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md b/docs/platgovnetsuite/installation/setting_permissions.md similarity index 97% rename from docs/platgovnetsuite/installing_strongpoint/setting_permissions.md rename to docs/platgovnetsuite/installation/setting_permissions.md index ecdabdc1c9..c9cc8b2dd8 100644 --- a/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md +++ b/docs/platgovnetsuite/installation/setting_permissions.md @@ -1,3 +1,9 @@ +--- +title: "Setting Role Permissions" +description: "Setting Role Permissions" +sidebar_position: 60 +--- + # Setting Role Permissions The **Access Type** for Platform Governance for NetSuite Custom **Record Types** is set to **Use @@ -5,8 +11,8 @@ Permission List**. This controls access using Roles, Permission Lists and Strong verification to prevent unauthorized users from changing the records. Users with Roles not included in the Permission List for a record type are denied access. -Remember to give your [licensed](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) users access to the -[Strongpoint tab](/docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md). +Remember to give your [licensed](/docs/platgovnetsuite/installation/license_manager.md) users access to the +[Strongpoint tab](/docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md). To use Platform Governance for NetSuite with your custom roles, add the record types to the permission list for each role. The Strongpoint roles have the correct access levels by default. @@ -32,7 +38,7 @@ Here are the Custom Permissions needed for each role. #### Change Request Approvers -> Assign a [User License](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) +> Assign a [User License](/docs/platgovnetsuite/installation/license_manager.md) #### Process Issue @@ -40,7 +46,7 @@ Here are the Custom Permissions needed for each role. #### Manage ITGC -> [Strongpoint License](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) + +> [Strongpoint License](/docs/platgovnetsuite/installation/license_manager.md) + > Account Role: **Edit** > Change / Approval Policy: **Full** > Change Log: **Edit** @@ -61,7 +67,7 @@ Here are the Custom Permissions needed for each role. On the Custom Role, you must check **Do Not Restrict Employee Fields**. -> [Strongpoint License](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) + +> [Strongpoint License](/docs/platgovnetsuite/installation/license_manager.md) + > Account Role: **Edit** > Change / Approval Policy: **Edit** > Change Log: **Edit** @@ -81,13 +87,13 @@ On the Custom Role, you must check **Do Not Restrict Employee Fields**. #### User Access Review (UAR) -> [Strongpoint License](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) + +> [Strongpoint License](/docs/platgovnetsuite/installation/license_manager.md) + > Audit Trail: **Full** > Find Transaction: **Full** #### Manage Internal Audit - **View** Only -> [Strongpoint License](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) + +> [Strongpoint License](/docs/platgovnetsuite/installation/license_manager.md) + > Account Role: **View** > Change / Approval Policy: **View** > Change Log: **View** diff --git a/docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md b/docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md similarity index 96% rename from docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md rename to docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md index f3afe3b14a..93abeade7d 100644 --- a/docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md +++ b/docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md @@ -1,3 +1,9 @@ +--- +title: "Setting Tab Access" +description: "Setting Tab Access" +sidebar_position: 50 +--- + # Setting Tab Access Platform Governance for NetSuite tab access is managed like any other tab in NetSuite. @@ -75,4 +81,4 @@ updates. After you create the copy, you must add all of the appropriate category ![Assigning permissions.](/img/product_docs/platgovnetsuite/installing_strongpoint/engineeringexample2.webp) -**Next Step:** [ Setting Role Permissions](/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md) +**Next Step:** [ Setting Role Permissions](/docs/platgovnetsuite/installation/setting_permissions.md) diff --git a/docs/platgovnetsuite/installing_strongpoint/setting_up_auto_spider_alerts.md b/docs/platgovnetsuite/installation/setting_up_auto_spider_alerts.md similarity index 91% rename from docs/platgovnetsuite/installing_strongpoint/setting_up_auto_spider_alerts.md rename to docs/platgovnetsuite/installation/setting_up_auto_spider_alerts.md index 3311d21c55..9e1fa71d7a 100644 --- a/docs/platgovnetsuite/installing_strongpoint/setting_up_auto_spider_alerts.md +++ b/docs/platgovnetsuite/installation/setting_up_auto_spider_alerts.md @@ -1,3 +1,9 @@ +--- +title: "Setting Up the AutoSpider and Alerts" +description: "Setting Up the AutoSpider and Alerts" +sidebar_position: 30 +--- + # Setting Up the AutoSpider and Alerts After you have run your initial spider, the AutoSpider monitors your account on an ongoing basis to @@ -51,4 +57,4 @@ workflows identify when the Customization Records have not been updated. To ensu your account are updating, set up the Customizations to ReSpider search to provide alerts to the appropriate people in your company. -**Next Step:** [Managing Users](/docs/platgovnetsuite/installing_strongpoint/managing_users.md) +**Next Step:** [Managing Users](/docs/platgovnetsuite/installation/managing_users.md) diff --git a/docs/platgovnetsuite/installing_strongpoint/features_by_license_type.md b/docs/platgovnetsuite/installing_strongpoint/features_by_license_type.md deleted file mode 100644 index 404a44ba71..0000000000 --- a/docs/platgovnetsuite/installing_strongpoint/features_by_license_type.md +++ /dev/null @@ -1,63 +0,0 @@ -# Features by License Type - -Lists the menus and menu items based on license type. - -Menus and items not available for your license type are automatically hidden. - -- Documentation and Optimization -- Intelligent Change Management -- Enterprise - -## Documentation and Optimization - -| **Standard Menus** | **Menu Items** | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Strongpoint Overview | | -| Strongpoint Support | User Guide Contact Support License Manager Installation Settings Stop Strongpoint Scripts Start Strongpoint Scripts | -| Tools | Strongpoint Spider Strongpoint SQL Library Standard Field Impact Analysis | -| Customization | ERD View Customization Quick Search Customization Impact Search Form | -| Clean Up | Open Clean-Up Status View Unused Customizations Unused Scripts Inactive Owner Default ID (eg custbody8) Clean-Up Status: Awaiting Info Update Field Description and Help | -| Automated Search Clean Up | Search Clean Up Rules Search Clean Up Status Archived Searches Retained Searches Searches To Be Archived | -| Script Management | Critical Scripts Utilization Error Report Yesterday's Script Errors Released Scripts in DEBUG Log Status Last Run Date By Script Active Script Deployments Not In AUDIT Log Status Scripts With No Audit Tags Tagged Scripts With No Data | -| **Optional Menus** | **Menu Items** | -| --- | --- | -| Manage Process | Process Processes Missing Overview Processes Missing Description Processes With No Test Scripts Process Participants | -| Map Customizations | Bundles with No Process Scripts with No Process Scripted Objects with No Process Workflows with No Process Workflow Objects with No Process Custom Records with No Process Custom Record Fields with No Process Active Searches with No Process Customizations with No Process | -| Process Issues | Process Issue Process Issue Overview | -| User Management | Employees with Standard Roles Employees with Unused Logins Employee Permission Changes | -| Integrations | Salesforce Connector Mapping Tool External Systems ERD External Systems External Customizations External Mapped Customizations Strongpoint Integration Processes Changes to External Customizations | -| Archives | Customization Archive Process Archive Processes Pending Deletion (3 Days) | - -## Intelligent Change Management - -| **Standard Menus** | **Menu Items** | -| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Change Management Tools | Change / Approval Policy New ITGC Change request [Beta] Change Request Compare Environments | -| Change Management Reports | Policy Changes Open Noncompliant Changes Resolved Noncompliant Changes Compliant Changes Approval Override Managed Bundle Changes Platform Changes What Changed Non-Material Changes1 Consolidated Change By Type Deployed Changes | -| **Optional Menus** | **Menu Items** | -| --- | --- | -| Testing | Test Record Tests Overview Processes with No Test Script Untested Customizations | -| Implementation | Implementation Assignments and Status Planned Customizations Processes with No Work Instructions Improvement Projects | - -1 **Non-Material Object Changes** are changes detected in the object definition not caused by human -intervention and do not have any functional impact. Examples include NetSuite internal IDs, object -XML structure or JSON representation or reordering values in a list. - -All of the Documentation and Optimization menu items are available to the Intelligent Change -Management license. - -## Enterprise - -All of the Documentation and Optimization and Intelligent Change Management menu items are available -to the Enterprise license. - -| **Standard Menus** | **Menu Items** | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Financial Controls | Controls Control Change Requests Unresolved Control Incidents Resolved Control Incidents Results Pre-Approved Control Incidents | -| SoD Rule | SoD Rule Library | -| SoD Risk Management | SoD Risk Analysis SoD Risk and Control Matrix | -| SoD Processing Status | SoD Processing Status | -| SoD Incident Management Reports | Unresolved SoD Incidents Resolved SoD Incidents Compliant SoD Incidents SoD Incidents (Resolved/Unresolved) by Employee SoD Blocked Incidents (Resolved/Unresolved) by Employee | -| SoD Audit Report | SoD Rules with Blocking On SoD Rules Status Changes User Role SoD Violations | -| SoD Change Management | SoD Pre-Approval Change Request New SoD Change Request New SoD Rule Change | -| SoD Employee Access Reports | Employee Access Review Report Employees With Administrator Role Employees Roles Assigned/Changed Employees Permissions Assigned/Changed | diff --git a/docs/platgovnetsuite/installing_strongpoint/installation_overview.md b/docs/platgovnetsuite/installing_strongpoint/installation_overview.md deleted file mode 100644 index 99fc7476f1..0000000000 --- a/docs/platgovnetsuite/installing_strongpoint/installation_overview.md +++ /dev/null @@ -1,22 +0,0 @@ -# Installation Overview - -Installing Platform Governance for NetSuite is straight forward. Follow the steps in these topics to -install the bundle, set access for the Strongpoint tab on the NetSuite toolbar, and manage users. -There is a **Next Step** link at the end of each installation topic. - -The bundle is installed using processor architecture for scheduled scripts. All deployments are set -to low priority. - -1. [Installing Strongpoint](/docs/platgovnetsuite/installing_strongpoint/installing_strongpoint.md) -2. [Running the Spider](/docs/platgovnetsuite/installing_strongpoint/running_the_spider.md) -3. [Setting Up AutoSpider and Alerts](/docs/platgovnetsuite/installing_strongpoint/setting_up_auto_spider_alerts.md) -4. [Managing Users](/docs/platgovnetsuite/installing_strongpoint/managing_users.md) -5. [Setting Access to the Strongpoint Tab](/docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md) -6. [Setting Role Permissions](/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md) - -Once your installation is complete, you can review the -[Installation Settings](/docs/platgovnetsuite/installing_strongpoint/installation_settings_report.md) report. - -Optional menu items are hidden by default to keep the menus clean and easy to use. If users do not -see a menu item, they can turn it on through [Menu Management](/docs/platgovnetsuite/installing_strongpoint/managing_menus.md), assuming the -feature is included in your [License Type](/docs/platgovnetsuite/installing_strongpoint/features_by_license_type.md). diff --git a/docs/platgovnetsuite/installing_strongpoint/installing_strongpoint.md b/docs/platgovnetsuite/installing_strongpoint/installing_strongpoint.md deleted file mode 100644 index 8b2c2a2b99..0000000000 --- a/docs/platgovnetsuite/installing_strongpoint/installing_strongpoint.md +++ /dev/null @@ -1,67 +0,0 @@ -# Installing Platform Governance for NetSuite - -To get Platform Governance for NetSuite up and running, you need to do the following: - -1. [Install the bundle](#install-the-bundle) using the correct bundle name and the bundle ID. -2. [Set the number of rows in list segments](#set-the-number-of-row-in-list-segments) to 1,000. This - is a NetSuite best practice -3. [Assign a Strongpoint License](#assign-a-license). -4. [Run the spider](running_the_spider). The spider scans your account in a standardized manner. A - series of scheduled scripts is run to document the connections between the customizations. - -Starting with Version 6.2.5, queues and priority allocation are deprecated. The bundle is now -installed using processor architecture for scheduled scripts. All deployments are set to low -priority. - -## Install the Bundle - -The Bundle ID has been updated due to NetSuite changes. - -1. Log into your NetSuite account with the administrator role. -2. Open **Customization** > **SuiteBundler** > **Search & Install Bundles** -3. Enter **294336** in **Keywords** -4. Click **Search** - - ![Search for the Strongpoint Bundle](/img/product_docs/platgovnetsuite/installing_strongpoint/searchandinstallbundles.webp) - -5. Click **Strongpoint** -6. Click **Install** to start the bundle installation. -7. Verify the installation is complete. Open **Customization** > **SuiteBundler** > **Search & - Install Bundles** > **List** - In the **Installed Bundles** list, the **Strongpoint** bundle is marked with a green check in the - **Status** column when the bundle is installed. - - ![Verify Strongpoint Bundle Installation](/img/product_docs/platgovnetsuite/installing_strongpoint/verify_bundle_install.webp) - -## Set the Number of Row in List Segments - -It is important that you set your NUMBER OF ROWS IN LIST SEGMENTS to 1,000. This is a NetSuite best -practice and critical for the proper spidering of your workflows. If you are unable to edit this -field, refer to -[Cannot Change the Number of Rows in List Segments](/docs/platgovnetsuite/troubleshooting/list_segments_not_editable) - -To set the Number of Rows in List Segments: - -1. Select **Set Preferences** from **Home** on the NetSuite main menu. -2. Go to **Optimizing NetSuite**. -3. Set the value to **1,000**. -4. Click **Save**. - -If the field is grayed out, it should be set as a **Company Preference:** - -1. Select **Company Preferences** from **Set Up** > **General Preferences** on the NetSuite main - menu. -2. Find the field **Number of Rows in List Segments** -3. Set the value to **1,000** -4. Click **Save** - -## Assign a License - -1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** -2. Click **View**. -3. Click **New Licensed User**. -4. Click **Edit** by your name. -5. Select **Full** for **License Type**. -6. Click **Save**. - -**Next Step:** [Running the Spider](running_the_spider) diff --git a/docs/platgovnetsuite/installing_strongpoint/license_manager.md b/docs/platgovnetsuite/installing_strongpoint/license_manager.md deleted file mode 100644 index 336aeb9f85..0000000000 --- a/docs/platgovnetsuite/installing_strongpoint/license_manager.md +++ /dev/null @@ -1,61 +0,0 @@ -# License Manager - -The License Manager is where you manage your Platform Governance for NetSuite license and licensed -users. Contact your customer service representative if you need modifications to your license. - -If the **Take Web Site Offline for Maintenance** option is changed, you must use the -**Strongpoint** > **Strongpoint Support** > **License Manager** > **Get Lic. Number** - Or re-push the bundle to update the Spider link. - -## Add a New License - -1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** -2. Depending on your account settings, you may have to click **View** to see the account record. - - ![Add a New License.](/img/product_docs/platgovnetsuite/installing_strongpoint/license_new.webp) - -3. Click **Get Lic. Number** if the **License Number** is blank. If the License Number is not blank, - continue with the next step. -4. Click **New Licensed User**. - - ![Add a licensed user](/img/product_docs/platgovnetsuite/installing_strongpoint/license_new_user.webp) - -5. Select a **User**. -6. Set **License Type** to **Full**. -7. Click **Save**. - -## Edit or View an Existing License - -1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** -2. Click **Edit** if you need to modify your **Weekly Reports Recipients** or your **License - Number** or click **View** to [Manage Users](/docs/platgovnetsuite/installing_strongpoint/managing_users.md). -3. Click **Save** if you make changes. - -## License Manager Buttons and Fields - -Some buttons and fields are only visible when you **Edit** the License. - -- **Change ID**: changes the NetSuite ID of the license. -- **Get Lic. Number**: click to update your license if you have made modifications such as - renewing, adding seats, or adding modules. This feature is available after Netwrix notifies you - your license modifications are complete. -- **Full License End Date**: displays the end date of the current subscription. -- **Full License Count**: displays the number of **Full** licenses active in your account. -- **License Number**: displays your license. -- **License Type**: displays your purchased License Type, controlling what - [Features](/docs/platgovnetsuite/installing_strongpoint/features_by_license_type.md) you can access. License Types are **Documentation and - Optimization**, **Intelligent Change Management** and **Enterprise**. -- **Edition**: displays your NetSuite Edition. -- **Subsidiaries**: displays the number of operating subsidiaries you have in your OneWorld account. - Platform Governance for NetSuite does not count subsidiaries that are only used for financial - transactions or as an elimination subsidiary. -- **View**: select **Strongpoint Licensed Users** to filter the view and see the user information. -- **Licensed User**: select a user number and click the Open icon that appears if you hover next to - the field to open the user record. -- **New Licensed User**: opens the **Licensed User** form. -- **Edit**: opens the **Licensed User** form for the selected **User**. - -Click on a column heading to toggle the sort order based on the column contents. By default, the -records are sorted alphabetically by **User** name. - -NetSuite displays 25 records per page. Use the drop down to select other pages of records. diff --git a/docs/platgovnetsuite/installing_strongpoint/managing_users.md b/docs/platgovnetsuite/installing_strongpoint/managing_users.md deleted file mode 100644 index 15576e443d..0000000000 --- a/docs/platgovnetsuite/installing_strongpoint/managing_users.md +++ /dev/null @@ -1,32 +0,0 @@ -# Managing Users - -Users are managed through the **[**License Manager**](/docs/platgovnetsuite/installing_strongpoint/license_manager.md)**. - -## Add a User: - -1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** -2. Click **View** -3. Click **New Licensed User** -4. Open the **User** dropdown. Select an existing NetSuite user name or select New to open a new - **Employee** Form. -5. Select the **License Type**. -6. Click **Save**. - -## Edit a User - -1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** -2. Click **View** -3. Select **Strongpoint Licensed Users** from **View**. -4. Click **Edit** by the User name. -5. Change the information and click **Save**. - -## Inactivate a Licensed User - -1. Open **Strongpoint** > **Strongpoint Support** > **License Manager** -2. Click **View** -3. Select **Strongpoint Licensed Users** from **View**. -4. Click **Edit** by the User name. -5. Click to mark the **Inactive** box. -6. Click **Save**. - -**Next Step:** [Setting Tab Access](/docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md) diff --git a/docs/platgovnetsuite/integrations/_category_.json b/docs/platgovnetsuite/integrations/_category_.json new file mode 100644 index 0000000000..a3b6357914 --- /dev/null +++ b/docs/platgovnetsuite/integrations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integrations", + "position": 160, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "integrations" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/integrations/integration_mapping.md b/docs/platgovnetsuite/integrations/integration_mapping.md index 1d66a7aa70..3d4fabf77e 100644 --- a/docs/platgovnetsuite/integrations/integration_mapping.md +++ b/docs/platgovnetsuite/integrations/integration_mapping.md @@ -1,3 +1,9 @@ +--- +title: "Integration Mapping" +description: "Integration Mapping" +sidebar_position: 10 +--- + # Integration Mapping The Integration Mapping tool maps customizations between External Systems and NetSuite. @@ -51,7 +57,7 @@ Do not change the specified headings. Here is the template: ## Step 3: Open Integration Mapping tool The Mapping Tool menu item is hidden by default. If you do not see the option in your menu, refer to -the [Managing Menus](/docs/platgovnetsuite/installing_strongpoint/managing_menus.md) topic for information on making it +the [Managing Menus](/docs/platgovnetsuite/installation/managing_menus.md) topic for information on making it available. Open **Strongpoint** > **Integrations** > **Mapping Tool** diff --git a/docs/platgovnetsuite/integrations/integrations.md b/docs/platgovnetsuite/integrations/integrations.md index f23ad9ae7c..5280698918 100644 --- a/docs/platgovnetsuite/integrations/integrations.md +++ b/docs/platgovnetsuite/integrations/integrations.md @@ -1,3 +1,9 @@ +--- +title: "Integrations" +description: "Integrations" +sidebar_position: 160 +--- + # Integrations Many customers use ticketing and change approval systems in the management of changes to all of @@ -8,10 +14,10 @@ including the impact analysis, release management and change reconciliation feat Integrations with NetSuite include: -- [Jira](/docs/platgovnetsuite/integrations/jira_integration.md) ticketing System Integration -- [ServiceNow](/docs/platgovnetsuite/integrations/servicenow_integration.md) ticketing System Integration -- [Zendesk](/docs/platgovnetsuite/integrations/zendesk_integration.md) ticketing System integration -- Our [Integration API](/docs/platgovnetsuite/api/api_overview.md) enables your developers to support your ticketing +- [Jira](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) ticketing System Integration +- [ServiceNow](/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_integration.md) ticketing System Integration +- [Zendesk](/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_integration.md) ticketing System integration +- Our [Integration API](/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md) enables your developers to support your ticketing systems, making the integration functionality available to everyone. Integrating your systems with your Platform Governance for NetSuite account helps you make the most of your change management and ticketing strategies. diff --git a/docs/platgovnetsuite/integrations/jira_integration.md b/docs/platgovnetsuite/integrations/jira_integration.md deleted file mode 100644 index 2fcdd198b1..0000000000 --- a/docs/platgovnetsuite/integrations/jira_integration.md +++ /dev/null @@ -1,201 +0,0 @@ -# Jira - -Platform Governance for NetSuite's Change Management capabilities are integrated with Jira, one of -the most popular issue ticketing and development project management systems. Customers are able to -look for and include NetSuite Customizations, assess impacts for requested changes, and push Jira -change tickets into a Change Request. This enables easy management of changes, seamless tracking of -compliant changes and automating the reconciliation of change logs during an audit. - -## Integration Overview - -- Features and Benefits -- Technical Considerations -- Jira Process Flow -- Set Up the Integration - -### Features and Benefits - -With Platform Governance for NetSuite's integration of NetSuite and Jira (Cloud), you can use the -Jira tool while we automatically add and track the associated changes in your NetSuite account. The -integration eliminates the need for double entry in the two systems. - -The Jira integration automatically syncs Jira tickets with NetSuite change request: - -- Creates a corresponding Change Request when a Jira ticket is generated. -- Updates NetSuite with the corresponding customizations. -- Sets the Change Request status to according to its corresponding Jira ticket status. - -Change Managers and System Administrators quickly realize the integration benefits: - -- Uses Jira to organize their development process. -- Maintains data integrity within Jira and NetSuite . -- Streamlines processes for updating daily activities and tasks. -- Reduces turnaround time for change deployments. -- Eliminates waiting for others to transition a change request status. -- Enables creating a change request to a target NetSuite account. - -### Technical Considerations - -Review these considerations prior to deploying the Jira integration: - -1. Platform Governance for NetSuite's integration is a client script that can be enabled or disabled - by form, user, or role. It has high order value to ensure it is the last thing to run and does - not interrupt any other process. -2. All functions are self-executing, complying with Jira best practices. -3. No DOM manipulation or global scripts are deployed. -4. No external libraries are needed. It is plain JavaScript. -5. No direct or custom database access is required. -6. NetSuite connections use the REST Jira interface, executing on the client side to prevent server - load. - -### Jira Process Flow - -![Jira Integration Process Flow](/img/product_docs/platgovnetsuite/integrations/strongpointjiraflow.webp) - -## Set Up the Integration - -To set up the Strongpoint Jira integration: - -1. Review Your Jira Statuses -2. Install the Netsuite Bundle -3. Configure NetSuite and Jira -4. Install the App -5. Create an Integration User Account (optional) -6. Set Up Token Based Authentication -7. Jira Integration Deployment - -### Review Your Jira Statuses - -To take advantage of the automatic synchronization feature, we recommend reviewing your Jira -statuses to be mapped to the Change Management statuses. When a ticket status is updated to a mapped -status, Platform Governance for NetSuite handles the synchronization between Jira and NetSuite. - -The mapping allows multiple Jira statuses to map to each Change Request status. -The mapping is part of the Configure NetSuite and Jira procedure. - -Refer to the Atlassian documentation for instructions on -[Defining status field values](https://confluence.atlassian.com/adminjiraserver070/defining-status-field-values-749382903.html?_ga=2.262596428.1900070949.1572132057-2138500458.1540834491). - -### Install the Netsuite Bundle - -1. Open **Customization** > **SuiteBundler** > **Search & Install Bundles** -2. Search for bundle **311231** -3. Click on **StrongPoint Jira integration Client Side** in the search results. -4. Click **Install** when the Bundle Details opens. -5. Click **Install Bundle** on the **Preview Bundle** Install page. - -### Configure NetSuite and Jira - -1. Open **Strongpoint** > **Strongpoint Support** > **Installation Settings** -2. Click **Edit** by the latest report to open **Configuration and Stats**. -3. Open the **Jira Integration** tab. -4. Enter your **Jira User name** and the **Jira Token**. Refer to the - [Atlassian documentation](https://confluence.atlassian.com/cloud/api-tokens-938839638.html) to - obtain a Token -5. Enter the mappings between your Jira statuses and the Change Request statuses. For best practice, - define your Jira statuses prior to this step. You can enter multiple Jira statuses for each - Change Request status, separated by commas. For example, **Ready for Deployment,Done**. Assign - your mapping for each of the Change Request statuses: - - - **Jira Statuses for In Progress Status** - - **Jira Statuses for Pending Approval Status** - - **Jira Statuses for Approved Status** - - **Jira Statuses for Complete Status** - - Jira Statuses for Rejected Status - - Jira Statuses for Canceled Status - -6. Check **Automatic Synchronization** to enable Platform Governance for NetSuite to handle the - synchronization between Jira and NetSuite when a Ticket status is updated to a mapped status. - without having to click **Push**. If you are using an account where you do not want to create a - Change Request, leave this unchecked so you can do your research or testing without generating - Change Requests. - - ![Jira Integration settings with mapped statues](/img/product_docs/platgovnetsuite/release_notes/jira_example_integration.webp) - -7. Check **Allow NS to Jira Push** to enable pushing NetSuite change requests into Jira. -8. Click **Save**. -9. Open **Customization** > **Scripting** > **Scripts**. -10. **View** the Suitelet script **STRONGPOINT Return Jira Ticket Info** -11. Open the **Deployments** tab. -12. Click the script **Title** to edit it. -13. Open the **Parameters** tab and enter the domain you use to access Jira. - - ![Enter your domain on the Parameters tab](/img/product_docs/platgovnetsuite/integrations/jira_parameters.webp) - -14. Click **Save**. - -### Install the App - -1. From Jira, open **Settings** > **Apps**. - - ![Open Jira Apps settings](/img/product_docs/platgovnetsuite/integrations/jira_settings_cloud.webp) - -2. Search for _Strongpoint for NetSuite_. - - ![Jira Search.](/img/product_docs/platgovnetsuite/integrations/jira_search.webp) - -3. Click on the **Strongpoint for NetSuite** tile to open the details and follow the installation - prompts. - -### Create an Integration User Account (optional) - -Consider creating an _Integration User_ for your users to enter for the Jira Credentials. For -accounts that use Two Factor Authentication (2FA) or Single Sign On (SSO), the _Integration User_ -can be configured with a limited role not requiring 2FA or SSO. The only requirement is the user -must have access granted for the **Strongpoint Developer Role**. - -### Set Up Token Based Authentication - -Token Based Authentication is set up through NetSuite. Here is the basic process: - -1. NetSuite Administrator creates an Integration Record for the Platform Governance for NetSuite - application. This only needs to be performed once per account. Open **Setup** > **Integration** > - **Integration Management** > **Manage Integrations** > **New** - Refer to the NetSuite help - [Create Integration Records for Applications to Use TBA](https://netsuite.custhelp.com/app/answers/detail/a_id/82077/kw/tba). - To - view a list of integration records in this account, open **Setup** > **Integration** > - **Integration Management** > **Manage Integrations**. -2. Each user creates their token in NetSuite. Refer to the - [NetSuite help Manage TBA Tokens in the NetSuite UI](https://netsuite.custhelp.com/app/answers/detail/a_id/41902) - for details. Once you have created your tokens, add them to Jira. -3. Open **Jira**. -4. Open your **Projects** page: - - ![Open your Jira Projects page to find Add-ons](/img/product_docs/platgovnetsuite/release_notes/jira_projects_menu.webp) - -5. Expand **Add-ons**. -6. Select **Strongpoint Settings**. - - ![Jira Strongpoint Settings](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_settings.webp) - -7. Click **New Token Based Authentication** to add your credentials. This needs to be done once for - each of your accounts. - - ![Add tokens for Jira](/img/product_docs/platgovnetsuite/release_notes/jira_add_token.webp) - -8. Enter your credentials and click **Add Token Based Authentication Credential**. -9. When logging into Platform Governance for NetSuite from Jira you can select your credentials. - Credentials persist once selected. - -### Jira Integration Deployment - -This process is performed by the Jira Administrator. - -1. Create a Jira ticket for deployment. -2. Select **Strongpoint NetSuite** activity tab. Select a NetSuite account to connect to. -3. Add customization/s(existing or proposed) to the Jira ticket: - - - Two ways to add: (a.) Click on **Lookup Customization** or **Proposed Customization** to - narrow down customizations to attach. (b.) Click on **Import Customization** , add - customizations in bulk from a file. File format accepted are XML and ZIP files. File contents - for XML should have the same format as the MANIFEST.xml file in the SDF Project. SDF zip - format uses the SDF structure as extracted from an existing SDF project. - - Added as customizations(existing or proposed), objects added are reflected in the Existing - Customization table and/or the Proposed Customization table in the Jira ticket. - -4. Click **Push** when complete. Platform Governance for NetSuite creates a Change Request using the - changes in the Jira ticket. -5. Start a Respider to create the Change Log and documents. - -**Next Step:** [ Jira Walkthrough Example](/docs/platgovnetsuite/integrations/jira_walkthrough_example.md) diff --git a/docs/platgovnetsuite/integrations/jira_upload_addon_not_showing.md b/docs/platgovnetsuite/integrations/jira_upload_addon_not_showing.md deleted file mode 100644 index f38389361f..0000000000 --- a/docs/platgovnetsuite/integrations/jira_upload_addon_not_showing.md +++ /dev/null @@ -1,12 +0,0 @@ -# Jira Upload Add On Not Showing - -If the Upload add on is not shown on your screen, you are either not a Jira administrator or you -have not checked **Enable development mode**. - -To enable development mode: - -1. Open Jira. -2. Click **Settings** -3. Click **Enable development mode**. - -![Jira Enable Development Mode](/img/product_docs/platgovnetsuite/integrations/jira_enable_dev_mode.webp) diff --git a/docs/platgovnetsuite/integrations/jira_walkthrough_example.md b/docs/platgovnetsuite/integrations/jira_walkthrough_example.md deleted file mode 100644 index bcdf857be7..0000000000 --- a/docs/platgovnetsuite/integrations/jira_walkthrough_example.md +++ /dev/null @@ -1,223 +0,0 @@ -# Jira Walkthrough Example - -This walkthrough is one example based on our test account. You must -[install and configure](/docs/platgovnetsuite/integrations/jira_integration.md) the Jira integration, including setting up the -**[Jira Statuses](/docs/platgovnetsuite/integrations/jira_integration.md)** prior to using this walkthrough. - -The walkthrough demonstrates these steps: - -- Create a Jira Ticket -- Enter your Credentials -- Add Customizations -- Perform Risk Assessment -- Ready for Development -- Deploy Changes and Complete the Ticket - -## Create a Jira Ticket - -1. Login to your Jira account. -2. Open a Project. -3. Click **Create** (**+**). - - ![jira_example_create_issue](/img/product_docs/platgovnetsuite/integrations/jira_example_create_issue.webp) - -4. Enter your information on the **Create issue** form: - - - **Project**: Select your Project. **NS & SF Jira Demo (SJD)** is selected for this example. - - **Issue Type**: Select your Jira type. **Task** is selected for this example. - - **Summary**: Add a name - - **Description** (optional) - -5. Click **Create**. - -Alerts and notifications may occur during this walkthrough, and are not included in these steps. For -example, override alert, notifications for approvers, and notification for the change request. - -## Enter your Credentials - -1. Open your new Jira ticket. If you look at the **Open Change Request**, the status is **Not logged - in your account**. -2. Expand **Comments** and select **Strongpoint NetSuite**. - - ![jira_example_credentials](/img/product_docs/platgovnetsuite/integrations/jira_example_credentials.webp) - -3. Select your NetSuite **Account** and enter your **Consumer Key**/**Secret** and **Token - ID**/**Secret**. If your account has an optional _[Integration User](/docs/platgovnetsuite/integrations/jira_integration.md)_ role, - enter the Email and Password credentials supplied by your administrator - - ![Check Token Based Authentication](/img/product_docs/platgovnetsuite/integrations/jira_token_authentication.webp) - -4. Click **Connect**. If the connection is successful, the form is displayed (see Add Customizations - section). The **Synchronized with**status displays the account you are logged into for NetSuite. - -You cannot login if you do not have the **appropriate role permissions to create a Change Request**. - -If you do not enter the correct email or password, an error is displayed. After six unsuccessful -consecutive attempts to login, your account is suspended for 30 minutes. - -![jira_example_credentials_error](/img/product_docs/platgovnetsuite/integrations/jira_example_credentials_error.webp) - -## Add Customizations - -Once you have logged in, the form is displayed. -![Jira Strongpoint form](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_form.webp) - -- **Synchronized with** displays the connected account. Click **Change Account** to switch to a - different Account. -- **Policy** is blank until Customizations have been added. The Policy is determined by the - Customization with the strictest policy. -- **Affected Bundle ID** can be added to the ticket. Enter the ID in the **Add Bundle ID** entry box - and click (**+**) to add it. You can delete an Affected Bundle ID with the - ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp)icon. -- **Change Level Required** is **Log Changes Only** until Customizations have been added. If there - are multiple change levels, the most stringent one is applied. -- Specify the Customizations you are changing or adding. - - **Lookup Customization** search for a customization. If the Customization exists in your - account, it is added to the **Existing Customizations** list. - - **Import Customization** if you have either an **xml** file generated from an existing ticket, - or an **SDF zip** file created in your Sandbox account, you can import the customizations. - Click **Import Customization**, navigate to your file, and click **Import**. - Modified customizations are added to the **Existing Customizations** list, new customizations - are added to the **Proposed Customizations** list. - - **Add Proposed Customization** adds a new customizations are added to the **Proposed - Customizations** list. You can delete added Customizations with the - ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp)icon. -- **Push** creates the Change Request in NetSuite. **Push** is also used to manually update your - Change Request if you are not using the [Automatic Synchronization](/docs/platgovnetsuite/integrations/jira_integration.md) feature. -- **Push External** same as **Push** except you can specify a different Jira account. -- **Impact Analysis** and **View ERD** are tools to Perform Risk Assessment. - -### Add Existing Customizations by Name or Script ID - -1. Click **Lookup Customization**. -2. Enter all or part of a Name.. For this example, enter **new**. -3. Click **+** to search for matching Customizations. **View** displays the **Type** and **Script - ID** for a Customization. - - ![Add a Customization by Name](/img/product_docs/platgovnetsuite/integrations/jira_example_add_name.webp) - -4. Select one or more Customizations. For this example, select **New Opportunities Created - (Search)**. -5. Click **Add Selected Customizations**. The selected Customization is added to the **Existing - Customizations** list. - - ![New Opportunities Created (Search) added to Existing Customizations](/img/product_docs/platgovnetsuite/integrations/jira_example_new_opp.webp) - -6. Enter the Script ID **custentity_fmt_cust_credit_on_hold** in **Add Customizations** and click - **+**. -7. The **Set Customer Credit on Hold (Entity Field)** is displayed. Select it, and click **Add - Selected Customizations**. The selected Customization is added to the **Existing Customizations** - list. The **Change Level Required** changes from **Log Changes Only** to **Change Request**, - which is the policy for the **Set Customer Credit on Hold** field. - -### Add Proposed Customizations - -In this procedure, we are adding a new Customization. - -1. Enter a new, valid Script ID in the **Add Customizations** field. For this example, enter - **customlist_customer_priorities**. -2. Click (**+**) to add it. If the Script ID is valid, and does not match an existing Script ID, the - new Customization is added to the **Proposed Customizations** list. - - ![Customization added to Proposed Customization list](/img/product_docs/platgovnetsuite/integrations/jira_example_proposed_customization.webp) - -### Create the Change Request - -If you expand the **Change Request** field on the right, the status is **Not Synced with -Strongpoint**. - -1. Change the Jira status of your ticket to match the status set up for **Jira Statuses for In - Progress Status**. For example, **In Progress**. -2. Click **Push** to create the Change Request. This step is required for both manual and automatic - synchronization. A confirmation your Change Request was Created/Updated is displayed. The change - request is created in NetSuite with the **In Progress** status. If you mapped some of your Jira - statuses, then **Push** is only available those mapped statuses. -3. Expand the **Change Request** field on the right. The status is now **In Progress**. There is a - link to open the Change Request in NetSuite. - - ![Change Request set to In Progress](/img/product_docs/platgovnetsuite/integrations/jira_example_in_progress.webp) - -### Import Customizations from Jira - -In this procedure, we are adding customizations exported into an xml file. This is not required, but -is an alternative if you have a lot of customizations. - -1. Click **Import Customization**. - - ![Import customizations from an xml file.](/img/product_docs/platgovnetsuite/integrations/jira_import_cust.webp) - -2. Click **Choose File**, navigate to your xml file and click **Open**. -3. Click **Import**. The customizations appear in the **Existing Customizations** list. - - ![The customizations appear in the Existing Customizations list.](/img/product_docs/platgovnetsuite/integrations/jira_import_cust2.webp) - -## Perform Risk Assessment - -### Impact Analysis - -The impact analysis tool reviews your customizations for dependencies or risks. Click **Impact -Analysis** to run the tool. Here is an example report: - -![Impact analysis report](/img/product_docs/platgovnetsuite/integrations/jira_example_impact_analysis.webp) - -Before proceeding with your changes, review each warning to ensure your change does not break -something. Dependencies can easily be reviewed with the ERD tool. - -### View ERD - -The Entity Relationship Diagram (ERD) tool graphically displays your Customizations and all -dependencies. - -1. Click **View ERD**. -2. Select the Customization to view from the list. For this example, select **Set Customer Credit on - Hold (Entity Field)**. -3. When the diagram opens, you can explore the dependencies to evaluate the effect of your intended - changes. - - ![Run the ERD to view dependencies](/img/product_docs/platgovnetsuite/integrations/jira_example_erd.webp) - -## Ready for Development - -Once you have resolved any risk or conflicts, your changes are ready for development: - -1. Change the Jira status of your ticket to match the status set up for **Jira Statuses for Pending - Approval Status**. For example, **Selected for Development**. -2. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovnetsuite/integrations/jira_integration.md) to push - status changes. A confirmation your Change Request was Created/Updated is displayed. -3. Expand the **Change Request** field on the right. The status is now **Pending Approval**. There - is a link to open the Change Request in NetSuite. - - ![Change Request is set to Pending Approval](/img/product_docs/platgovnetsuite/integrations/jira_example_pending_approval.webp) - -4. Click the **Go To Record** link to view the Change Request. - - ![Change Request is Pending Approval](/img/product_docs/platgovnetsuite/integrations/jira_example_change_request.webp) - -## Deploy Changes and Complete the Ticket - -When development is done, and the Change Request is approved according to your policy, the Jira -ticket is ready to be updated. - -1. Expand the **Change Request** field on the right. The status is **Approved**. - ![Change Request is now Approved](/img/product_docs/platgovnetsuite/integrations/jira_example_approved.webp) -2. Change the Jira status of your ticket to match the status set up for **Jira Statuses for Approved - Status**. In our example set up, we have two possible statuses: **Ready for Deployment** and - **Done**. Setting up two statuses enables you to split up the deployment and the ticket closure - if you want to monitor the deployment task separately. Both statuses are valid for Deployment, - but only **Done** closes the Jira ticket and updates the Change Request to **Completed**. -3. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovnetsuite/integrations/jira_integration.md) to push - status changes. A confirmation your Change Request was Created/Updated is displayed. -4. If you used **Ready for Deployment**, update your Jira status to **Done** once your deployment - and verification activities are complete. - -If you open the Change Request in NetSuite: - -- All Customizations added from Jira are displayed. -- **Affected Bundle ID** is added (if used). -- **Change Overview** is set to the Jira ticket description. -- Change Request is **Approved** and ready to be deployed. -- **Originated System**, **External Change Request Number** and **External Link** to the Jira ticket - are populated on the **Related Change Records** tab. -- If the Jira status is **Done**, the Change Request shows as **Completed**. - - ![The completed change request](/img/product_docs/platgovnetsuite/integrations/jira_example_completed.webp) diff --git a/docs/platgovnetsuite/integrations/ticketing_integrations.md b/docs/platgovnetsuite/integrations/ticketing_integrations.md deleted file mode 100644 index 907cd5e344..0000000000 --- a/docs/platgovnetsuite/integrations/ticketing_integrations.md +++ /dev/null @@ -1,17 +0,0 @@ -# Ticketing System Integrations - -Many customers use ticketing and change approval systems in the management of changes to all of -their business systems not just Salesforce or NetSuite. Platform Governance for NetSuite provides -integrations with external ticketing systems to improve workflows for customers using both. This -brings all the benefits of Platform Governance for NetSuite to your external ticketing systems, -including the impact analysis, release management and change reconciliation features. - -Ticketing Integrations with NetSuite include: - -- [Jira](/docs/platgovnetsuite/integrations/jira_integration.md) -- [ServiceNow](/docs/platgovnetsuite/integrations/servicenow_integration.md) -- [Zendesk](/docs/platgovnetsuite/integrations/zendesk_integration.md) -- [Integration API](/docs/platgovnetsuite/api/api_overview.md) enables your developers to support your ticketing - systems, making the integration functionality available to everyone. Integrating your systems with - your Platform Governance for NetSuite account helps you make the most of your change management - and ticketing strategies. diff --git a/docs/platgovnetsuite/reportabug/_category_.json b/docs/platgovnetsuite/reportabug/_category_.json new file mode 100644 index 0000000000..f3b7351669 --- /dev/null +++ b/docs/platgovnetsuite/reportabug/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Contact Support", + "position": 180, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "report_a_bug" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/troubleshooting/list_segments_not_editable.md b/docs/platgovnetsuite/reportabug/list_segments_not_editable.md similarity index 82% rename from docs/platgovnetsuite/troubleshooting/list_segments_not_editable.md rename to docs/platgovnetsuite/reportabug/list_segments_not_editable.md index e8b2a490eb..04abe48886 100644 --- a/docs/platgovnetsuite/troubleshooting/list_segments_not_editable.md +++ b/docs/platgovnetsuite/reportabug/list_segments_not_editable.md @@ -1,3 +1,9 @@ +--- +title: "List Segments Field Cannot be Edited" +description: "List Segments Field Cannot be Edited" +sidebar_position: 30 +--- + # List Segments Field Cannot be Edited When setting the Number of Rows in List segments, sometimes the field cannot be edited. diff --git a/docs/platgovnetsuite/reportabug/mobile_devices.md b/docs/platgovnetsuite/reportabug/mobile_devices.md new file mode 100644 index 0000000000..9705ede8f9 --- /dev/null +++ b/docs/platgovnetsuite/reportabug/mobile_devices.md @@ -0,0 +1,9 @@ +--- +title: "Platform Governance for NetSuite Not Supported on Mobile Devices" +description: "Platform Governance for NetSuite Not Supported on Mobile Devices" +sidebar_position: 80 +--- + +# Platform Governance for NetSuite Not Supported on Mobile Devices + +Platform Governance for NetSuite is not supported on mobile devices. Key features are not available. diff --git a/docs/platgovnetsuite/reportabug/report_a_bug.md b/docs/platgovnetsuite/reportabug/report_a_bug.md new file mode 100644 index 0000000000..3b7285213f --- /dev/null +++ b/docs/platgovnetsuite/reportabug/report_a_bug.md @@ -0,0 +1,37 @@ +--- +title: "Contact Support" +description: "Contact Support" +sidebar_position: 100 +--- + +# Contact Support + +If you encounter any problems using Platform Governance for NetSuite or you have suggested +improvements, we would love to hear from you! Your feedback is incredibly valuable to us and the +continued success of our products. There are multiple options to provide feedback: + +- Contact Support +- Comment on a User Guide Topic + +## Contact Support + +You can contact Support with any feedback or issues. There are links within Platform Governance for +NetSuite to make it easy to access the Netwrix support site at +[https://www.netwrix.com/support.html](https://www.netwrix.com/support.html) + +- Click **Submit a Support Case** from the + [Strongpoint Overview Dashboard](/docs/platgovnetsuite/welcome/navigating_strongpoint.md) in your Production or Sandbox + accounts. +- Open **Strongpoint** > **Strongpoint Support** > **Contact Support** to open the Netwrix Support + site. + +![Contact Strongpoint Support](/img/product_docs/platgovnetsuite/troubleshooting/report_bug.webp) + +## Comment on a User Guide Topic + +There is a comment button at the end of each topic, enabling you to easily send feedback to Support +on the topic. + +![Click to leave feedback on the current topic.](/img/product_docs/platgovnetsuite/troubleshooting/comment_button.webp) + +![Enter your feedback on the current topic.](/img/product_docs/platgovnetsuite/troubleshooting/comment_form.webp) diff --git a/docs/platgovnetsuite/troubleshooting/saved_search_times_out.md b/docs/platgovnetsuite/reportabug/saved_search_times_out.md similarity index 94% rename from docs/platgovnetsuite/troubleshooting/saved_search_times_out.md rename to docs/platgovnetsuite/reportabug/saved_search_times_out.md index 89cdf0e484..298837dc52 100644 --- a/docs/platgovnetsuite/troubleshooting/saved_search_times_out.md +++ b/docs/platgovnetsuite/reportabug/saved_search_times_out.md @@ -1,3 +1,9 @@ +--- +title: "Saved Search Times Out" +description: "Saved Search Times Out" +sidebar_position: 40 +--- + # Saved Search Times Out If your Saved Search times out, there are three things you can do: diff --git a/docs/platgovnetsuite/reportabug/spider_page_not_found.md b/docs/platgovnetsuite/reportabug/spider_page_not_found.md new file mode 100644 index 0000000000..d09d5ac656 --- /dev/null +++ b/docs/platgovnetsuite/reportabug/spider_page_not_found.md @@ -0,0 +1,13 @@ +--- +title: "Spider Page Not Found" +description: "Spider Page Not Found" +sidebar_position: 50 +--- + +# Spider Page Not Found + +If you see the **Spider Page Not Found** error: + +1. Open **Setup** > **Company** > **General Preferences** +2. Make sure **Web Site Hosting Files Always Available** is checked. +3. Click **Save** diff --git a/docs/platgovnetsuite/reportabug/spider_spins.md b/docs/platgovnetsuite/reportabug/spider_spins.md new file mode 100644 index 0000000000..0523a138fe --- /dev/null +++ b/docs/platgovnetsuite/reportabug/spider_spins.md @@ -0,0 +1,12 @@ +--- +title: "Spider Spins and Does Not Finish" +description: "Spider Spins and Does Not Finish" +sidebar_position: 60 +--- + +# Spider Spins and Does Not Finish + +If you kick off a spider and the gears on the page spin for more than an hour, this is likely an +issue with the **IP Restriction**. Contact Netwrix support at +[https://www.netwrix.com/support.html ](https://www.netwrix.com/support.html) for assistance in +configuring your account. diff --git a/docs/platgovnetsuite/reportabug/stop_scripts.md b/docs/platgovnetsuite/reportabug/stop_scripts.md new file mode 100644 index 0000000000..b3044e98e0 --- /dev/null +++ b/docs/platgovnetsuite/reportabug/stop_scripts.md @@ -0,0 +1,13 @@ +--- +title: "Stop Scripts" +description: "Stop Scripts" +sidebar_position: 70 +--- + +# Stop Scripts + +You can stop the Spider scripts at any point during the spider process: + +Open **Strongpoint** > **Strongpoint Support** > **Stop Scripts** + +This stops the next execution of the scheduled scripts. diff --git a/docs/platgovnetsuite/troubleshooting/system_maintenance_period_error.md b/docs/platgovnetsuite/reportabug/system_maintenance_period_error.md similarity index 87% rename from docs/platgovnetsuite/troubleshooting/system_maintenance_period_error.md rename to docs/platgovnetsuite/reportabug/system_maintenance_period_error.md index 4e54978b9c..07716c0cf1 100644 --- a/docs/platgovnetsuite/troubleshooting/system_maintenance_period_error.md +++ b/docs/platgovnetsuite/reportabug/system_maintenance_period_error.md @@ -1,3 +1,9 @@ +--- +title: "System Maintenance Period Error" +description: "System Maintenance Period Error" +sidebar_position: 90 +--- + # System Maintenance Period Error Usually a _System Maintenance Period_ error indicates your primary web site in NetSuite is in diff --git a/docs/platgovnetsuite/scriptmgmt/_category_.json b/docs/platgovnetsuite/scriptmgmt/_category_.json new file mode 100644 index 0000000000..2ea9654ae9 --- /dev/null +++ b/docs/platgovnetsuite/scriptmgmt/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Script Management", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "script_mgmt_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/script_management/analyzing_script_performance.md b/docs/platgovnetsuite/scriptmgmt/analyzing_script_performance.md similarity index 97% rename from docs/platgovnetsuite/script_management/analyzing_script_performance.md rename to docs/platgovnetsuite/scriptmgmt/analyzing_script_performance.md index 35e8f878fa..852f01968c 100644 --- a/docs/platgovnetsuite/script_management/analyzing_script_performance.md +++ b/docs/platgovnetsuite/scriptmgmt/analyzing_script_performance.md @@ -1,3 +1,9 @@ +--- +title: "Analyzing Script Performance" +description: "Analyzing Script Performance" +sidebar_position: 10 +--- + # Analyzing Script Performance In order for Script Monitoring to function effectively: diff --git a/docs/platgovnetsuite/script_management/creating_debugging_logs.md b/docs/platgovnetsuite/scriptmgmt/creating_debugging_logs.md similarity index 89% rename from docs/platgovnetsuite/script_management/creating_debugging_logs.md rename to docs/platgovnetsuite/scriptmgmt/creating_debugging_logs.md index 2a9566331d..17053bde5b 100644 --- a/docs/platgovnetsuite/script_management/creating_debugging_logs.md +++ b/docs/platgovnetsuite/scriptmgmt/creating_debugging_logs.md @@ -1,3 +1,9 @@ +--- +title: "Creating Debugging Logs" +description: "Creating Debugging Logs" +sidebar_position: 40 +--- + # Creating Debugging Logs To generate debugging logs for a script: diff --git a/docs/platgovnetsuite/script_management/reviewing_script_performance_errors.md b/docs/platgovnetsuite/scriptmgmt/reviewing_script_performance_errors.md similarity index 92% rename from docs/platgovnetsuite/script_management/reviewing_script_performance_errors.md rename to docs/platgovnetsuite/scriptmgmt/reviewing_script_performance_errors.md index 91a189017e..35c02f444f 100644 --- a/docs/platgovnetsuite/script_management/reviewing_script_performance_errors.md +++ b/docs/platgovnetsuite/scriptmgmt/reviewing_script_performance_errors.md @@ -1,3 +1,9 @@ +--- +title: "Reviewing Script Performance and Errors" +description: "Reviewing Script Performance and Errors" +sidebar_position: 30 +--- + # Reviewing Script Performance and Errors There are several tools included in Platform Governance for NetSuite that enable analysis of the diff --git a/docs/platgovnetsuite/script_management/scheduling_script_monitor.md b/docs/platgovnetsuite/scriptmgmt/scheduling_script_monitor.md similarity index 89% rename from docs/platgovnetsuite/script_management/scheduling_script_monitor.md rename to docs/platgovnetsuite/scriptmgmt/scheduling_script_monitor.md index 0541b104cd..4ecb3b1a42 100644 --- a/docs/platgovnetsuite/script_management/scheduling_script_monitor.md +++ b/docs/platgovnetsuite/scriptmgmt/scheduling_script_monitor.md @@ -1,3 +1,9 @@ +--- +title: "Scheduling the Script Monitor" +description: "Scheduling the Script Monitor" +sidebar_position: 20 +--- + # Scheduling the Script Monitor Deploy the Strongpoint Script Monitor ResultData SS script to capture script data. This script diff --git a/docs/platgovnetsuite/script_management/script_mgmt_overview.md b/docs/platgovnetsuite/scriptmgmt/script_mgmt_overview.md similarity index 96% rename from docs/platgovnetsuite/script_management/script_mgmt_overview.md rename to docs/platgovnetsuite/scriptmgmt/script_mgmt_overview.md index 6a403d9bd4..5bb935bef5 100644 --- a/docs/platgovnetsuite/script_management/script_mgmt_overview.md +++ b/docs/platgovnetsuite/scriptmgmt/script_mgmt_overview.md @@ -1,3 +1,9 @@ +--- +title: "Script Management" +description: "Script Management" +sidebar_position: 70 +--- + # Script Management With the Platform Governance for NetSuite tools and the Critical Script Analysis methodology you @@ -150,13 +156,13 @@ provide data when the scripts are in Audit or Debug mode. It is important to swi to one of those two levels if appropriate.The Add Audit Tags mass update backs up and then adds start tags to all of your unlocked scripts. This enables tracking frequency of execution. You can manually add end tags for script execution time tracking. -[Analyzing Script Performance](/docs/platgovnetsuite/script_management/analyzing_script_performance.md). +[Analyzing Script Performance](/docs/platgovnetsuite/scriptmgmt/analyzing_script_performance.md). ## Schedule the Script Utilization Data Update Script This scheduled script captures the script execution data such as how many times it was triggered, who used it and how long it took to execute. Schedule the Script Utilization Data Update Script -[Schedule the Script Monitor](/docs/platgovnetsuite/script_management/scheduling_script_monitor.md) +[Schedule the Script Monitor](/docs/platgovnetsuite/scriptmgmt/scheduling_script_monitor.md) ## Track Progress @@ -168,7 +174,7 @@ list are not being executed. ## Review Script Performance and Error Reports There are several searches that provide data about script performance and errors. -[Review Script Performance and Error Reports](/docs/platgovnetsuite/script_management/reviewing_script_performance_errors.md) +[Review Script Performance and Error Reports](/docs/platgovnetsuite/scriptmgmt/reviewing_script_performance_errors.md) Another critical script is the **Strongpoint Parse Script Files SS** (note there is also an on demand version OD). This reads each unlocked script file to check for changes, updates the diff --git a/docs/platgovnetsuite/sod/_category_.json b/docs/platgovnetsuite/sod/_category_.json new file mode 100644 index 0000000000..d3c1a3ffd4 --- /dev/null +++ b/docs/platgovnetsuite/sod/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SoD Overview", + "position": 170, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "sod_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/sod/approving_exceptions_sod_rules.md b/docs/platgovnetsuite/sod/approving_exceptions_sod_rules.md index 87966f19ad..dcc524c2ee 100644 --- a/docs/platgovnetsuite/sod/approving_exceptions_sod_rules.md +++ b/docs/platgovnetsuite/sod/approving_exceptions_sod_rules.md @@ -1,3 +1,9 @@ +--- +title: "Approving Exemptions to SoD Rules" +description: "Approving Exemptions to SoD Rules" +sidebar_position: 60 +--- + # Approving Exemptions to SoD Rules ## Create a Change Request @@ -23,7 +29,7 @@ To create a change request: 5. **Save** the Change Request. 6. The Approval section is now available. Click **Edit** to add **Additional Approvers** or **Approver Notes**. Click **Save** if you make changes. Refer to - [Create a Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md) for more details about + [Create a Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md) for more details about the status bar. 7. Click **Pending Approval** on the status bar. diff --git a/docs/platgovnetsuite/sod/assigning_role_with_preapproved_change_request.md b/docs/platgovnetsuite/sod/assigning_role_with_preapproved_change_request.md index 36fda29984..3a11a9a81a 100644 --- a/docs/platgovnetsuite/sod/assigning_role_with_preapproved_change_request.md +++ b/docs/platgovnetsuite/sod/assigning_role_with_preapproved_change_request.md @@ -1,3 +1,9 @@ +--- +title: "Assigning an Employee Role with a Pre-Approved Change Request" +description: "Assigning an Employee Role with a Pre-Approved Change Request" +sidebar_position: 70 +--- + # Assigning an Employee Role with a Pre-Approved Change Request ## Create a pre-approved Change Request @@ -21,7 +27,7 @@ 5. **Save** the Change Request. 6. The Approval section is now available. Click **Edit** to add **Additional Approvers** or **Approver Notes**. Click **Save** if you make changes. Refer to - [Create a Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md) for more details about + [Create a Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md) for more details about the status bar. 7. Click **Pending Approval** on the status bar. diff --git a/docs/platgovnetsuite/sod/creating_an_approved_change_request_clear_violation.md b/docs/platgovnetsuite/sod/creating_an_approved_change_request_clear_violation.md index 5405c9ee7c..2cdf52ece8 100644 --- a/docs/platgovnetsuite/sod/creating_an_approved_change_request_clear_violation.md +++ b/docs/platgovnetsuite/sod/creating_an_approved_change_request_clear_violation.md @@ -1,3 +1,9 @@ +--- +title: "Creating an Approved Change Request to Clear a Violation" +description: "Creating an Approved Change Request to Clear a Violation" +sidebar_position: 80 +--- + # Creating an Approved Change Request to Clear a Violation ## Assign a Non-Compliant Role to an Employee @@ -33,7 +39,7 @@ To create an approved change request: 4. **Save** the Change Request. 5. The Approval section is now available. Click **Edit** to add **Additional Approvers** or **Approver Notes**. Click **Save** if you make changes. Refer to - [Create a Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md) for more details about + [Create a Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md) for more details about the status bar. The violation clears in the employee record after the approved Change Request is saved. diff --git a/docs/platgovnetsuite/sod/creating_sod_approval_request.md b/docs/platgovnetsuite/sod/creating_sod_approval_request.md index 34fb56643e..10629755dc 100644 --- a/docs/platgovnetsuite/sod/creating_sod_approval_request.md +++ b/docs/platgovnetsuite/sod/creating_sod_approval_request.md @@ -1,7 +1,13 @@ +--- +title: "Creating an SoD Approval Request" +description: "Creating an SoD Approval Request" +sidebar_position: 30 +--- + # Creating an SoD Approval Request You can create a custom change request form for an SoD Approval Request. Refer to -[Using Custom Change Request Forms](/docs/platgovnetsuite/change_management/use_custom_cr_forms.md) for information on +[Using Custom Change Request Forms](/docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md) for information on implementing your custom form. To create an SoD Approval request: @@ -35,7 +41,7 @@ To create an SoD Approval request: 6. **Save** the Change Request. 7. The Approval section is now available. Click **Edit** to add **Additional Approvers** or **Approver Notes**. Click **Save** if you make changes. Refer to - [Create a Change Request](/docs/platgovnetsuite/change_management/creating_change_request.md) for more details about + [Create a Change Request](/docs/platgovnetsuite/changemanagement/creating_change_request.md) for more details about the status bar. ## Adding Employees to an Approved SoD Exemption @@ -51,8 +57,8 @@ SoD Exemption** button is available after the request is Approved. ![Select Affected Employees](/img/product_docs/platgovnetsuite/sod/sod_add_employee_select.webp) 3. Click **Request Approval**. Approvers must be - [licensed](/docs/platgovnetsuite/installing_strongpoint/license_manager.md) Platform Governance for NetSuite users - and have the correct [role permissions](/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md) if they + [licensed](/docs/platgovnetsuite/installation/license_manager.md) Platform Governance for NetSuite users + and have the correct [role permissions](/docs/platgovnetsuite/installation/setting_permissions.md) if they are using a custom (non-Strongpoint) role. A new request is created with **Add to SoD Exemption** prepended to the Name of the original request. The new request is set to **Pending Approval**. diff --git a/docs/platgovnetsuite/sod/creating_sod_rules.md b/docs/platgovnetsuite/sod/creating_sod_rules.md index 9867216593..8514345e06 100644 --- a/docs/platgovnetsuite/sod/creating_sod_rules.md +++ b/docs/platgovnetsuite/sod/creating_sod_rules.md @@ -1,3 +1,9 @@ +--- +title: "Creating SoD Rules" +description: "Creating SoD Rules" +sidebar_position: 20 +--- + # Creating SoD Rules ## ​SoD Rules @@ -16,7 +22,7 @@ exist and approvals are closely monitored, exemptions can be made. Exceptions mu the company’s auditors. You can create a custom change request form for SoD Rule Changes. Refer to -[Using Custom Change Request Forms](/docs/platgovnetsuite/change_management/use_custom_cr_forms.md) for information on +[Using Custom Change Request Forms](/docs/platgovnetsuite/changemanagement/use_custom_cr_forms.md) for information on implementing your custom form. ### Access Levels diff --git a/docs/platgovnetsuite/sod/installing_sod.md b/docs/platgovnetsuite/sod/installing_sod.md index 1a5e4ab910..78d7a7e21e 100644 --- a/docs/platgovnetsuite/sod/installing_sod.md +++ b/docs/platgovnetsuite/sod/installing_sod.md @@ -1,3 +1,9 @@ +--- +title: "Installing SoD" +description: "Installing SoD" +sidebar_position: 10 +--- + # Installing SoD ## Installing the SoD Bundle @@ -24,5 +30,5 @@ Note the SoD Bundle ID has been updated due to NetSuite changes. 5. Install the Bundle as usual. 6. Review the - [Default SoD Custom Record Types and Permission Lists](/docs/platgovnetsuite/installing_strongpoint/setting_permissions.md) + [Default SoD Custom Record Types and Permission Lists](/docs/platgovnetsuite/installation/setting_permissions.md) table and add any permissions needed to your Custom Roles. diff --git a/docs/platgovnetsuite/sod/sod_clean_up.md b/docs/platgovnetsuite/sod/sod_clean_up.md index 8f4bcb13e0..cfe0653de1 100644 --- a/docs/platgovnetsuite/sod/sod_clean_up.md +++ b/docs/platgovnetsuite/sod/sod_clean_up.md @@ -1,3 +1,9 @@ +--- +title: "SoD Clean Up" +description: "SoD Clean Up" +sidebar_position: 40 +--- + # SoD Clean Up The new **SoD** > **SoD Clean Up** menu accesses the power of Saved Searches to enable easy, diff --git a/docs/platgovnetsuite/sod/sod_notifications.md b/docs/platgovnetsuite/sod/sod_notifications.md index 6a58730b06..c3023f5073 100644 --- a/docs/platgovnetsuite/sod/sod_notifications.md +++ b/docs/platgovnetsuite/sod/sod_notifications.md @@ -1,3 +1,9 @@ +--- +title: "SoD Notifications" +description: "SoD Notifications" +sidebar_position: 50 +--- + # SoD Notifications SoD notifications offer a streamlined process for creating change requests and presenting diff --git a/docs/platgovnetsuite/sod/sod_overview.md b/docs/platgovnetsuite/sod/sod_overview.md index a9ae438c0f..43199944a5 100644 --- a/docs/platgovnetsuite/sod/sod_overview.md +++ b/docs/platgovnetsuite/sod/sod_overview.md @@ -1,3 +1,9 @@ +--- +title: "SoD Overview" +description: "SoD Overview" +sidebar_position: 170 +--- + # SoD Overview Advanced Segregation of Duties (SoD) gives you complete separation of duties and access controls. It diff --git a/docs/platgovnetsuite/sod/sod_reports.md b/docs/platgovnetsuite/sod/sod_reports.md index 63cce38e1e..214a82bd2b 100644 --- a/docs/platgovnetsuite/sod/sod_reports.md +++ b/docs/platgovnetsuite/sod/sod_reports.md @@ -1,3 +1,9 @@ +--- +title: "SoD Reports" +description: "SoD Reports" +sidebar_position: 90 +--- + # SoD Reports Here are the reports available for SoD: diff --git a/docs/platgovnetsuite/sod/sod_test_case_scenarios.md b/docs/platgovnetsuite/sod/sod_test_case_scenarios.md index bac675ca0b..a06f3605c7 100644 --- a/docs/platgovnetsuite/sod/sod_test_case_scenarios.md +++ b/docs/platgovnetsuite/sod/sod_test_case_scenarios.md @@ -1,3 +1,9 @@ +--- +title: "SoD Test Case Scenarios" +description: "SoD Test Case Scenarios" +sidebar_position: 110 +--- + # SoD Test Case Scenarios Here are test case scenarios for SoD rules: diff --git a/docs/platgovnetsuite/sod/sod_testing.md b/docs/platgovnetsuite/sod/sod_testing.md index 9b0b62f787..5528b55878 100644 --- a/docs/platgovnetsuite/sod/sod_testing.md +++ b/docs/platgovnetsuite/sod/sod_testing.md @@ -1,3 +1,9 @@ +--- +title: "SoD Testing Mode" +description: "SoD Testing Mode" +sidebar_position: 100 +--- + # SoD Testing Mode Testing Mode helps you implement a new SoD solution, or to clean up your existing account. By diff --git a/docs/platgovnetsuite/ticketingintegrations/_category_.json b/docs/platgovnetsuite/ticketingintegrations/_category_.json new file mode 100644 index 0000000000..f01f28d65f --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Ticketing System Integrations", + "position": 120, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "ticketing_integrations" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/ticketingintegrations/apioverview/_category_.json b/docs/platgovnetsuite/ticketingintegrations/apioverview/_category_.json new file mode 100644 index 0000000000..e5bd962a3a --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integration API", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "api_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md new file mode 100644 index 0000000000..c3fa2122d3 --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md @@ -0,0 +1,43 @@ +--- +title: "Integration API" +description: "Integration API" +sidebar_position: 40 +--- + +# Integration API + +The Integration API enables external access to Customization and Change Request objects. Third party +application are able to integrate via these APIs. + +- **Customizations** +- **Change Requests** can be created, updated, retrieved and deleted. +- **ERD** and **Impact Analysis** tools are available. + +- [Customizations API](/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/customizations_api.md) can be retrieved from your NetSuite account and can be + added and removed from your Change Requests. Here is the Customization API command: + + - [Get Customizations](/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/get_customizations.md): Returns customizations based on your filters. + +- [Change Request API](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/change_request_api.md) can be created, updated, retrieved and deleted. The + ERD and Impact Analysis tools are available. Here are the Change Request API commands: + + - [Get Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_change_request.md): Returns the change request associated with an + External ID. + - [Add/Update Customizations in a Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/add_update_change_request.md): adds/updates + customization and/or proposed customizations. + - [Delete Customizations in a Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/delete_customizations_change_request.md): removes + customizations and/or proposed customizations. + - [Get ERD](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_erd.md): returns ERD URL links for each customization. + - [Get Impact Analysis](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_impact_analysis.md): returns the impact analysis data for each + customization. Customizations are categorized as _Safe to Modify_, _Not Safe to Modify_, and + _Inactive_. + - [Push Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/push_change_request.md): pushes the external ticket details and creates + an equivalent change request. + +## Postman Links + +Both the Customizations and Change Requests API documentation are published in +[Postman](http://postman.com/). You can try out the API commands in the Postman interface. + +- [Customizations](https://documenter.getpostman.com/view/30883336/2s9YeABubu) API +- [Change Requests](https://documenter.getpostman.com/view/30883336/2s9YeABubr) API diff --git a/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/_category_.json b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/_category_.json new file mode 100644 index 0000000000..0f0fbba8de --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Change Request API", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "change_request_api" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/api/add_update_change_request.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/add_update_change_request.md similarity index 96% rename from docs/platgovnetsuite/api/add_update_change_request.md rename to docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/add_update_change_request.md index 667cf3b937..2bd7671cf0 100644 --- a/docs/platgovnetsuite/api/add_update_change_request.md +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/add_update_change_request.md @@ -1,3 +1,9 @@ +--- +title: "Add/Update Customizations in a Change Request" +description: "Add/Update Customizations in a Change Request" +sidebar_position: 20 +--- + # Add/Update Customizations in a Change Request Add or update customizations and proposed customizations in a Change Request. diff --git a/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/change_request_api.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/change_request_api.md new file mode 100644 index 0000000000..e80193f16e --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/change_request_api.md @@ -0,0 +1,27 @@ +--- +title: "Change Request API" +description: "Change Request API" +sidebar_position: 20 +--- + +# Change Request API + +The Change Request API provides external access to retrieve customization from a NetSuite account. + +Here are the Change Request API commands: + +- [Get Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_change_request.md): Returns the change request associated with an + External ID. +- [Add/Update Customizations in a Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/add_update_change_request.md): adds/updates + customization and/or proposed customizations. +- [Delete Customizations in a Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/delete_customizations_change_request.md): removes + customizations and/or proposed customizations. +- [Get ERD](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_erd.md): returns ERD URL links for each customization. +- [Get Impact Analysis](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_impact_analysis.md): returns the impact analysis data for each + customization. Customizations are categorized as _Safe to Modify_, _Not Safe to Modify_, and + _Inactive_. +- [Push Change Request](/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/push_change_request.md): pushes the external ticket details and creates an + equivalent change request. + +Try the [Change Requests](https://documenter.getpostman.com/view/30883336/2s9YeABubr) API in +Postman, where you can try out and test the commands. diff --git a/docs/platgovnetsuite/api/delete_customizations_change_request.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/delete_customizations_change_request.md similarity index 97% rename from docs/platgovnetsuite/api/delete_customizations_change_request.md rename to docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/delete_customizations_change_request.md index 3d55f2f3bf..3d5d81ec6a 100644 --- a/docs/platgovnetsuite/api/delete_customizations_change_request.md +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/delete_customizations_change_request.md @@ -1,3 +1,9 @@ +--- +title: "Delete Customizations in a Change Request" +description: "Delete Customizations in a Change Request" +sidebar_position: 30 +--- + # Delete Customizations in a Change Request Remove attached customization and proposed customizations from a Change Request. diff --git a/docs/platgovnetsuite/api/get_change_request.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_change_request.md similarity index 98% rename from docs/platgovnetsuite/api/get_change_request.md rename to docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_change_request.md index 396b69fa38..3d8f3239f9 100644 --- a/docs/platgovnetsuite/api/get_change_request.md +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_change_request.md @@ -1,3 +1,9 @@ +--- +title: "Get Change Request" +description: "Get Change Request" +sidebar_position: 10 +--- + # Get Change Request Returns the Change Request associated with an external ID. diff --git a/docs/platgovnetsuite/api/get_erd.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_erd.md similarity index 97% rename from docs/platgovnetsuite/api/get_erd.md rename to docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_erd.md index a5cf7a75dd..9defdf2c51 100644 --- a/docs/platgovnetsuite/api/get_erd.md +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_erd.md @@ -1,3 +1,9 @@ +--- +title: "Get ERD" +description: "Get ERD" +sidebar_position: 40 +--- + # Get ERD Returns a list of URLs for the ERDs of each customization attached to a Change Request. diff --git a/docs/platgovnetsuite/api/get_impact_analysis.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_impact_analysis.md similarity index 98% rename from docs/platgovnetsuite/api/get_impact_analysis.md rename to docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_impact_analysis.md index 4d45226aa4..ad8dd50e0f 100644 --- a/docs/platgovnetsuite/api/get_impact_analysis.md +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/get_impact_analysis.md @@ -1,3 +1,9 @@ +--- +title: "Get Impact Analysis" +description: "Get Impact Analysis" +sidebar_position: 50 +--- + # Get Impact Analysis Returns the impact analysis data of the customizations attached to a Change Request. Customization diff --git a/docs/platgovnetsuite/api/push_change_request.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/push_change_request.md similarity index 98% rename from docs/platgovnetsuite/api/push_change_request.md rename to docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/push_change_request.md index 8744ceedf0..ec506b0456 100644 --- a/docs/platgovnetsuite/api/push_change_request.md +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/changerequestapi/push_change_request.md @@ -1,3 +1,9 @@ +--- +title: "Push Change Request" +description: "Push Change Request" +sidebar_position: 60 +--- + # Push Change Request Pushes the external ticket details and creates an equivalent Change Request. diff --git a/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/_category_.json b/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/_category_.json new file mode 100644 index 0000000000..3c4f229b01 --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Customizations API", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "customizations_api" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/customizations_api.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/customizations_api.md new file mode 100644 index 0000000000..485f5be997 --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/customizations_api.md @@ -0,0 +1,16 @@ +--- +title: "Customizations API" +description: "Customizations API" +sidebar_position: 10 +--- + +# Customizations API + +The Customizations API provides external access to retrieve customization from a NetSuite account. + +Customizations API command: + +- [Get Customizations](/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/get_customizations.md) + +Try the [Customizations](https://documenter.getpostman.com/view/30883336/2s9YeABubu) API in Postman. +The **Get Customizations** API is published to Postman, where you can try it out and test it. diff --git a/docs/platgovnetsuite/api/get_customizations.md b/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/get_customizations.md similarity index 97% rename from docs/platgovnetsuite/api/get_customizations.md rename to docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/get_customizations.md index bf2a1bbd67..26932d7c64 100644 --- a/docs/platgovnetsuite/api/get_customizations.md +++ b/docs/platgovnetsuite/ticketingintegrations/apioverview/customizationsapi/get_customizations.md @@ -1,3 +1,9 @@ +--- +title: "Get Customizations" +description: "Get Customizations" +sidebar_position: 10 +--- + # Get Customizations Returns a list of customizations using the available user-defined filters. diff --git a/docs/platgovnetsuite/ticketingintegrations/jiraintegration/_category_.json b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/_category_.json new file mode 100644 index 0000000000..4089f95cdd --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Jira", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "jira_integration" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/integrations/finding_change_requests_approved_from_jira.md b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/finding_change_requests_approved_from_jira.md similarity index 85% rename from docs/platgovnetsuite/integrations/finding_change_requests_approved_from_jira.md rename to docs/platgovnetsuite/ticketingintegrations/jiraintegration/finding_change_requests_approved_from_jira.md index 06027a0771..5ebbe2c793 100644 --- a/docs/platgovnetsuite/integrations/finding_change_requests_approved_from_jira.md +++ b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/finding_change_requests_approved_from_jira.md @@ -1,3 +1,9 @@ +--- +title: "Finding Change Requests from Jira" +description: "Finding Change Requests from Jira" +sidebar_position: 20 +--- + # Finding Change Requests from Jira To find your change requests that originated in Jira: diff --git a/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md new file mode 100644 index 0000000000..1e9c60ed62 --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md @@ -0,0 +1,207 @@ +--- +title: "Jira" +description: "Jira" +sidebar_position: 10 +--- + +# Jira + +Platform Governance for NetSuite's Change Management capabilities are integrated with Jira, one of +the most popular issue ticketing and development project management systems. Customers are able to +look for and include NetSuite Customizations, assess impacts for requested changes, and push Jira +change tickets into a Change Request. This enables easy management of changes, seamless tracking of +compliant changes and automating the reconciliation of change logs during an audit. + +## Integration Overview + +- Features and Benefits +- Technical Considerations +- Jira Process Flow +- Set Up the Integration + +### Features and Benefits + +With Platform Governance for NetSuite's integration of NetSuite and Jira (Cloud), you can use the +Jira tool while we automatically add and track the associated changes in your NetSuite account. The +integration eliminates the need for double entry in the two systems. + +The Jira integration automatically syncs Jira tickets with NetSuite change request: + +- Creates a corresponding Change Request when a Jira ticket is generated. +- Updates NetSuite with the corresponding customizations. +- Sets the Change Request status to according to its corresponding Jira ticket status. + +Change Managers and System Administrators quickly realize the integration benefits: + +- Uses Jira to organize their development process. +- Maintains data integrity within Jira and NetSuite . +- Streamlines processes for updating daily activities and tasks. +- Reduces turnaround time for change deployments. +- Eliminates waiting for others to transition a change request status. +- Enables creating a change request to a target NetSuite account. + +### Technical Considerations + +Review these considerations prior to deploying the Jira integration: + +1. Platform Governance for NetSuite's integration is a client script that can be enabled or disabled + by form, user, or role. It has high order value to ensure it is the last thing to run and does + not interrupt any other process. +2. All functions are self-executing, complying with Jira best practices. +3. No DOM manipulation or global scripts are deployed. +4. No external libraries are needed. It is plain JavaScript. +5. No direct or custom database access is required. +6. NetSuite connections use the REST Jira interface, executing on the client side to prevent server + load. + +### Jira Process Flow + +![Jira Integration Process Flow](/img/product_docs/platgovnetsuite/integrations/strongpointjiraflow.webp) + +## Set Up the Integration + +To set up the Strongpoint Jira integration: + +1. Review Your Jira Statuses +2. Install the Netsuite Bundle +3. Configure NetSuite and Jira +4. Install the App +5. Create an Integration User Account (optional) +6. Set Up Token Based Authentication +7. Jira Integration Deployment + +### Review Your Jira Statuses + +To take advantage of the automatic synchronization feature, we recommend reviewing your Jira +statuses to be mapped to the Change Management statuses. When a ticket status is updated to a mapped +status, Platform Governance for NetSuite handles the synchronization between Jira and NetSuite. + +The mapping allows multiple Jira statuses to map to each Change Request status. +The mapping is part of the Configure NetSuite and Jira procedure. + +Refer to the Atlassian documentation for instructions on +[Defining status field values](https://confluence.atlassian.com/adminjiraserver070/defining-status-field-values-749382903.html?_ga=2.262596428.1900070949.1572132057-2138500458.1540834491). + +### Install the Netsuite Bundle + +1. Open **Customization** > **SuiteBundler** > **Search & Install Bundles** +2. Search for bundle **311231** +3. Click on **StrongPoint Jira integration Client Side** in the search results. +4. Click **Install** when the Bundle Details opens. +5. Click **Install Bundle** on the **Preview Bundle** Install page. + +### Configure NetSuite and Jira + +1. Open **Strongpoint** > **Strongpoint Support** > **Installation Settings** +2. Click **Edit** by the latest report to open **Configuration and Stats**. +3. Open the **Jira Integration** tab. +4. Enter your **Jira User name** and the **Jira Token**. Refer to the + [Atlassian documentation](https://confluence.atlassian.com/cloud/api-tokens-938839638.html) to + obtain a Token +5. Enter the mappings between your Jira statuses and the Change Request statuses. For best practice, + define your Jira statuses prior to this step. You can enter multiple Jira statuses for each + Change Request status, separated by commas. For example, **Ready for Deployment,Done**. Assign + your mapping for each of the Change Request statuses: + + - **Jira Statuses for In Progress Status** + - **Jira Statuses for Pending Approval Status** + - **Jira Statuses for Approved Status** + - **Jira Statuses for Complete Status** + - Jira Statuses for Rejected Status + - Jira Statuses for Canceled Status + +6. Check **Automatic Synchronization** to enable Platform Governance for NetSuite to handle the + synchronization between Jira and NetSuite when a Ticket status is updated to a mapped status. + without having to click **Push**. If you are using an account where you do not want to create a + Change Request, leave this unchecked so you can do your research or testing without generating + Change Requests. + + ![Jira Integration settings with mapped statues](/img/product_docs/platgovnetsuite/release_notes/jira_example_integration.webp) + +7. Check **Allow NS to Jira Push** to enable pushing NetSuite change requests into Jira. +8. Click **Save**. +9. Open **Customization** > **Scripting** > **Scripts**. +10. **View** the Suitelet script **STRONGPOINT Return Jira Ticket Info** +11. Open the **Deployments** tab. +12. Click the script **Title** to edit it. +13. Open the **Parameters** tab and enter the domain you use to access Jira. + + ![Enter your domain on the Parameters tab](/img/product_docs/platgovnetsuite/integrations/jira_parameters.webp) + +14. Click **Save**. + +### Install the App + +1. From Jira, open **Settings** > **Apps**. + + ![Open Jira Apps settings](/img/product_docs/platgovnetsuite/integrations/jira_settings_cloud.webp) + +2. Search for _Strongpoint for NetSuite_. + + ![Jira Search.](/img/product_docs/platgovnetsuite/integrations/jira_search.webp) + +3. Click on the **Strongpoint for NetSuite** tile to open the details and follow the installation + prompts. + +### Create an Integration User Account (optional) + +Consider creating an _Integration User_ for your users to enter for the Jira Credentials. For +accounts that use Two Factor Authentication (2FA) or Single Sign On (SSO), the _Integration User_ +can be configured with a limited role not requiring 2FA or SSO. The only requirement is the user +must have access granted for the **Strongpoint Developer Role**. + +### Set Up Token Based Authentication + +Token Based Authentication is set up through NetSuite. Here is the basic process: + +1. NetSuite Administrator creates an Integration Record for the Platform Governance for NetSuite + application. This only needs to be performed once per account. Open **Setup** > **Integration** > + **Integration Management** > **Manage Integrations** > **New** + Refer to the NetSuite help + [Create Integration Records for Applications to Use TBA](https://netsuite.custhelp.com/app/answers/detail/a_id/82077/kw/tba). + To + view a list of integration records in this account, open **Setup** > **Integration** > + **Integration Management** > **Manage Integrations**. +2. Each user creates their token in NetSuite. Refer to the + [NetSuite help Manage TBA Tokens in the NetSuite UI](https://netsuite.custhelp.com/app/answers/detail/a_id/41902) + for details. Once you have created your tokens, add them to Jira. +3. Open **Jira**. +4. Open your **Projects** page: + + ![Open your Jira Projects page to find Add-ons](/img/product_docs/platgovnetsuite/release_notes/jira_projects_menu.webp) + +5. Expand **Add-ons**. +6. Select **Strongpoint Settings**. + + ![Jira Strongpoint Settings](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_settings.webp) + +7. Click **New Token Based Authentication** to add your credentials. This needs to be done once for + each of your accounts. + + ![Add tokens for Jira](/img/product_docs/platgovnetsuite/release_notes/jira_add_token.webp) + +8. Enter your credentials and click **Add Token Based Authentication Credential**. +9. When logging into Platform Governance for NetSuite from Jira you can select your credentials. + Credentials persist once selected. + +### Jira Integration Deployment + +This process is performed by the Jira Administrator. + +1. Create a Jira ticket for deployment. +2. Select **Strongpoint NetSuite** activity tab. Select a NetSuite account to connect to. +3. Add customization/s(existing or proposed) to the Jira ticket: + + - Two ways to add: (a.) Click on **Lookup Customization** or **Proposed Customization** to + narrow down customizations to attach. (b.) Click on **Import Customization** , add + customizations in bulk from a file. File format accepted are XML and ZIP files. File contents + for XML should have the same format as the MANIFEST.xml file in the SDF Project. SDF zip + format uses the SDF structure as extracted from an existing SDF project. + - Added as customizations(existing or proposed), objects added are reflected in the Existing + Customization table and/or the Proposed Customization table in the Jira ticket. + +4. Click **Push** when complete. Platform Governance for NetSuite creates a Change Request using the + changes in the Jira ticket. +5. Start a Respider to create the Change Log and documents. + +**Next Step:** [ Jira Walkthrough Example](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_walkthrough_example.md) diff --git a/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_upload_addon_not_showing.md b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_upload_addon_not_showing.md new file mode 100644 index 0000000000..703e23724e --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_upload_addon_not_showing.md @@ -0,0 +1,18 @@ +--- +title: "Jira Upload Add On Not Showing" +description: "Jira Upload Add On Not Showing" +sidebar_position: 30 +--- + +# Jira Upload Add On Not Showing + +If the Upload add on is not shown on your screen, you are either not a Jira administrator or you +have not checked **Enable development mode**. + +To enable development mode: + +1. Open Jira. +2. Click **Settings** +3. Click **Enable development mode**. + +![Jira Enable Development Mode](/img/product_docs/platgovnetsuite/integrations/jira_enable_dev_mode.webp) diff --git a/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_walkthrough_example.md b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_walkthrough_example.md new file mode 100644 index 0000000000..5d5ca13cc7 --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_walkthrough_example.md @@ -0,0 +1,229 @@ +--- +title: "Jira Walkthrough Example" +description: "Jira Walkthrough Example" +sidebar_position: 10 +--- + +# Jira Walkthrough Example + +This walkthrough is one example based on our test account. You must +[install and configure](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) the Jira integration, including setting up the +**[Jira Statuses](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md)** prior to using this walkthrough. + +The walkthrough demonstrates these steps: + +- Create a Jira Ticket +- Enter your Credentials +- Add Customizations +- Perform Risk Assessment +- Ready for Development +- Deploy Changes and Complete the Ticket + +## Create a Jira Ticket + +1. Login to your Jira account. +2. Open a Project. +3. Click **Create** (**+**). + + ![jira_example_create_issue](/img/product_docs/platgovnetsuite/integrations/jira_example_create_issue.webp) + +4. Enter your information on the **Create issue** form: + + - **Project**: Select your Project. **NS & SF Jira Demo (SJD)** is selected for this example. + - **Issue Type**: Select your Jira type. **Task** is selected for this example. + - **Summary**: Add a name + - **Description** (optional) + +5. Click **Create**. + +Alerts and notifications may occur during this walkthrough, and are not included in these steps. For +example, override alert, notifications for approvers, and notification for the change request. + +## Enter your Credentials + +1. Open your new Jira ticket. If you look at the **Open Change Request**, the status is **Not logged + in your account**. +2. Expand **Comments** and select **Strongpoint NetSuite**. + + ![jira_example_credentials](/img/product_docs/platgovnetsuite/integrations/jira_example_credentials.webp) + +3. Select your NetSuite **Account** and enter your **Consumer Key**/**Secret** and **Token + ID**/**Secret**. If your account has an optional _[Integration User](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md)_ role, + enter the Email and Password credentials supplied by your administrator + + ![Check Token Based Authentication](/img/product_docs/platgovnetsuite/integrations/jira_token_authentication.webp) + +4. Click **Connect**. If the connection is successful, the form is displayed (see Add Customizations + section). The **Synchronized with**status displays the account you are logged into for NetSuite. + +You cannot login if you do not have the **appropriate role permissions to create a Change Request**. + +If you do not enter the correct email or password, an error is displayed. After six unsuccessful +consecutive attempts to login, your account is suspended for 30 minutes. + +![jira_example_credentials_error](/img/product_docs/platgovnetsuite/integrations/jira_example_credentials_error.webp) + +## Add Customizations + +Once you have logged in, the form is displayed. +![Jira Strongpoint form](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_form.webp) + +- **Synchronized with** displays the connected account. Click **Change Account** to switch to a + different Account. +- **Policy** is blank until Customizations have been added. The Policy is determined by the + Customization with the strictest policy. +- **Affected Bundle ID** can be added to the ticket. Enter the ID in the **Add Bundle ID** entry box + and click (**+**) to add it. You can delete an Affected Bundle ID with the + ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp)icon. +- **Change Level Required** is **Log Changes Only** until Customizations have been added. If there + are multiple change levels, the most stringent one is applied. +- Specify the Customizations you are changing or adding. + - **Lookup Customization** search for a customization. If the Customization exists in your + account, it is added to the **Existing Customizations** list. + - **Import Customization** if you have either an **xml** file generated from an existing ticket, + or an **SDF zip** file created in your Sandbox account, you can import the customizations. + Click **Import Customization**, navigate to your file, and click **Import**. + Modified customizations are added to the **Existing Customizations** list, new customizations + are added to the **Proposed Customizations** list. + - **Add Proposed Customization** adds a new customizations are added to the **Proposed + Customizations** list. You can delete added Customizations with the + ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp)icon. +- **Push** creates the Change Request in NetSuite. **Push** is also used to manually update your + Change Request if you are not using the [Automatic Synchronization](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) feature. +- **Push External** same as **Push** except you can specify a different Jira account. +- **Impact Analysis** and **View ERD** are tools to Perform Risk Assessment. + +### Add Existing Customizations by Name or Script ID + +1. Click **Lookup Customization**. +2. Enter all or part of a Name.. For this example, enter **new**. +3. Click **+** to search for matching Customizations. **View** displays the **Type** and **Script + ID** for a Customization. + + ![Add a Customization by Name](/img/product_docs/platgovnetsuite/integrations/jira_example_add_name.webp) + +4. Select one or more Customizations. For this example, select **New Opportunities Created + (Search)**. +5. Click **Add Selected Customizations**. The selected Customization is added to the **Existing + Customizations** list. + + ![New Opportunities Created (Search) added to Existing Customizations](/img/product_docs/platgovnetsuite/integrations/jira_example_new_opp.webp) + +6. Enter the Script ID **custentity_fmt_cust_credit_on_hold** in **Add Customizations** and click + **+**. +7. The **Set Customer Credit on Hold (Entity Field)** is displayed. Select it, and click **Add + Selected Customizations**. The selected Customization is added to the **Existing Customizations** + list. The **Change Level Required** changes from **Log Changes Only** to **Change Request**, + which is the policy for the **Set Customer Credit on Hold** field. + +### Add Proposed Customizations + +In this procedure, we are adding a new Customization. + +1. Enter a new, valid Script ID in the **Add Customizations** field. For this example, enter + **customlist_customer_priorities**. +2. Click (**+**) to add it. If the Script ID is valid, and does not match an existing Script ID, the + new Customization is added to the **Proposed Customizations** list. + + ![Customization added to Proposed Customization list](/img/product_docs/platgovnetsuite/integrations/jira_example_proposed_customization.webp) + +### Create the Change Request + +If you expand the **Change Request** field on the right, the status is **Not Synced with +Strongpoint**. + +1. Change the Jira status of your ticket to match the status set up for **Jira Statuses for In + Progress Status**. For example, **In Progress**. +2. Click **Push** to create the Change Request. This step is required for both manual and automatic + synchronization. A confirmation your Change Request was Created/Updated is displayed. The change + request is created in NetSuite with the **In Progress** status. If you mapped some of your Jira + statuses, then **Push** is only available those mapped statuses. +3. Expand the **Change Request** field on the right. The status is now **In Progress**. There is a + link to open the Change Request in NetSuite. + + ![Change Request set to In Progress](/img/product_docs/platgovnetsuite/integrations/jira_example_in_progress.webp) + +### Import Customizations from Jira + +In this procedure, we are adding customizations exported into an xml file. This is not required, but +is an alternative if you have a lot of customizations. + +1. Click **Import Customization**. + + ![Import customizations from an xml file.](/img/product_docs/platgovnetsuite/integrations/jira_import_cust.webp) + +2. Click **Choose File**, navigate to your xml file and click **Open**. +3. Click **Import**. The customizations appear in the **Existing Customizations** list. + + ![The customizations appear in the Existing Customizations list.](/img/product_docs/platgovnetsuite/integrations/jira_import_cust2.webp) + +## Perform Risk Assessment + +### Impact Analysis + +The impact analysis tool reviews your customizations for dependencies or risks. Click **Impact +Analysis** to run the tool. Here is an example report: + +![Impact analysis report](/img/product_docs/platgovnetsuite/integrations/jira_example_impact_analysis.webp) + +Before proceeding with your changes, review each warning to ensure your change does not break +something. Dependencies can easily be reviewed with the ERD tool. + +### View ERD + +The Entity Relationship Diagram (ERD) tool graphically displays your Customizations and all +dependencies. + +1. Click **View ERD**. +2. Select the Customization to view from the list. For this example, select **Set Customer Credit on + Hold (Entity Field)**. +3. When the diagram opens, you can explore the dependencies to evaluate the effect of your intended + changes. + + ![Run the ERD to view dependencies](/img/product_docs/platgovnetsuite/integrations/jira_example_erd.webp) + +## Ready for Development + +Once you have resolved any risk or conflicts, your changes are ready for development: + +1. Change the Jira status of your ticket to match the status set up for **Jira Statuses for Pending + Approval Status**. For example, **Selected for Development**. +2. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) to push + status changes. A confirmation your Change Request was Created/Updated is displayed. +3. Expand the **Change Request** field on the right. The status is now **Pending Approval**. There + is a link to open the Change Request in NetSuite. + + ![Change Request is set to Pending Approval](/img/product_docs/platgovnetsuite/integrations/jira_example_pending_approval.webp) + +4. Click the **Go To Record** link to view the Change Request. + + ![Change Request is Pending Approval](/img/product_docs/platgovnetsuite/integrations/jira_example_change_request.webp) + +## Deploy Changes and Complete the Ticket + +When development is done, and the Change Request is approved according to your policy, the Jira +ticket is ready to be updated. + +1. Expand the **Change Request** field on the right. The status is **Approved**. + ![Change Request is now Approved](/img/product_docs/platgovnetsuite/integrations/jira_example_approved.webp) +2. Change the Jira status of your ticket to match the status set up for **Jira Statuses for Approved + Status**. In our example set up, we have two possible statuses: **Ready for Deployment** and + **Done**. Setting up two statuses enables you to split up the deployment and the ticket closure + if you want to monitor the deployment task separately. Both statuses are valid for Deployment, + but only **Done** closes the Jira ticket and updates the Change Request to **Completed**. +3. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) to push + status changes. A confirmation your Change Request was Created/Updated is displayed. +4. If you used **Ready for Deployment**, update your Jira status to **Done** once your deployment + and verification activities are complete. + +If you open the Change Request in NetSuite: + +- All Customizations added from Jira are displayed. +- **Affected Bundle ID** is added (if used). +- **Change Overview** is set to the Jira ticket description. +- Change Request is **Approved** and ready to be deployed. +- **Originated System**, **External Change Request Number** and **External Link** to the Jira ticket + are populated on the **Related Change Records** tab. +- If the Jira status is **Done**, the Change Request shows as **Completed**. + + ![The completed change request](/img/product_docs/platgovnetsuite/integrations/jira_example_completed.webp) diff --git a/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/_category_.json b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/_category_.json new file mode 100644 index 0000000000..d5092b299b --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "ServiceNow", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "servicenow_integration" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/integrations/servicenow_create_ticket.md b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_create_ticket.md similarity index 89% rename from docs/platgovnetsuite/integrations/servicenow_create_ticket.md rename to docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_create_ticket.md index eca494654a..3dff08287e 100644 --- a/docs/platgovnetsuite/integrations/servicenow_create_ticket.md +++ b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_create_ticket.md @@ -1,6 +1,12 @@ +--- +title: "Creating a Ticket and Change Request for ServiceNow" +description: "Creating a Ticket and Change Request for ServiceNow" +sidebar_position: 20 +--- + # Creating a Ticket and Change Request for ServiceNow -The [ServiceNow integration](/docs/platgovnetsuite/integrations/servicenow_install_configure_netsuite.md) must be installed and +The [ServiceNow integration](/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_install_configure_netsuite.md) must be installed and configured prior to use. 1. Open **ServiceNow**. diff --git a/docs/platgovnetsuite/integrations/servicenow_install_configure_netsuite.md b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_install_configure_netsuite.md similarity index 98% rename from docs/platgovnetsuite/integrations/servicenow_install_configure_netsuite.md rename to docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_install_configure_netsuite.md index e44f3cf362..164601d3d6 100644 --- a/docs/platgovnetsuite/integrations/servicenow_install_configure_netsuite.md +++ b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_install_configure_netsuite.md @@ -1,3 +1,9 @@ +--- +title: "Installing ServiceNow in NetSuite" +description: "Installing ServiceNow in NetSuite" +sidebar_position: 10 +--- + # Installing ServiceNow in NetSuite ## Install NetSuite Bundle diff --git a/docs/platgovnetsuite/integrations/servicenow_integration.md b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_integration.md similarity index 96% rename from docs/platgovnetsuite/integrations/servicenow_integration.md rename to docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_integration.md index 8e073c9b33..ab2f8cad8b 100644 --- a/docs/platgovnetsuite/integrations/servicenow_integration.md +++ b/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_integration.md @@ -1,3 +1,9 @@ +--- +title: "ServiceNow" +description: "ServiceNow" +sidebar_position: 20 +--- + # ServiceNow ## Features and Benefits diff --git a/docs/platgovnetsuite/ticketingintegrations/ticketing_integrations.md b/docs/platgovnetsuite/ticketingintegrations/ticketing_integrations.md new file mode 100644 index 0000000000..283c50f04f --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/ticketing_integrations.md @@ -0,0 +1,23 @@ +--- +title: "Ticketing System Integrations" +description: "Ticketing System Integrations" +sidebar_position: 120 +--- + +# Ticketing System Integrations + +Many customers use ticketing and change approval systems in the management of changes to all of +their business systems not just Salesforce or NetSuite. Platform Governance for NetSuite provides +integrations with external ticketing systems to improve workflows for customers using both. This +brings all the benefits of Platform Governance for NetSuite to your external ticketing systems, +including the impact analysis, release management and change reconciliation features. + +Ticketing Integrations with NetSuite include: + +- [Jira](/docs/platgovnetsuite/ticketingintegrations/jiraintegration/jira_integration.md) +- [ServiceNow](/docs/platgovnetsuite/ticketingintegrations/servicenowintegration/servicenow_integration.md) +- [Zendesk](/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_integration.md) +- [Integration API](/docs/platgovnetsuite/ticketingintegrations/apioverview/api_overview.md) enables your developers to support your ticketing + systems, making the integration functionality available to everyone. Integrating your systems with + your Platform Governance for NetSuite account helps you make the most of your change management + and ticketing strategies. diff --git a/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/_category_.json b/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/_category_.json new file mode 100644 index 0000000000..1daa089f35 --- /dev/null +++ b/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Zendesk", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "zendesk_integration" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/integrations/zendesk_integration.md b/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_integration.md similarity index 97% rename from docs/platgovnetsuite/integrations/zendesk_integration.md rename to docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_integration.md index 1faf12897d..e96e569050 100644 --- a/docs/platgovnetsuite/integrations/zendesk_integration.md +++ b/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_integration.md @@ -1,3 +1,9 @@ +--- +title: "Zendesk" +description: "Zendesk" +sidebar_position: 30 +--- + # Zendesk Platform Governance for NetSuite's Change Management capabilities are integrated with Zendesk, one @@ -104,4 +110,4 @@ After you install the Zendesk app, set up the approvals. - **Approval process** select the approval process to use. **Strongpoint Approval in Zendesk**, **Strongpoint Approval in NetSuite**, **No Appoval Needed**, or **Not set**. -**Next Step:** [ Zendesk Walkthrough Example](/docs/platgovnetsuite/integrations/zendesk_walkthrough_example.md) +**Next Step:** [ Zendesk Walkthrough Example](/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_walkthrough_example.md) diff --git a/docs/platgovnetsuite/integrations/zendesk_walkthrough_example.md b/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_walkthrough_example.md similarity index 92% rename from docs/platgovnetsuite/integrations/zendesk_walkthrough_example.md rename to docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_walkthrough_example.md index 736f756e21..3f1e7200fb 100644 --- a/docs/platgovnetsuite/integrations/zendesk_walkthrough_example.md +++ b/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_walkthrough_example.md @@ -1,7 +1,13 @@ +--- +title: "Zendesk Walkthrough Example" +description: "Zendesk Walkthrough Example" +sidebar_position: 10 +--- + # Zendesk Walkthrough Example This walkthrough is one example based on our test account. You must -[install and configure](/docs/platgovnetsuite/integrations/zendesk_integration.md) the Zendesk integration, prior to using this +[install and configure](/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_integration.md) the Zendesk integration, prior to using this walkthrough. Alerts and notifications may occur during this walkthrough, and are not included in these steps. For @@ -53,7 +59,7 @@ Open your new Zendesk ticket. **Test Ticket** in this example. If you do not see the app, make sure the Apps are toggled on using the Apps icon ![Zendesk Apps visibility icon](/img/product_docs/platgovnetsuite/integrations/zendesk_apps_icon.webp) and verify you are a member of a group or role -[authorized to access the app](/docs/platgovnetsuite/integrations/zendesk_integration.md). +[authorized to access the app](/docs/platgovnetsuite/ticketingintegrations/zendeskintegration/zendesk_integration.md). ![The Strongpoint app is available after you create the ticket.](/img/product_docs/platgovnetsuite/integrations/zendesk_strongpoint_app_ticket.webp) @@ -94,7 +100,7 @@ feature. There is an options menu available for each added customization. Options include **Remove** and **ERD**. Selecting **ERD** launches the -[Entity Relationship Diagram](/docs/platgovnetsuite/customizations/using_erd.md) for the customization. +[Entity Relationship Diagram](/docs/platgovnetsuite/customization/using_erd.md) for the customization. ### Add Proposed Customizations diff --git a/docs/platgovnetsuite/tools/_category_.json b/docs/platgovnetsuite/tools/_category_.json new file mode 100644 index 0000000000..90ac653000 --- /dev/null +++ b/docs/platgovnetsuite/tools/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Tools Overview", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "tools_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/tools/standard_field_impact_analysis.md b/docs/platgovnetsuite/tools/standard_field_impact_analysis.md index 6e989fc388..8964616170 100644 --- a/docs/platgovnetsuite/tools/standard_field_impact_analysis.md +++ b/docs/platgovnetsuite/tools/standard_field_impact_analysis.md @@ -1,3 +1,9 @@ +--- +title: "Standard Field Impact Analysis" +description: "Standard Field Impact Analysis" +sidebar_position: 20 +--- + # Standard Field Impact Analysis You can manually run an impact analysis from the Tools menu. Impact analysis runs automatically from diff --git a/docs/platgovnetsuite/tools/tools_overview.md b/docs/platgovnetsuite/tools/tools_overview.md index 173673b340..a74c5257cf 100644 --- a/docs/platgovnetsuite/tools/tools_overview.md +++ b/docs/platgovnetsuite/tools/tools_overview.md @@ -1,8 +1,14 @@ +--- +title: "Tools Overview" +description: "Tools Overview" +sidebar_position: 30 +--- + # Tools Overview The **Strongpoint** > **Tools** menu accesses: -- [Strongpoint Spider](/docs/platgovnetsuite/installing_strongpoint/running_the_spider.md): runs the Spider on your +- [Strongpoint Spider](/docs/platgovnetsuite/installation/running_the_spider.md): runs the Spider on your account. - **Strongpoint SQL Library**: accesses the Strongpoint SQL Formula library. Use the available formulas to simply your Customization development. diff --git a/docs/platgovnetsuite/troubleshooting/mobile_devices.md b/docs/platgovnetsuite/troubleshooting/mobile_devices.md deleted file mode 100644 index 11b9efe331..0000000000 --- a/docs/platgovnetsuite/troubleshooting/mobile_devices.md +++ /dev/null @@ -1,3 +0,0 @@ -# Platform Governance for NetSuite Not Supported on Mobile Devices - -Platform Governance for NetSuite is not supported on mobile devices. Key features are not available. diff --git a/docs/platgovnetsuite/troubleshooting/report_a_bug.md b/docs/platgovnetsuite/troubleshooting/report_a_bug.md deleted file mode 100644 index 277c8d8714..0000000000 --- a/docs/platgovnetsuite/troubleshooting/report_a_bug.md +++ /dev/null @@ -1,31 +0,0 @@ -# Contact Support - -If you encounter any problems using Platform Governance for NetSuite or you have suggested -improvements, we would love to hear from you! Your feedback is incredibly valuable to us and the -continued success of our products. There are multiple options to provide feedback: - -- Contact Support -- Comment on a User Guide Topic - -## Contact Support - -You can contact Support with any feedback or issues. There are links within Platform Governance for -NetSuite to make it easy to access the Netwrix support site at -[https://www.netwrix.com/support.html](https://www.netwrix.com/support.html) - -- Click **Submit a Support Case** from the - [Strongpoint Overview Dashboard](/docs/platgovnetsuite/navigating_strongpoint.md) in your Production or Sandbox - accounts. -- Open **Strongpoint** > **Strongpoint Support** > **Contact Support** to open the Netwrix Support - site. - -![Contact Strongpoint Support](/img/product_docs/platgovnetsuite/troubleshooting/report_bug.webp) - -## Comment on a User Guide Topic - -There is a comment button at the end of each topic, enabling you to easily send feedback to Support -on the topic. - -![Click to leave feedback on the current topic.](/img/product_docs/platgovnetsuite/troubleshooting/comment_button.webp) - -![Enter your feedback on the current topic.](/img/product_docs/platgovnetsuite/troubleshooting/comment_form.webp) diff --git a/docs/platgovnetsuite/troubleshooting/spider_page_not_found.md b/docs/platgovnetsuite/troubleshooting/spider_page_not_found.md deleted file mode 100644 index f2c7008d8e..0000000000 --- a/docs/platgovnetsuite/troubleshooting/spider_page_not_found.md +++ /dev/null @@ -1,7 +0,0 @@ -# Spider Page Not Found - -If you see the **Spider Page Not Found** error: - -1. Open **Setup** > **Company** > **General Preferences** -2. Make sure **Web Site Hosting Files Always Available** is checked. -3. Click **Save** diff --git a/docs/platgovnetsuite/troubleshooting/spider_spins.md b/docs/platgovnetsuite/troubleshooting/spider_spins.md deleted file mode 100644 index 3e253397ff..0000000000 --- a/docs/platgovnetsuite/troubleshooting/spider_spins.md +++ /dev/null @@ -1,6 +0,0 @@ -# Spider Spins and Does Not Finish - -If you kick off a spider and the gears on the page spin for more than an hour, this is likely an -issue with the **IP Restriction**. Contact Netwrix support at -[https://www.netwrix.com/support.html ](https://www.netwrix.com/support.html) for assistance in -configuring your account. diff --git a/docs/platgovnetsuite/troubleshooting/stop_scripts.md b/docs/platgovnetsuite/troubleshooting/stop_scripts.md deleted file mode 100644 index 85f9f00fd4..0000000000 --- a/docs/platgovnetsuite/troubleshooting/stop_scripts.md +++ /dev/null @@ -1,7 +0,0 @@ -# Stop Scripts - -You can stop the Spider scripts at any point during the spider process: - -Open **Strongpoint** > **Strongpoint Support** > **Stop Scripts** - -This stops the next execution of the scheduled scripts. diff --git a/docs/platgovnetsuite/uar/welcome.md b/docs/platgovnetsuite/uar/welcome.md deleted file mode 100644 index 1a22d420d6..0000000000 --- a/docs/platgovnetsuite/uar/welcome.md +++ /dev/null @@ -1,82 +0,0 @@ -# Welcome - -Roles and Permissions are not a set once and forget about them activity. Both should be reviewed -regularly to ensure your data is secured and users in your organization have the right access. -**User Access Review** streamlines this review process, making it easy to manage and review all -access to your NetSuite data. UAR users must have a [license](/docs/platgovnetsuite/uar/install_app.md). - -## Terminology - -Here are the basic terms used throughout the UAR guide: - -- UAR Reviewer Roles -- Review Types -- Access Review -- Principle of Least Privilege -- Permissions and Roles - -### UAR Reviewer Roles - -Access and permissions to UAR is controlled by roles: - -- **UAR Admin** manages the UAR process. This reviewer can: - - - Assign Role Owners. - - Create Single or Global User Access Reviews. - - Check Status of UARs. - - Send reminders to Owners. - - Run reporting. - -- **UAR Owner** performs Role Permission and Role Membership Reviews. This reviewer can: - - - Review and Complete UARs. - - Request Changes to Permission or Permission Levels to owned Roles. - - Request Changes to Role Assignments for owned Roles. - - Designate an Additional Approver for a Membership Review for owned Roles. For example, a user - that does not report to you has a Role you own. You may want the user’s supervisor to also - approve the Role Assignment. - -- **UAR Auditor** read-only access to the UAR to perform auditing functions. -- **UAR Additional Reviewer** performs assigned membership reviews. Additional reviewers are - assigned by the UAR Owners. - -### Review Types - -- **Membership** review the roles and global permissions assigned to individuals is appropriate. -- **Permissions** review the permissions and levels assigned to a role. - -Reviews can be single or global. A global review is a group of single reviews assigned to one or -more owners. - -### Access Review - -- Roles only have required permissions. -- Users only have required roles. -- Unused roles and access are identified and removed. -- Folder access is restricted. - -### Principle of Least Privilege - -- Users and scripts only have the access needed to do their tasks. -- Minimize the ability for users or outside actors to change or steal data. - -### Permissions and Roles - -_Permissions_ are assigned to _roles_, _roles_ are assigned to _users_. This follows the NetSuite -concepts. - -Permission Levels: - -- **None** - remove the permission from the user. -- **View** -- **Create** (View/Create) -- **Edit** (View/Create/Edit) -- **Full** (View/Create/Edit/Delete) - -Permissions are categorized by: - -- Transactions -- Reports -- Lists, including Master Data and Configuration -- Setup -- Custom Records diff --git a/docs/platgovnetsuite/user_management/user_managment_overview.md b/docs/platgovnetsuite/user_managment_overview.md similarity index 92% rename from docs/platgovnetsuite/user_management/user_managment_overview.md rename to docs/platgovnetsuite/user_managment_overview.md index 2b647a040b..806bc4a2ee 100644 --- a/docs/platgovnetsuite/user_management/user_managment_overview.md +++ b/docs/platgovnetsuite/user_managment_overview.md @@ -1,3 +1,9 @@ +--- +title: "User Management" +description: "User Management" +sidebar_position: 150 +--- + # User Management These reports are available on the User Management Menu: diff --git a/docs/platgovnetsuite/usingprocessissues/_category_.json b/docs/platgovnetsuite/usingprocessissues/_category_.json new file mode 100644 index 0000000000..50a5c0c70a --- /dev/null +++ b/docs/platgovnetsuite/usingprocessissues/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Process Issues", + "position": 140, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "using_process_issues" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/processes/using_process_issues.md b/docs/platgovnetsuite/usingprocessissues/using_process_issues.md similarity index 98% rename from docs/platgovnetsuite/processes/using_process_issues.md rename to docs/platgovnetsuite/usingprocessissues/using_process_issues.md index b2fc026894..2c7ddaba83 100644 --- a/docs/platgovnetsuite/processes/using_process_issues.md +++ b/docs/platgovnetsuite/usingprocessissues/using_process_issues.md @@ -1,3 +1,9 @@ +--- +title: "Using Process Issues" +description: "Using Process Issues" +sidebar_position: 10 +--- + # Using Process Issues The Process issue ticketing system: diff --git a/docs/platgovnetsuite/welcome.md b/docs/platgovnetsuite/welcome.md deleted file mode 100644 index bd485d484a..0000000000 --- a/docs/platgovnetsuite/welcome.md +++ /dev/null @@ -1,93 +0,0 @@ -# Welcome - -Platform Governance for NetSuite is a SuiteApp integrated into the NetSuite backend keeping all your -data within your NetSuite account. Your documentation is automatically maintained so it is always up -to date. - -By implementing Platform Governance for NetSuite you can: - -- Automatically catalog all custom fields, scripts, forms, searches, records and workflows. -- Visually browse standard and custom fields, lists and records to find all related scripts, - searches, users and departments. -- Capture and search script comments and identify poorly commented code. -- Automatically track changes to your customizations using the change logs, so you can see what - customizations were changed, how they were changed, when they were changed and who changed them. - -Check out Netwrix University for helpful tutorials. -[Sign in to your Netwrix account](https://www.netwrix.com/my_training.html) to access the tutorials. - -## Installation and Initial Scan - -Once you install Platform Governance for NetSuite, you simply click the **Start Spider** button and -your customizations are documented over the course of 4-5 days with minimal impact on system -performance. Once completed, you have a searchable database of all your customizations. - -## Documentation and Optimization - -After installation, it takes 4-5 days to document your customizations and approximately 3 weeks to -have your account both fully documented and optimized. - -### Clean Up - -Use the end to end documentation of custom objects and our Clean Up Tools to: - -- Identify unused fields, searches and other custom objects. -- Quickly identify dependencies to reduce the risk of breaking things in your account (i.e. see if a - search is being used in a script or workflow). -- Use Change Requests to keep your changes organized and capture approvals. - -### Script Management - -Critical Script Analysis enables you to determine how healthy your scripts are and what areas you -can fix to improve your account. With our tools and the Critical Script Analysis methodology you -can: - -- Identify high priority scripts based on usage. -- Identify people and departments triggering scripts to focus on scripts that could be - inappropriately triggered. -- Understand script execution times. - -## Intelligent Change Management - -Platform Governance for NetSuite is the only application for NetSuite that enables end to end change -management and compliance. This process can be achieved effectively in only 5 weeks after install. - -By implementing Platform Governance for NetSuite you give your customers the ability to: - -- Track all changes to custom objects in NetSuite. -- Automatically be alerted to non-compliant changes. -- Set compliance requirements by risks based on System Complexity and Processes that are then - automatically tracked. -- Manage changes right in NetSuite by using the Change Request. -- Use automated impact analysis to identify the risks associated with changing custom objects. -- Use test records to manage tests in a central repository linked to the customization records. - -## Enterprise Compliance - -Once Intelligent Change Management is complete, it only takes between 3 to 4 weeks to achieve -Enterprise Compliance. - -### Environment Comparison - -The Environment Management Module enables NetSuite customers and consultants to quickly and -accurately identify differences between any two NetSuite accounts that havePlatform Governance for -NetSuite Intelligent Change Management installed. Since both accounts have Platform Governance for -NetSuite documentation in place, the tool can quickly and easily compare them. It is principally -used in four scenarios: - -1. Sandbox Refreshes -2. Migrating Customizations Between Developer and Sandbox Accounts -3. User Acceptance Testing (UAT) and Performance Testing Environment Validation -4. Deploying Changes to Production - -### Automated Audit - -Agent automates IT and financial controls and critical change practices to ensure configuration and -master data are compliant. It can: - -- Check for process problems regularly without user event scripts. -- Automatically generate and assign tasks, cases or process issues for each detected problem. -- Automatically alert key stakeholders. -- Log control violations for clearance. -- Store relevant data as a CSV to create a snapshot for compliance or troubleshooting purposes. -- Block unauthorized changes to critical records and fields (requires Advanced Change Management). diff --git a/docs/platgovnetsuite/welcome/_category_.json b/docs/platgovnetsuite/welcome/_category_.json new file mode 100644 index 0000000000..f4fec08824 --- /dev/null +++ b/docs/platgovnetsuite/welcome/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Welcome", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "welcome" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/uar/access_app.md b/docs/platgovnetsuite/welcome/access_app.md similarity index 80% rename from docs/platgovnetsuite/uar/access_app.md rename to docs/platgovnetsuite/welcome/access_app.md index 87fe2a19da..c2b12fb791 100644 --- a/docs/platgovnetsuite/uar/access_app.md +++ b/docs/platgovnetsuite/welcome/access_app.md @@ -1,10 +1,16 @@ +--- +title: "Accessing User Access Review" +description: "Accessing User Access Review" +sidebar_position: 20 +--- + # Accessing User Access Review -The User Access Review bundle must be [installed](/docs/platgovnetsuite/uar/install_app.md), and users must have NetSuite +The User Access Review bundle must be [installed](/docs/platgovnetsuite/welcome/install_app.md), and users must have NetSuite accounts and a UAR license to access User Access Review. **User Access Review** is available on the NetSuite menu bar if you have a -[license](/docs/platgovnetsuite/uar/install_app.md). If it is not on your menu, contact your Netwrix or NetSuite +[license](/docs/platgovnetsuite/welcome/install_app.md). If it is not on your menu, contact your Netwrix or NetSuite administrator. ![User Access Review menu](/img/product_docs/platgovnetsuite/uar/uar_menu.webp) diff --git a/docs/platgovnetsuite/welcome/addrevieweroverview/_category_.json b/docs/platgovnetsuite/welcome/addrevieweroverview/_category_.json new file mode 100644 index 0000000000..acaabf5d20 --- /dev/null +++ b/docs/platgovnetsuite/welcome/addrevieweroverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Additional Reviewer Overview", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "add_reviewer_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_membership_reviews.md b/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_membership_reviews.md similarity index 97% rename from docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_membership_reviews.md rename to docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_membership_reviews.md index 5131948120..b354cf5083 100644 --- a/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_membership_reviews.md +++ b/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_membership_reviews.md @@ -1,3 +1,9 @@ +--- +title: "Additional Reviewer Membership Reviews" +description: "Additional Reviewer Membership Reviews" +sidebar_position: 20 +--- + # Additional Reviewer Membership Reviews This type of review is used to keep your roles up to date. When you click on a membership review, diff --git a/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_overview.md b/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_overview.md similarity index 81% rename from docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_overview.md rename to docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_overview.md index 1f5ed26b62..76162fa2c5 100644 --- a/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_overview.md +++ b/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_overview.md @@ -1,8 +1,14 @@ +--- +title: "Additional Reviewer Overview" +description: "Additional Reviewer Overview" +sidebar_position: 50 +--- + # Additional Reviewer Overview Additional Reviewers are assigned by the UAR owners to perform reviews. Additional Reviewers are notified with an email message when a new review has been assigned. You can click one of the links -in the email, or login to NetSuite and open [User Access Review](/docs/platgovnetsuite/uar/access_app.md) to access the +in the email, or login to NetSuite and open [User Access Review](/docs/platgovnetsuite/welcome/access_app.md) to access the dashboard. 1. Open **User Access Review** from NetSuite. @@ -15,8 +21,8 @@ Here is an example additional reviewer dashboard showing new assignments. ## Dashboard Controls - **Home** icon is your dashboard overview, and the default display when you log in. -- **UAR List** is your **[User Access Reviews List](/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_uar_list.md)**. -- **UAR History** is your **[User Access Reviews History](/docs/platgovnetsuite/uar/uar_history.md)**. +- **UAR List** is your **[User Access Reviews List](/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_uar_list.md)**. +- **UAR History** is your **[User Access Reviews History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md)**. - **User Access Reviews** shortcut shows the number of open reviews. Opens your **User Access Reviews List**. - **Notifications** is a list of your assignment notifications and reminders: diff --git a/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_uar_list.md b/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_uar_list.md similarity index 92% rename from docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_uar_list.md rename to docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_uar_list.md index e51f8c44e7..8a726abb8e 100644 --- a/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_uar_list.md +++ b/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_uar_list.md @@ -1,3 +1,9 @@ +--- +title: "User Access Reviews List" +description: "User Access Reviews List" +sidebar_position: 10 +--- + # User Access Reviews List Access your Additional Reviewer list from **UAR List** in your menu bar, or one of the review @@ -30,8 +36,8 @@ Use **Clear** to reset the Filters. ## UAR List - **Name** is a link. For a **global** review, the link opens the Review list showing all of the - associated reviews. For a **single** review the [Membership](/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_membership_reviews.md) - or [Permission ](/docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md)**Review** tab is opened. Reviews can + associated reviews. For a **single** review the [Membership](/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_membership_reviews.md) + or [Permission ](/docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md)**Review** tab is opened. Reviews can also be opened via links in dashboard or email **Notifications**. - **Number of Reviews** (global) is the number of single reviews in the global review. - **Review Type** is the type of review. Global can be **Both**, **Membership**, or **Permission**. @@ -69,7 +75,7 @@ showing all of the single reviews associated with the global review. details for the reviews. - **Extract Permission Detail**creates a CSV file (_Permission_Report.csv_) of the permission details for the reviews. -- **Review Name** is a link to the [Membership](/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_membership_reviews.md) **Review** tab. +- **Review Name** is a link to the [Membership](/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_membership_reviews.md) **Review** tab. Reviews can also be opened via links in dashboard or email **Notifications**. - **Role Name** the role being reviewed. - **Review Type** is the type of review: **Membership** or **Permission**. The review type is set @@ -96,4 +102,4 @@ showing all of the single reviews associated with the global review. - **Complete Date** the date the review was completed. Continue with the procedures to complete your Additional Reviewer -[Membership](/docs/platgovnetsuite/uar/uar_additional_reviewer/add_reviewer_membership_reviews.md) reviews. +[Membership](/docs/platgovnetsuite/welcome/addrevieweroverview/add_reviewer_membership_reviews.md) reviews. diff --git a/docs/platgovnetsuite/welcome/adminoverview/_category_.json b/docs/platgovnetsuite/welcome/adminoverview/_category_.json new file mode 100644 index 0000000000..86180114c4 --- /dev/null +++ b/docs/platgovnetsuite/welcome/adminoverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "UAR Admin", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "admin_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/uar/uar_admin/admin_overview.md b/docs/platgovnetsuite/welcome/adminoverview/admin_overview.md similarity index 84% rename from docs/platgovnetsuite/uar/uar_admin/admin_overview.md rename to docs/platgovnetsuite/welcome/adminoverview/admin_overview.md index c3f70cdc3b..b41f9effc4 100644 --- a/docs/platgovnetsuite/uar/uar_admin/admin_overview.md +++ b/docs/platgovnetsuite/welcome/adminoverview/admin_overview.md @@ -1,7 +1,13 @@ +--- +title: "UAR Admin" +description: "UAR Admin" +sidebar_position: 30 +--- + # UAR Admin **UAR Admin**manages the UAR process. Administrators login to NetSuite and open -[User Access Review](/docs/platgovnetsuite/uar/access_app.md) to access the dashboard. UAR administrators can: +[User Access Review](/docs/platgovnetsuite/welcome/access_app.md) to access the dashboard. UAR administrators can: - Assign owners to a role - Create Reviews to a Role @@ -16,8 +22,8 @@ Here is an example of the Admin dashboard displayed when you log in: - **Home** icon is your dashboard overview, and the default display when you log in. - **Owner List** displays all reviews with an assigned owner. - **Pending Role Assignments** displays all reviews without an assigned owner. -- **UAR List** is your **[User Access Reviews List](/docs/platgovnetsuite/uar/uar_owner/owner_uar_list.md)**. -- **UAR History** is your **[User Access Reviews History](/docs/platgovnetsuite/uar/uar_history.md)**. +- **UAR List** is your **[User Access Reviews List](/docs/platgovnetsuite/welcome/owneroverview/owner_uar_list.md)**. +- **UAR History** is your **[User Access Reviews History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md)**. - **Open Global Reviews** shortcut shows the number of open reviews. Opens your **User Access Reviews List**. - **Pending Role Assignments** shortcut shows the number of roles without review owners. Opens your diff --git a/docs/platgovnetsuite/uar/uar_admin/admin_owner_list.md b/docs/platgovnetsuite/welcome/adminoverview/admin_owner_list.md similarity index 96% rename from docs/platgovnetsuite/uar/uar_admin/admin_owner_list.md rename to docs/platgovnetsuite/welcome/adminoverview/admin_owner_list.md index bd51cb3991..bfa912493c 100644 --- a/docs/platgovnetsuite/uar/uar_admin/admin_owner_list.md +++ b/docs/platgovnetsuite/welcome/adminoverview/admin_owner_list.md @@ -1,7 +1,13 @@ +--- +title: "Owner List" +description: "Owner List" +sidebar_position: 10 +--- + # Owner List Access your **Owner List** from your menu bar. This is where Administrators can add or remove owners -from reviews. All changes are captured in the [UAR History](/docs/platgovnetsuite/uar/uar_history.md). +from reviews. All changes are captured in the [UAR History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md). Auditors can view the Owner list and Owner notes, but cannot add or remove owners. diff --git a/docs/platgovnetsuite/uar/uar_admin/admin_pending_assignments.md b/docs/platgovnetsuite/welcome/adminoverview/admin_pending_assignments.md similarity index 93% rename from docs/platgovnetsuite/uar/uar_admin/admin_pending_assignments.md rename to docs/platgovnetsuite/welcome/adminoverview/admin_pending_assignments.md index a9d959874d..e3b58441ff 100644 --- a/docs/platgovnetsuite/uar/uar_admin/admin_pending_assignments.md +++ b/docs/platgovnetsuite/welcome/adminoverview/admin_pending_assignments.md @@ -1,8 +1,14 @@ +--- +title: "Pending Role Assignments" +description: "Pending Role Assignments" +sidebar_position: 20 +--- + # Pending Role Assignments This view makes it easy to identify roles without owners, and facilitates adding owners. Access your **Pending Role Assignments** from your menu bar. All changes are captured in the -[UAR History](/docs/platgovnetsuite/uar/uar_history.md). +[UAR History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md). Here is an example of the **Pending Role Assignments**: diff --git a/docs/platgovnetsuite/uar/uar_admin/admin_uar_list.md b/docs/platgovnetsuite/welcome/adminoverview/admin_uar_list.md similarity index 94% rename from docs/platgovnetsuite/uar/uar_admin/admin_uar_list.md rename to docs/platgovnetsuite/welcome/adminoverview/admin_uar_list.md index aa717ece5e..5dfab0709a 100644 --- a/docs/platgovnetsuite/uar/uar_admin/admin_uar_list.md +++ b/docs/platgovnetsuite/welcome/adminoverview/admin_uar_list.md @@ -1,9 +1,15 @@ +--- +title: "Administrator UAR List" +description: "Administrator UAR List" +sidebar_position: 30 +--- + # Administrator UAR List Access your owner User Access Reviews List from **UAR List** in your menu bar, or one of the review shortcuts. Your UAR List displays either the list of Global Reviews or Single Reviews. The view is controlled with the **Sort By** selection in the Filters section. All changes are captured in the -[UAR History](/docs/platgovnetsuite/uar/uar_history.md). +[UAR History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md). Here is an example of the **Global** review list: @@ -93,7 +99,7 @@ Use **Clear** to reset the Filters. 8. Assign a **Review Name**. This is only available if you are creating a new **Global** review. 9. Click **Create**. -Owners are assigned on the administrator's [Owner's List](/docs/platgovnetsuite/uar/uar_admin/admin_owner_list.md), available on your +Owners are assigned on the administrator's [Owner's List](/docs/platgovnetsuite/welcome/adminoverview/admin_owner_list.md), available on your menu. ### Cancel a Review @@ -157,8 +163,8 @@ There are various actions you can perform from this list: details for the reviews. - **Extract Permission Detail**creates a CSV file (_Permission_Report.csv_) of the permission details for the reviews. -- **Review Name** is a link to the [Membership](/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md) or - [Permission ](/docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md)**Review** tab. Reviews can also be opened +- **Review Name** is a link to the [Membership](/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md) or + [Permission ](/docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md)**Review** tab. Reviews can also be opened via links in dashboard or email **Notifications**. The Review tab and Review notes tab is the - **Role Name** the role being reviewed. - **Review Type** is the type of review: **Membership** or **Permission**. The review type is set @@ -170,7 +176,7 @@ There are various actions you can perform from this list: - **Not Started** Email notification has been sent, review has not been started. - **In Progress** Review has been started. - **Additional Reviewer** Review has been assigned to an - [additional reviewer](/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md). + [additional reviewer](/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md). - **Change Request** Change request has been created. The **Change Request ID** is added to the row. The link opens the Change Request. **CR Rejected**, **CR Cancelled**, and **CR Complete** are the other Change Request status values. diff --git a/docs/platgovnetsuite/uar/uar_admin/changing_review_status.md b/docs/platgovnetsuite/welcome/adminoverview/changing_review_status.md similarity index 89% rename from docs/platgovnetsuite/uar/uar_admin/changing_review_status.md rename to docs/platgovnetsuite/welcome/adminoverview/changing_review_status.md index ed2bc03a29..911bb1efc0 100644 --- a/docs/platgovnetsuite/uar/uar_admin/changing_review_status.md +++ b/docs/platgovnetsuite/welcome/adminoverview/changing_review_status.md @@ -1,3 +1,9 @@ +--- +title: "Changing a Single Review Status" +description: "Changing a Single Review Status" +sidebar_position: 70 +--- + # Changing a Single Review Status The status of a Single Review and be changed from **Complete** to **Not Started**. An Administrator diff --git a/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md b/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md similarity index 98% rename from docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md rename to docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md index 7ce7a4b895..663edeec7c 100644 --- a/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md +++ b/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md @@ -1,3 +1,9 @@ +--- +title: "Membership Reviews" +description: "Membership Reviews" +sidebar_position: 40 +--- + # Membership Reviews This type of review is used to keep your roles up to date. When you click on a membership review, diff --git a/docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md b/docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md similarity index 97% rename from docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md rename to docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md index 8ad4cc06e8..909428930b 100644 --- a/docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md +++ b/docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md @@ -1,3 +1,9 @@ +--- +title: "Permission Reviews" +description: "Permission Reviews" +sidebar_position: 50 +--- + # Permission Reviews This type of review is used to keep your role permissions up to date. When you click on a permission @@ -109,7 +115,7 @@ be made. ![Permission review complete when all rows are complete](/img/product_docs/platgovnetsuite/uar/uar_owner/permission_review_complete.webp) When you click **Complete Review**, the review status is updated to **Complete**, and the review is -added to the [UAR History](/docs/platgovnetsuite/uar/uar_history.md). +added to the [UAR History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md). ## Review Notes diff --git a/docs/platgovnetsuite/uar/uar_history.md b/docs/platgovnetsuite/welcome/adminoverview/uar_history.md similarity index 84% rename from docs/platgovnetsuite/uar/uar_history.md rename to docs/platgovnetsuite/welcome/adminoverview/uar_history.md index a88c6e92a9..271c65518a 100644 --- a/docs/platgovnetsuite/uar/uar_history.md +++ b/docs/platgovnetsuite/welcome/adminoverview/uar_history.md @@ -1,9 +1,15 @@ +--- +title: "UAR History" +description: "UAR History" +sidebar_position: 60 +--- + # UAR History When reviews are complete, they are added to the **UAR History**. Click **UAR History** in your menu bar to access the list. Completed reviews cannot be modified. You can use **Filters** to narrow down your list. Additional reporting for extracting permission and membership data is available from the -[administrator](/docs/platgovnetsuite/uar/uar_admin/admin_uar_list.md) and [owner](/docs/platgovnetsuite/uar/uar_owner/owner_uar_list.md) Review lists. +[administrator](/docs/platgovnetsuite/welcome/adminoverview/admin_uar_list.md) and [owner](/docs/platgovnetsuite/welcome/owneroverview/owner_uar_list.md) Review lists. UAR Administrators and Auditors see all completed reviews. Owners see their assigned, completed reviews. diff --git a/docs/platgovnetsuite/welcome/auditoroverview/_category_.json b/docs/platgovnetsuite/welcome/auditoroverview/_category_.json new file mode 100644 index 0000000000..6a957d9e2c --- /dev/null +++ b/docs/platgovnetsuite/welcome/auditoroverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "UAR Auditor", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "auditor_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/uar/uar_auditor/auditor_overview.md b/docs/platgovnetsuite/welcome/auditoroverview/auditor_overview.md similarity index 76% rename from docs/platgovnetsuite/uar/uar_auditor/auditor_overview.md rename to docs/platgovnetsuite/welcome/auditoroverview/auditor_overview.md index 5906f2ef23..8feb818ddf 100644 --- a/docs/platgovnetsuite/uar/uar_auditor/auditor_overview.md +++ b/docs/platgovnetsuite/welcome/auditoroverview/auditor_overview.md @@ -1,7 +1,13 @@ +--- +title: "UAR Auditor" +description: "UAR Auditor" +sidebar_position: 60 +--- + # UAR Auditor Auditors have view only access to specific UAR data. Auditors login to NetSuite and open -[User Access Review](/docs/platgovnetsuite/uar/access_app.md) to access the dashboard. +[User Access Review](/docs/platgovnetsuite/welcome/access_app.md) to access the dashboard. 1. Open **User Access Review** from NetSuite. 2. Click **UAR Auditor** to log in. Your auditor dashboard is displayed. @@ -15,8 +21,8 @@ Here is an example auditor dashboard showing new assignments. - **Home** icon is your dashboard overview, and the default display when you log in. - **Owner List** displays all reviews with an assigned owner. Option to view reviews with no assigned owner. Details are available on the **Owner Notes** tab. This is a read-only view of the - Administrator's [Owner List](/docs/platgovnetsuite/uar/uar_admin/admin_owner_list.md). -- **Global Access Reviews History** is the **[User Access Reviews History](/docs/platgovnetsuite/uar/uar_history.md)**. + Administrator's [Owner List](/docs/platgovnetsuite/welcome/adminoverview/admin_owner_list.md). +- **Global Access Reviews History** is the **[User Access Reviews History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md)**. - **Role Provisioning Reviews** is a list of all Role provisioning reviews. There is a tab to toggle to the **Role Deprovisioning Reviews**. - **Role Deprovisioning Reviews** is a list of all Role deprovisioning reviews. There is a tab to diff --git a/docs/platgovnetsuite/uar/install_app.md b/docs/platgovnetsuite/welcome/install_app.md similarity index 97% rename from docs/platgovnetsuite/uar/install_app.md rename to docs/platgovnetsuite/welcome/install_app.md index bccb2a4e96..2d439d6bb6 100644 --- a/docs/platgovnetsuite/uar/install_app.md +++ b/docs/platgovnetsuite/welcome/install_app.md @@ -1,3 +1,9 @@ +--- +title: "Installing User Access Review" +description: "Installing User Access Review" +sidebar_position: 10 +--- + # Installing User Access Review The User Access Review app must be installed and licensed before it can be used. diff --git a/docs/platgovnetsuite/navigating_strongpoint.md b/docs/platgovnetsuite/welcome/navigating_strongpoint.md similarity index 87% rename from docs/platgovnetsuite/navigating_strongpoint.md rename to docs/platgovnetsuite/welcome/navigating_strongpoint.md index 96470566e0..be4b96ce3e 100644 --- a/docs/platgovnetsuite/navigating_strongpoint.md +++ b/docs/platgovnetsuite/welcome/navigating_strongpoint.md @@ -1,13 +1,19 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 40 +--- + # Navigation There are two ways to access Platform Governance for NetSuite's functionality: the **Strongpoint** tab on the NetSuite tab bar or from the **Strongpoint Overview**. Menu options are available based -on your [License Type](/docs/platgovnetsuite/installing_strongpoint/features_by_license_type.md). In addition, menu items -can be hidden for each account through [Menu Management](/docs/platgovnetsuite/installing_strongpoint/managing_menus.md). +on your [License Type](/docs/platgovnetsuite/installation/features_by_license_type.md). In addition, menu items +can be hidden for each account through [Menu Management](/docs/platgovnetsuite/installation/managing_menus.md). These examples show all the options for an **Enterprise Compliance** license. If you do not see the **Strongpoint** tab, contact your Administrator regarding -[Setting Tab Access](/docs/platgovnetsuite/installing_strongpoint/setting_strongpoint_tab_access.md). +[Setting Tab Access](/docs/platgovnetsuite/installation/setting_strongpoint_tab_access.md). ## Strongpoint Tab Menu diff --git a/docs/platgovnetsuite/welcome/owneroverview/_category_.json b/docs/platgovnetsuite/welcome/owneroverview/_category_.json new file mode 100644 index 0000000000..83653cb9a2 --- /dev/null +++ b/docs/platgovnetsuite/welcome/owneroverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "UAR Owner", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "owner_overview" + } +} \ No newline at end of file diff --git a/docs/platgovnetsuite/uar/uar_owner/owner_overview.md b/docs/platgovnetsuite/welcome/owneroverview/owner_overview.md similarity index 81% rename from docs/platgovnetsuite/uar/uar_owner/owner_overview.md rename to docs/platgovnetsuite/welcome/owneroverview/owner_overview.md index f576ac803c..fd43eaac7d 100644 --- a/docs/platgovnetsuite/uar/uar_owner/owner_overview.md +++ b/docs/platgovnetsuite/welcome/owneroverview/owner_overview.md @@ -1,3 +1,9 @@ +--- +title: "UAR Owner" +description: "UAR Owner" +sidebar_position: 40 +--- + # UAR Owner Owners are set up by the UAR administrator to perform permission and/or membership reviews to assure @@ -6,11 +12,11 @@ they are appropriate: - **Role Permission Review**: Review Permissions and Permission Levels granted within the Role - **Membership Review**: Review the individuals assigned to the Role -The [Owner User Access Reviews List](/docs/platgovnetsuite/uar/uar_owner/owner_uar_list.md) topic has details for accomplishing your +The [Owner User Access Reviews List](/docs/platgovnetsuite/welcome/owneroverview/owner_uar_list.md) topic has details for accomplishing your reviews. Owners are notified with an email message when a new review has been assigned. You can click one of -the links in the email, or login to NetSuite and open [User Access Review](/docs/platgovnetsuite/uar/access_app.md) to +the links in the email, or login to NetSuite and open [User Access Review](/docs/platgovnetsuite/welcome/access_app.md) to access the dashboard. 1. Open **User Access Review** from NetSuite. @@ -23,9 +29,9 @@ Here is an example owner dashboard showing new assignments. ## Dashboard Controls - **Home** icon is your dashboard overview, and the default display when you log in. -- **UAR List** is your **[User Access Reviews List](/docs/platgovnetsuite/uar/uar_owner/owner_uar_list.md)**. -- **UAR History** is your **[User Access Reviews History](/docs/platgovnetsuite/uar/uar_history.md)**. -- **My Roles** is a list of all your assigned [Roles](/docs/platgovnetsuite/uar/uar_owner/owner_uar_roles.md). +- **UAR List** is your **[User Access Reviews List](/docs/platgovnetsuite/welcome/owneroverview/owner_uar_list.md)**. +- **UAR History** is your **[User Access Reviews History](/docs/platgovnetsuite/welcome/adminoverview/uar_history.md)**. +- **My Roles** is a list of all your assigned [Roles](/docs/platgovnetsuite/welcome/owneroverview/owner_uar_roles.md). - **Open Global Reviews** shortcut shows the number of open reviews. Opens your **User Access Reviews List**. - **Open Reviews with Additional Reviewers** shortcut shows the number of open reviews. Opens your diff --git a/docs/platgovnetsuite/uar/uar_owner/owner_uar_list.md b/docs/platgovnetsuite/welcome/owneroverview/owner_uar_list.md similarity index 87% rename from docs/platgovnetsuite/uar/uar_owner/owner_uar_list.md rename to docs/platgovnetsuite/welcome/owneroverview/owner_uar_list.md index d191f6d18d..6cd8b2e38f 100644 --- a/docs/platgovnetsuite/uar/uar_owner/owner_uar_list.md +++ b/docs/platgovnetsuite/welcome/owneroverview/owner_uar_list.md @@ -1,3 +1,9 @@ +--- +title: "Owner User Access Reviews List" +description: "Owner User Access Reviews List" +sidebar_position: 10 +--- + # Owner User Access Reviews List Access your owner User Access Reviews List from **UAR List** in your menu bar, or one of the review @@ -37,8 +43,8 @@ Use **Clear** to reset the Filters. - **Export** exports the list of selected reviews as either a **CSV** or **PDF** file. There is an option to **Export All Reviews**. The exported file is named _User_Access_Reviews_List_. - **Name** is a link. For a **global** review, the link opens the Review list showing all of the - associated reviews. For a **single** review the [Membership](/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md) or - [Permission ](/docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md)**Review** tab is opened. Reviews can also be opened via + associated reviews. For a **single** review the [Membership](/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md) or + [Permission ](/docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md)**Review** tab is opened. Reviews can also be opened via links in dashboard or email **Notifications**. - **Number of Reviews** (global) is the number of single reviews in the global review. - **Review Type** is the type of review. Global can be **Both**, **Membership**, or **Permission**. @@ -50,7 +56,7 @@ Use **Clear** to reset the Filters. - **Not Started** Email notification has been sent, review has not been started. - **In Progress** Review has been started. - **Additional Reviewer** Review has been assigned to an - [](#)[additional reviewer](/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md). + [](#)[additional reviewer](/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md). - **Change Request** Change request has been created. The **Change Request ID** is added to the row. The link opens the Change Request. **CR Rejected**, **CR Cancelled**, and **CR Complete** are the other Change Request status values. @@ -81,8 +87,8 @@ showing all of the single reviews associated with the global review. details for the reviews. - **Extract Permission Detail**creates a CSV file (_Permission_Report.csv_) of the permission details for the reviews. -- **Review Name** is a link to the [Membership](/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md) or - [Permission ](/docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md)**Review** tab. Reviews can also be opened via links in +- **Review Name** is a link to the [Membership](/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md) or + [Permission ](/docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md)**Review** tab. Reviews can also be opened via links in dashboard or email **Notifications**. - **Role Name** the role being reviewed. - **Review Type** is the type of review: **Membership** or **Permission**. The review type is set @@ -93,7 +99,7 @@ showing all of the single reviews associated with the global review. - **Not Started** Email notification has been sent, review has not been started. - **In Progress** Review has been started. - **Additional Reviewer** Review has been assigned to an - [additional reviewer](/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md). + [additional reviewer](/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md). - **Change Request** Change request has been created. The **Change Request ID** is added to the row. The link opens the Change Request. **CR Rejected**, **CR Cancelled**, and **CR Complete** are the other Change Request status values. @@ -109,5 +115,5 @@ showing all of the single reviews associated with the global review. - **Due Date** an optional due date for the review, set by the Administrator. - **Complete Date** the date the review was completed. -Continue with the procedures to complete your [Membership](/docs/platgovnetsuite/uar/uar_owner/owner_membership_reviews.md) or -[Permission ](/docs/platgovnetsuite/uar/uar_owner/owner_permission_reviews.md)reviews. +Continue with the procedures to complete your [Membership](/docs/platgovnetsuite/welcome/adminoverview/owner_membership_reviews.md) or +[Permission ](/docs/platgovnetsuite/welcome/adminoverview/owner_permission_reviews.md)reviews. diff --git a/docs/platgovnetsuite/uar/uar_owner/owner_uar_roles.md b/docs/platgovnetsuite/welcome/owneroverview/owner_uar_roles.md similarity index 91% rename from docs/platgovnetsuite/uar/uar_owner/owner_uar_roles.md rename to docs/platgovnetsuite/welcome/owneroverview/owner_uar_roles.md index 968d9d09fb..eeb84e5e4b 100644 --- a/docs/platgovnetsuite/uar/uar_owner/owner_uar_roles.md +++ b/docs/platgovnetsuite/welcome/owneroverview/owner_uar_roles.md @@ -1,3 +1,9 @@ +--- +title: "My Roles" +description: "My Roles" +sidebar_position: 40 +--- + # My Roles **Role Membership Owner**, **Role Permission Owner**, and **Access Owner** are all assigned to users diff --git a/docs/platgovnetsuite/welcome/welcome.md b/docs/platgovnetsuite/welcome/welcome.md new file mode 100644 index 0000000000..a902ca10ee --- /dev/null +++ b/docs/platgovnetsuite/welcome/welcome.md @@ -0,0 +1,99 @@ +--- +title: "Welcome" +description: "Welcome" +sidebar_position: 10 +--- + +# Welcome + +Platform Governance for NetSuite is a SuiteApp integrated into the NetSuite backend keeping all your +data within your NetSuite account. Your documentation is automatically maintained so it is always up +to date. + +By implementing Platform Governance for NetSuite you can: + +- Automatically catalog all custom fields, scripts, forms, searches, records and workflows. +- Visually browse standard and custom fields, lists and records to find all related scripts, + searches, users and departments. +- Capture and search script comments and identify poorly commented code. +- Automatically track changes to your customizations using the change logs, so you can see what + customizations were changed, how they were changed, when they were changed and who changed them. + +Check out Netwrix University for helpful tutorials. +[Sign in to your Netwrix account](https://www.netwrix.com/my_training.html) to access the tutorials. + +## Installation and Initial Scan + +Once you install Platform Governance for NetSuite, you simply click the **Start Spider** button and +your customizations are documented over the course of 4-5 days with minimal impact on system +performance. Once completed, you have a searchable database of all your customizations. + +## Documentation and Optimization + +After installation, it takes 4-5 days to document your customizations and approximately 3 weeks to +have your account both fully documented and optimized. + +### Clean Up + +Use the end to end documentation of custom objects and our Clean Up Tools to: + +- Identify unused fields, searches and other custom objects. +- Quickly identify dependencies to reduce the risk of breaking things in your account (i.e. see if a + search is being used in a script or workflow). +- Use Change Requests to keep your changes organized and capture approvals. + +### Script Management + +Critical Script Analysis enables you to determine how healthy your scripts are and what areas you +can fix to improve your account. With our tools and the Critical Script Analysis methodology you +can: + +- Identify high priority scripts based on usage. +- Identify people and departments triggering scripts to focus on scripts that could be + inappropriately triggered. +- Understand script execution times. + +## Intelligent Change Management + +Platform Governance for NetSuite is the only application for NetSuite that enables end to end change +management and compliance. This process can be achieved effectively in only 5 weeks after install. + +By implementing Platform Governance for NetSuite you give your customers the ability to: + +- Track all changes to custom objects in NetSuite. +- Automatically be alerted to non-compliant changes. +- Set compliance requirements by risks based on System Complexity and Processes that are then + automatically tracked. +- Manage changes right in NetSuite by using the Change Request. +- Use automated impact analysis to identify the risks associated with changing custom objects. +- Use test records to manage tests in a central repository linked to the customization records. + +## Enterprise Compliance + +Once Intelligent Change Management is complete, it only takes between 3 to 4 weeks to achieve +Enterprise Compliance. + +### Environment Comparison + +The Environment Management Module enables NetSuite customers and consultants to quickly and +accurately identify differences between any two NetSuite accounts that havePlatform Governance for +NetSuite Intelligent Change Management installed. Since both accounts have Platform Governance for +NetSuite documentation in place, the tool can quickly and easily compare them. It is principally +used in four scenarios: + +1. Sandbox Refreshes +2. Migrating Customizations Between Developer and Sandbox Accounts +3. User Acceptance Testing (UAT) and Performance Testing Environment Validation +4. Deploying Changes to Production + +### Automated Audit + +Agent automates IT and financial controls and critical change practices to ensure configuration and +master data are compliant. It can: + +- Check for process problems regularly without user event scripts. +- Automatically generate and assign tasks, cases or process issues for each detected problem. +- Automatically alert key stakeholders. +- Log control violations for clearance. +- Store relevant data as a CSV to create a snapshot for compliance or troubleshooting purposes. +- Block unauthorized changes to critical records and fields (requires Advanced Change Management). diff --git a/docs/platgovnetsuite/welcome/welcome_1.md b/docs/platgovnetsuite/welcome/welcome_1.md new file mode 100644 index 0000000000..e0b3721817 --- /dev/null +++ b/docs/platgovnetsuite/welcome/welcome_1.md @@ -0,0 +1,88 @@ +--- +title: "Welcome" +description: "Welcome" +sidebar_position: 110 +--- + +# Welcome + +Roles and Permissions are not a set once and forget about them activity. Both should be reviewed +regularly to ensure your data is secured and users in your organization have the right access. +**User Access Review** streamlines this review process, making it easy to manage and review all +access to your NetSuite data. UAR users must have a [license](/docs/platgovnetsuite/welcome/install_app.md). + +## Terminology + +Here are the basic terms used throughout the UAR guide: + +- UAR Reviewer Roles +- Review Types +- Access Review +- Principle of Least Privilege +- Permissions and Roles + +### UAR Reviewer Roles + +Access and permissions to UAR is controlled by roles: + +- **UAR Admin** manages the UAR process. This reviewer can: + + - Assign Role Owners. + - Create Single or Global User Access Reviews. + - Check Status of UARs. + - Send reminders to Owners. + - Run reporting. + +- **UAR Owner** performs Role Permission and Role Membership Reviews. This reviewer can: + + - Review and Complete UARs. + - Request Changes to Permission or Permission Levels to owned Roles. + - Request Changes to Role Assignments for owned Roles. + - Designate an Additional Approver for a Membership Review for owned Roles. For example, a user + that does not report to you has a Role you own. You may want the user’s supervisor to also + approve the Role Assignment. + +- **UAR Auditor** read-only access to the UAR to perform auditing functions. +- **UAR Additional Reviewer** performs assigned membership reviews. Additional reviewers are + assigned by the UAR Owners. + +### Review Types + +- **Membership** review the roles and global permissions assigned to individuals is appropriate. +- **Permissions** review the permissions and levels assigned to a role. + +Reviews can be single or global. A global review is a group of single reviews assigned to one or +more owners. + +### Access Review + +- Roles only have required permissions. +- Users only have required roles. +- Unused roles and access are identified and removed. +- Folder access is restricted. + +### Principle of Least Privilege + +- Users and scripts only have the access needed to do their tasks. +- Minimize the ability for users or outside actors to change or steal data. + +### Permissions and Roles + +_Permissions_ are assigned to _roles_, _roles_ are assigned to _users_. This follows the NetSuite +concepts. + +Permission Levels: + +- **None** - remove the permission from the user. +- **View** +- **Create** (View/Create) +- **Edit** (View/Create/Edit) +- **Full** (View/Create/Edit/Delete) + +Permissions are categorized by: + +- Transactions +- Reports +- Lists, including Master Data and Configuration +- Setup +- Custom Records diff --git a/docs/platgovnetsuite/welcome/what_does_strongpoint_document.md b/docs/platgovnetsuite/welcome/what_does_strongpoint_document.md new file mode 100644 index 0000000000..f97838c91d --- /dev/null +++ b/docs/platgovnetsuite/welcome/what_does_strongpoint_document.md @@ -0,0 +1,100 @@ +--- +title: "What is Documented?" +description: "What is Documented?" +sidebar_position: 20 +--- + +# What is Documented? + +There are four outcomes for customizations Platform Governance for NetSuite finds in the system: + +- Captured and Documented +- Partially Documented +- Not Documented +- Agent Tracking + +## Captured and Documented in the Customization Record + +The following critical metadata related to your account customizations is captured: + +- Accounting/Setting Lists +- Custom Records and Custom Record Fields +- Custom Fields (for example, Body, Item, Entity, Column, Item Number and Other Field) +- Mass Updates (except for mass update schedule information) +- Saved Searches (fields, criteria, joins with scripts/workflows and formulas) +- Unlocked and Unencrypted Script Records (for example, Client, User Event, Scheduled, Suitelets and + Workflow Action) +- Locked Script Records (however related dependencies can not be established) +- NetSuite Preferences (Accounting Preferences, Company Preferences etc.) +- Integrations +- Forms (Entry and Transaction) +- Script Deployments +- Script Library +- SuiteCommerce Advanced folder files and all custom SS, SSP and JS files +- User Permission Overrides +- User Roles +- User Role Assignments +- Workflows + +## Partially Documented in the Customization Record + +The following NetSuite objects are partially documented. They are not fully documented for one or +more of the following reasons: + +- Record types do not have a NetSuite API that exposes the full customization data +- Records are standard objects which cannot be changed + +| Object | Category | Description | Change Impact | Change Tracking | +| --------------------- | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Custom Report | Other | Custom Reports are documented including the report name, type and the date the report was last modified. | Changing these can impact what data is shown on the report. | Example: Change to Report Layout - detects the Date Last Modified in the Analytics Audit Log was changed and creates a change log. - Change Log indicates when the Report was updated. - You need to look at the Custom Report itself: 1. Open **Customize the Custom Report** 2. Click **More Options** 3. Open **Audit Trail** tab. | +| PDF Template | Other | PDF Templates are document including the template name, type and the date the template was last modified. | Changing these can impact email templates and other areas where PDF templates are used. | TBD | +| Standard Column Field | Standard Objects | Customization records are created only for Standard objects that are in use by scripted objects such as Workflows or Scripts. These are tracked to identify the automation dependencies. | No risk since there is no way to change standard objects in NetSuite. | If a standard object is added to or removed from a customization, a change log will be created for that customization. | +| Standard Report | Standard Objects | Customization records are created only for Standard objects that are in use by scripted objects such as Workflows or Scripts. These are tracked to identify the automation dependencies. | No risk since there is no way to change standard objects in NetSuite. | If a standard object is added to or removed from a customization, a change log will be created for that customization. | +| Standard Sub List | Standard Objects | Customization records are created only for Standard objects that are in use by scripted objects such as Workflows or Scripts. These are tracked to identify the automation dependencies. | No risk since there is no way to change standard objects in NetSuite. | If a standard object is added to or removed from a customization, a change log will be created for that customization. | + +## Not Documented in the Customization Record + +These record types do not have a NetSuite API to enable Platform Governance for NetSuite to capture +customization data. + +| Object | Category | Description | Change Impact | +| ---------------------- | --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | +| Custom Sub List | Other | This is the sublist that is displayed on the form. | Changing this can change what appears on a form. | +| HTML File | Web Related | Files that are part of the web site if the customer is using the Netsuite eCommerce modules, SiteBuilder or SuiteCommerce Advanced. | Changing these can change the pages of the website. | +| Integration | External System/Integration | Information relating to integrations to external systems are not documented. | Changes to objects in NetSuite could impact functionality in other systems. | +| Item/Category Template | Web Related | Applies to companies that use SiteBuilder. | Changing these can change the functionality of the website. | +| JavaScript File | Web Related | These are JavaScript files in the file cabinet that are often used for automation on websites. Applies to customers using Netsuite eCommerce modules, SiteBuilder or SuiteCommerce Advanced. | Changing these can change the functionality of the website. | +| Layout | Web Related | Applies to companies that use SiteBuilder | Changing these can change the functionality of the website. | +| Scorecard Report | Other | Applies to dashboard objects. | Changing this will change what is displayed on the dashboard. | +| Scriptlet | Deprecated | These object types have been deprecated by NetSuite and are no longer in use. | If still in use, changes to these objects can impact system functionality. | +| Web Tag | Web Related | Applies to companies that use SiteBuilder | Changing these can change the functionality of the website. | +| Web Site | Web Related | The metadata that defines the web site for customers using the Netsuite eCommerce modules, SiteBuilder or SuiteCommerce Advanced. | Changing this can impact website functionality. | + +## Agent Tracking + +Agent is part of the Enterprise Compliance package. Agent provides controls for financial changes +that do not represent configuration changes, such as changes to item account settings and violations +of standard policies. You can monitor, manage, remedy and block critical changes to financially +relevant fields, records and settings. + +Creation or modification of: + +- Accounts +- Departments +- Items, item accounts and BOM +- Classes +- Locations +- Subsidiaries +- Vendors +- Tax Codes and Groups +- Recognition and Amortization Templates +- Landed Cost Settings +- many other key records and critical settings + +Critical Transaction Events, including: + +- Administrator created transactions +- Self-approved transactions (such as estimates, journal entries, vendor payments) +- Transaction modifications out of period +- Incomplete or improperly completed records +- Any other searchable transaction event diff --git a/docs/platgovnetsuite/what_is_a_spider.md b/docs/platgovnetsuite/welcome/what_is_a_spider.md similarity index 95% rename from docs/platgovnetsuite/what_is_a_spider.md rename to docs/platgovnetsuite/welcome/what_is_a_spider.md index 9307cbe181..3e4e67fbd8 100644 --- a/docs/platgovnetsuite/what_is_a_spider.md +++ b/docs/platgovnetsuite/welcome/what_is_a_spider.md @@ -1,3 +1,9 @@ +--- +title: "What is a Spider?" +description: "What is a Spider?" +sidebar_position: 30 +--- + # What is a Spider? The Spider searches your account and creates the documentation for your customizations. The spider @@ -34,7 +40,7 @@ There are three ways to use the Spider: Creates the initial documentation of your account. It has the ability to fully document your account by Spidering all the customization records as well doing a full update on the records in your account (every customization). The initial manual Spider is run during as part of the installation -process: [Running the Spider](/docs/platgovnetsuite/installing_strongpoint/running_the_spider.md). +process: [Running the Spider](/docs/platgovnetsuite/installation/running_the_spider.md). When running the spider, you must keep the window open for the spider to continue working. Do not change roles or accounts during spidering. NetSuite security standards require an active @@ -56,7 +62,7 @@ created, the fields contain **Pending AutoSpider**. If too many days go by, the ### AutoSpider Portlet The AutoSpider Portlet is set up as part of the installation process: -[Setting Up the AutoSpider and Alerts](/docs/platgovnetsuite/installing_strongpoint/setting_up_auto_spider_alerts.md). +[Setting Up the AutoSpider and Alerts](/docs/platgovnetsuite/installation/setting_up_auto_spider_alerts.md). The **AutoSpider Portlet** is required to update certain object types in NetSuite. Once triggered through the dashboard portlet, it picks up all changes on custom objects and triggers the scheduled diff --git a/docs/platgovnetsuite/welcome/whatsnew.md b/docs/platgovnetsuite/welcome/whatsnew.md new file mode 100644 index 0000000000..fdd77d257b --- /dev/null +++ b/docs/platgovnetsuite/welcome/whatsnew.md @@ -0,0 +1,61 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 10 +--- + +# What's New + +## New Netwrix Community! + +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for +Platform Governance for NetSuite in the +[Platform Governance for NetSuite](https://community.netwrix.com/c/142) area of our new community. + +## Netwrix Strongpoint for NetSuite 7.6 + +January 22, 2025 + +Netwrix is pleased to announce the general availability of Netwrix Strongpoint for NetSuite 7.6 +available for pre-release on January 15th, 2025. To ensure you are using the latest version in all +accounts, update the Strongpoint bundle in your sandboxes as we are unable to push updates to them. +The upgrade to your production account will be implemented during off-peak hours starting January +22nd. + +**Enhancement: Code Update to Support NetSuite 2025.1 Removal of the Ext JS Library.** + +Strongpoint for NetSuite updates all of the scripts and bundles to be compatible with the NetSuite +2025.1 release. The NetSuite release removes the unsupported Ext JS Library. Refer to +[https://suiteanswers.custhelp.com/app/answers/detail/a_id/31709#subsect_0529105001](https://suiteanswers.custhelp.com/app/answers/detail/a_id/31709#httpssuiteanswerscusthelpcomappanswersdetaila_id31709subsect_0529105001) +for more information about the 2025.1 release. + +## SoD 1.7 + +January 22, 2025 + +**Enhancement: Code Update to Support NetSuite 2025.1 Removal of the Ext JS Library.** + +The SoD 1.7 bundle is available in conjunction with Netwrix Strongpoint for NetSuite 7.6. To ensure +you are using the latest version in all accounts, update the SoD bundle in your sandboxes after +updating to Strongpoint for NetSuite 7.6 as we are unable to push updates to them. The upgrade to +your production account will be implemented during off-peak hours starting January 22nd. If you are +an Enterprise Customer, we will push the SoD 1.7 bundle. + +| | | | +| ------------------------------------------ | -------------------- | ------------------------------------- | +| Spider | New Schedule | Previous Schedule | +| | Once a day, Off peak | Every 8 hours | +| Search | Once a day, Off peak | Every 3 hours if a change is detected | +| Negative Deployment | Once a day, Off peak | Every time a change is detected | +| Script Deployment | Once a day, Off peak | Every 8 hours | +| Negative Workflow | Once a day, Off peak | Every time a change is detected | +| Workflow | Once a day, Off peak | Every 8 hours | +| Role | Once a day, Regular | Once a day | +| Custom Record/Custom Field | Once a day, Regular | | +| Standard Record/Custom Field | Once a day, Regular | Every 6 hours | +| Custom List | Once a day, Regular | Once a day | +| Subsidiary / Department / Class / Location | Once a day, Regular | Once a day | +| Custom Segment | Once a day, Regular | Once a day | +| Email Template | Once a day, Regular | Once a day | +| Form Level Script | Once a day, Regular | Once a day | +| Generic Negative Spider (for each type) | Once a day, Regular | Once a day | diff --git a/docs/platgovnetsuite/what_does_strongpoint_document.md b/docs/platgovnetsuite/what_does_strongpoint_document.md deleted file mode 100644 index f0e9ecf9d1..0000000000 --- a/docs/platgovnetsuite/what_does_strongpoint_document.md +++ /dev/null @@ -1,94 +0,0 @@ -# What is Documented? - -There are four outcomes for customizations Platform Governance for NetSuite finds in the system: - -- Captured and Documented -- Partially Documented -- Not Documented -- Agent Tracking - -## Captured and Documented in the Customization Record - -The following critical metadata related to your account customizations is captured: - -- Accounting/Setting Lists -- Custom Records and Custom Record Fields -- Custom Fields (for example, Body, Item, Entity, Column, Item Number and Other Field) -- Mass Updates (except for mass update schedule information) -- Saved Searches (fields, criteria, joins with scripts/workflows and formulas) -- Unlocked and Unencrypted Script Records (for example, Client, User Event, Scheduled, Suitelets and - Workflow Action) -- Locked Script Records (however related dependencies can not be established) -- NetSuite Preferences (Accounting Preferences, Company Preferences etc.) -- Integrations -- Forms (Entry and Transaction) -- Script Deployments -- Script Library -- SuiteCommerce Advanced folder files and all custom SS, SSP and JS files -- User Permission Overrides -- User Roles -- User Role Assignments -- Workflows - -## Partially Documented in the Customization Record - -The following NetSuite objects are partially documented. They are not fully documented for one or -more of the following reasons: - -- Record types do not have a NetSuite API that exposes the full customization data -- Records are standard objects which cannot be changed - -| Object | Category | Description | Change Impact | Change Tracking | -| --------------------- | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Custom Report | Other | Custom Reports are documented including the report name, type and the date the report was last modified. | Changing these can impact what data is shown on the report. | Example: Change to Report Layout - detects the Date Last Modified in the Analytics Audit Log was changed and creates a change log. - Change Log indicates when the Report was updated. - You need to look at the Custom Report itself: 1. Open **Customize the Custom Report** 2. Click **More Options** 3. Open **Audit Trail** tab. | -| PDF Template | Other | PDF Templates are document including the template name, type and the date the template was last modified. | Changing these can impact email templates and other areas where PDF templates are used. | TBD | -| Standard Column Field | Standard Objects | Customization records are created only for Standard objects that are in use by scripted objects such as Workflows or Scripts. These are tracked to identify the automation dependencies. | No risk since there is no way to change standard objects in NetSuite. | If a standard object is added to or removed from a customization, a change log will be created for that customization. | -| Standard Report | Standard Objects | Customization records are created only for Standard objects that are in use by scripted objects such as Workflows or Scripts. These are tracked to identify the automation dependencies. | No risk since there is no way to change standard objects in NetSuite. | If a standard object is added to or removed from a customization, a change log will be created for that customization. | -| Standard Sub List | Standard Objects | Customization records are created only for Standard objects that are in use by scripted objects such as Workflows or Scripts. These are tracked to identify the automation dependencies. | No risk since there is no way to change standard objects in NetSuite. | If a standard object is added to or removed from a customization, a change log will be created for that customization. | - -## Not Documented in the Customization Record - -These record types do not have a NetSuite API to enable Platform Governance for NetSuite to capture -customization data. - -| Object | Category | Description | Change Impact | -| ---------------------- | --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -| Custom Sub List | Other | This is the sublist that is displayed on the form. | Changing this can change what appears on a form. | -| HTML File | Web Related | Files that are part of the web site if the customer is using the Netsuite eCommerce modules, SiteBuilder or SuiteCommerce Advanced. | Changing these can change the pages of the website. | -| Integration | External System/Integration | Information relating to integrations to external systems are not documented. | Changes to objects in NetSuite could impact functionality in other systems. | -| Item/Category Template | Web Related | Applies to companies that use SiteBuilder. | Changing these can change the functionality of the website. | -| JavaScript File | Web Related | These are JavaScript files in the file cabinet that are often used for automation on websites. Applies to customers using Netsuite eCommerce modules, SiteBuilder or SuiteCommerce Advanced. | Changing these can change the functionality of the website. | -| Layout | Web Related | Applies to companies that use SiteBuilder | Changing these can change the functionality of the website. | -| Scorecard Report | Other | Applies to dashboard objects. | Changing this will change what is displayed on the dashboard. | -| Scriptlet | Deprecated | These object types have been deprecated by NetSuite and are no longer in use. | If still in use, changes to these objects can impact system functionality. | -| Web Tag | Web Related | Applies to companies that use SiteBuilder | Changing these can change the functionality of the website. | -| Web Site | Web Related | The metadata that defines the web site for customers using the Netsuite eCommerce modules, SiteBuilder or SuiteCommerce Advanced. | Changing this can impact website functionality. | - -## Agent Tracking - -Agent is part of the Enterprise Compliance package. Agent provides controls for financial changes -that do not represent configuration changes, such as changes to item account settings and violations -of standard policies. You can monitor, manage, remedy and block critical changes to financially -relevant fields, records and settings. - -Creation or modification of: - -- Accounts -- Departments -- Items, item accounts and BOM -- Classes -- Locations -- Subsidiaries -- Vendors -- Tax Codes and Groups -- Recognition and Amortization Templates -- Landed Cost Settings -- many other key records and critical settings - -Critical Transaction Events, including: - -- Administrator created transactions -- Self-approved transactions (such as estimates, journal entries, vendor payments) -- Transaction modifications out of period -- Incomplete or improperly completed records -- Any other searchable transaction event diff --git a/docs/platgovnetsuite/whatsnew.md b/docs/platgovnetsuite/whatsnew.md deleted file mode 100644 index 31362dbaa4..0000000000 --- a/docs/platgovnetsuite/whatsnew.md +++ /dev/null @@ -1,55 +0,0 @@ -# What's New - -## New Netwrix Community! - -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Platform Governance for NetSuite in the -[Platform Governance for NetSuite](https://community.netwrix.com/c/142) area of our new community. - -## Netwrix Strongpoint for NetSuite 7.6 - -January 22, 2025 - -Netwrix is pleased to announce the general availability of Netwrix Strongpoint for NetSuite 7.6 -available for pre-release on January 15th, 2025. To ensure you are using the latest version in all -accounts, update the Strongpoint bundle in your sandboxes as we are unable to push updates to them. -The upgrade to your production account will be implemented during off-peak hours starting January -22nd. - -**Enhancement: Code Update to Support NetSuite 2025.1 Removal of the Ext JS Library.** - -Strongpoint for NetSuite updates all of the scripts and bundles to be compatible with the NetSuite -2025.1 release. The NetSuite release removes the unsupported Ext JS Library. Refer to -[https://suiteanswers.custhelp.com/app/answers/detail/a_id/31709#subsect_0529105001](https://suiteanswers.custhelp.com/app/answers/detail/a_id/31709#httpssuiteanswerscusthelpcomappanswersdetaila_id31709subsect_0529105001) -for more information about the 2025.1 release. - -## SoD 1.7 - -January 22, 2025 - -**Enhancement: Code Update to Support NetSuite 2025.1 Removal of the Ext JS Library.** - -The SoD 1.7 bundle is available in conjunction with Netwrix Strongpoint for NetSuite 7.6. To ensure -you are using the latest version in all accounts, update the SoD bundle in your sandboxes after -updating to Strongpoint for NetSuite 7.6 as we are unable to push updates to them. The upgrade to -your production account will be implemented during off-peak hours starting January 22nd. If you are -an Enterprise Customer, we will push the SoD 1.7 bundle. - -| | | | -| ------------------------------------------ | -------------------- | ------------------------------------- | -| Spider | New Schedule | Previous Schedule | -| | Once a day, Off peak | Every 8 hours | -| Search | Once a day, Off peak | Every 3 hours if a change is detected | -| Negative Deployment | Once a day, Off peak | Every time a change is detected | -| Script Deployment | Once a day, Off peak | Every 8 hours | -| Negative Workflow | Once a day, Off peak | Every time a change is detected | -| Workflow | Once a day, Off peak | Every 8 hours | -| Role | Once a day, Regular | Once a day | -| Custom Record/Custom Field | Once a day, Regular | | -| Standard Record/Custom Field | Once a day, Regular | Every 6 hours | -| Custom List | Once a day, Regular | Once a day | -| Subsidiary / Department / Class / Location | Once a day, Regular | Once a day | -| Custom Segment | Once a day, Regular | Once a day | -| Email Template | Once a day, Regular | Once a day | -| Form Level Script | Once a day, Regular | Once a day | -| Generic Negative Spider (for each type) | Once a day, Regular | Once a day | diff --git a/docs/platgovnetsuiteflashlight/getting_started/dashboard.md b/docs/platgovnetsuiteflashlight/getting_started/dashboard.md deleted file mode 100644 index 20879d5a87..0000000000 --- a/docs/platgovnetsuiteflashlight/getting_started/dashboard.md +++ /dev/null @@ -1,287 +0,0 @@ -# Dashboard - -Flashlight comes with a comprehensive dashboard with everything to manage your account at your -fingertips. The dashboard provides key tools and reports to enable you to take full control of your -account and action problematic areas as required. - -These are the Dashboard portlets: - -- Spider Status -- Reminders -- Resources -- Chart -- Key Tools -- ERD Generator -- Last Spider Run Summary -- Search Form - -## Spider Status - -Displays the current status of the Spider (Not Started, In Progress, Completed) and the number of -days since the spider was last run. It is recommended to run the Spider every week so your account -documentation is up-to-date. - -![Spider Status](/img/product_docs/platgovnetsuiteflashlight/getting_started/spider_status.webp) - -## Reminders - -Reminders are key system warnings and metrics that Flashlight has detected in your account over the -last week since the Spider was run last run. You can click on each metric to drill-into the details -and take corrective action where needed. - -![Reminders](/img/product_docs/platgovnetsuiteflashlight/getting_started/reminders_800x88.webp) - -The reminders have colors associated with them depending on the nature of the reminder. Reminders -highlighted in green represent new and modified customizations in your account since the spider was -last run. - -- **New customizations**: Summarizes the customizations that were documented since the last Spider - run. Many customizations can be created on a daily basis, this tool helps keep track of what's new - on your account. -- **Customizations Updated**: Summarizes the customizations that have been modified recently. As you - tailor your account to meet the business needs of your organization it is very common to generate - hundreds of changes to Fields, Automations or Records. This tool helps keep track of the changes - to your customizations. - -### Reminders with Red Highlight - -Reminders highlighted in red represent a potential security or stability problem in the account -which should be reviewed. - -- **Deleted Customizations this Week**: Summarizes Customizations that have been recently deleted - from the system. This enables you to easily spot undesired removals and resolve them quickly. -- **Script Errors from Yesterday**: Summarizes script errors that occurred in the past day, enabling - you to take immediate action to resolve any potential operational risks associated with these - errors. -- **New Critical API Risks**: Summarizes the Scripts and Workflows that can potentially risk sending - your organization's data to an external system or entity. This includes Scripts and Workflows that - use the email API, HTTP requests or REST connections. -- **Critical Role Changes**: Summarizes changes to NetSuite Standard roles. -- **Record Deletion Risk Role Changes**: Summarizes changes to NetSuite roles that allow employees - to delete company data. -- **Undelivered Email Errors**: Summarizes Script errors from the NetSuite logs associated with - email failures. -- **New Employee Permission Changes**: Summarizes changes to Employee permissions, ensuring you have - full visibility into who has granted access to the account. -- **Critical Permission Changes**: Summarizes changes to permissions that allow employees to modify - Business Processes, Workflows, and Scripts. Critical permissions are defined as the ability to - create, modify or delete customizations and critical configuration within the account such as the - listed before. -- **Deleted Records**: Summarizes all records that have been deleted from the system. - -### Reminders with Yellow Highlight - -Reminders highlighted in yellow represent areas of the account that do not adhere to NetSuite best -practices. It is recommended to regularly review these reports and take corrective action so that -your customizations are aligned with NetSuite best practices. - -- **New Public Saved Searches used in Scripts**: Summarizes Saved Searches that are actively used by - one or more Scripts. This tools help you understand new searches that can be seen and potentially - edited by anyone in the organization and shouldn’t be modified without proper review from IT. -- **New Customizations with Poor Script IDs**: Summarizes recently created customizations with - default Script IDs. These are customizations that do not follow NetSuite best practices and can - impact the maintainability of the customizations in your account. This can be a problem when you - move dependent customizations (for example, a field referenced by script) between your - environments because referenced Script IDs may not match across the accounts. -- **New Customizations with Missing Descriptions**: Summarizes customizations that do not have any - associated Description text -- **New Customizations with Missing Help**: Summarizes customizations that do not have any - associated Help text. -- **New Customizations with Missing Active Owners**: Summarizes customizations that do not have - active employees as the Owner. This happens when an employee departs from your organization. It is - a standard best practice to reassign an active employee to these records. - -### Reminders with No Highlight - -Informational reminders do not have any highlighted color. Flashlight provides these reminders for -added visibility into your account. - -- **​New Scripts**: Summarizes new Scripts that have been created. This is a powerful tool to use - when there are script conflicts, as it helps your developers understand newly introduced scripts - that are potentially interfering with existing scripts. -- **New Customizations used by Workflows**: Summarizes new customizations that are actively used by - a one or more Workflows. -- **New Employee Saved Searches**: Summarizes new Saved Searches that query Employee records -- **New Employees with Standard Operational Roles**: When new users are onboarded into NetSuite they - can be automatically assigned default role permissions. This reminder displays the number of - Employees with standard operational roles. -- **New Employees Logging In From New IP Address**: Identifies users that have logged into the - account from a different IP address. This mitigates the risk of your account being unintentionally - shared with others or hacked. -- **New Workflows**: Summarizes new Workflows that have been created in your account. It is very - common to have several Workflows associated with a single record. This is a powerful tool to use - when there are workflow conflicts or bugs in your system due to newly introduced Workflows. This - helps developers understand the newly introduced workflows that are potentially interfering with - other customizations in the account. -- **New Customizations Used by Scripts**: Summarizes new critical customizations that are used by - automations, such as getting/setting field values, creating/modifying records, and reading - searches. All new scripted Records are displayed in this report. -- **New Public Saved Searches**: Summarizes new Saved Searches that are publicly available in your - account -- **New Transactions Saved Searches**: Summarizes new Saved Searches that query the Transactions - (Sales, Purchases, General Ledger). -- **New Customer Saved Searches**: Shows the number of Saved Searches created in the account in the - past week. -- **New Employees with Unused Logins**: Summarizes the number of Employees in the account that have - access but have not logged in. - -NOTE: If a reminder from the list does not have any detected records, it does not appear on the -dashboard. - -## Resources - -Links to key resources to help you learn to use Flashlight. - -![Resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) - -## Chart - -Visually displays insights into your customizations. There are 3 visualizations: new customizations -by type, new searches and reports by type, and customizations updated by type. Hover over the -segments in the chart for additional details. - -### New Customizations by Type - -This chart summarizes the newly created customizations by Object Type. Hover over each segment in -the chart to understand how many customizations have been created for the selected Object Type. This -does not include customizations from Saved Searches and Reports. Click on a segment in the chart to -drill into the details and see the list of specific customizations for the selected Object Type. -This allows you to easily understand what customizations have been created over a given time period. - -![New Customizations by Type](/img/product_docs/platgovnetsuiteflashlight/getting_started/new_customizations_by_type.webp) - -### New Searches and Reports by Type - -This chart summarizes the newly created Saved Searches and Reports by Object Type. Hover over each -segment in the chart to understand how many Saved Searches and Reports have been created for the -selected Object Type. Click on a segment in the chart to drill into the details and see the list of -specific customizations for the selected Object Type. This allows you to easily understand what -Saved Searches and Reports have been created over a given time period. - -![New Searches and Reports by Type](/img/product_docs/platgovnetsuiteflashlight/getting_started/new_searches_by_type.webp) - -### Customizations Updated by Type - -This chart summarizes the newly created customizations by Object Type. Hover over each segment in -the chart to understand how many customizations have been created for the selected Object Type. This -does not include customizations from Saved Searches and Reports. Click on a segment in the chart to -drill into the details and see the list of specific customizations for the selected Object Type. -This allows you to easily understand what customizations have been created over a given time period. - -![Customizations Updated by Type](/img/product_docs/platgovnetsuiteflashlight/getting_started/customizations_updated_by_type.webp) - -## Key Tools - -Links to useful Flashlight tools to give you more value out of your documentation. - -![Key Tools](/img/product_docs/platgovnetsuiteflashlight/getting_started/key_tools.webp) - -- **ERD**: Explore your customizations with Flashlight’s visual ERD and understand how - customizations relate to each other. -- **Customization Impact Search**: Understand how your customizations are impacted by changes to - other customizations. -- **Standard Field Impact Search**: Understand how your customizations are impacted by changes to - standard NetSuite fields. -- **SQL Library**: Locate formulas used across the Saved Searches in your account. - -## ERD Generator - -A shortcut to open the ERD for the entered **Name** or **ScriptID**. - -## Last Spider Run Summary - -Displays all the key data about your customizations for full visibility and control over your -account. The metrics are organized into two sections: **Documentation Summary** and **Users -Summary**. - -![summary_800x207](/img/product_docs/platgovnetsuiteflashlight/getting_started/summary_800x207.webp) - -### Documentation Summary - -The Documentation Summary section includes all the metrics related to your account documentation: - -**Customizations**: Displays the total number of customizations that exist in the account - -**Deleted Customizations**: Displays the total number of deleted customizations from the account - -**List dependencies**: Displays the total number of Lists that are used by other customizations in -the account - -**Search Dependencies**: Displays the total number of Saved Searches used by other customizations in -the account - -**Sourcing Dependencies**: Displays the total number of data sources used by other customizations in -the account. - -**Critical API risks**: Displays the total number of Scripts and Workflows that can potentially risk -sending your organization's data to an external system or entity. This includes Scripts and Workflow -that use the email API, HTTP requests or REST connections. - -**Customizations with Poor Script IDs**: Displays the total number of customizations with default -Script IDs. These are customizations that do not follow NetSuite best practices and can impact the -maintainability of the customizations in your account. This can also be a problem when you move -dependent customizations (eg. fields referenced by script) between your environments because -referenced Script IDs may not match across the accounts. - -**Customizations with Missing Descriptions**: Displays the total number of customizations with no -associated Description text - -**Customizations Updated**: Displays the total number of modified customizations. As you tailor your -account to meet the business needs of your organization it is very common to generate hundreds of -changes to Fields, Automations or Records. This tool helps keep track of the changes to your -customizations. - -**Total Dependencies**: Displays the total number of customizations used by other customizations in -the account - -**Workflow Dependencies**: Displays the total number of Workflows used by other customizations in -the account - -**Script dependencies**: Displays the total number of Scripts used by other customizations in the -account - -**Form Dependencies**: Displays the total number of Forms used by other customizations in the -account - -**Customizations Used by Scripts**: Displays the total number of customizations used by automations, -such as getting/setting field values, creating/modifying records, and reading searches. - -**Customizations with Missing Help**: Displays the total number of customizations with no associated -Help text. - -**Customizations with Missing Active Owners**: Displays the total number of customizations that do -not have an active employee as the Owner. This happens when an employee departs from your -organization. It is a standard best practice to reassign the underlying record to an active -employee. - -### Users Summary - -The Users Summary section summarizes key metrics related to your Employees. Flashlight is not just a -solution for Documentation, it also provides key information needed to manage your employee roles -and permissions, thereby enabling you to evaluating security-related risks to your organization. It -contains the following metrics: - -**Employees with Standard Operational Roles**: Displays the total number of Employees with standard -operational roles. When new users are onboarded into NetSuite they can be automatically assigned -default role permissions. - -**New Employees Logging In From New IP Address**: Identifies users that have logged into the account -from a different IP address. This mitigates the risk of your account being unintentionally shared -with others or hacked. - -**Critical Role Changes**: Displays the total number of changes to NetSuite Standard roles. - -**Employees with Unused Logins**: Displays the total number of Employees that have access into the -account but they have not logged in. - -**Employee Permission Changes**: Displays the total number of changes to Employee permissions, -ensuring you have full visibility into who has granted access to the account. - -**Critical Permission Changes**: Displays the total number of changes to permissions that allow -employees to modify Business Processes, Workflows, and Scripts. Critical permissions are defined as -the ability to create, modify or delete customizations and critical configuration within the account -such as the listed before. - -## Search Form - -A shortcut to the Customization Quick Search. You can search by **Name** or **ScriptID**. diff --git a/docs/platgovnetsuiteflashlight/getting_started/uninstalling_flashlight.md b/docs/platgovnetsuiteflashlight/getting_started/uninstalling_flashlight.md deleted file mode 100644 index 84c2c2451e..0000000000 --- a/docs/platgovnetsuiteflashlight/getting_started/uninstalling_flashlight.md +++ /dev/null @@ -1,12 +0,0 @@ -# Uninstalling Flashlight - -Here is how to uninstall the Flashlight bundle from your account: - -1. From the NetSuite main menu, hover over **Customization** > **SuiteBundler** > **Search & - Install** > **List** -2. Locate the Flashlight bundle in installed bundle list. -3. Hover over the icon in the **Action** column and click **Uninstall** - - ![uninstall_flashlight_800x226](/img/product_docs/platgovnetsuiteflashlight/getting_started/uninstall_flashlight_800x226.webp) - -4. Follow the standard procedure in NetSuite to remove the bundle. diff --git a/docs/platgovnetsuiteflashlight/gettingstarted/_category_.json b/docs/platgovnetsuiteflashlight/gettingstarted/_category_.json new file mode 100644 index 0000000000..f402df76f1 --- /dev/null +++ b/docs/platgovnetsuiteflashlight/gettingstarted/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Getting Started", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/platgovnetsuiteflashlight/getting_started/configuring_account.md b/docs/platgovnetsuiteflashlight/gettingstarted/configuring_account.md similarity index 88% rename from docs/platgovnetsuiteflashlight/getting_started/configuring_account.md rename to docs/platgovnetsuiteflashlight/gettingstarted/configuring_account.md index f5706d02c3..05949654f3 100644 --- a/docs/platgovnetsuiteflashlight/getting_started/configuring_account.md +++ b/docs/platgovnetsuiteflashlight/gettingstarted/configuring_account.md @@ -1,3 +1,9 @@ +--- +title: "Configuring your Account" +description: "Configuring your Account" +sidebar_position: 30 +--- + # Configuring your Account Before you can start documenting your system, you need to apply a configuration change to your diff --git a/docs/platgovnetsuiteflashlight/gettingstarted/dashboard.md b/docs/platgovnetsuiteflashlight/gettingstarted/dashboard.md new file mode 100644 index 0000000000..8828b6e390 --- /dev/null +++ b/docs/platgovnetsuiteflashlight/gettingstarted/dashboard.md @@ -0,0 +1,293 @@ +--- +title: "Dashboard" +description: "Dashboard" +sidebar_position: 60 +--- + +# Dashboard + +Flashlight comes with a comprehensive dashboard with everything to manage your account at your +fingertips. The dashboard provides key tools and reports to enable you to take full control of your +account and action problematic areas as required. + +These are the Dashboard portlets: + +- Spider Status +- Reminders +- Resources +- Chart +- Key Tools +- ERD Generator +- Last Spider Run Summary +- Search Form + +## Spider Status + +Displays the current status of the Spider (Not Started, In Progress, Completed) and the number of +days since the spider was last run. It is recommended to run the Spider every week so your account +documentation is up-to-date. + +![Spider Status](/img/product_docs/platgovnetsuiteflashlight/getting_started/spider_status.webp) + +## Reminders + +Reminders are key system warnings and metrics that Flashlight has detected in your account over the +last week since the Spider was run last run. You can click on each metric to drill-into the details +and take corrective action where needed. + +![Reminders](/img/product_docs/platgovnetsuiteflashlight/getting_started/reminders_800x88.webp) + +The reminders have colors associated with them depending on the nature of the reminder. Reminders +highlighted in green represent new and modified customizations in your account since the spider was +last run. + +- **New customizations**: Summarizes the customizations that were documented since the last Spider + run. Many customizations can be created on a daily basis, this tool helps keep track of what's new + on your account. +- **Customizations Updated**: Summarizes the customizations that have been modified recently. As you + tailor your account to meet the business needs of your organization it is very common to generate + hundreds of changes to Fields, Automations or Records. This tool helps keep track of the changes + to your customizations. + +### Reminders with Red Highlight + +Reminders highlighted in red represent a potential security or stability problem in the account +which should be reviewed. + +- **Deleted Customizations this Week**: Summarizes Customizations that have been recently deleted + from the system. This enables you to easily spot undesired removals and resolve them quickly. +- **Script Errors from Yesterday**: Summarizes script errors that occurred in the past day, enabling + you to take immediate action to resolve any potential operational risks associated with these + errors. +- **New Critical API Risks**: Summarizes the Scripts and Workflows that can potentially risk sending + your organization's data to an external system or entity. This includes Scripts and Workflows that + use the email API, HTTP requests or REST connections. +- **Critical Role Changes**: Summarizes changes to NetSuite Standard roles. +- **Record Deletion Risk Role Changes**: Summarizes changes to NetSuite roles that allow employees + to delete company data. +- **Undelivered Email Errors**: Summarizes Script errors from the NetSuite logs associated with + email failures. +- **New Employee Permission Changes**: Summarizes changes to Employee permissions, ensuring you have + full visibility into who has granted access to the account. +- **Critical Permission Changes**: Summarizes changes to permissions that allow employees to modify + Business Processes, Workflows, and Scripts. Critical permissions are defined as the ability to + create, modify or delete customizations and critical configuration within the account such as the + listed before. +- **Deleted Records**: Summarizes all records that have been deleted from the system. + +### Reminders with Yellow Highlight + +Reminders highlighted in yellow represent areas of the account that do not adhere to NetSuite best +practices. It is recommended to regularly review these reports and take corrective action so that +your customizations are aligned with NetSuite best practices. + +- **New Public Saved Searches used in Scripts**: Summarizes Saved Searches that are actively used by + one or more Scripts. This tools help you understand new searches that can be seen and potentially + edited by anyone in the organization and shouldn’t be modified without proper review from IT. +- **New Customizations with Poor Script IDs**: Summarizes recently created customizations with + default Script IDs. These are customizations that do not follow NetSuite best practices and can + impact the maintainability of the customizations in your account. This can be a problem when you + move dependent customizations (for example, a field referenced by script) between your + environments because referenced Script IDs may not match across the accounts. +- **New Customizations with Missing Descriptions**: Summarizes customizations that do not have any + associated Description text +- **New Customizations with Missing Help**: Summarizes customizations that do not have any + associated Help text. +- **New Customizations with Missing Active Owners**: Summarizes customizations that do not have + active employees as the Owner. This happens when an employee departs from your organization. It is + a standard best practice to reassign an active employee to these records. + +### Reminders with No Highlight + +Informational reminders do not have any highlighted color. Flashlight provides these reminders for +added visibility into your account. + +- **​New Scripts**: Summarizes new Scripts that have been created. This is a powerful tool to use + when there are script conflicts, as it helps your developers understand newly introduced scripts + that are potentially interfering with existing scripts. +- **New Customizations used by Workflows**: Summarizes new customizations that are actively used by + a one or more Workflows. +- **New Employee Saved Searches**: Summarizes new Saved Searches that query Employee records +- **New Employees with Standard Operational Roles**: When new users are onboarded into NetSuite they + can be automatically assigned default role permissions. This reminder displays the number of + Employees with standard operational roles. +- **New Employees Logging In From New IP Address**: Identifies users that have logged into the + account from a different IP address. This mitigates the risk of your account being unintentionally + shared with others or hacked. +- **New Workflows**: Summarizes new Workflows that have been created in your account. It is very + common to have several Workflows associated with a single record. This is a powerful tool to use + when there are workflow conflicts or bugs in your system due to newly introduced Workflows. This + helps developers understand the newly introduced workflows that are potentially interfering with + other customizations in the account. +- **New Customizations Used by Scripts**: Summarizes new critical customizations that are used by + automations, such as getting/setting field values, creating/modifying records, and reading + searches. All new scripted Records are displayed in this report. +- **New Public Saved Searches**: Summarizes new Saved Searches that are publicly available in your + account +- **New Transactions Saved Searches**: Summarizes new Saved Searches that query the Transactions + (Sales, Purchases, General Ledger). +- **New Customer Saved Searches**: Shows the number of Saved Searches created in the account in the + past week. +- **New Employees with Unused Logins**: Summarizes the number of Employees in the account that have + access but have not logged in. + +NOTE: If a reminder from the list does not have any detected records, it does not appear on the +dashboard. + +## Resources + +Links to key resources to help you learn to use Flashlight. + +![Resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) + +## Chart + +Visually displays insights into your customizations. There are 3 visualizations: new customizations +by type, new searches and reports by type, and customizations updated by type. Hover over the +segments in the chart for additional details. + +### New Customizations by Type + +This chart summarizes the newly created customizations by Object Type. Hover over each segment in +the chart to understand how many customizations have been created for the selected Object Type. This +does not include customizations from Saved Searches and Reports. Click on a segment in the chart to +drill into the details and see the list of specific customizations for the selected Object Type. +This allows you to easily understand what customizations have been created over a given time period. + +![New Customizations by Type](/img/product_docs/platgovnetsuiteflashlight/getting_started/new_customizations_by_type.webp) + +### New Searches and Reports by Type + +This chart summarizes the newly created Saved Searches and Reports by Object Type. Hover over each +segment in the chart to understand how many Saved Searches and Reports have been created for the +selected Object Type. Click on a segment in the chart to drill into the details and see the list of +specific customizations for the selected Object Type. This allows you to easily understand what +Saved Searches and Reports have been created over a given time period. + +![New Searches and Reports by Type](/img/product_docs/platgovnetsuiteflashlight/getting_started/new_searches_by_type.webp) + +### Customizations Updated by Type + +This chart summarizes the newly created customizations by Object Type. Hover over each segment in +the chart to understand how many customizations have been created for the selected Object Type. This +does not include customizations from Saved Searches and Reports. Click on a segment in the chart to +drill into the details and see the list of specific customizations for the selected Object Type. +This allows you to easily understand what customizations have been created over a given time period. + +![Customizations Updated by Type](/img/product_docs/platgovnetsuiteflashlight/getting_started/customizations_updated_by_type.webp) + +## Key Tools + +Links to useful Flashlight tools to give you more value out of your documentation. + +![Key Tools](/img/product_docs/platgovnetsuiteflashlight/getting_started/key_tools.webp) + +- **ERD**: Explore your customizations with Flashlight’s visual ERD and understand how + customizations relate to each other. +- **Customization Impact Search**: Understand how your customizations are impacted by changes to + other customizations. +- **Standard Field Impact Search**: Understand how your customizations are impacted by changes to + standard NetSuite fields. +- **SQL Library**: Locate formulas used across the Saved Searches in your account. + +## ERD Generator + +A shortcut to open the ERD for the entered **Name** or **ScriptID**. + +## Last Spider Run Summary + +Displays all the key data about your customizations for full visibility and control over your +account. The metrics are organized into two sections: **Documentation Summary** and **Users +Summary**. + +![summary_800x207](/img/product_docs/platgovnetsuiteflashlight/getting_started/summary_800x207.webp) + +### Documentation Summary + +The Documentation Summary section includes all the metrics related to your account documentation: + +**Customizations**: Displays the total number of customizations that exist in the account + +**Deleted Customizations**: Displays the total number of deleted customizations from the account + +**List dependencies**: Displays the total number of Lists that are used by other customizations in +the account + +**Search Dependencies**: Displays the total number of Saved Searches used by other customizations in +the account + +**Sourcing Dependencies**: Displays the total number of data sources used by other customizations in +the account. + +**Critical API risks**: Displays the total number of Scripts and Workflows that can potentially risk +sending your organization's data to an external system or entity. This includes Scripts and Workflow +that use the email API, HTTP requests or REST connections. + +**Customizations with Poor Script IDs**: Displays the total number of customizations with default +Script IDs. These are customizations that do not follow NetSuite best practices and can impact the +maintainability of the customizations in your account. This can also be a problem when you move +dependent customizations (eg. fields referenced by script) between your environments because +referenced Script IDs may not match across the accounts. + +**Customizations with Missing Descriptions**: Displays the total number of customizations with no +associated Description text + +**Customizations Updated**: Displays the total number of modified customizations. As you tailor your +account to meet the business needs of your organization it is very common to generate hundreds of +changes to Fields, Automations or Records. This tool helps keep track of the changes to your +customizations. + +**Total Dependencies**: Displays the total number of customizations used by other customizations in +the account + +**Workflow Dependencies**: Displays the total number of Workflows used by other customizations in +the account + +**Script dependencies**: Displays the total number of Scripts used by other customizations in the +account + +**Form Dependencies**: Displays the total number of Forms used by other customizations in the +account + +**Customizations Used by Scripts**: Displays the total number of customizations used by automations, +such as getting/setting field values, creating/modifying records, and reading searches. + +**Customizations with Missing Help**: Displays the total number of customizations with no associated +Help text. + +**Customizations with Missing Active Owners**: Displays the total number of customizations that do +not have an active employee as the Owner. This happens when an employee departs from your +organization. It is a standard best practice to reassign the underlying record to an active +employee. + +### Users Summary + +The Users Summary section summarizes key metrics related to your Employees. Flashlight is not just a +solution for Documentation, it also provides key information needed to manage your employee roles +and permissions, thereby enabling you to evaluating security-related risks to your organization. It +contains the following metrics: + +**Employees with Standard Operational Roles**: Displays the total number of Employees with standard +operational roles. When new users are onboarded into NetSuite they can be automatically assigned +default role permissions. + +**New Employees Logging In From New IP Address**: Identifies users that have logged into the account +from a different IP address. This mitigates the risk of your account being unintentionally shared +with others or hacked. + +**Critical Role Changes**: Displays the total number of changes to NetSuite Standard roles. + +**Employees with Unused Logins**: Displays the total number of Employees that have access into the +account but they have not logged in. + +**Employee Permission Changes**: Displays the total number of changes to Employee permissions, +ensuring you have full visibility into who has granted access to the account. + +**Critical Permission Changes**: Displays the total number of changes to permissions that allow +employees to modify Business Processes, Workflows, and Scripts. Critical permissions are defined as +the ability to create, modify or delete customizations and critical configuration within the account +such as the listed before. + +## Search Form + +A shortcut to the Customization Quick Search. You can search by **Name** or **ScriptID**. diff --git a/docs/platgovnetsuiteflashlight/getting_started/documenting_account.md b/docs/platgovnetsuiteflashlight/gettingstarted/documenting_account.md similarity index 94% rename from docs/platgovnetsuiteflashlight/getting_started/documenting_account.md rename to docs/platgovnetsuiteflashlight/gettingstarted/documenting_account.md index 0bbb452f02..a451e71796 100644 --- a/docs/platgovnetsuiteflashlight/getting_started/documenting_account.md +++ b/docs/platgovnetsuiteflashlight/gettingstarted/documenting_account.md @@ -1,3 +1,9 @@ +--- +title: "Documenting your Account" +description: "Documenting your Account" +sidebar_position: 40 +--- + # Documenting your Account While NetSuite is flexible and powerful, your account can quickly become out-of-sync and cluttered @@ -23,7 +29,7 @@ how to kick off your first spider: 2. If you are receive a NetSuite alert about segment preferences, you need to set the **Number of Rows in List Segments** in your account so that the spider can function properly. Refer to - [Configuring your Account](/docs/platgovnetsuiteflashlight/getting_started/configuring_account.md) for details. Do not update this field while + [Configuring your Account](/docs/platgovnetsuiteflashlight/gettingstarted/configuring_account.md) for details. Do not update this field while the spider is running. Once you are ready, start your spider. ![spider_800x368](/img/product_docs/platgovnetsuiteflashlight/getting_started/spider_800x368.webp) diff --git a/docs/platgovnetsuiteflashlight/getting_started/install_flashlight.md b/docs/platgovnetsuiteflashlight/gettingstarted/install_flashlight.md similarity index 84% rename from docs/platgovnetsuiteflashlight/getting_started/install_flashlight.md rename to docs/platgovnetsuiteflashlight/gettingstarted/install_flashlight.md index 8edebab273..10383e1261 100644 --- a/docs/platgovnetsuiteflashlight/getting_started/install_flashlight.md +++ b/docs/platgovnetsuiteflashlight/gettingstarted/install_flashlight.md @@ -1,3 +1,9 @@ +--- +title: "Installing the Flashlight Bundle" +description: "Installing the Flashlight Bundle" +sidebar_position: 10 +--- + # Installing the Flashlight Bundle Flashlight by Strongpoint is a SuiteApp integrated into NetSuite. Use this procedure to install the @@ -17,4 +23,4 @@ Flashlight bundle into your NetSuite account. **Flashlight by Strongpoint Status** is **Pending** during the installation process. Click **Refresh** to see installation progress. When complete, the Flashlight bundle is marked with a green check in the **Status** and the **Flashlight** tab is available. -9. Set up a [licensed user](/docs/platgovnetsuiteflashlight/getting_started/setting_up_licensed_user.md) to complete the installation. +9. Set up a [licensed user](/docs/platgovnetsuiteflashlight/gettingstarted/setting_up_licensed_user.md) to complete the installation. diff --git a/docs/platgovnetsuiteflashlight/getting_started/setting_up_licensed_user.md b/docs/platgovnetsuiteflashlight/gettingstarted/setting_up_licensed_user.md similarity index 89% rename from docs/platgovnetsuiteflashlight/getting_started/setting_up_licensed_user.md rename to docs/platgovnetsuiteflashlight/gettingstarted/setting_up_licensed_user.md index 36d77e3a9f..ad3826df36 100644 --- a/docs/platgovnetsuiteflashlight/getting_started/setting_up_licensed_user.md +++ b/docs/platgovnetsuiteflashlight/gettingstarted/setting_up_licensed_user.md @@ -1,3 +1,9 @@ +--- +title: "Setting up a Licensed User" +description: "Setting up a Licensed User" +sidebar_position: 20 +--- + # Setting up a Licensed User When you first install NetSuite, you need to create a licensed user who has full access to diff --git a/docs/platgovnetsuiteflashlight/getting_started/tutorial_videos.md b/docs/platgovnetsuiteflashlight/gettingstarted/tutorial_videos.md similarity index 89% rename from docs/platgovnetsuiteflashlight/getting_started/tutorial_videos.md rename to docs/platgovnetsuiteflashlight/gettingstarted/tutorial_videos.md index 9e3e05fdf5..34f37ed557 100644 --- a/docs/platgovnetsuiteflashlight/getting_started/tutorial_videos.md +++ b/docs/platgovnetsuiteflashlight/gettingstarted/tutorial_videos.md @@ -1,3 +1,9 @@ +--- +title: "How To Videos" +description: "How To Videos" +sidebar_position: 70 +--- + # How To Videos We have a series of videos to help you learn to use Flashlight to get the most out of your account diff --git a/docs/platgovnetsuiteflashlight/gettingstarted/uninstalling_flashlight.md b/docs/platgovnetsuiteflashlight/gettingstarted/uninstalling_flashlight.md new file mode 100644 index 0000000000..9a615141ca --- /dev/null +++ b/docs/platgovnetsuiteflashlight/gettingstarted/uninstalling_flashlight.md @@ -0,0 +1,18 @@ +--- +title: "Uninstalling Flashlight" +description: "Uninstalling Flashlight" +sidebar_position: 80 +--- + +# Uninstalling Flashlight + +Here is how to uninstall the Flashlight bundle from your account: + +1. From the NetSuite main menu, hover over **Customization** > **SuiteBundler** > **Search & + Install** > **List** +2. Locate the Flashlight bundle in installed bundle list. +3. Hover over the icon in the **Action** column and click **Uninstall** + + ![uninstall_flashlight_800x226](/img/product_docs/platgovnetsuiteflashlight/getting_started/uninstall_flashlight_800x226.webp) + +4. Follow the standard procedure in NetSuite to remove the bundle. diff --git a/docs/platgovnetsuiteflashlight/getting_started/what_does_flashlight_document.md b/docs/platgovnetsuiteflashlight/gettingstarted/what_does_flashlight_document.md similarity index 97% rename from docs/platgovnetsuiteflashlight/getting_started/what_does_flashlight_document.md rename to docs/platgovnetsuiteflashlight/gettingstarted/what_does_flashlight_document.md index 5a3b251b1f..a2b457bb0e 100644 --- a/docs/platgovnetsuiteflashlight/getting_started/what_does_flashlight_document.md +++ b/docs/platgovnetsuiteflashlight/gettingstarted/what_does_flashlight_document.md @@ -1,3 +1,9 @@ +--- +title: "What Does Flashlight Document?" +description: "What Does Flashlight Document?" +sidebar_position: 50 +--- + # What Does Flashlight Document? There are three outcomes for customizations Flashlight finds in the system: diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/_category_.json b/docs/platgovnetsuiteflashlight/troubleshooting/_category_.json new file mode 100644 index 0000000000..0ee716333e --- /dev/null +++ b/docs/platgovnetsuiteflashlight/troubleshooting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Troubleshooting", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/list_segments_not_editable.md b/docs/platgovnetsuiteflashlight/troubleshooting/list_segments_not_editable.md index 86099ba211..e6aa0ae758 100644 --- a/docs/platgovnetsuiteflashlight/troubleshooting/list_segments_not_editable.md +++ b/docs/platgovnetsuiteflashlight/troubleshooting/list_segments_not_editable.md @@ -1,3 +1,9 @@ +--- +title: "List Segments Field Cannot be Edited" +description: "List Segments Field Cannot be Edited" +sidebar_position: 10 +--- + # List Segments Field Cannot be Edited When setting the Number of Rows in List segments, sometimes the field cannot be edited. diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/release_note_notifications.md b/docs/platgovnetsuiteflashlight/troubleshooting/release_note_notifications.md index 94e273e263..11f963f527 100644 --- a/docs/platgovnetsuiteflashlight/troubleshooting/release_note_notifications.md +++ b/docs/platgovnetsuiteflashlight/troubleshooting/release_note_notifications.md @@ -1,3 +1,9 @@ +--- +title: "Release Note Notifications" +description: "Release Note Notifications" +sidebar_position: 20 +--- + # Release Note Notifications ## Notifications diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/report_a_bug.md b/docs/platgovnetsuiteflashlight/troubleshooting/report_a_bug.md index bbbf31363c..0472efcb37 100644 --- a/docs/platgovnetsuiteflashlight/troubleshooting/report_a_bug.md +++ b/docs/platgovnetsuiteflashlight/troubleshooting/report_a_bug.md @@ -1,3 +1,9 @@ +--- +title: "Report a Bug" +description: "Report a Bug" +sidebar_position: 70 +--- + # Report a Bug If you encounter any problems using Flashlight or you have suggested improvements, we would love to diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/spider_page_not_found.md b/docs/platgovnetsuiteflashlight/troubleshooting/spider_page_not_found.md index 525147b8f7..dd28c5777f 100644 --- a/docs/platgovnetsuiteflashlight/troubleshooting/spider_page_not_found.md +++ b/docs/platgovnetsuiteflashlight/troubleshooting/spider_page_not_found.md @@ -1,3 +1,9 @@ +--- +title: "Spider Page Not Found" +description: "Spider Page Not Found" +sidebar_position: 40 +--- + # Spider Page Not Found If you see a **Spider Page Not Found** error: diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/spider_spins.md b/docs/platgovnetsuiteflashlight/troubleshooting/spider_spins.md index 0c14c65bb9..b4560dffde 100644 --- a/docs/platgovnetsuiteflashlight/troubleshooting/spider_spins.md +++ b/docs/platgovnetsuiteflashlight/troubleshooting/spider_spins.md @@ -1,3 +1,9 @@ +--- +title: "Spider Spins and Does Not Finish" +description: "Spider Spins and Does Not Finish" +sidebar_position: 50 +--- + # Spider Spins and Does Not Finish If you kick off a spider and the gears on the page spin for more than an hour, there are two likely diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/stop_scripts.md b/docs/platgovnetsuiteflashlight/troubleshooting/stop_scripts.md index 84ce9e1be8..ec0402ba02 100644 --- a/docs/platgovnetsuiteflashlight/troubleshooting/stop_scripts.md +++ b/docs/platgovnetsuiteflashlight/troubleshooting/stop_scripts.md @@ -1,3 +1,9 @@ +--- +title: "Stop Scripts" +description: "Stop Scripts" +sidebar_position: 60 +--- + # Stop Scripts You can stop the Spider scripts at any point during the spider process: diff --git a/docs/platgovnetsuiteflashlight/troubleshooting/system_maintenance_period_error.md b/docs/platgovnetsuiteflashlight/troubleshooting/system_maintenance_period_error.md index 3961ade587..bdf63506ff 100644 --- a/docs/platgovnetsuiteflashlight/troubleshooting/system_maintenance_period_error.md +++ b/docs/platgovnetsuiteflashlight/troubleshooting/system_maintenance_period_error.md @@ -1,3 +1,9 @@ +--- +title: "System Maintenance Period Error" +description: "System Maintenance Period Error" +sidebar_position: 30 +--- + # System Maintenance Period Error Usually a _System Maintenance Period_ error indicates your primary web site in NetSuite is in diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/understanding_customization_record.md b/docs/platgovnetsuiteflashlight/using_flashlight/understanding_customization_record.md deleted file mode 100644 index 1da8e1a3e3..0000000000 --- a/docs/platgovnetsuiteflashlight/using_flashlight/understanding_customization_record.md +++ /dev/null @@ -1,36 +0,0 @@ -# Understanding the Customization Record - -A Flashlight Customization Record contains all the information about a given customization in one -place, giving you everything you need to know about your objects at your fingertips. Customization -Records are created and maintained by Flashlight's spider as it documents your account. The records -enable us to search customizations and to attach them to processes. - -Here is an example Customization Record for a Scheduled Script: - -![Customization Record](/img/product_docs/platgovnetsuiteflashlight/using_flashlight/customization_record_800x402.webp) - -#### Menu - -- **Edit**: enables editing of the record. -- **Back**: returns to the previous screen. -- **Respider Now**: triggers the Spider to update the documentation for this specific record. -- **Open ERD**: opens the Entity-Relationship Diagram for this specific record. -- **Go to record**: Opens the actual NetSuite record. - -#### Summary - -The top section summarizes the key data about the Object: - -- **Base Record**: parent record. For Saved Searches it displays the Object Type. -- **Owner**: current owner of the record. -- **Description**: description of the record. If the object does not have a description field, click - **Edit** and add it to the record. -- **Type**: NetSuite Object Type. -- **Scriptid**: Script ID of the record. -- **Dependent Objects**: related object dependencies by object type. For example, there could be - multiple scripts and workflows that depend on this object. - -#### Tabs - -The bottom section displays tabs containing specific information for the record. The available tabs -and information vary depending on the type of Object being viewed. diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/using_erd.md b/docs/platgovnetsuiteflashlight/using_flashlight/using_erd.md deleted file mode 100644 index 52b3d9fee3..0000000000 --- a/docs/platgovnetsuiteflashlight/using_flashlight/using_erd.md +++ /dev/null @@ -1,37 +0,0 @@ -# Using the ERD - -Your company’s growth and ability to react to competitive threats relies on your systems ability to -support your processes. When you need to adapt and increase your agility you can use Flashlight's -_Entity-Relationship Diagram_ (ERD) to identify all impacts of a given record type or any single -customization. - -Your whole system is documented in an ERD which allows you to explore your account with ease. The -interactive ERD gives you a visual representation of your account and allows you to drill down into -the data. You can see key customization information like the owner and dependencies in a single -view, instead of having to go to the history or system notes. - -To access the ERD view: - -1. Open **Flashlight** > **Tools** > **ERD** -2. Select a **Record Type** - - ![ERD Filter Options](/img/product_docs/platgovnetsuiteflashlight/using_flashlight/erd_filters_800x231.webp) - -3. Click **Show Record ERD** to generate the diagram. - - ![ERD](/img/product_docs/platgovnetsuiteflashlight/using_flashlight/erd_800x517.webp) - -4. The left panel displays your selected **Record Type** -5. Click on any field in the ERD to see: - -- **Scriptid**: Displays the record’s Script ID. -- **Owner**: The current owner of the record. -- **Data Type**: Displays the NetSuite Object Type. -- **Last Modified**: Displays the Date Last Modified if available. -- **Open record**: Opens the customization record. - -6. All Workflows, Forms and Scripts joined to the selected record are displayed along with any - associated metadata. - As you click through the ERD diagram, the associated dependencies are displayed. This tool allows - you to easily understand what customizations are impacted by a given field on the customization - record. diff --git a/docs/platgovnetsuiteflashlight/usingflashlight/_category_.json b/docs/platgovnetsuiteflashlight/usingflashlight/_category_.json new file mode 100644 index 0000000000..0677fbea0d --- /dev/null +++ b/docs/platgovnetsuiteflashlight/usingflashlight/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Using Flashlight", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/customization_reports.md b/docs/platgovnetsuiteflashlight/usingflashlight/customization_reports.md similarity index 97% rename from docs/platgovnetsuiteflashlight/using_flashlight/customization_reports.md rename to docs/platgovnetsuiteflashlight/usingflashlight/customization_reports.md index 010473cb98..63b73cfe64 100644 --- a/docs/platgovnetsuiteflashlight/using_flashlight/customization_reports.md +++ b/docs/platgovnetsuiteflashlight/usingflashlight/customization_reports.md @@ -1,3 +1,9 @@ +--- +title: "Customization Reports" +description: "Customization Reports" +sidebar_position: 70 +--- + # Customization Reports Flashlight provides a set of useful reports to help you ensure that your account customizations diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/sql_library.md b/docs/platgovnetsuiteflashlight/usingflashlight/sql_library.md similarity index 87% rename from docs/platgovnetsuiteflashlight/using_flashlight/sql_library.md rename to docs/platgovnetsuiteflashlight/usingflashlight/sql_library.md index 3274b43ba4..a52de60531 100644 --- a/docs/platgovnetsuiteflashlight/using_flashlight/sql_library.md +++ b/docs/platgovnetsuiteflashlight/usingflashlight/sql_library.md @@ -1,3 +1,9 @@ +--- +title: "Using the Strongpoint SQL Library" +description: "Using the Strongpoint SQL Library" +sidebar_position: 40 +--- + # Using the Strongpoint SQL Library The SQL Library is a powerful tool to help you locate formulas used across the Saved Searches in diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/standard_field_impact_analysis.md b/docs/platgovnetsuiteflashlight/usingflashlight/standard_field_impact_analysis.md similarity index 89% rename from docs/platgovnetsuiteflashlight/using_flashlight/standard_field_impact_analysis.md rename to docs/platgovnetsuiteflashlight/usingflashlight/standard_field_impact_analysis.md index 626584f7dd..27c530ac72 100644 --- a/docs/platgovnetsuiteflashlight/using_flashlight/standard_field_impact_analysis.md +++ b/docs/platgovnetsuiteflashlight/usingflashlight/standard_field_impact_analysis.md @@ -1,3 +1,9 @@ +--- +title: "Using Standard Field Impact Analysis" +description: "Using Standard Field Impact Analysis" +sidebar_position: 30 +--- + # Using Standard Field Impact Analysis The standard field impact analysis tool enables you to find customizations using standard fields. diff --git a/docs/platgovnetsuiteflashlight/usingflashlight/understanding_customization_record.md b/docs/platgovnetsuiteflashlight/usingflashlight/understanding_customization_record.md new file mode 100644 index 0000000000..e3d4686a2f --- /dev/null +++ b/docs/platgovnetsuiteflashlight/usingflashlight/understanding_customization_record.md @@ -0,0 +1,42 @@ +--- +title: "Understanding the Customization Record" +description: "Understanding the Customization Record" +sidebar_position: 50 +--- + +# Understanding the Customization Record + +A Flashlight Customization Record contains all the information about a given customization in one +place, giving you everything you need to know about your objects at your fingertips. Customization +Records are created and maintained by Flashlight's spider as it documents your account. The records +enable us to search customizations and to attach them to processes. + +Here is an example Customization Record for a Scheduled Script: + +![Customization Record](/img/product_docs/platgovnetsuiteflashlight/using_flashlight/customization_record_800x402.webp) + +#### Menu + +- **Edit**: enables editing of the record. +- **Back**: returns to the previous screen. +- **Respider Now**: triggers the Spider to update the documentation for this specific record. +- **Open ERD**: opens the Entity-Relationship Diagram for this specific record. +- **Go to record**: Opens the actual NetSuite record. + +#### Summary + +The top section summarizes the key data about the Object: + +- **Base Record**: parent record. For Saved Searches it displays the Object Type. +- **Owner**: current owner of the record. +- **Description**: description of the record. If the object does not have a description field, click + **Edit** and add it to the record. +- **Type**: NetSuite Object Type. +- **Scriptid**: Script ID of the record. +- **Dependent Objects**: related object dependencies by object type. For example, there could be + multiple scripts and workflows that depend on this object. + +#### Tabs + +The bottom section displays tabs containing specific information for the record. The available tabs +and information vary depending on the type of Object being viewed. diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/user_mgmt_reports.md b/docs/platgovnetsuiteflashlight/usingflashlight/user_mgmt_reports.md similarity index 95% rename from docs/platgovnetsuiteflashlight/using_flashlight/user_mgmt_reports.md rename to docs/platgovnetsuiteflashlight/usingflashlight/user_mgmt_reports.md index 4fcf572ae9..d382079876 100644 --- a/docs/platgovnetsuiteflashlight/using_flashlight/user_mgmt_reports.md +++ b/docs/platgovnetsuiteflashlight/usingflashlight/user_mgmt_reports.md @@ -1,3 +1,9 @@ +--- +title: "User Management Reports" +description: "User Management Reports" +sidebar_position: 80 +--- + # User Management Reports Flashlight provides a set of reports that give you insight into Employee-related changes and diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/using_customization_impact_analysis.md b/docs/platgovnetsuiteflashlight/usingflashlight/using_customization_impact_analysis.md similarity index 90% rename from docs/platgovnetsuiteflashlight/using_flashlight/using_customization_impact_analysis.md rename to docs/platgovnetsuiteflashlight/usingflashlight/using_customization_impact_analysis.md index d849804c78..da63bae55b 100644 --- a/docs/platgovnetsuiteflashlight/using_flashlight/using_customization_impact_analysis.md +++ b/docs/platgovnetsuiteflashlight/usingflashlight/using_customization_impact_analysis.md @@ -1,3 +1,9 @@ +--- +title: "Using Customization Impact Analysis" +description: "Using Customization Impact Analysis" +sidebar_position: 60 +--- + # Using Customization Impact Analysis The Customization Impact Search displays customizations and any impacted customizations. For diff --git a/docs/platgovnetsuiteflashlight/usingflashlight/using_erd.md b/docs/platgovnetsuiteflashlight/usingflashlight/using_erd.md new file mode 100644 index 0000000000..7ed5217f1a --- /dev/null +++ b/docs/platgovnetsuiteflashlight/usingflashlight/using_erd.md @@ -0,0 +1,43 @@ +--- +title: "Using the ERD" +description: "Using the ERD" +sidebar_position: 20 +--- + +# Using the ERD + +Your company’s growth and ability to react to competitive threats relies on your systems ability to +support your processes. When you need to adapt and increase your agility you can use Flashlight's +_Entity-Relationship Diagram_ (ERD) to identify all impacts of a given record type or any single +customization. + +Your whole system is documented in an ERD which allows you to explore your account with ease. The +interactive ERD gives you a visual representation of your account and allows you to drill down into +the data. You can see key customization information like the owner and dependencies in a single +view, instead of having to go to the history or system notes. + +To access the ERD view: + +1. Open **Flashlight** > **Tools** > **ERD** +2. Select a **Record Type** + + ![ERD Filter Options](/img/product_docs/platgovnetsuiteflashlight/using_flashlight/erd_filters_800x231.webp) + +3. Click **Show Record ERD** to generate the diagram. + + ![ERD](/img/product_docs/platgovnetsuiteflashlight/using_flashlight/erd_800x517.webp) + +4. The left panel displays your selected **Record Type** +5. Click on any field in the ERD to see: + +- **Scriptid**: Displays the record’s Script ID. +- **Owner**: The current owner of the record. +- **Data Type**: Displays the NetSuite Object Type. +- **Last Modified**: Displays the Date Last Modified if available. +- **Open record**: Opens the customization record. + +6. All Workflows, Forms and Scripts joined to the selected record are displayed along with any + associated metadata. + As you click through the ERD diagram, the associated dependencies are displayed. This tool allows + you to easily understand what customizations are impacted by a given field on the customization + record. diff --git a/docs/platgovnetsuiteflashlight/using_flashlight/using_spider.md b/docs/platgovnetsuiteflashlight/usingflashlight/using_spider.md similarity index 95% rename from docs/platgovnetsuiteflashlight/using_flashlight/using_spider.md rename to docs/platgovnetsuiteflashlight/usingflashlight/using_spider.md index 15460c39ff..0338945df8 100644 --- a/docs/platgovnetsuiteflashlight/using_flashlight/using_spider.md +++ b/docs/platgovnetsuiteflashlight/usingflashlight/using_spider.md @@ -1,3 +1,9 @@ +--- +title: "Using the Spider" +description: "Using the Spider" +sidebar_position: 10 +--- + # Using the Spider While NetSuite is flexible and powerful, your account can quickly become out-of-sync and cluttered diff --git a/docs/platgovnetsuiteflashlight/welcome.md b/docs/platgovnetsuiteflashlight/welcome.md index f6d91c99da..2a4e08992b 100644 --- a/docs/platgovnetsuiteflashlight/welcome.md +++ b/docs/platgovnetsuiteflashlight/welcome.md @@ -1,3 +1,9 @@ +--- +title: "Welcome" +description: "Welcome" +sidebar_position: 10 +--- + # Welcome Flashlight™ by Strongpoint is NetSuite Documentation for Everybody! Easy to install, easy to @@ -22,8 +28,8 @@ Flashlight provides your organization these key benefits: #### Move Faster -- Use the Flashlight [Dashboard](/docs/platgovnetsuiteflashlight/getting_started/dashboard.md) and the - [Entity Relationship Diagrams](/docs/platgovnetsuiteflashlight/using_flashlight/using_erd.md) to spot problems before they happen +- Use the Flashlight [Dashboard](/docs/platgovnetsuiteflashlight/gettingstarted/dashboard.md) and the + [Entity Relationship Diagrams](/docs/platgovnetsuiteflashlight/usingflashlight/using_erd.md) to spot problems before they happen and respond to your users more quickly. - Now you can make better, faster decisions to drive your business forward. diff --git a/docs/platgovsalesforce/change_management/approving_change_request.md b/docs/platgovsalesforce/change_management/approving_change_request.md deleted file mode 100644 index 49a8c2cc81..0000000000 --- a/docs/platgovsalesforce/change_management/approving_change_request.md +++ /dev/null @@ -1,25 +0,0 @@ -# Approving a Change Request - -Approvers are populated from the Change/Approval Policy for the Change Request. Approval -notifications are sent when the Change Request owner advances the status to **Pending Approval**. - -1. Approver receives an email with a link to the Change Request. -2. When the Change Request opens, **Approve** and **Reject** buttons are available at the top of the - form: - - - If all approvers approve the Change Request, the status is changed to **Approved**. Implement - the changes specified by the Change Request. - - If an approver rejects the Change Request, the status is changed to **Rejected**. You can - return the Change Request to **In Progress**, edit it, and reset it to **Pending Approval** if - there are errors or omissions. - -3. Change Request owner [Completes and Validates the Change Request](/docs/platgovsalesforce/change_management/completing_change_request.md). - -Once the Change Request is approved, you cannot change the customizations attached to the Change -Request. - -You can add the **Strongpoint CR Approval Override** Permission Set to specific users. Users with -this Permission Set can approve a Change Request independent of the governing policy. The default -approve permission is no longer included with the System Administrator role. If you have a System -Administrator or other user you want to be able to approve, assign the **Strongpoint CR Approval -Override** Permission Set. diff --git a/docs/platgovsalesforce/change_management/change_and_approval_policy.md b/docs/platgovsalesforce/change_management/change_and_approval_policy.md deleted file mode 100644 index acef6b3822..0000000000 --- a/docs/platgovsalesforce/change_management/change_and_approval_policy.md +++ /dev/null @@ -1,59 +0,0 @@ -# Change and Approval Policy - -The Advanced Change Management system uses a set of policy records called Change and Approval -Policies. - -Change and Approval Policies define: - -- The level of change management required for a given change (for example, ApexClass modification - vs. a report). -- The level of approval required and the participants in that approval process. - -When Change Requests are created, Platform Governance for Salesforce analyzes the impacted -customizations and processes. It identifies the Change Policy that applies based on the IT risk from -the Customization Record and the process risk from the Process Records. - -The Change and Approval Policy also determines the change level required for any detected changes to -be compliant. This ensures that even changes that do not go through the planned change management -process are analyzed against the policy for compliance. - -For example, a company may have multiple policies: - -1. A **Default Policy** that applies to any customization or process without a specific policy. This - generally requires that scripted changes go through a relatively high level of review compared to - non-scripted changes. -2. A **Controls Policy** that specifically applies to key reports and controls listed on the policy - that need very specific approval to modify and ensures there are no changes without a proper - audit review. -3. A **Custom Object Policy** to manage Custom fields and object. - -Once in place, policies remind users of the level of change management required as well as monitors -the changes that do occur and raises alerts to IT by custom reports if there are any change -violations. - -## Change Process Overview - -Platform Governance for Salesforce automatically detects any changes to the customizations in your -system and log them. The system finds the relevant Change/Approval Policy and determines the change -level required for compliance. It then looks for the relevant change record. For example, if it -determines that a script changed and a Full Software Development Lifecycle was required for -compliance, it looks for an approved Deployment Record. If it does not find one, it flags the change -as non-compliant. An alert is sent to the Object owners notifying them of the non-compliant change. - -1. **Detect the Change**: [Automated Scanner](/docs/platgovsalesforce/installing_strongpoint/setting_up_initial_scan.md) - must be enabled forPlatform Governance for Salesforce to detect a change. -2. **Log the Change**: creates a Change Log. -3. **Locate the Relevant Policy**: locates the correct policy for the object. -4. **Locate the Relevant Change Record**: determines if the change needs a Change Request. -5. **Determine if the Change is Compliant**: - - - If Platform Governance for Salesforce finds the appropriate Change Request or if the change is - **Log Only**, it marks the change as compliant and attaches the Change Log to the Change - Record. - - If Platform Governance for Salesforce determines the change is non-compliant (does not fall - under the relevant policy) it send an alert to IT and Object Owners to investigate the change - and document what needs to be done to make the change compliant. - -6. **Change Reporting and Resolution**: Platform Governance for Salesforce provides predefined - [reports](/docs/platgovsalesforce/change_management/change_management_reports.md) you can review as part of your regular Change Management - Process. diff --git a/docs/platgovsalesforce/change_management/change_management_overview.md b/docs/platgovsalesforce/change_management/change_management_overview.md deleted file mode 100644 index eb3c43b18d..0000000000 --- a/docs/platgovsalesforce/change_management/change_management_overview.md +++ /dev/null @@ -1,56 +0,0 @@ -# Change Management Overview - -Platform Governance for Salesforce Closed Loop Change Management and Compliance is an enhanced -change management system for changes to Salesforce accounts using the Platform Governance for -Salesforce automated documentation and change management system. - -Platform Governance for Salesforce extends your current change management system to enable you to: - -- Establish change management policies for different types of objects and processes. -- Route changes for approval within Salesforce. -- Authenticate that changes to the system are in accordance with applicable policies. -- Detect and resolve non-compliant changes. -- Manage deployments and sandbox refreshing using best practices. - -## Plan, Approve and Deploy Changes - -### Plan with a Change Request - -Change Requests are used to plan and track changes to the system. - -They allow for common actions associated with change requests including: - -- Grouping process issues. -- Planning completion targets. -- Tracking the status. -- Managing approvals. - -The **Advanced Change Management** Module provides additional functionality: - -- Automatically define the change level required for compliance based on the appropriate - [Change and Approval Policy](/docs/platgovsalesforce/change_management/change_and_approval_policy.md). -- Identify impacts on other customizations. -- Attach and manage test scripts. -- Manage and record Pre and Post-Deployment - [Environment Comparisons](/docs/platgovsalesforce/tools/environment_comparison.md). -- Archive fields. -- Delete customizations. - -Change Management can be integrated with other change tracking systems using the External Change -Request Number field. It is beneficial to use the change records since they can be linked to -processes, customizations and clean up activities. - -### Confirm with a Deployment Record - -When tracking Full Software Development Lifecycle changes, the Deployment Record enables you to -track deployment approvals. Once a Change Request is approved, this documents a change is ready for -development. At this point, a new change request with the Stage Deployment Record can be created and -tracked. - -This enables: - -- Tracking of deployment activities. -- Documentation of approvals for deployment to document that any changes that occurred during - development have been approved and that the appropriate pre-deployment checks have been completed. - -This record is linked to the original change request to enable end to end reporting of the change. diff --git a/docs/platgovsalesforce/change_management/change_management_reports.md b/docs/platgovsalesforce/change_management/change_management_reports.md deleted file mode 100644 index 2cbea9dffe..0000000000 --- a/docs/platgovsalesforce/change_management/change_management_reports.md +++ /dev/null @@ -1,44 +0,0 @@ -# Change Enablement Reports - -Platform Governance for Salesforce has many different reports you can use to view your changes, -these include: Compliant, Open Non-Compliant and What Changed Reports. - -The **Compliant Changes** and **Unresolved Non-Compliant** reports are the primary reports for -managing changes in your system. They display all changes in the system that are compliant and those -that are not compliant. An additional report called **What Changed?** shows all changes that have -happened. - -To access the Change Reports: - -Open **Netwrix Dashboard** > **Reports** > **Change Enablement** and select one of the reports: - -> **Approval Override**: shows all changes approved with an approval override. -> -> **What Changed?**: shows all changes that have occurred. -> -> **Unresolved Non-Compliant Changes**: displays open non-compliant changes. A non-compliant change -> indicates something was changed without the required approvals. By looking at this report, you can -> investigate changes and get an understanding of what the impacts are and see if any additional -> changes need to be made. This report is used to track changes that require action. -> -> **Managed Package Updates**: displays managed package update details for auditing. -> -> **Resolved Non-Compliant Changes**: displays resolved non-compliant changes with the change -> overview and the difference summary. -> -> **Compliant Changes**: displays all compliant changes. Compliant changes are automatically marked -> as closed. This report is used to review changes that have been automatically cleared. -> -> **Consolidated Change By Type**: displays changes summarized and grouped by Salesforce Type. -> -> **Deployed Changes**: displays an end to end summary of deployed changes to enable tracking and -> reporting of changes to the system. -> -> **Data Tracking Change Logs**: displays changes on objects set for data tracking. -> -> **Change/Approval Policy Changes**: this report is based on Field History Tracking. You can track -> up to 20 fields from the Policy Record. Salesforce starts tracking field history from the date and -> time you turn it on a field. -> -> **Fast Scan for Permissions Changes**: displays all changes detected in PermissionSet, -> PermissionSetGroup, and Profiles by the Fast Scan. diff --git a/docs/platgovsalesforce/change_management/creating_change_request.md b/docs/platgovsalesforce/change_management/creating_change_request.md deleted file mode 100644 index 838a3f4302..0000000000 --- a/docs/platgovsalesforce/change_management/creating_change_request.md +++ /dev/null @@ -1,148 +0,0 @@ -# Creating a Change Request - -Change requests are the method to plan, analyze, track and approve changes. You can create different -types of Change Requests to match the change you want to manage. Here are two options: - -- **Customization** Change request is used for Metadata changes, such as - [Customizations](/docs/platgovsalesforce/customizations/customizations_overview.md). -- **Data Record** - Change request is used for Data Changes to Revenue Cloud/ - [CPQ](/docs/platgovsalesforce/change_management/enhanced_cpq_support.md). - -Data Record Change Requests are only available with an Enterprise Compliance license. - -1. Open the **Change Requests** tab. -2. Click **New** - - ![New Change Request](/img/product_docs/platgovsalesforce/change_management/change_request_new_light.webp) - -3. Enter information as needed. - - - **Change Request Name**: add a meaningful name to the change request. - - **Change Request Type**: Customizations for metadata changes and Data Records for data. - - **Parent Change Request**: enter an optional parent change request if this is part of a bigger - change. - - **Change Overview**: add a summary of the desired changes. - - **Change Type**: select the type from the list. **Minor** is the default. - - **Is Release**: check if this change request represents a release. The customizations from all - the child change requests are rolled into this release for deployment. - -4. **Save** the **Change Request**. A confirmation is displayed when the change request is saved. - - ![Continue with the Change Request](/img/product_docs/platgovsalesforce/change_management/change_request_new2_light.webp) - -5. Add or change information as needed: - - - **External Change Request Number** and **External Link** are used for reference if the change - request is coming from an external system. - - **Completion Status**: select a status from the list. This operation can also be performed - after you save the change request and proceed to Impact Analysis. - - **Stage**: the type of change project: **Change Request**, **Development Project**, - **Deployment Record**, or **Rollback Record**. This is an informational field. - - **Change Request Group**: search for groups to add to this change request. - - **Assigned BA**: search for a user to add as the assigned Business Analyst. - - **Release**: search for the parent change request if this change request is part of a release. - -6. Expand the **Customizations** section. **Customizations** is selected by default. Click - **Customizations** to access the **Add/Remove** function. - - ![Expand the Customizations section](/img/product_docs/platgovsalesforce/change_management/change_request_new3_light.webp) - - - Click **Add/Remove** to add existing Customizations to the change request. - - ![Add an existing customization to a change request](/img/product_docs/platgovsalesforce/change_management/change_request_new4_light.webp) - - - Enter filters to search for existing customizations. For this example, the **Metadata - Type** is set to **CustomField**. The matching customizations are displayed. - - ![Enter filters to search for customizations](/img/product_docs/platgovsalesforce/change_management/change_request_new5_light.webp) - - - Select one or more customizations. Use **Search**, **First**, **Previous**, **Next** and - **Last** to navigate through the list if needed. - - Click **Add** to add the customizations to the **Selected Customizations** list. Continue - adding your existing customizations. - - Click **Save**. - -7. Click **Proposed Customizations** to enable the **Add/Remove** option if you want to create new - customizations. - - - Click **Add/Remove**. - - ![Add Proposed Customizations to the Change Request](/img/product_docs/platgovsalesforce/change_management/change_request_new6_light.webp) - - - Click **+** (Add). - - ![Add the information for the proposed customization](/img/product_docs/platgovsalesforce/change_management/change_request_new7_light.webp) - - - Enter the **API Name** and **Salesforce Metadata Type**. Click **+** to add additional - proposed customizations. Can be used in conjunction with customizations that already exist. - All **Customizations** and **Proposed Customizations** are evaluated to determine the change - level. The highest change level is used for the change request. - - Click **Save**. - -8. Click **Save** on the **Edit Change Request** form when you are finished. The **Deployment** - section is only applicable after the change request is approved. - -Your change request is created. - -![Your Change Request is created](/img/product_docs/platgovsalesforce/change_management/change_request_new8_light.webp) - -## Preparing the Change Request for Approval - -Review the change request: - -- Run Impact Analysis -- View the DRD -- Send the Change Request for Approval - -### Run Impact Analysis - -Open the **Impact Analysis** tab and review the information on the tabs: **Can Be Safely Deleted or -Modified**, **Cannot Be Safely Deleted or Modified**, and **Inactive Customizations**. - -Here is an example of items on the **Cannot Be Safely Deleted or Modified** tab. The Customizations -and Impacted Customizations are links to each customization record. - -![Impact Analysis Cannot Be Safely Deleted or Modified tab](/img/product_docs/platgovsalesforce/change_management/change_request_new_impact_analysis.webp) - -Use the **Edit** button to return to the change request and make any required modifications. - -### View the DRD - -Open the **DRD** tab to review the dependency diagram. Use the **Edit** button to return to the -change request and make any required modifications. - -![Open the DRD tab to view the dependency diagram](/img/product_docs/platgovsalesforce/change_management/change_request_drd.webp) - -### Send the Change Request for Approval - -Change request approvers are automatically assigned based on the policy. In this section, you can -add additional approvers, approver notes and begin the approval process. - -1. Click **Edit** to modify the change request. -2. Expand the **Approval** section. - - ![Expand Approval section](/img/product_docs/platgovsalesforce/change_management/change_request_new_approvals.webp) - -3. Add the approval information: - - - **Approval Status**: updates the status of the change request. Typically used for editing - existing change requests. Set the **Approval Status** to **Pending Approval** when you are - ready. - - **Stage**: the type of change project: **Change Request**, **Development Project**, - **Deployment Record**, or **Rollback Record**. This is an informational field. - - **Approver Notes**: optional notes about the change request. - - **Additional Approvers**: any additional approvers. Mandated approvers are set by the policy. - Click **Add/Remove** and select approvers. - -4. Click **Save**. - - ![Change Request Pending Approval](/img/product_docs/platgovsalesforce/change_management/change_request_new_send_approval.webp) - -5. Click **Submit for Approval** to start the process. Approval notifications are sent to the - approvers. - -If you created the Change Request in your sandbox to determine the scope of the change, recreate it -in your Production environment to enable approvals and ongoing tracking. -For new objects that do not yet exist in Production, edit the Change Request and enter the full API -Names of these objects into the Proposed Customization fields in the Scope Section. You can add -multiple API Names by using the Add button. Save the Change Request when complete. diff --git a/docs/platgovsalesforce/change_management/setting_up_policies.md b/docs/platgovsalesforce/change_management/setting_up_policies.md deleted file mode 100644 index cda4cfa466..0000000000 --- a/docs/platgovsalesforce/change_management/setting_up_policies.md +++ /dev/null @@ -1,234 +0,0 @@ -# Set Up Policies - -Change / Approval Policies have two tabs: Details and Related. - -You can create a New Policy, or edit an existing one: - -1. Expand the **Change / Approval Policies** tab. -2. Change the **Recently Viewed** pinned list to **All Policies** to see a list of existing - policies. -3. Click **New** to create a new policy or select an existing policy and click **Edit**. - -## Details - -> Information general information about the policy. -> -> Code and Data Model Changes change control level for code and data model changes. -> -> Automation Changes change control level for approval process, business process, flow, workflow and -> process builder changes. -> -> Sharing and Visibility Changes change control level for role, profile, permission set, data -> security, sharing non material and indirect changes to profile changes. -> -> Integration Changes change control level for external site, identity, and access changes. -> -> Configuration Changes change control level for data quality and general settings changes. -> -> Display and UI Changes change control level for application, label and translation, layout and -> template changes. -> -> Analytics Changes change control level for reports, dashboards, list view, and Einstein changes. -> -> Control Changes change control level for control changes. -> -> Application Configuration Changes (Data) -> -> Health Check Changes change control level for health check changes. -> -> IT Policies preliminary and final approvers. -> -> Customization Policies impacted customization approval. -> -> Management Policies executive approver and approval settings. -> -> Change Enablement Defaults merge approval list, non conforming alerts, and sequential approval -> requests. -> -> **System Information**, **Created By** and **Last Modified By** dates. Informational only, cannot -> be edited. - -Once the policy is saved, **System Information** is added show the **Created By** and **Last -Modified By** user and time stamp. The information you entered on the form is shown on the -**Details** tab. The Related tab is now available to add Customizations and view additional -information and history. - -### Information - -![New Policy form](/img/product_docs/platgovsalesforce/change_management/policy_new1.webp) - -- **Change/Approval Policy Name** -- **Default Policy**: Check if this is the default change/approval policy. -- **Parent Policy**: Search and add a parent policy (if applicable). -- **Active**: Check if the policy is active. - -Set the required Change Level for each Metadata Type. The Default is shown in the form. - -| **Change Level** | **Description** | -| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **Log Changes Only** | Since the system automatically logs all changes, this change level requires no actions for compliance. Any changes to these objects are automatically marked compliant. | -| **Change Request** | Any changes to these objects require an Approved Change Request. | -| **Sandbox Development & Testing** | Any changes to these objects require an Approved Change Request in the Stage Development Project. It also requires that a parent Change Request is attached to the Development Project. | -| **Full Software Development Lifecycle** | Any changes to these objects require an Approved Change Request. | - -### Code and Data Model Changes - -![Code and Data Model Changes](/img/product_docs/platgovsalesforce/change_management/policy_new2.webp) - -### Automation Changes - -![Automation Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new3.webp) - -### Sharing and Visibility Changes - -![Sharing and Visbility Change Level](/img/product_docs/platgovsalesforce/change_management/policy_new4.webp) - -### Integration Changes - -![Integration Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new5.webp) - -### Configuration Changes - -![Configuration Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new6.webp) - -### Display and UI Changes - -![Display / UI Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new7.webp) - -### Analytics Changes - -![Analytics Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new8.webp) - -### Control Changes - -![Control Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new9.webp) - -Controls the change level required for different types of changes. Health Check Changes affect the -way changes are handled for the customization records for each Salesforce Health Check group -(session settings, file upload and security settings), so you can track and report on current -settings. There is a [Health Settings](/docs/platgovsalesforce/customizations/understanding_customization_record.md) tab -for the specific records on the customization record. - -### Application Configuration Changes (Data) - -![Application Configuration Changes (Data)](/img/product_docs/platgovsalesforce/change_management/policy_new16.webp) - -Set objects and fields that are **Tracked Non-blocking** or **Tracked Blocking** to be part of the -policy and require a Ticket and an approval. - -Refer to [Set Up Data Tracking](/docs/platgovsalesforce/change_management/set_up_data_tracking.md) for more information on activating and -validating tracked fields. - -### Health Check Changes - -![Health Check Changes](/img/product_docs/platgovsalesforce/change_management/policy_new16_a.webp) - -Select the change level for **Health Check Changes**: **None**, **Log Changes Only**, **Change -Request**, **Sandbox Development & Testing**, or **Full Software Development Lifecycle**. - -### IT Policies - -![Set IT Policies](/img/product_docs/platgovsalesforce/change_management/policy_new10.webp) - -Specify the **Preliminary Approver**. Enter part of the name to see a matching list. For critical -changes, you can also set a **Final Approver**. This person must approve all changes affected by the -rule. - -### Customization Policies - -![Customization Policies](/img/product_docs/platgovsalesforce/change_management/policy_new12.webp) - -**Require Impacted Customization Approval**: select this option to require approval from all -impacted Customization owners. - -### Management Policies - -![Set Management Policies](/img/product_docs/platgovsalesforce/change_management/policy_new13.webp) - -**Executive Approver**: a business executive who must approve the change. - -**Maximum number of Approvals Required**: approval is granted once the specified number of approvals -is complete. If this field is blank, all approvers must approve. - -**No Order Required**: select this option to allow approvals in any order. If it is not checked, -approvals occur in the order specified. - -### Change Enablement Defaults - -![Change Enablement Defaults](/img/product_docs/platgovsalesforce/change_management/policy_new15.webp) - -**Merge Approval Lists**: select this option to merge lists when multiple policies apply to a -change. - -**Sequential Approval Requests**: select this option to send approval emails one at a time as each -approver approves the change. If not checked, all approvers receive the approval emails at the same -time. - -**Non-conforming Customization Alerts**: select this option to alert Customization Owners if there -is a non-conforming change to their Customization. - -## Related - -The **Related** tab is available once a policy is saved. You can add and view Customizations, Change -Logs, Change Requests and view status and history associated with the Policy. Links are available -for easy navigation to each item. - -Change Logs are created when customizations are added or removed. - -![Policy Related tab](/img/product_docs/platgovsalesforce/change_management/policy_related_tab.webp) - -### Add or Remove Customizations - -You can add or remove customizations from the **Related** tab on the policy. Custom Fields Inherit -the CustomObject Policy when added. - -- New Custom Fields are automatically added to the parent **CustomObject** Policy if it exists. -- Existing Custom Fields are added to the parent **CustomObject** Policy from the Custom Object - customization record. -- Change Logs are generated for customization changes. -- Changes are reported in the **Reports** > **Change Enablement** > **Change/Approval Policy - Changes**. - -1. Open the policy and click the **Related** tab. -2. Click **Add Customizations**. - - ![Add customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) - -3. Select a **Metadata Type** to filter the list. -4. Enter a search term or scroll through the list to locate customizations. -5. Click to select a customization. Use Shift-click or click and drag to select multiple contiguous - items or Ctrl-click to select multiple customizations. - - ![Selecting Customizations](/img/product_docs/platgovsalesforce/change_management/policy_add_customizations2.webp) - -6. Click **Add** to add the customizations to the **Selected Customizations** list. For existing - customizations, select them in the **Selected Customizations** and click **Remove** to take them - out of the list. -7. Click **Save** when complete. - -### Select Change Level by Salesforce Type - -This feature enables you to easily add customizations to the policy based on Salesforce type. It is -available on the **Related** tab on the policy. - -1. Open the policy and click the **Related** tab. -2. Click **Select Change Level by SF Type**. You can set the policy as the **Default** and toggle it - as **Active** in the **Policy Details**. - - ![Adding customizations by Salesforce Type](/img/product_docs/platgovsalesforce/change_management/policy_change_by_sf_type.webp) - -3. Set **Category** and **Sub-Category** filters if you want to narrow the list. Sub-categories are - not available for all Categories. - - ![Set filters for Salesforce type](/img/product_docs/platgovsalesforce/change_management/policy_add_sf_type2.webp) - -4. Click to select a **Salesforce Type** from the **Available Salesforce Type List**. Use - Shift-click or click and drag to select multiple contiguous items or Ctrl-click to select - multiple types. - - ![Add selections to the Selected Salesforce Type List](/img/product_docs/platgovsalesforce/change_management/policy_add_sf_type3.webp) - -5. Click the right arrow to add selections to the **Selected Salesforce Type List**. Click the left - arrow to remove items from the selected list. -6. Click **Save** when complete. A confirmation dialog is displayed. Click **OK** to confirm you - want to add all of the customizations from the selected Salesforce types. diff --git a/docs/platgovsalesforce/change_management/using_change_logs.md b/docs/platgovsalesforce/change_management/using_change_logs.md deleted file mode 100644 index ab79041c01..0000000000 --- a/docs/platgovsalesforce/change_management/using_change_logs.md +++ /dev/null @@ -1,132 +0,0 @@ -# Using Change Logs - -Change Logs allow you to see the type of change, who made the change and view the system notes of -the Salesforce record. Change Logs are accessed from the **Change Logs** tab or through -[Change Enablement Reports](/docs/platgovsalesforce/change_management/change_management_reports.md). - -1. Expand the **Change Logs** tab. -2. Change the **Recently Viewed** pinned list to show the types of Change Logs to view. For - example**, Data tracking Changes** or **Profile and PermissionSet** changes. The **Details** and - **Diff Summary** differ slightly depending on the selected **Metadata Type**. -3. Click a **Change Log Name** to open it. - -You can also open Change Logs from **Netwrix Dashboard** > **Reports** > **Change Enablement**. -Select a report, such as **What Changed** to see a list of Change Logs. - -![changelog-1](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) - -Here is an example change log for a **Profile** Metadata type. - -![changelog_details](/img/product_docs/platgovsalesforce/change_management/changelog_details.webp) - -## Details Tab - -> **Actual Change Date**: Date the Customization was last modified. -> -> **Customization Created By**: User who created the customization. -> -> **Customization Modified By**: User who last modified the customization. -> -> **Customization**: Linked Customization(s) that have changed. -> -> **Metadata Type**: Salesforce metatdata type of the Customization. -> -> **Field Name**: Name of the changed field. -> -> **Active**: Checked if the Customization is active. -> -> **New Customization**: Checked if new customization. -> -> **Package**: Name of the Managed Package if the customizations belong to a managed package. -> -> **Operation**: Flag this field if a change or a new record is created. -> -> **Change Overview**: Overview of the change. -> -> **Data Record Id**: ID of the data record changed. This field is not in all Metadata Types. -> -> **Data Record Name**: Name of the data record changed. This field is not in all Metadata Types. -> -> **Data Record SObject API**: API name of the parent SObject of the data record changed. This field -> is not in all Metadata Types. -> -> **Related Change Request**: Change request related to the change or used to perform regression -> analysis of a non-compliant change. -> -> **Compliant Indicator**: Green flag indicates compliant, red flag indicates non-compliant. -> -> **Non-Compliant**: Checked if the change is non-compliant. -> -> **Compliance**: The change status: **Compliant** or **Non-compliant**. -> -> **Policy**: Policies associated with the Change Log. -> -> **Reason**: Name of the policy violated by the change. -> -> **Filters**: List of filters satisfied for the data record change. If blank, no filters specified. -> This field is not in all Metadata Types. -> -> **Parent Change Log**: Name of the parent change log if applicable. -> -> **Resolution Description**: Description of any steps taken to bring the change back into -> compliance. This field is not in all Metadata Types. -> -> **Short Resolution Description**: Summary description of any steps taken to bring the change back -> into compliance. -> -> **Status**: Current state of the Change Log. This field is manually set. - -### Diff Summary - -The **Diff Summary** section displays the differences in the objects that occurred in the change. -There is an **Export to PDF** option. - -Example Diff Summary for a Data tracking Change Log: - -![Diff Summary for data tracking](/img/product_docs/platgovsalesforce/change_management/diffsummary_data.webp) - -Example Diff Summary for a Profile metadata type Change Log: - -![Change Log Diff Summary](/img/product_docs/platgovsalesforce/change_management/changelog_diff.webp) - -### Values - -The **Values** section displays the **New Value** and **Old Value** of each field after the update. -The **Created By** and **Last Modified By** users and dates are displayed at the end of the list. - -![changelog_values](/img/product_docs/platgovsalesforce/change_management/changelog_values.webp) - -### Audit - -The **Audit** section displays all fields related to an audit. Click the edit icon to edit the -record. - -> **Sampled For Audit**: Select **None**, **Internal** or **External**. -> -> **Audited By**: Auditor selects their user name from the list. -> -> **Internal Audit Comments**: Internal notes added by the Auditor. -> -> **Internal Audit Status**: Select **None**, **Approved**, **Rejected** or **Under Investigation**. -> -> **Last Internal Audit**: User who made the last change in the Internal Audit fields. -> -> **External Audit Comments**: External notes added by the Auditor. -> -> **External Audit Status**: Select **None**, **Approved**, **Rejected** or **Under Investigation**. -> -> **Last External Audit**: User who made the last change in the External Audit fields. - -## Related Tab - -### Change Log History - -**Change Log History** displays the latest history entries by **Date**. The changed **Field**, -**User** making the change, **Original Value** and **New Value** are displayed. If there is a **+** -sign by the number in **Change Log History** header, click **View All** to see the complete history. - -### Notes & Attachments - -**Notes & Attachments** contains uploaded files. Click on a file name to open it. Click **Upload -Files** to add additional files. If there is a **+** sign by the number in the **Notes & -Attachments** header, click **View All** to see the complete file list. diff --git a/docs/platgovsalesforce/changemanagement/_category_.json b/docs/platgovsalesforce/changemanagement/_category_.json new file mode 100644 index 0000000000..2c9e661b45 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Change Management Overview", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "change_management_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/changemanagement/approving_change_request.md b/docs/platgovsalesforce/changemanagement/approving_change_request.md new file mode 100644 index 0000000000..fe854a5e23 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/approving_change_request.md @@ -0,0 +1,31 @@ +--- +title: "Approving a Change Request" +description: "Approving a Change Request" +sidebar_position: 50 +--- + +# Approving a Change Request + +Approvers are populated from the Change/Approval Policy for the Change Request. Approval +notifications are sent when the Change Request owner advances the status to **Pending Approval**. + +1. Approver receives an email with a link to the Change Request. +2. When the Change Request opens, **Approve** and **Reject** buttons are available at the top of the + form: + + - If all approvers approve the Change Request, the status is changed to **Approved**. Implement + the changes specified by the Change Request. + - If an approver rejects the Change Request, the status is changed to **Rejected**. You can + return the Change Request to **In Progress**, edit it, and reset it to **Pending Approval** if + there are errors or omissions. + +3. Change Request owner [Completes and Validates the Change Request](/docs/platgovsalesforce/changemanagement/completing_change_request.md). + +Once the Change Request is approved, you cannot change the customizations attached to the Change +Request. + +You can add the **Strongpoint CR Approval Override** Permission Set to specific users. Users with +this Permission Set can approve a Change Request independent of the governing policy. The default +approve permission is no longer included with the System Administrator role. If you have a System +Administrator or other user you want to be able to approve, assign the **Strongpoint CR Approval +Override** Permission Set. diff --git a/docs/platgovsalesforce/changemanagement/change_and_approval_policy.md b/docs/platgovsalesforce/changemanagement/change_and_approval_policy.md new file mode 100644 index 0000000000..9970fa22a1 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/change_and_approval_policy.md @@ -0,0 +1,65 @@ +--- +title: "Change and Approval Policy" +description: "Change and Approval Policy" +sidebar_position: 20 +--- + +# Change and Approval Policy + +The Advanced Change Management system uses a set of policy records called Change and Approval +Policies. + +Change and Approval Policies define: + +- The level of change management required for a given change (for example, ApexClass modification + vs. a report). +- The level of approval required and the participants in that approval process. + +When Change Requests are created, Platform Governance for Salesforce analyzes the impacted +customizations and processes. It identifies the Change Policy that applies based on the IT risk from +the Customization Record and the process risk from the Process Records. + +The Change and Approval Policy also determines the change level required for any detected changes to +be compliant. This ensures that even changes that do not go through the planned change management +process are analyzed against the policy for compliance. + +For example, a company may have multiple policies: + +1. A **Default Policy** that applies to any customization or process without a specific policy. This + generally requires that scripted changes go through a relatively high level of review compared to + non-scripted changes. +2. A **Controls Policy** that specifically applies to key reports and controls listed on the policy + that need very specific approval to modify and ensures there are no changes without a proper + audit review. +3. A **Custom Object Policy** to manage Custom fields and object. + +Once in place, policies remind users of the level of change management required as well as monitors +the changes that do occur and raises alerts to IT by custom reports if there are any change +violations. + +## Change Process Overview + +Platform Governance for Salesforce automatically detects any changes to the customizations in your +system and log them. The system finds the relevant Change/Approval Policy and determines the change +level required for compliance. It then looks for the relevant change record. For example, if it +determines that a script changed and a Full Software Development Lifecycle was required for +compliance, it looks for an approved Deployment Record. If it does not find one, it flags the change +as non-compliant. An alert is sent to the Object owners notifying them of the non-compliant change. + +1. **Detect the Change**: [Automated Scanner](/docs/platgovsalesforce/installingstrongpoint/setting_up_initial_scan.md) + must be enabled forPlatform Governance for Salesforce to detect a change. +2. **Log the Change**: creates a Change Log. +3. **Locate the Relevant Policy**: locates the correct policy for the object. +4. **Locate the Relevant Change Record**: determines if the change needs a Change Request. +5. **Determine if the Change is Compliant**: + + - If Platform Governance for Salesforce finds the appropriate Change Request or if the change is + **Log Only**, it marks the change as compliant and attaches the Change Log to the Change + Record. + - If Platform Governance for Salesforce determines the change is non-compliant (does not fall + under the relevant policy) it send an alert to IT and Object Owners to investigate the change + and document what needs to be done to make the change compliant. + +6. **Change Reporting and Resolution**: Platform Governance for Salesforce provides predefined + [reports](/docs/platgovsalesforce/changemanagement/change_management_reports.md) you can review as part of your regular Change Management + Process. diff --git a/docs/platgovsalesforce/changemanagement/change_management_overview.md b/docs/platgovsalesforce/changemanagement/change_management_overview.md new file mode 100644 index 0000000000..d2052c06bd --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/change_management_overview.md @@ -0,0 +1,62 @@ +--- +title: "Change Management Overview" +description: "Change Management Overview" +sidebar_position: 80 +--- + +# Change Management Overview + +Platform Governance for Salesforce Closed Loop Change Management and Compliance is an enhanced +change management system for changes to Salesforce accounts using the Platform Governance for +Salesforce automated documentation and change management system. + +Platform Governance for Salesforce extends your current change management system to enable you to: + +- Establish change management policies for different types of objects and processes. +- Route changes for approval within Salesforce. +- Authenticate that changes to the system are in accordance with applicable policies. +- Detect and resolve non-compliant changes. +- Manage deployments and sandbox refreshing using best practices. + +## Plan, Approve and Deploy Changes + +### Plan with a Change Request + +Change Requests are used to plan and track changes to the system. + +They allow for common actions associated with change requests including: + +- Grouping process issues. +- Planning completion targets. +- Tracking the status. +- Managing approvals. + +The **Advanced Change Management** Module provides additional functionality: + +- Automatically define the change level required for compliance based on the appropriate + [Change and Approval Policy](/docs/platgovsalesforce/changemanagement/change_and_approval_policy.md). +- Identify impacts on other customizations. +- Attach and manage test scripts. +- Manage and record Pre and Post-Deployment + [Environment Comparisons](/docs/platgovsalesforce/tools/environment_comparison.md). +- Archive fields. +- Delete customizations. + +Change Management can be integrated with other change tracking systems using the External Change +Request Number field. It is beneficial to use the change records since they can be linked to +processes, customizations and clean up activities. + +### Confirm with a Deployment Record + +When tracking Full Software Development Lifecycle changes, the Deployment Record enables you to +track deployment approvals. Once a Change Request is approved, this documents a change is ready for +development. At this point, a new change request with the Stage Deployment Record can be created and +tracked. + +This enables: + +- Tracking of deployment activities. +- Documentation of approvals for deployment to document that any changes that occurred during + development have been approved and that the appropriate pre-deployment checks have been completed. + +This record is linked to the original change request to enable end to end reporting of the change. diff --git a/docs/platgovsalesforce/changemanagement/change_management_reports.md b/docs/platgovsalesforce/changemanagement/change_management_reports.md new file mode 100644 index 0000000000..97f973899a --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/change_management_reports.md @@ -0,0 +1,50 @@ +--- +title: "Change Enablement Reports" +description: "Change Enablement Reports" +sidebar_position: 10 +--- + +# Change Enablement Reports + +Platform Governance for Salesforce has many different reports you can use to view your changes, +these include: Compliant, Open Non-Compliant and What Changed Reports. + +The **Compliant Changes** and **Unresolved Non-Compliant** reports are the primary reports for +managing changes in your system. They display all changes in the system that are compliant and those +that are not compliant. An additional report called **What Changed?** shows all changes that have +happened. + +To access the Change Reports: + +Open **Netwrix Dashboard** > **Reports** > **Change Enablement** and select one of the reports: + +> **Approval Override**: shows all changes approved with an approval override. +> +> **What Changed?**: shows all changes that have occurred. +> +> **Unresolved Non-Compliant Changes**: displays open non-compliant changes. A non-compliant change +> indicates something was changed without the required approvals. By looking at this report, you can +> investigate changes and get an understanding of what the impacts are and see if any additional +> changes need to be made. This report is used to track changes that require action. +> +> **Managed Package Updates**: displays managed package update details for auditing. +> +> **Resolved Non-Compliant Changes**: displays resolved non-compliant changes with the change +> overview and the difference summary. +> +> **Compliant Changes**: displays all compliant changes. Compliant changes are automatically marked +> as closed. This report is used to review changes that have been automatically cleared. +> +> **Consolidated Change By Type**: displays changes summarized and grouped by Salesforce Type. +> +> **Deployed Changes**: displays an end to end summary of deployed changes to enable tracking and +> reporting of changes to the system. +> +> **Data Tracking Change Logs**: displays changes on objects set for data tracking. +> +> **Change/Approval Policy Changes**: this report is based on Field History Tracking. You can track +> up to 20 fields from the Policy Record. Salesforce starts tracking field history from the date and +> time you turn it on a field. +> +> **Fast Scan for Permissions Changes**: displays all changes detected in PermissionSet, +> PermissionSetGroup, and Profiles by the Fast Scan. diff --git a/docs/platgovsalesforce/change_management/completing_change_request.md b/docs/platgovsalesforce/changemanagement/completing_change_request.md similarity index 86% rename from docs/platgovsalesforce/change_management/completing_change_request.md rename to docs/platgovsalesforce/changemanagement/completing_change_request.md index d5727ea038..77d9ac438f 100644 --- a/docs/platgovsalesforce/change_management/completing_change_request.md +++ b/docs/platgovsalesforce/changemanagement/completing_change_request.md @@ -1,3 +1,9 @@ +--- +title: "Completing and Validating a Change Request" +description: "Completing and Validating a Change Request" +sidebar_position: 60 +--- + # Completing and Validating a Change Request To complete and validate the Change Request: diff --git a/docs/platgovsalesforce/changemanagement/creating_change_request.md b/docs/platgovsalesforce/changemanagement/creating_change_request.md new file mode 100644 index 0000000000..02bf4c204d --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/creating_change_request.md @@ -0,0 +1,154 @@ +--- +title: "Creating a Change Request" +description: "Creating a Change Request" +sidebar_position: 40 +--- + +# Creating a Change Request + +Change requests are the method to plan, analyze, track and approve changes. You can create different +types of Change Requests to match the change you want to manage. Here are two options: + +- **Customization** Change request is used for Metadata changes, such as + [Customizations](/docs/platgovsalesforce/customizations/customizations_overview.md). +- **Data Record** - Change request is used for Data Changes to Revenue Cloud/ + [CPQ](/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md). + +Data Record Change Requests are only available with an Enterprise Compliance license. + +1. Open the **Change Requests** tab. +2. Click **New** + + ![New Change Request](/img/product_docs/platgovsalesforce/change_management/change_request_new_light.webp) + +3. Enter information as needed. + + - **Change Request Name**: add a meaningful name to the change request. + - **Change Request Type**: Customizations for metadata changes and Data Records for data. + - **Parent Change Request**: enter an optional parent change request if this is part of a bigger + change. + - **Change Overview**: add a summary of the desired changes. + - **Change Type**: select the type from the list. **Minor** is the default. + - **Is Release**: check if this change request represents a release. The customizations from all + the child change requests are rolled into this release for deployment. + +4. **Save** the **Change Request**. A confirmation is displayed when the change request is saved. + + ![Continue with the Change Request](/img/product_docs/platgovsalesforce/change_management/change_request_new2_light.webp) + +5. Add or change information as needed: + + - **External Change Request Number** and **External Link** are used for reference if the change + request is coming from an external system. + - **Completion Status**: select a status from the list. This operation can also be performed + after you save the change request and proceed to Impact Analysis. + - **Stage**: the type of change project: **Change Request**, **Development Project**, + **Deployment Record**, or **Rollback Record**. This is an informational field. + - **Change Request Group**: search for groups to add to this change request. + - **Assigned BA**: search for a user to add as the assigned Business Analyst. + - **Release**: search for the parent change request if this change request is part of a release. + +6. Expand the **Customizations** section. **Customizations** is selected by default. Click + **Customizations** to access the **Add/Remove** function. + + ![Expand the Customizations section](/img/product_docs/platgovsalesforce/change_management/change_request_new3_light.webp) + + - Click **Add/Remove** to add existing Customizations to the change request. + + ![Add an existing customization to a change request](/img/product_docs/platgovsalesforce/change_management/change_request_new4_light.webp) + + - Enter filters to search for existing customizations. For this example, the **Metadata + Type** is set to **CustomField**. The matching customizations are displayed. + + ![Enter filters to search for customizations](/img/product_docs/platgovsalesforce/change_management/change_request_new5_light.webp) + + - Select one or more customizations. Use **Search**, **First**, **Previous**, **Next** and + **Last** to navigate through the list if needed. + - Click **Add** to add the customizations to the **Selected Customizations** list. Continue + adding your existing customizations. + - Click **Save**. + +7. Click **Proposed Customizations** to enable the **Add/Remove** option if you want to create new + customizations. + + - Click **Add/Remove**. + + ![Add Proposed Customizations to the Change Request](/img/product_docs/platgovsalesforce/change_management/change_request_new6_light.webp) + + - Click **+** (Add). + + ![Add the information for the proposed customization](/img/product_docs/platgovsalesforce/change_management/change_request_new7_light.webp) + + - Enter the **API Name** and **Salesforce Metadata Type**. Click **+** to add additional + proposed customizations. Can be used in conjunction with customizations that already exist. + All **Customizations** and **Proposed Customizations** are evaluated to determine the change + level. The highest change level is used for the change request. + - Click **Save**. + +8. Click **Save** on the **Edit Change Request** form when you are finished. The **Deployment** + section is only applicable after the change request is approved. + +Your change request is created. + +![Your Change Request is created](/img/product_docs/platgovsalesforce/change_management/change_request_new8_light.webp) + +## Preparing the Change Request for Approval + +Review the change request: + +- Run Impact Analysis +- View the DRD +- Send the Change Request for Approval + +### Run Impact Analysis + +Open the **Impact Analysis** tab and review the information on the tabs: **Can Be Safely Deleted or +Modified**, **Cannot Be Safely Deleted or Modified**, and **Inactive Customizations**. + +Here is an example of items on the **Cannot Be Safely Deleted or Modified** tab. The Customizations +and Impacted Customizations are links to each customization record. + +![Impact Analysis Cannot Be Safely Deleted or Modified tab](/img/product_docs/platgovsalesforce/change_management/change_request_new_impact_analysis.webp) + +Use the **Edit** button to return to the change request and make any required modifications. + +### View the DRD + +Open the **DRD** tab to review the dependency diagram. Use the **Edit** button to return to the +change request and make any required modifications. + +![Open the DRD tab to view the dependency diagram](/img/product_docs/platgovsalesforce/change_management/change_request_drd.webp) + +### Send the Change Request for Approval + +Change request approvers are automatically assigned based on the policy. In this section, you can +add additional approvers, approver notes and begin the approval process. + +1. Click **Edit** to modify the change request. +2. Expand the **Approval** section. + + ![Expand Approval section](/img/product_docs/platgovsalesforce/change_management/change_request_new_approvals.webp) + +3. Add the approval information: + + - **Approval Status**: updates the status of the change request. Typically used for editing + existing change requests. Set the **Approval Status** to **Pending Approval** when you are + ready. + - **Stage**: the type of change project: **Change Request**, **Development Project**, + **Deployment Record**, or **Rollback Record**. This is an informational field. + - **Approver Notes**: optional notes about the change request. + - **Additional Approvers**: any additional approvers. Mandated approvers are set by the policy. + Click **Add/Remove** and select approvers. + +4. Click **Save**. + + ![Change Request Pending Approval](/img/product_docs/platgovsalesforce/change_management/change_request_new_send_approval.webp) + +5. Click **Submit for Approval** to start the process. Approval notifications are sent to the + approvers. + +If you created the Change Request in your sandbox to determine the scope of the change, recreate it +in your Production environment to enable approvals and ongoing tracking. +For new objects that do not yet exist in Production, edit the Change Request and enter the full API +Names of these objects into the Proposed Customization fields in the Scope Section. You can add +multiple API Names by using the Add button. Save the Change Request when complete. diff --git a/docs/platgovsalesforce/change_management/documented_metadata_types.md b/docs/platgovsalesforce/changemanagement/documented_metadata_types.md similarity index 99% rename from docs/platgovsalesforce/change_management/documented_metadata_types.md rename to docs/platgovsalesforce/changemanagement/documented_metadata_types.md index a554b34d9a..76bef48438 100644 --- a/docs/platgovsalesforce/change_management/documented_metadata_types.md +++ b/docs/platgovsalesforce/changemanagement/documented_metadata_types.md @@ -1,3 +1,9 @@ +--- +title: "Documented Metadata Types" +description: "Documented Metadata Types" +sidebar_position: 110 +--- + # Documented Metadata Types You can view the documented Metadata by Type or by Category. diff --git a/docs/platgovsalesforce/change_management/enhanced_cpq_support.md b/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md similarity index 82% rename from docs/platgovsalesforce/change_management/enhanced_cpq_support.md rename to docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md index ad687eb595..e0c2464466 100644 --- a/docs/platgovsalesforce/change_management/enhanced_cpq_support.md +++ b/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md @@ -1,3 +1,9 @@ +--- +title: "Data Tracking" +description: "Data Tracking" +sidebar_position: 90 +--- + # Data Tracking Salesforce CPQ (Configure, Price, Quote Software) sales tool provides accurate pricing with any @@ -26,6 +32,6 @@ You must have an Enterprise Compliance license to benefit from this feature. The basic steps for CPQ data tracking: -1. Ensure your org has been [scanned](/docs/platgovsalesforce/installing_strongpoint/running_scanner.md) at least once. -2. [Set up data tracking](/docs/platgovsalesforce/change_management/set_up_data_tracking.md) for each tracked customization. -3. [Add](/docs/platgovsalesforce/change_management/set_up_data_tracking.md) the tracked customizations to a policy. +1. Ensure your org has been [scanned](/docs/platgovsalesforce/installingstrongpoint/running_scanner.md) at least once. +2. [Set up data tracking](/docs/platgovsalesforce/changemanagement/set_up_data_tracking.md) for each tracked customization. +3. [Add](/docs/platgovsalesforce/changemanagement/set_up_data_tracking.md) the tracked customizations to a policy. diff --git a/docs/platgovsalesforce/change_management/resolving_noncompliant_changes.md b/docs/platgovsalesforce/changemanagement/resolving_noncompliant_changes.md similarity index 75% rename from docs/platgovsalesforce/change_management/resolving_noncompliant_changes.md rename to docs/platgovsalesforce/changemanagement/resolving_noncompliant_changes.md index 4d271b9b3c..9ce90d1e5a 100644 --- a/docs/platgovsalesforce/change_management/resolving_noncompliant_changes.md +++ b/docs/platgovsalesforce/changemanagement/resolving_noncompliant_changes.md @@ -1,7 +1,13 @@ +--- +title: "Resolving Non-Compliant Changes" +description: "Resolving Non-Compliant Changes" +sidebar_position: 80 +--- + # Resolving Non-Compliant Changes Open **Netwrix Dashboard** > **Reports** > **Change Enablement** > **Open NonCompliant Changes** -The Non-Compliant Changes Report gives you a list of the [Change Logs](/docs/platgovsalesforce/change_management/using_change_logs.md). You +The Non-Compliant Changes Report gives you a list of the [Change Logs](/docs/platgovsalesforce/changemanagement/using_change_logs.md). You can filter the report or sort by the column heads. ![Non-Compliant Change Management Report](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) @@ -10,7 +16,7 @@ A noncompliant change means something got changed without the required approvals log to investigate the change. You can retroactively attach a change request to a noncompliant change and get the necessary approvals for the change to be compliant. -1. Create a New [Change Request](/docs/platgovsalesforce/change_management/creating_change_request.md) or open an existing one. +1. Create a New [Change Request](/docs/platgovsalesforce/changemanagement/creating_change_request.md) or open an existing one. 2. Set it to Pending Approval. 3. Once it is approved and complete, set the **Status** of the Change Request to **Complete**. 4. Click on the Change Log namet to open it. diff --git a/docs/platgovsalesforce/change_management/set_up_data_tracking.md b/docs/platgovsalesforce/changemanagement/set_up_data_tracking.md similarity index 98% rename from docs/platgovsalesforce/change_management/set_up_data_tracking.md rename to docs/platgovsalesforce/changemanagement/set_up_data_tracking.md index 2290e96a8e..9d5df521d6 100644 --- a/docs/platgovsalesforce/change_management/set_up_data_tracking.md +++ b/docs/platgovsalesforce/changemanagement/set_up_data_tracking.md @@ -1,3 +1,9 @@ +--- +title: "Set Up Data Tracking" +description: "Set Up Data Tracking" +sidebar_position: 100 +--- + # Set Up Data Tracking Data tracking is used for Salesforce CPQ and any sensitive data fields you want to track. Setting up diff --git a/docs/platgovsalesforce/changemanagement/setting_up_policies.md b/docs/platgovsalesforce/changemanagement/setting_up_policies.md new file mode 100644 index 0000000000..8c08c06a1d --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/setting_up_policies.md @@ -0,0 +1,240 @@ +--- +title: "Set Up Policies" +description: "Set Up Policies" +sidebar_position: 30 +--- + +# Set Up Policies + +Change / Approval Policies have two tabs: Details and Related. + +You can create a New Policy, or edit an existing one: + +1. Expand the **Change / Approval Policies** tab. +2. Change the **Recently Viewed** pinned list to **All Policies** to see a list of existing + policies. +3. Click **New** to create a new policy or select an existing policy and click **Edit**. + +## Details + +> Information general information about the policy. +> +> Code and Data Model Changes change control level for code and data model changes. +> +> Automation Changes change control level for approval process, business process, flow, workflow and +> process builder changes. +> +> Sharing and Visibility Changes change control level for role, profile, permission set, data +> security, sharing non material and indirect changes to profile changes. +> +> Integration Changes change control level for external site, identity, and access changes. +> +> Configuration Changes change control level for data quality and general settings changes. +> +> Display and UI Changes change control level for application, label and translation, layout and +> template changes. +> +> Analytics Changes change control level for reports, dashboards, list view, and Einstein changes. +> +> Control Changes change control level for control changes. +> +> Application Configuration Changes (Data) +> +> Health Check Changes change control level for health check changes. +> +> IT Policies preliminary and final approvers. +> +> Customization Policies impacted customization approval. +> +> Management Policies executive approver and approval settings. +> +> Change Enablement Defaults merge approval list, non conforming alerts, and sequential approval +> requests. +> +> **System Information**, **Created By** and **Last Modified By** dates. Informational only, cannot +> be edited. + +Once the policy is saved, **System Information** is added show the **Created By** and **Last +Modified By** user and time stamp. The information you entered on the form is shown on the +**Details** tab. The Related tab is now available to add Customizations and view additional +information and history. + +### Information + +![New Policy form](/img/product_docs/platgovsalesforce/change_management/policy_new1.webp) + +- **Change/Approval Policy Name** +- **Default Policy**: Check if this is the default change/approval policy. +- **Parent Policy**: Search and add a parent policy (if applicable). +- **Active**: Check if the policy is active. + +Set the required Change Level for each Metadata Type. The Default is shown in the form. + +| **Change Level** | **Description** | +| --------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Log Changes Only** | Since the system automatically logs all changes, this change level requires no actions for compliance. Any changes to these objects are automatically marked compliant. | +| **Change Request** | Any changes to these objects require an Approved Change Request. | +| **Sandbox Development & Testing** | Any changes to these objects require an Approved Change Request in the Stage Development Project. It also requires that a parent Change Request is attached to the Development Project. | +| **Full Software Development Lifecycle** | Any changes to these objects require an Approved Change Request. | + +### Code and Data Model Changes + +![Code and Data Model Changes](/img/product_docs/platgovsalesforce/change_management/policy_new2.webp) + +### Automation Changes + +![Automation Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new3.webp) + +### Sharing and Visibility Changes + +![Sharing and Visbility Change Level](/img/product_docs/platgovsalesforce/change_management/policy_new4.webp) + +### Integration Changes + +![Integration Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new5.webp) + +### Configuration Changes + +![Configuration Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new6.webp) + +### Display and UI Changes + +![Display / UI Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new7.webp) + +### Analytics Changes + +![Analytics Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new8.webp) + +### Control Changes + +![Control Change Levels](/img/product_docs/platgovsalesforce/change_management/policy_new9.webp) + +Controls the change level required for different types of changes. Health Check Changes affect the +way changes are handled for the customization records for each Salesforce Health Check group +(session settings, file upload and security settings), so you can track and report on current +settings. There is a [Health Settings](/docs/platgovsalesforce/customizations/understanding_customization_record.md) tab +for the specific records on the customization record. + +### Application Configuration Changes (Data) + +![Application Configuration Changes (Data)](/img/product_docs/platgovsalesforce/change_management/policy_new16.webp) + +Set objects and fields that are **Tracked Non-blocking** or **Tracked Blocking** to be part of the +policy and require a Ticket and an approval. + +Refer to [Set Up Data Tracking](/docs/platgovsalesforce/changemanagement/set_up_data_tracking.md) for more information on activating and +validating tracked fields. + +### Health Check Changes + +![Health Check Changes](/img/product_docs/platgovsalesforce/change_management/policy_new16_a.webp) + +Select the change level for **Health Check Changes**: **None**, **Log Changes Only**, **Change +Request**, **Sandbox Development & Testing**, or **Full Software Development Lifecycle**. + +### IT Policies + +![Set IT Policies](/img/product_docs/platgovsalesforce/change_management/policy_new10.webp) + +Specify the **Preliminary Approver**. Enter part of the name to see a matching list. For critical +changes, you can also set a **Final Approver**. This person must approve all changes affected by the +rule. + +### Customization Policies + +![Customization Policies](/img/product_docs/platgovsalesforce/change_management/policy_new12.webp) + +**Require Impacted Customization Approval**: select this option to require approval from all +impacted Customization owners. + +### Management Policies + +![Set Management Policies](/img/product_docs/platgovsalesforce/change_management/policy_new13.webp) + +**Executive Approver**: a business executive who must approve the change. + +**Maximum number of Approvals Required**: approval is granted once the specified number of approvals +is complete. If this field is blank, all approvers must approve. + +**No Order Required**: select this option to allow approvals in any order. If it is not checked, +approvals occur in the order specified. + +### Change Enablement Defaults + +![Change Enablement Defaults](/img/product_docs/platgovsalesforce/change_management/policy_new15.webp) + +**Merge Approval Lists**: select this option to merge lists when multiple policies apply to a +change. + +**Sequential Approval Requests**: select this option to send approval emails one at a time as each +approver approves the change. If not checked, all approvers receive the approval emails at the same +time. + +**Non-conforming Customization Alerts**: select this option to alert Customization Owners if there +is a non-conforming change to their Customization. + +## Related + +The **Related** tab is available once a policy is saved. You can add and view Customizations, Change +Logs, Change Requests and view status and history associated with the Policy. Links are available +for easy navigation to each item. + +Change Logs are created when customizations are added or removed. + +![Policy Related tab](/img/product_docs/platgovsalesforce/change_management/policy_related_tab.webp) + +### Add or Remove Customizations + +You can add or remove customizations from the **Related** tab on the policy. Custom Fields Inherit +the CustomObject Policy when added. + +- New Custom Fields are automatically added to the parent **CustomObject** Policy if it exists. +- Existing Custom Fields are added to the parent **CustomObject** Policy from the Custom Object + customization record. +- Change Logs are generated for customization changes. +- Changes are reported in the **Reports** > **Change Enablement** > **Change/Approval Policy + Changes**. + +1. Open the policy and click the **Related** tab. +2. Click **Add Customizations**. + + ![Add customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) + +3. Select a **Metadata Type** to filter the list. +4. Enter a search term or scroll through the list to locate customizations. +5. Click to select a customization. Use Shift-click or click and drag to select multiple contiguous + items or Ctrl-click to select multiple customizations. + + ![Selecting Customizations](/img/product_docs/platgovsalesforce/change_management/policy_add_customizations2.webp) + +6. Click **Add** to add the customizations to the **Selected Customizations** list. For existing + customizations, select them in the **Selected Customizations** and click **Remove** to take them + out of the list. +7. Click **Save** when complete. + +### Select Change Level by Salesforce Type + +This feature enables you to easily add customizations to the policy based on Salesforce type. It is +available on the **Related** tab on the policy. + +1. Open the policy and click the **Related** tab. +2. Click **Select Change Level by SF Type**. You can set the policy as the **Default** and toggle it + as **Active** in the **Policy Details**. + + ![Adding customizations by Salesforce Type](/img/product_docs/platgovsalesforce/change_management/policy_change_by_sf_type.webp) + +3. Set **Category** and **Sub-Category** filters if you want to narrow the list. Sub-categories are + not available for all Categories. + + ![Set filters for Salesforce type](/img/product_docs/platgovsalesforce/change_management/policy_add_sf_type2.webp) + +4. Click to select a **Salesforce Type** from the **Available Salesforce Type List**. Use + Shift-click or click and drag to select multiple contiguous items or Ctrl-click to select + multiple types. + + ![Add selections to the Selected Salesforce Type List](/img/product_docs/platgovsalesforce/change_management/policy_add_sf_type3.webp) + +5. Click the right arrow to add selections to the **Selected Salesforce Type List**. Click the left + arrow to remove items from the selected list. +6. Click **Save** when complete. A confirmation dialog is displayed. Click **OK** to confirm you + want to add all of the customizations from the selected Salesforce types. diff --git a/docs/platgovsalesforce/changemanagement/using_change_logs.md b/docs/platgovsalesforce/changemanagement/using_change_logs.md new file mode 100644 index 0000000000..e17cbb72a3 --- /dev/null +++ b/docs/platgovsalesforce/changemanagement/using_change_logs.md @@ -0,0 +1,138 @@ +--- +title: "Using Change Logs" +description: "Using Change Logs" +sidebar_position: 70 +--- + +# Using Change Logs + +Change Logs allow you to see the type of change, who made the change and view the system notes of +the Salesforce record. Change Logs are accessed from the **Change Logs** tab or through +[Change Enablement Reports](/docs/platgovsalesforce/changemanagement/change_management_reports.md). + +1. Expand the **Change Logs** tab. +2. Change the **Recently Viewed** pinned list to show the types of Change Logs to view. For + example**, Data tracking Changes** or **Profile and PermissionSet** changes. The **Details** and + **Diff Summary** differ slightly depending on the selected **Metadata Type**. +3. Click a **Change Log Name** to open it. + +You can also open Change Logs from **Netwrix Dashboard** > **Reports** > **Change Enablement**. +Select a report, such as **What Changed** to see a list of Change Logs. + +![changelog-1](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) + +Here is an example change log for a **Profile** Metadata type. + +![changelog_details](/img/product_docs/platgovsalesforce/change_management/changelog_details.webp) + +## Details Tab + +> **Actual Change Date**: Date the Customization was last modified. +> +> **Customization Created By**: User who created the customization. +> +> **Customization Modified By**: User who last modified the customization. +> +> **Customization**: Linked Customization(s) that have changed. +> +> **Metadata Type**: Salesforce metatdata type of the Customization. +> +> **Field Name**: Name of the changed field. +> +> **Active**: Checked if the Customization is active. +> +> **New Customization**: Checked if new customization. +> +> **Package**: Name of the Managed Package if the customizations belong to a managed package. +> +> **Operation**: Flag this field if a change or a new record is created. +> +> **Change Overview**: Overview of the change. +> +> **Data Record Id**: ID of the data record changed. This field is not in all Metadata Types. +> +> **Data Record Name**: Name of the data record changed. This field is not in all Metadata Types. +> +> **Data Record SObject API**: API name of the parent SObject of the data record changed. This field +> is not in all Metadata Types. +> +> **Related Change Request**: Change request related to the change or used to perform regression +> analysis of a non-compliant change. +> +> **Compliant Indicator**: Green flag indicates compliant, red flag indicates non-compliant. +> +> **Non-Compliant**: Checked if the change is non-compliant. +> +> **Compliance**: The change status: **Compliant** or **Non-compliant**. +> +> **Policy**: Policies associated with the Change Log. +> +> **Reason**: Name of the policy violated by the change. +> +> **Filters**: List of filters satisfied for the data record change. If blank, no filters specified. +> This field is not in all Metadata Types. +> +> **Parent Change Log**: Name of the parent change log if applicable. +> +> **Resolution Description**: Description of any steps taken to bring the change back into +> compliance. This field is not in all Metadata Types. +> +> **Short Resolution Description**: Summary description of any steps taken to bring the change back +> into compliance. +> +> **Status**: Current state of the Change Log. This field is manually set. + +### Diff Summary + +The **Diff Summary** section displays the differences in the objects that occurred in the change. +There is an **Export to PDF** option. + +Example Diff Summary for a Data tracking Change Log: + +![Diff Summary for data tracking](/img/product_docs/platgovsalesforce/change_management/diffsummary_data.webp) + +Example Diff Summary for a Profile metadata type Change Log: + +![Change Log Diff Summary](/img/product_docs/platgovsalesforce/change_management/changelog_diff.webp) + +### Values + +The **Values** section displays the **New Value** and **Old Value** of each field after the update. +The **Created By** and **Last Modified By** users and dates are displayed at the end of the list. + +![changelog_values](/img/product_docs/platgovsalesforce/change_management/changelog_values.webp) + +### Audit + +The **Audit** section displays all fields related to an audit. Click the edit icon to edit the +record. + +> **Sampled For Audit**: Select **None**, **Internal** or **External**. +> +> **Audited By**: Auditor selects their user name from the list. +> +> **Internal Audit Comments**: Internal notes added by the Auditor. +> +> **Internal Audit Status**: Select **None**, **Approved**, **Rejected** or **Under Investigation**. +> +> **Last Internal Audit**: User who made the last change in the Internal Audit fields. +> +> **External Audit Comments**: External notes added by the Auditor. +> +> **External Audit Status**: Select **None**, **Approved**, **Rejected** or **Under Investigation**. +> +> **Last External Audit**: User who made the last change in the External Audit fields. + +## Related Tab + +### Change Log History + +**Change Log History** displays the latest history entries by **Date**. The changed **Field**, +**User** making the change, **Original Value** and **New Value** are displayed. If there is a **+** +sign by the number in **Change Log History** header, click **View All** to see the complete history. + +### Notes & Attachments + +**Notes & Attachments** contains uploaded files. Click on a file name to open it. Click **Upload +Files** to add additional files. If there is a **+** sign by the number in the **Notes & +Attachments** header, click **View All** to see the complete file list. diff --git a/docs/platgovsalesforce/clean_up/cleanup_customizations.md b/docs/platgovsalesforce/clean_up/cleanup_customizations.md deleted file mode 100644 index 5c8fc3ab50..0000000000 --- a/docs/platgovsalesforce/clean_up/cleanup_customizations.md +++ /dev/null @@ -1,67 +0,0 @@ -# Cleaning Up Customizations - -Use these processes to Clean up Individual Customization or Clean Up Multiple Customizations. - -## Clean up Individual Customization - -1. Open the customization. -2. Open the **Improvement** tab. -3. Under **Clean Up Status**, select a status: - - - **To Be Cleaned Up** - - **Send Request Info Emails** - - **Under Investigation** - - **Disabled / Hidden** - - **Archived** - - **Deleted** - - **Ignore** - - **Fix ScriptID** - - **Reassign Owner** - - **Closed** - -4. Under **Clean Up Comments**, add notes to help with clean up. -5. Attach to a **Change Request** associated with the customization (optional). -6. Assign a **Change/Approval Policy** if there is an object specific policy (optional). -7. Under **Clean-Up Classification**, add an overview of the clean up. - -![improvementtab](/img/product_docs/platgovsalesforce/clean_up/improvementtab.webp) - -## Clean Up Multiple Customizations - -1. Go to the **Customizations** tab. -2. Create a new list view for clean up by clicking on **Create New View**. -3. Enter a **View Name** and a **View Unique Name**. -4. Specify the filter criteria: - - - **Filter By Owner**: choose All Customizations or My Customizations. - - **Filter By Additional Fields**: choose Salesforce Type equals Report and Record Type equals - Report. - -5. Select fields to display: - - - **Clean Up Classification** - - **Clean Up Comments** - - **Clean Up Status** - - ![createlist_view_for_cleanup](/img/product_docs/platgovsalesforce/clean_up/createlist_view_for_cleanup.webp) - -6. Restrict Visibility. You can choose to have the list view: - -- Only visible to you, -- Visible to all users or -- Visible to certain groups of users. - -7. Click **Save**. -8. Once your list view has been created, you can multi-select customizations for clean up by - checking the box beside **Action**. - - ![multi_select_cleanup](/img/product_docs/platgovsalesforce/clean_up/multi_select_cleanup.webp) - -9. You can now choose what you want to edit for the multiple customizations selected. - For example, if you want to change the clean up status: -10. Go to **Edit Clean Up Status**. -11. Select a status such as To Be Cleaned Up. -12. Choose to **Apply changes to: All the selected records**. -13. Click **Save**. - - ![flagging_mass_customizations](/img/product_docs/platgovsalesforce/clean_up/flagging_mass_customizations.webp) diff --git a/docs/platgovsalesforce/clean_up/cleanup_overview.md b/docs/platgovsalesforce/clean_up/cleanup_overview.md deleted file mode 100644 index d9d8675013..0000000000 --- a/docs/platgovsalesforce/clean_up/cleanup_overview.md +++ /dev/null @@ -1,104 +0,0 @@ -# Clean Up Overview - -Clean up involves some or all of the following steps: - -1. Identify and remove unused customizations (either individual or multiple): - -- Completely unused -- Useless or inefficient - -2. Identify and fix improperly set-up customizations (eg. no help text, inactive owner). -3. Describe each object and its clean up task (under the improvements tab.) -4. Assign change/approval policy. - -## Clean Up Tools - -There is a series of built in Clean Up Tools to enable Administrators to clean up their account in -an organized and efficient manner. There are many types of clean up, but they generally follow the -same steps: - -1. Select the approach -2. Analyze and organize the results -3. Create a Change Request (if required) -4. Manage the clean up as appropriate -5. Run the scanner - -Always check the Last Date Scanned on any object and re-scan that object if necessary to ensure the -information about that object is up to date. - -### Select the Approach - -Clean up: - -- Unused Customizations -- Unused Custom Fields -- Unused Scripts -- Unused Reports - -Customizations that do not follow best practices: - -- Customizations with No Related Process -- Customizations with No Description -- Customizations with No Help Text -- Customizations with No Active Owner - -Depending on what you want to clean up, you can view clean up reports from the Strongpoint tab under -Reports and then choosing Clean Up. You can also find the clean up reports at the bottom of the -Strongpoint homepage under Strongpoint Features and Reports. - -You can clean up individual or multiple customizations by going to the Customization tab and -selecting **Create New View**. Use the filters to generate your list. - -Before moving on to other clean up activities, it is often a good idea to delete unused -customizations that are highly likely safe to delete, such as fields that have not been used in -years or that are not used by any other customization. - -### Analyze and Organize the Results - -Once you have selected the customizations that you want to clean up and have created a New View, you -can analyze the results. The results can then be sorted and filtered and are required to group and -manage the output for subsequent steps. You may chose to clean up based on Salesforce type and -record type (among other options). - -Every Customization record has a Clean-Up Status field that enables us to track the status of the -clean-up process for that object. - -The statuses are: - -- **To Be Cleaned Up**: Flags the customization to be cleaned up. -- **Send Request Info Emails**: Triggers an email warning that the customization is about to be - deleted. -- **Under Investigation**: Flags the customization as under investigation. -- **Disabled/Hidden**: Tracks that the customization has been disabled. -- **Archived**: Tracks that the data / set-up was archived. -- **Deleted**: Tracks that the customization has been deleted. The doc will be inactivated. -- **Ignore**: Removes it from the searches. -- **Fix ScriptID:** Changes the ID of the script. -- **Reassign Owner**: Changes the owner. -- **Closed**: Flags the clean up status as closed. - -### Create Change Requests (if required) - -Some changes such as deletion, changes to scriptID and Help impact the customization itself. For -these types of changes we recommend creating a Change Request. However, for clean up, you can create -new change requests and assign them to the customizations. In the results view, **Create Change -Request** creates a new change request. Once that is added to that customization it appears under -**Related Change Requests**. You can have multiple customizations assigned to multiple change -requests as appropriate. - -### Manage the Change or Clean Up - -You can find more information about how to use the Change Request under -[Managing Change](/docs/platgovsalesforce/change_management/change_management_overview.md). Once the appropriate -investigations are conducted and approvals are obtained the customization can be changed as -appropriate based on company policies and procedures. - -Some of the items being changed, such as the description or owner, can be direct list edited or bulk -edited like any other Salesforce data directly in a Platform Governance for Salesforce view such as -**Unused Fields**. - -### Run the Scanner - -At the end of the process of updating the customization record(s), the account should be scanned to -update the documentation for the customization changes. It can be re-scanned for just the specific -record type that was changed. diff --git a/docs/platgovsalesforce/clean_up/cleanup_reports.md b/docs/platgovsalesforce/clean_up/cleanup_reports.md deleted file mode 100644 index a4c10f1c3e..0000000000 --- a/docs/platgovsalesforce/clean_up/cleanup_reports.md +++ /dev/null @@ -1,81 +0,0 @@ -# Running Clean Up Reports - -Platform Governance for Salesforce provides predefined reports to help you clean up your Salesforce -Instance. The reports are available by opening **Netwrix Dashboard** > **Reports** > **Clean Up** -and selecting a report: - -- Default Clean Up List View -- Open Clean Up Status -- Clean Up Waiting for Info -- Customizations Excluded from Clean Up -- Unused Fields -- Unused Apex Code -- Unused Reports -- Customizations with Inactive Owners -- Customizations without Related Processes -- Custom Fields without Help Text -- Custom Fields without Description - -## Using the Reports - -- **Filters**: Open the filters to see the criteria used for the report. You can modify the unlocked - filters to narrow the focus of the results. -- **Column Sort Order**: Use the toggler in the column heads to change the sort order of the results - based on the selected column. -- **Links**: Use the linked fields to open details about the customization or user. - -### Default Clean Up List View - -The results list all customizations of Record type **Objects & Fields**, starting with API Name -**Account**, Salesforce Type **CustomField** and used less than **180 Days Ago**. - -### Open Clean Up Status - -This report enables you to find customizations that have been identified and noted for clean up. - -### Clean Up Waiting for Info - -The results list customizations flagged with clean up status **Send Request Info Emails.** - -### Customizations Excluded from Clean Up - -The results list active customizations flagged with clean up status **Ignore**. - -### Unused Fields - -The results list all of the unused custom fields. - -### Unused Apex Code - -The results list Apex code not used in the past 6 months. - -### Unused Reports - -The results list all of the unused reports. - -### Customizations with Inactive Owners - -Ownership of customizations is important for clean up and accountability in the system. - -The results list customizations with owners who are either: - -- Not active in Salesforce -- Do not have access to Platform Governance for Salesforce - -### Customizations without Related Processes - -The results list all customizations with no process assigned. - -### Custom Fields without Help Text - -Help and Descriptions enable users to more efficiently use the system. The results list -customizations missing help. - -To fix, open the customization, click **Update Description and Help Text**. - -### Custom Fields without Description - -Help and Descriptions enable users to more efficiently use the system. The results list -customizations missing descriptions. - -To fix, open the customization, click **Update Description and Help Text**. diff --git a/docs/platgovsalesforce/clean_up/date_last_used.md b/docs/platgovsalesforce/clean_up/date_last_used.md deleted file mode 100644 index c7040e80c2..0000000000 --- a/docs/platgovsalesforce/clean_up/date_last_used.md +++ /dev/null @@ -1,187 +0,0 @@ -# Date Last Used - -Date Last Used (DLU) captures changes triggered by users or other customizations. Specifically, the -last date the Customization, or the data it contains, was created, changed, accessed, processed or -used.The DLU value indicates that the customization was used at least as late as the DLU. It does -not indicate if it was used earlier. If DLU is blank, it indicates there in no verified date. - -> DLU CustomField Details -> -> Setting the DLU Expiration -> -> DLU Metadata Types -> -> Excluded Metadata Extended Types -> -> DLU Scheduler - -## DLU CustomField Details - -CustomField usage data improves the accuracy and usefulness of the Date Last Used, enabling you to -make better decisions about the value of maintaining specific CustomFields. Usage data includes: - -- how often the field has data (_frequency_) -- how recently the field has been used (_recency_) - -DLU analysis should only be performed in Production orgs. Sandbox orgs do not reflect actual usage. - -**Usage data fields:** - -- **% Populated** displays the percentage of Records with the field populated (not blank). Fields - with low usage are clean up candidates. For example, if the field appears on 1000 records, but - there is only data on 400 of the records, it is 40% populated. -- **DLU** is now defined to be the last time the field was updated with **Field History Tracking** - enabled. Field History Tracking ensures the DLU is accurate. If Field History Tracking is later - disabled, the DLU no longer updates and the data may not be accurate. The new Date DLU Analyzed - and DLU Status provide additional insight. -- **Date DLU Analyzed** displays the last time the scanner was run with Field History Tracking - enabled. -- **Parent Last Update Date** is set to the **CreatedDate** of the most-recently-created Record with - the CustomField populated. This provides usage recency information when Field History Tracking is - disabled. **CreatedDate** is more accurate for the CustomField than the **LastModifiedDate** for - the record. -- **DLU Status** displays the current status: - | DLU Status | DLU | Field History Tracking | Date DLU Analyzed | Parent Last Update Date | | --- - | --- | --- | --- | --- | | Unavailable | Blank | Never enabled for this field. | Blank | - Populated | | Pending | Blank | Enabled. Waiting for the scanner to run. | Blank | Populated | | - Current | Populated | Enabled. DLU is current and accurate using automated nightly scans. | Today - | Blank | | Recent | Populated, May be stale | Disabled. Last scan when enabled was within the - past three months. Three months is the default time period. See Setting the DLU Expiration. | - Within set time period | Populated | | Expired | Populated, May be stale | Disabled. Last scan - when enabled was longer than three months ago. Three months is the default time period. See - Setting the DLU Expiration. | Older than set time period | Populated | - -If **Field History Tracking** is enabled for a CustomField with a **DLU Status** of either -**Recent** or **Expired**, the status is changed to **Pending**. Here is an example: - -![Example of the DLU status fields for a CustomField](/img/product_docs/platgovsalesforce/clean_up/dlu_status_example_customfield.webp) - -### Notes - -- When Field History Tracking is enabled, the **DLU** is accurate, and the **Parent Last Update - Date** is blank. -- If Field History Tracking has never been enabled, only **Parent Last Update Date** has a value. - Use **Parent Last Update Date**and **% Populated** together to get a sense of the usage. -- If Field History Tracking was enabled and later disabled, there are values in **DLU** and **Parent - Last Update Date**. Generally, you would use the most recent of the two together with **% - Populated** to get a sense of usage. If **DLU Status** is Expired, it is probably safe to ignore - **DLU**. - -### Setting the DLU Expiration - -The DLU Parameters specify the number of months to wait before changing the DLU Status from Recent -to Expired for a CustomField. This only applies to a CustomField where **Field Tracking History** -has been disabled. To change the time period: - -1. Open **Setup** -2. Expand **Custom Code** -3. Select **Custom Metadata Types** - - ![Open Custom Metadata Types](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types.webp) - -4. Click **Manage Records** by **Strongpoint DLU Parameter** - - ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) - -5. Click **Edit** by **DLU Expiration** - - ![Edit the parameters](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_para.webp) - -6. Set the **DLU Expiration (Months)**. The default is three. -7. Click **Save**. - -## DLU Metadata Types - -Metadata types marked with an **\*** must have the **Event Logs** enabled to gather DLU information. -DLU can be used for the following metadata types: - -| Salesforce Family Types & Joins | Metadata Types | DLU | -| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| Workflow | Workflow Rule | Date workflow rule was last run. | -| Workflow Approva lProcess Flow Validation Rule | Last date base record updated, if enabled | | -| Scripts | Apex Class**\*** Apex Trigger**\*** Apex Component**\*** Lightning Component Lightning Web Component | The last date the code was triggered by any script based on the log of the last time it was run. | -| Forms | Layout Compact Layout | If assigned to a profile, it is the date the last record that belongs to the layout was updated . | -| Apex Page**\*** | The last date the page was accessed (the code was triggered). | | -| Reports | Report | Last date report was run. | -| Dashboard | Last date dashboard report was run. | | -| Report Type | Last date report using the report type was run. | | -| Analytic Snapshot | Last date a dashboard it is on or dependent script was run. | | -| List View | Last date the List View was accessed. | | -| Data Sources | Standard Field | Last date the value changed. | -| Standard Object Custom Object | Last date a record was saved. | | -| Custom Field | Last date the value changed or if formula field, the maximum last date of the fields in the formula. | | -| Dependent Fields | Custom Field Lookup | Minimum of the DLU of the record it exists on and the DLU of the source field. | -| Profiles and Roles | User | Last login by the user. | -| Role | Calculated based on the last time someone logged in with that role. | | -| Profile | Calculated based on the last time someone logged in with that profile. | | -| Permission Set | Calculated based on the last time someone logged in with that permission set. | | -| Package | Text that displays the name of the package | Maximum DLU of object in the package. | -| Extended Types (Other) | App Menu | DLU of the parent Custom Application. | -| Assignment Rules | Date rule was last run. | | -| Auto Response Rules | Date Auto Response rule was last run. | | -| Call Center | | | -| Connected App | Date App was last run. | | -| Custom Application | Maximum DLU of customizations belonging to the application. | | -| Criteria Based Sharing Rule | Maximum of related Sharing Rules. | | -| Custom Application Component | Maximum DLU from parent applications. | | -| Custom Label | Maximum DLU of related field. | | -| Custom Metadata | Date modified of the object that has the value in the metadata. | | -| Custom Object Translation | DLU of the parent object. | | -| Custom Page Web Link | DLU of the APEX page. | | -| Custom Permission | DLU of a profile that has the custom permission. | | -| Custom Tab | DLU of the parent Custom Application. | | -| Document | Last time the file was opened or accessed by the system. | | -| Email Template | Date Template was last used to send emails. | | -| Escalation Rules | Date rule was last run. | | -| Field Set | Last date a field value changed. | | -| Flow Definition | Date flow last accessed. | | -| Global Picklist | Maximum DLU of fields that use the picklist. | | -| Group | Last time someone from the group accessed the system (always employees). | | -| Installed Package | Maximum DLU of component of the package | | -| Letterhead | Last date template accessed. | | -| Matching Rule | Date rule was last run. | | -| Post Template | Date Template was last used to send emails. | | -| Queue | Maximum DLU of code / workflow run on the Queue. | | -| Record Type | Maximum DLU of fields that use the record type. | | -| Sharing Rules | Date rule was last run. | | -| Static Resource | Max of last access date (document) or DLU code referencing it. | | -| Synonym Dictionary | Maximum DLU of related fields. | | -| Territory2 | Date Territory2 rule was last run. | | -| Territory2 Model | Date Territory2 rule was last run. | | -| Territory2 Rule | Date rule was last run. | | -| Territory2 Type | Date Territory2 rule was last run. | | -| Translations | Maximum DLU of related fields. | | - -## Excluded Metadata Extended Types - -DLU is not used for the following metadata Extended Types: - -| | | -| --------------------------- | ------------------------ | -| Action Link Group Template | Aura Definition Bundle | -| Auth Provider | Business Process | -| Certificate | Cors Whitelist Origin | -| Custom Feed Filter | Custom Site | -| Data Category Group | Delegate Group | -| Embedded Service Config | Event Delivery | -| Event Subscription | External Data Source | -| Flexi Page | Home Page Component | -| Home Page Layout | Named Credential | -| Path Assistant | Platform Cache Partition | -| Portal | Quick Action | -| Remote Site Setting | Saml Sso Config | -| S control | Sharing Reason | -| Sharing Set | Site Dot Com | -| Transaction Security Policy | Web Link | - -## DLU Scheduler - -The [Scheduler](/docs/platgovsalesforce/scanners/scheduler.md) is where you can add frequency, day and time for processes -to run. Under **Field Usage and DLU**, you can set up the scheduler to update the last used date -field on customizations with the date the metadata was last used. It populates information for field -usage on custom fields and custom objects and catch any permission set assignments related to users. - -![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) - -Once the scheduler has been set up, you can view the DLU under the **Metadata** tab on the -customization record. diff --git a/docs/platgovsalesforce/cleanup/_category_.json b/docs/platgovsalesforce/cleanup/_category_.json new file mode 100644 index 0000000000..a9282dc28e --- /dev/null +++ b/docs/platgovsalesforce/cleanup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Clean Up Overview", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "cleanup_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/cleanup/cleanup_customizations.md b/docs/platgovsalesforce/cleanup/cleanup_customizations.md new file mode 100644 index 0000000000..9be5ed7900 --- /dev/null +++ b/docs/platgovsalesforce/cleanup/cleanup_customizations.md @@ -0,0 +1,73 @@ +--- +title: "Cleaning Up Customizations" +description: "Cleaning Up Customizations" +sidebar_position: 20 +--- + +# Cleaning Up Customizations + +Use these processes to Clean up Individual Customization or Clean Up Multiple Customizations. + +## Clean up Individual Customization + +1. Open the customization. +2. Open the **Improvement** tab. +3. Under **Clean Up Status**, select a status: + + - **To Be Cleaned Up** + - **Send Request Info Emails** + - **Under Investigation** + - **Disabled / Hidden** + - **Archived** + - **Deleted** + - **Ignore** + - **Fix ScriptID** + - **Reassign Owner** + - **Closed** + +4. Under **Clean Up Comments**, add notes to help with clean up. +5. Attach to a **Change Request** associated with the customization (optional). +6. Assign a **Change/Approval Policy** if there is an object specific policy (optional). +7. Under **Clean-Up Classification**, add an overview of the clean up. + +![improvementtab](/img/product_docs/platgovsalesforce/clean_up/improvementtab.webp) + +## Clean Up Multiple Customizations + +1. Go to the **Customizations** tab. +2. Create a new list view for clean up by clicking on **Create New View**. +3. Enter a **View Name** and a **View Unique Name**. +4. Specify the filter criteria: + + - **Filter By Owner**: choose All Customizations or My Customizations. + - **Filter By Additional Fields**: choose Salesforce Type equals Report and Record Type equals + Report. + +5. Select fields to display: + + - **Clean Up Classification** + - **Clean Up Comments** + - **Clean Up Status** + + ![createlist_view_for_cleanup](/img/product_docs/platgovsalesforce/clean_up/createlist_view_for_cleanup.webp) + +6. Restrict Visibility. You can choose to have the list view: + +- Only visible to you, +- Visible to all users or +- Visible to certain groups of users. + +7. Click **Save**. +8. Once your list view has been created, you can multi-select customizations for clean up by + checking the box beside **Action**. + + ![multi_select_cleanup](/img/product_docs/platgovsalesforce/clean_up/multi_select_cleanup.webp) + +9. You can now choose what you want to edit for the multiple customizations selected. + For example, if you want to change the clean up status: +10. Go to **Edit Clean Up Status**. +11. Select a status such as To Be Cleaned Up. +12. Choose to **Apply changes to: All the selected records**. +13. Click **Save**. + + ![flagging_mass_customizations](/img/product_docs/platgovsalesforce/clean_up/flagging_mass_customizations.webp) diff --git a/docs/platgovsalesforce/cleanup/cleanup_overview.md b/docs/platgovsalesforce/cleanup/cleanup_overview.md new file mode 100644 index 0000000000..8172c99b22 --- /dev/null +++ b/docs/platgovsalesforce/cleanup/cleanup_overview.md @@ -0,0 +1,110 @@ +--- +title: "Clean Up Overview" +description: "Clean Up Overview" +sidebar_position: 90 +--- + +# Clean Up Overview + +Clean up involves some or all of the following steps: + +1. Identify and remove unused customizations (either individual or multiple): + +- Completely unused +- Useless or inefficient + +2. Identify and fix improperly set-up customizations (eg. no help text, inactive owner). +3. Describe each object and its clean up task (under the improvements tab.) +4. Assign change/approval policy. + +## Clean Up Tools + +There is a series of built in Clean Up Tools to enable Administrators to clean up their account in +an organized and efficient manner. There are many types of clean up, but they generally follow the +same steps: + +1. Select the approach +2. Analyze and organize the results +3. Create a Change Request (if required) +4. Manage the clean up as appropriate +5. Run the scanner + +Always check the Last Date Scanned on any object and re-scan that object if necessary to ensure the +information about that object is up to date. + +### Select the Approach + +Clean up: + +- Unused Customizations +- Unused Custom Fields +- Unused Scripts +- Unused Reports + +Customizations that do not follow best practices: + +- Customizations with No Related Process +- Customizations with No Description +- Customizations with No Help Text +- Customizations with No Active Owner + +Depending on what you want to clean up, you can view clean up reports from the Strongpoint tab under +Reports and then choosing Clean Up. You can also find the clean up reports at the bottom of the +Strongpoint homepage under Strongpoint Features and Reports. + +You can clean up individual or multiple customizations by going to the Customization tab and +selecting **Create New View**. Use the filters to generate your list. + +Before moving on to other clean up activities, it is often a good idea to delete unused +customizations that are highly likely safe to delete, such as fields that have not been used in +years or that are not used by any other customization. + +### Analyze and Organize the Results + +Once you have selected the customizations that you want to clean up and have created a New View, you +can analyze the results. The results can then be sorted and filtered and are required to group and +manage the output for subsequent steps. You may chose to clean up based on Salesforce type and +record type (among other options). + +Every Customization record has a Clean-Up Status field that enables us to track the status of the +clean-up process for that object. + +The statuses are: + +- **To Be Cleaned Up**: Flags the customization to be cleaned up. +- **Send Request Info Emails**: Triggers an email warning that the customization is about to be + deleted. +- **Under Investigation**: Flags the customization as under investigation. +- **Disabled/Hidden**: Tracks that the customization has been disabled. +- **Archived**: Tracks that the data / set-up was archived. +- **Deleted**: Tracks that the customization has been deleted. The doc will be inactivated. +- **Ignore**: Removes it from the searches. +- **Fix ScriptID:** Changes the ID of the script. +- **Reassign Owner**: Changes the owner. +- **Closed**: Flags the clean up status as closed. + +### Create Change Requests (if required) + +Some changes such as deletion, changes to scriptID and Help impact the customization itself. For +these types of changes we recommend creating a Change Request. However, for clean up, you can create +new change requests and assign them to the customizations. In the results view, **Create Change +Request** creates a new change request. Once that is added to that customization it appears under +**Related Change Requests**. You can have multiple customizations assigned to multiple change +requests as appropriate. + +### Manage the Change or Clean Up + +You can find more information about how to use the Change Request under +[Managing Change](/docs/platgovsalesforce/changemanagement/change_management_overview.md). Once the appropriate +investigations are conducted and approvals are obtained the customization can be changed as +appropriate based on company policies and procedures. + +Some of the items being changed, such as the description or owner, can be direct list edited or bulk +edited like any other Salesforce data directly in a Platform Governance for Salesforce view such as +**Unused Fields**. + +### Run the Scanner + +At the end of the process of updating the customization record(s), the account should be scanned to +update the documentation for the customization changes. It can be re-scanned for just the specific +record type that was changed. diff --git a/docs/platgovsalesforce/cleanup/cleanup_reports.md b/docs/platgovsalesforce/cleanup/cleanup_reports.md new file mode 100644 index 0000000000..35f956e29d --- /dev/null +++ b/docs/platgovsalesforce/cleanup/cleanup_reports.md @@ -0,0 +1,87 @@ +--- +title: "Running Clean Up Reports" +description: "Running Clean Up Reports" +sidebar_position: 10 +--- + +# Running Clean Up Reports + +Platform Governance for Salesforce provides predefined reports to help you clean up your Salesforce +Instance. The reports are available by opening **Netwrix Dashboard** > **Reports** > **Clean Up** +and selecting a report: + +- Default Clean Up List View +- Open Clean Up Status +- Clean Up Waiting for Info +- Customizations Excluded from Clean Up +- Unused Fields +- Unused Apex Code +- Unused Reports +- Customizations with Inactive Owners +- Customizations without Related Processes +- Custom Fields without Help Text +- Custom Fields without Description + +## Using the Reports + +- **Filters**: Open the filters to see the criteria used for the report. You can modify the unlocked + filters to narrow the focus of the results. +- **Column Sort Order**: Use the toggler in the column heads to change the sort order of the results + based on the selected column. +- **Links**: Use the linked fields to open details about the customization or user. + +### Default Clean Up List View + +The results list all customizations of Record type **Objects & Fields**, starting with API Name +**Account**, Salesforce Type **CustomField** and used less than **180 Days Ago**. + +### Open Clean Up Status + +This report enables you to find customizations that have been identified and noted for clean up. + +### Clean Up Waiting for Info + +The results list customizations flagged with clean up status **Send Request Info Emails.** + +### Customizations Excluded from Clean Up + +The results list active customizations flagged with clean up status **Ignore**. + +### Unused Fields + +The results list all of the unused custom fields. + +### Unused Apex Code + +The results list Apex code not used in the past 6 months. + +### Unused Reports + +The results list all of the unused reports. + +### Customizations with Inactive Owners + +Ownership of customizations is important for clean up and accountability in the system. + +The results list customizations with owners who are either: + +- Not active in Salesforce +- Do not have access to Platform Governance for Salesforce + +### Customizations without Related Processes + +The results list all customizations with no process assigned. + +### Custom Fields without Help Text + +Help and Descriptions enable users to more efficiently use the system. The results list +customizations missing help. + +To fix, open the customization, click **Update Description and Help Text**. + +### Custom Fields without Description + +Help and Descriptions enable users to more efficiently use the system. The results list +customizations missing descriptions. + +To fix, open the customization, click **Update Description and Help Text**. diff --git a/docs/platgovsalesforce/cleanup/date_last_used.md b/docs/platgovsalesforce/cleanup/date_last_used.md new file mode 100644 index 0000000000..ca0100c64d --- /dev/null +++ b/docs/platgovsalesforce/cleanup/date_last_used.md @@ -0,0 +1,193 @@ +--- +title: "Date Last Used" +description: "Date Last Used" +sidebar_position: 40 +--- + +# Date Last Used + +Date Last Used (DLU) captures changes triggered by users or other customizations. Specifically, the +last date the Customization, or the data it contains, was created, changed, accessed, processed or +used.The DLU value indicates that the customization was used at least as late as the DLU. It does +not indicate if it was used earlier. If DLU is blank, it indicates there in no verified date. + +> DLU CustomField Details +> +> Setting the DLU Expiration +> +> DLU Metadata Types +> +> Excluded Metadata Extended Types +> +> DLU Scheduler + +## DLU CustomField Details + +CustomField usage data improves the accuracy and usefulness of the Date Last Used, enabling you to +make better decisions about the value of maintaining specific CustomFields. Usage data includes: + +- how often the field has data (_frequency_) +- how recently the field has been used (_recency_) + +DLU analysis should only be performed in Production orgs. Sandbox orgs do not reflect actual usage. + +**Usage data fields:** + +- **% Populated** displays the percentage of Records with the field populated (not blank). Fields + with low usage are clean up candidates. For example, if the field appears on 1000 records, but + there is only data on 400 of the records, it is 40% populated. +- **DLU** is now defined to be the last time the field was updated with **Field History Tracking** + enabled. Field History Tracking ensures the DLU is accurate. If Field History Tracking is later + disabled, the DLU no longer updates and the data may not be accurate. The new Date DLU Analyzed + and DLU Status provide additional insight. +- **Date DLU Analyzed** displays the last time the scanner was run with Field History Tracking + enabled. +- **Parent Last Update Date** is set to the **CreatedDate** of the most-recently-created Record with + the CustomField populated. This provides usage recency information when Field History Tracking is + disabled. **CreatedDate** is more accurate for the CustomField than the **LastModifiedDate** for + the record. +- **DLU Status** displays the current status: + | DLU Status | DLU | Field History Tracking | Date DLU Analyzed | Parent Last Update Date | | --- + | --- | --- | --- | --- | | Unavailable | Blank | Never enabled for this field. | Blank | + Populated | | Pending | Blank | Enabled. Waiting for the scanner to run. | Blank | Populated | | + Current | Populated | Enabled. DLU is current and accurate using automated nightly scans. | Today + | Blank | | Recent | Populated, May be stale | Disabled. Last scan when enabled was within the + past three months. Three months is the default time period. See Setting the DLU Expiration. | + Within set time period | Populated | | Expired | Populated, May be stale | Disabled. Last scan + when enabled was longer than three months ago. Three months is the default time period. See + Setting the DLU Expiration. | Older than set time period | Populated | + +If **Field History Tracking** is enabled for a CustomField with a **DLU Status** of either +**Recent** or **Expired**, the status is changed to **Pending**. Here is an example: + +![Example of the DLU status fields for a CustomField](/img/product_docs/platgovsalesforce/clean_up/dlu_status_example_customfield.webp) + +### Notes + +- When Field History Tracking is enabled, the **DLU** is accurate, and the **Parent Last Update + Date** is blank. +- If Field History Tracking has never been enabled, only **Parent Last Update Date** has a value. + Use **Parent Last Update Date**and **% Populated** together to get a sense of the usage. +- If Field History Tracking was enabled and later disabled, there are values in **DLU** and **Parent + Last Update Date**. Generally, you would use the most recent of the two together with **% + Populated** to get a sense of usage. If **DLU Status** is Expired, it is probably safe to ignore + **DLU**. + +### Setting the DLU Expiration + +The DLU Parameters specify the number of months to wait before changing the DLU Status from Recent +to Expired for a CustomField. This only applies to a CustomField where **Field Tracking History** +has been disabled. To change the time period: + +1. Open **Setup** +2. Expand **Custom Code** +3. Select **Custom Metadata Types** + + ![Open Custom Metadata Types](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types.webp) + +4. Click **Manage Records** by **Strongpoint DLU Parameter** + + ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) + +5. Click **Edit** by **DLU Expiration** + + ![Edit the parameters](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_para.webp) + +6. Set the **DLU Expiration (Months)**. The default is three. +7. Click **Save**. + +## DLU Metadata Types + +Metadata types marked with an **\*** must have the **Event Logs** enabled to gather DLU information. +DLU can be used for the following metadata types: + +| Salesforce Family Types & Joins | Metadata Types | DLU | +| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| Workflow | Workflow Rule | Date workflow rule was last run. | +| Workflow Approva lProcess Flow Validation Rule | Last date base record updated, if enabled | | +| Scripts | Apex Class**\*** Apex Trigger**\*** Apex Component**\*** Lightning Component Lightning Web Component | The last date the code was triggered by any script based on the log of the last time it was run. | +| Forms | Layout Compact Layout | If assigned to a profile, it is the date the last record that belongs to the layout was updated . | +| Apex Page**\*** | The last date the page was accessed (the code was triggered). | | +| Reports | Report | Last date report was run. | +| Dashboard | Last date dashboard report was run. | | +| Report Type | Last date report using the report type was run. | | +| Analytic Snapshot | Last date a dashboard it is on or dependent script was run. | | +| List View | Last date the List View was accessed. | | +| Data Sources | Standard Field | Last date the value changed. | +| Standard Object Custom Object | Last date a record was saved. | | +| Custom Field | Last date the value changed or if formula field, the maximum last date of the fields in the formula. | | +| Dependent Fields | Custom Field Lookup | Minimum of the DLU of the record it exists on and the DLU of the source field. | +| Profiles and Roles | User | Last login by the user. | +| Role | Calculated based on the last time someone logged in with that role. | | +| Profile | Calculated based on the last time someone logged in with that profile. | | +| Permission Set | Calculated based on the last time someone logged in with that permission set. | | +| Package | Text that displays the name of the package | Maximum DLU of object in the package. | +| Extended Types (Other) | App Menu | DLU of the parent Custom Application. | +| Assignment Rules | Date rule was last run. | | +| Auto Response Rules | Date Auto Response rule was last run. | | +| Call Center | | | +| Connected App | Date App was last run. | | +| Custom Application | Maximum DLU of customizations belonging to the application. | | +| Criteria Based Sharing Rule | Maximum of related Sharing Rules. | | +| Custom Application Component | Maximum DLU from parent applications. | | +| Custom Label | Maximum DLU of related field. | | +| Custom Metadata | Date modified of the object that has the value in the metadata. | | +| Custom Object Translation | DLU of the parent object. | | +| Custom Page Web Link | DLU of the APEX page. | | +| Custom Permission | DLU of a profile that has the custom permission. | | +| Custom Tab | DLU of the parent Custom Application. | | +| Document | Last time the file was opened or accessed by the system. | | +| Email Template | Date Template was last used to send emails. | | +| Escalation Rules | Date rule was last run. | | +| Field Set | Last date a field value changed. | | +| Flow Definition | Date flow last accessed. | | +| Global Picklist | Maximum DLU of fields that use the picklist. | | +| Group | Last time someone from the group accessed the system (always employees). | | +| Installed Package | Maximum DLU of component of the package | | +| Letterhead | Last date template accessed. | | +| Matching Rule | Date rule was last run. | | +| Post Template | Date Template was last used to send emails. | | +| Queue | Maximum DLU of code / workflow run on the Queue. | | +| Record Type | Maximum DLU of fields that use the record type. | | +| Sharing Rules | Date rule was last run. | | +| Static Resource | Max of last access date (document) or DLU code referencing it. | | +| Synonym Dictionary | Maximum DLU of related fields. | | +| Territory2 | Date Territory2 rule was last run. | | +| Territory2 Model | Date Territory2 rule was last run. | | +| Territory2 Rule | Date rule was last run. | | +| Territory2 Type | Date Territory2 rule was last run. | | +| Translations | Maximum DLU of related fields. | | + +## Excluded Metadata Extended Types + +DLU is not used for the following metadata Extended Types: + +| | | +| --------------------------- | ------------------------ | +| Action Link Group Template | Aura Definition Bundle | +| Auth Provider | Business Process | +| Certificate | Cors Whitelist Origin | +| Custom Feed Filter | Custom Site | +| Data Category Group | Delegate Group | +| Embedded Service Config | Event Delivery | +| Event Subscription | External Data Source | +| Flexi Page | Home Page Component | +| Home Page Layout | Named Credential | +| Path Assistant | Platform Cache Partition | +| Portal | Quick Action | +| Remote Site Setting | Saml Sso Config | +| S control | Sharing Reason | +| Sharing Set | Site Dot Com | +| Transaction Security Policy | Web Link | + +## DLU Scheduler + +The [Scheduler](/docs/platgovsalesforce/scanner/scheduler.md) is where you can add frequency, day and time for processes +to run. Under **Field Usage and DLU**, you can set up the scheduler to update the last used date +field on customizations with the date the metadata was last used. It populates information for field +usage on custom fields and custom objects and catch any permission set assignments related to users. + +![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) + +Once the scheduler has been set up, you can view the DLU under the **Metadata** tab on the +customization record. diff --git a/docs/platgovsalesforce/customizations/_category_.json b/docs/platgovsalesforce/customizations/_category_.json new file mode 100644 index 0000000000..b190d6e07d --- /dev/null +++ b/docs/platgovsalesforce/customizations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Customizations Overview", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "customizations_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/customizations/customizations_overview.md b/docs/platgovsalesforce/customizations/customizations_overview.md index 07f6f250cd..4f1c8f1ef1 100644 --- a/docs/platgovsalesforce/customizations/customizations_overview.md +++ b/docs/platgovsalesforce/customizations/customizations_overview.md @@ -1,3 +1,9 @@ +--- +title: "Customizations Overview" +description: "Customizations Overview" +sidebar_position: 70 +--- + # Customizations Overview Customization records are documentation about each customization. They are automatically built and diff --git a/docs/platgovsalesforce/customizations/old_customization_record.md b/docs/platgovsalesforce/customizations/old_customization_record.md index 9fe7f7bff9..07c9f1dc24 100644 --- a/docs/platgovsalesforce/customizations/old_customization_record.md +++ b/docs/platgovsalesforce/customizations/old_customization_record.md @@ -1,3 +1,9 @@ +--- +title: "Old Customization Record" +description: "Old Customization Record" +sidebar_position: 20 +--- + # Old Customization Record This topic details the old-style customization record. Refer to @@ -56,7 +62,7 @@ These are the tabs inside a customization record: The metadata tab provides the metadata information about the customization, including: - **Date Last Used**: date the customization was last used. Refer to - [DLU](/docs/platgovsalesforce/clean_up/date_last_used.md) for more information. + [DLU](/docs/platgovsalesforce/cleanup/date_last_used.md) for more information. - **Data type**: data type of the custom field. - **Last Modified Date**: last date the customization was modified. - **Active**: indicates whether the customization is a active. diff --git a/docs/platgovsalesforce/customizations/understanding_customization_record.md b/docs/platgovsalesforce/customizations/understanding_customization_record.md index a88b7f7ef2..17fb3fa68e 100644 --- a/docs/platgovsalesforce/customizations/understanding_customization_record.md +++ b/docs/platgovsalesforce/customizations/understanding_customization_record.md @@ -1,3 +1,9 @@ +--- +title: "Understanding the Customization Record" +description: "Understanding the Customization Record" +sidebar_position: 10 +--- + # Understanding the Customization Record This topic discusses the new Platform Governance for Salesforce Lightning customization record. It @@ -65,7 +71,7 @@ The **Custom** tab shows the join, scanner and DLU dates. - **Last Scanner Date**: last date in which the scanner ran and evaluated the current customization. - **Make Join Date**: date customization was last passed to Make Join script. - **Date Last Used**: date the customization was last used. Refer to - [DLU](/docs/platgovsalesforce/clean_up/date_last_used.md) for more information. + [DLU](/docs/platgovsalesforce/cleanup/date_last_used.md) for more information. ### DRD diff --git a/docs/platgovsalesforce/faq.md b/docs/platgovsalesforce/faq.md index cf7806f912..7faf3fd37c 100644 --- a/docs/platgovsalesforce/faq.md +++ b/docs/platgovsalesforce/faq.md @@ -1,3 +1,9 @@ +--- +title: "FAQ" +description: "FAQ" +sidebar_position: 130 +--- + # FAQ Platform Governance for Salesforce is a stress-free change management and compliance software for diff --git a/docs/platgovsalesforce/installing_strongpoint/config_and_stats.md b/docs/platgovsalesforce/installing_strongpoint/config_and_stats.md deleted file mode 100644 index 1e470f565a..0000000000 --- a/docs/platgovsalesforce/installing_strongpoint/config_and_stats.md +++ /dev/null @@ -1,158 +0,0 @@ -# Configuration and Stats - -The Configuration and Stats report is a live update on the status and results of the Automated -Documentation system. - -From the Netwrix Dashboard: - -Click **Configuration and Stats** in the **Resources** section, or open **Settings** > -**Configuration and Stats**. - -The **License Type** displays your current license. - -![Configuration and Stats report](/img/product_docs/platgovsalesforce/installing_strongpoint/config_stats_overview.webp) - -The report is divided into multiple tabs: - -> Scanner Status -> -> > Documentation Stats -> > -> > Scanner Logs -> > -> > Scanner Additional Information -> > -> > Change Log Creation (sandbox option) -> -> Jira Configuration -> -> Orgs Credentials - -## Scanner Status - -Accesses the documentation stats, scanner logs, scanner additional configuration and change log -creation (sandbox). - -### Documentation Stats - -This section displays the current status of the documentation Platform Governance for Salesforce has -created for your account. The statistics included the total number of customization, and the various -**junctions** created to track the relationships between customizations. **junctions** represent -critical relationship information to help you determine if it is safe to delete or change something, -and how it affects other items. Click **Download PDF** to export a copy of the report. - -![Configuration and Stats - Documentation Stats](/img/product_docs/platgovsalesforce/installing_strongpoint/config_doc_stats.webp) - -### Scanner Logs - -The section displays details for each of the scanner logs: - -- Scanner Log Name -- Salesforce Type: -- Retrieved Stage: this column displays the current status when a scanner is running. For example, - **DeDuplicate** is displayed if the scanner is running the **DeDuplicate** process during the - scan. -- Total Customization: this column shows the number of customizations processed while a scanner is - running. When the scan is complete, the column matches the total **Scanner Count**. -- Scanner Count - -![Configuration and Stats - Scanner Logs](/img/product_docs/platgovsalesforce/installing_strongpoint/config_scanner_logs.webp) - -### Scanner Additional Information - -This section only applies to sandbox orgs. It displays each scanner function and the status: - -- Last Scanner Run Date -- Last Automated Scanner Run Date -- Last Scanner Run Status - -![Configuration and Stas - Scanner Additional Information](/img/product_docs/platgovsalesforce/installing_strongpoint/config_scan_add_info.webp) - -### Change Log Creation - -If you are in a sandbox, you can control whether change logs are created. Due to Salesforce space -limits on different -[sandbox accounts](https://help.salesforce.com/articleView?id=data_sandbox_environments.htmandtype=5), -you may want to disable change logs to save space. - -![Control Change Log Creation in Sandbox](/img/product_docs/platgovsalesforce/installing_strongpoint/config_stats_enable_change_log.webp) - -## Jira Configuration - -Use these features to enter your Jira credentials and map the statuses between Jira and Platform -Governance for Salesforce. - -- Credentials -- Status Mapping -- [Jira Field Mapping](/docs/platgovsalesforce/integrations/jira_field_map.md) (separate topic) - -### Credentials - -Your credentials are generated in Jira. Enter them here for the Platform Governance for Salesforce -Jira integration. - -1. Open **Netwrix Dashboard** > **Settings** > **Configuration and Stats**. -2. Open the **Jira Configuration** tab. It opens on the **Credentials** tab. - - ![Open the credentials](/img/product_docs/platgovsalesforce/integrations/jira_sp_credentials.webp) - -3. Enter your credentials: - - - **Jira Username** is your Jira login email associated with your Jira API token. - - **Jira Token** is your Jira API token. If you do not have your token, follow the steps in the - [Atlassian](https://confluence.atlassian.com/cloud/api-tokens-938839638.html) documentation. - - **Jira Account Name** is the _company specific part_ of the Jira site URL - (**https://\_**JiraAccountName**\_.atlassian.net**). Only enter the _JiraAccountName_, not the - entire URL. - - **Site URL** is **https://site.force.secure.com** - -4. Click **Save**. - -### Status Mapping - -1. Open **Netwrix Dashboard** > **Settings** > **Configuration and Stats**. -2. Open the **Jira Configuration** tab. -3. Open the **Status Mapping** tab. - - ![Set up the Jira status mappings for Change Request status](/img/product_docs/platgovsalesforce/integrations/jira_status_settings.webp) - -4. Enter the mappings between your Jira statuses and the Change Request statuses. You must define - your Jira statuses prior to this step. You can enter multiple Jira statuses for each Change - Request status, separated by commas. For example, **In Progress, Backlog**. Assign your mapping - for each of the Change Request statuses: - - - **Approved Values** - - **Complete Values** - - **In Progress Values** - - **Pending Approval Values** - - **Rejected Values** - -5. Check **Is Automatic Sync** to enable Platform Governance for Salesforce to handle the - synchronization between Jira and Salesforce when a Ticket status is updated to a mapped status. - without having to click **Push**. If you are using an org where you do not want to create a - Change Request, leave this unchecked so you can do your research or testing without generating - Change Requests. -6. Change Requests are not automatically created, as not all tickets result in a Change Request. - Tickets must be pushed to Platform Governance for Salesforce to begin the process. If Automatic - Synchronization is turned on, then changes to the Status and Customizations are synchronized - between Jira and Platform Governance for Salesforce without the need to keep manually pushing the - changes. -7. Click **Save**. - -## Orgs Credentials - -Create credentials for your Salesforce orgs and link the a Named Credential Change Request -deployments. - -1. Open **Netwrix Dashboard** > **Settings** > **Configuration and Stats**. -2. Open the **Orgs** Credentials tab. - - ![Orgs Credentials](/img/product_docs/platgovsalesforce/installing_strongpoint/orgs_credentials.webp) - -3. Click **New** to enter new credentials. For existing credentials, you can click **Edit** to - modify the credential, **Delete** to remove it, or the **credential name** to sync your - credentials. - - ![New org credentials](/img/product_docs/platgovsalesforce/installing_strongpoint/orgs_credentials_new.webp) - -4. Click **Save**. diff --git a/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md b/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md deleted file mode 100644 index 6e3853cc25..0000000000 --- a/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md +++ /dev/null @@ -1,82 +0,0 @@ -# Features by License Type - -Platform Governance for Salesforce offers three license types: - -> Automated Documentation -> -> Intelligent Change Enablement -> -> Enterprise Compliance - -This table summarizes what is included in each type. - -| Feature | Automated Documentation | Intelligent Change Enablement | Enterprise Compliance | -| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | -| Customization, Scanners and DRD | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Field-Level Scanner | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Clean Up: Reports, and Scheduler, Processes, DLU | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Profile / Permission Set Comparison | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| User Access Assistance | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| User Activity | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Implementation, Planned Customizations, Map Customizations | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Change Request (Change Management) | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Release & Deployment (Deployment, Rollback & Sync Tool) | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Compare Environments | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | -| Financial Controls | | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | - -## Automated Documentation - -This option is best suited for teams that need great documentation and excellent clean up and -optimization tools. - -Automated Documentation includes the following features: - -- Customizations, Scanners and DRD -- Field-Level Scanner -- Generate and download object configurations -- Clean Up and Optimization that tracks DLU (Date Last Used) -- Reports for Unused Customizations -- Script Management -- Profile / Permission Set Comparison - -## Intelligent Change Enablement - -This license is best for companies that need to manage changes in their account(s). - -Intelligent Change Management includes the following features: - -- Customizations, Scanners, and DRD -- Field-Level Scanner -- Generate and download object configurations -- Clean Up and Optimization that tracks DLU (Date Last Used) -- Reports for Unused Customizations -- Scheduler -- Implementation, Planned Customizations, Map Customizations -- Change Requests -- Release and Deployment (Deployment, Rollback and Enviro Sync Tool) -- Compare Environments -- Profile / Permission Set Comparison -- User Access Assistance -- User Activity - -## Enterprise Compliance - -The Enterprise Compliance option is for companies that need to safely manage and automate key -financial and IT controls and release processes and document them for audit purposes. - -Enterprise Compliance includes the following features: - -- Customizations, Scanners, and DRD -- Field-Level Scanner -- Generate and download object configurations -- Clean Up and Optimization that tracks DLU (Date Last Used) -- Reports for Unused Customizations -- Scheduler -- Implementation, Planned Customizations, Map Customizations -- Change Requests -- Release and Deployment (Deployment, Rollback and Enviro Sync Tool) and Compare Environments -- Financial Controls -- Audit Reports and Fields -- Profile / Permission Set Comparison -- User Access Assistance -- User Activity diff --git a/docs/platgovsalesforce/installing_strongpoint/installing_strongpoint.md b/docs/platgovsalesforce/installing_strongpoint/installing_strongpoint.md deleted file mode 100644 index 14bb63321b..0000000000 --- a/docs/platgovsalesforce/installing_strongpoint/installing_strongpoint.md +++ /dev/null @@ -1,52 +0,0 @@ -# Install Platform Governance for Salesforce - -Platform Governance for Salesforce is installed with package installation file sent to you by our -customer success team. To install: - -1. Click on the install URL, if installing in the sandbox, replace the initial portion of the URL - with [http://test.salesforce.com](http://test.salesforce.com) -2. Select **Install for Admins Only** -3. Click **Install** - ![install1](/img/product_docs/platgovsalesforce/installing_strongpoint/install1.webp) - -The installation runs in the background. An email notification is sent to you when the installation -is complete. - -## Configure Platform Governance for Salesforce - -The following items are needed: - -- Create a **Connected App** to generate and extract the Salesforce **Consumer Key** and the - Salesforce **Consumer Secret Key** -- Your Salesforce **username**, **password** and **authentication token** - -1. Open Salesforce **Setup** > **Apps** > **App Manager** -2. Click **New Connected App** -3. Select **Create a Connected App** and click **Continue** -4. Under **Basic Information** enter the required fields: - -- **Connected App Name**: **Netwrix Platform Governance** -- **API Name**: **Netwrix_Platform_Governance** -- **Contact E-mail** - -5. Click **API (Enable OAuth Settings)** to expand the section. -6. Set **Call Back URL** to **[https://localhost.com](https://localhost.com)** -7. Set **Selected OAuth Scopes** to **Full access (full)** - - ![Setting for Connected App](/img/product_docs/platgovsalesforce/integrations/connected_app.webp) - - **The Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows** - should not be checked. - -8. Click **Save**. **Netwrix Platform Governance**is now listed under **Custom Apps**. -9. Click on **Netwrix Platform Governance**. - - ![configure-1](/img/product_docs/platgovsalesforce/installing_strongpoint/configure-1.webp) - -10. Click **Manage Consumer Details**. You must verify your identity before you can proceed. -11. Copy the **Consumer Key** and the **Consumer Secret Key**. -12. Open the Salesforce App Launcher. -13. Locate and select **Netwrix Lightning**. -14. Click **I Accept** for the EULA. - -**Next Step:** [Using the Getting Started Wizard](/docs/platgovsalesforce/installing_strongpoint/using_getting_started_wizard.md) diff --git a/docs/platgovsalesforce/installing_strongpoint/license_manager.md b/docs/platgovsalesforce/installing_strongpoint/license_manager.md deleted file mode 100644 index 95ecb5e7de..0000000000 --- a/docs/platgovsalesforce/installing_strongpoint/license_manager.md +++ /dev/null @@ -1,26 +0,0 @@ -# Upgrade / Downgrade License - -Your current license type is listed on the Status Report: - -From the Netwrix Dashboard: - -Click **Configuration and Stats** in the **Resources** section, or open **Settings** > -**Configuration and Stats**. - -## Upgrade or Downgrade a License - -1. Send a request for an upgrade or downgrade to Netwrix support: - [sp.support@netwrix.com](mailto:sp.support@netwrix.com?subject=Salesforce_Support) - When you contact support, you must provide your **Instance ID** (**Setup** > **Company - Settings** > **Company Information**) - A representative will contact you and provide an authorization token. -2. Open **Netwrix Dashboard** > **Settings** > **Upgrade/Downgrade Package** -3. Copy and paste the **Authorization Token** -4. Click **Accept** - - ![input_auth_token](/img/product_docs/platgovsalesforce/installing_strongpoint/input_auth_token.webp) - -5. Open **Netwrix Dashboard** > **Scanner** > **Manual Scanners** -6. Click **Name** to select all. -7. Click **Run Scanner** to make sure that everything is updated and documented in your account - after the license change. diff --git a/docs/platgovsalesforce/installing_strongpoint/platform_governor.md b/docs/platgovsalesforce/installing_strongpoint/platform_governor.md deleted file mode 100644 index f56ab6ca77..0000000000 --- a/docs/platgovsalesforce/installing_strongpoint/platform_governor.md +++ /dev/null @@ -1,19 +0,0 @@ -# Platform Governor Status - -This is a live status update of the Usage of SFDC Governor Limit. Access it from **Netwrix -Dashboard** > **Settings** > **Platform Governor Status** - -When Platform Governance for Salesforce reaches the threshold, executions are reschedule for the -next day so the organization limit is not reached. - -![governor](/img/product_docs/platgovsalesforce/installing_strongpoint/governor.webp) - -## Set a Threshold - -You can set or edit the organization limits through the Setup menu. - -1. Open **Setup** > **Custom Code** > **Custom Settings** -2. Click **Manage** next to **Strongpoint General Config CS** -3. Click **Edit** next to **Strongpoint Apex Method Daily** -4. Change the **Value Number** as needed. -5. Click **Save** diff --git a/docs/platgovsalesforce/installing_strongpoint/using_getting_started_wizard.md b/docs/platgovsalesforce/installing_strongpoint/using_getting_started_wizard.md deleted file mode 100644 index 2dba8fd0ca..0000000000 --- a/docs/platgovsalesforce/installing_strongpoint/using_getting_started_wizard.md +++ /dev/null @@ -1,57 +0,0 @@ -# Run the Getting Started Wizard - -The Getting Started Wizard helps you set up Platform Governance for Salesforce after you have done -the [basic installation](/docs/platgovsalesforce/installing_strongpoint/installing_strongpoint.md) and configuration. - -To use the Getting Started Wizard: - -1. Open **Netwrix Dashboard**. -2. Open **Settings**> **Getting Started Wizard** - -The **Getting Started Wizard** opens to help you finish the configuration and set up. - -## Choose Your License Type - -On the Initial Setup Wizard page, choose the package type you have purchased. If you have an -Intelligent Change Management or Enterprise Compliance License, enter the **Input Authorization -Token** sent to you. Click **Next**. - -![getting_started_wizard2](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_wizard2.webp) - -## Add your Credentials - -Once you have chosen your license type, you need to add your credentials. If your credentials -change, an alert is sent to update the saved credentials. Expired credentials can cause auto -scanners to fail. Use **Netwrix Dashboard** > **Settings**> **SP Credentials** to update your -credentials. - -![getting_started_wizard3](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_wizard3.webp) - -1. On the Credentials page, add the following values: - -- **Salesforce Username** -- **Salesforce Password** -- **Salesforce Security Token** -- **Salesforce Consumer Key** Extracted when you created the Strongpoint Connected App -- **Salesforce Consumer Secret** Extracted when you created the Strongpoint Connected App - -2. Click **Next** - -## Test Your Connection - -Once you have set up your credentials, you need to configure the remote site settings. - -![Testing the connection](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_wizard10.webp) - -1. Open Salesforce **Setup** > **Security** > **Remote Site Settings**. -2. Click **New Remote Site**. - - ![New Remote Site](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_new_rss.webp) - -3. Copy/paste the information from the wizard to create the remote sites. -4. Click on **Test Connection**. **Test connection was Successful** is displayed if the connection - succeeds. If the connection fails, the wizard suggests troubleshooting steps to resolve the - issue. -5. Click **Next**. - -**Next Step:** [Set Up the Initial Scan](/docs/platgovsalesforce/installing_strongpoint/setting_up_initial_scan.md) diff --git a/docs/platgovsalesforce/installingstrongpoint/_category_.json b/docs/platgovsalesforce/installingstrongpoint/_category_.json new file mode 100644 index 0000000000..b7d009b64d --- /dev/null +++ b/docs/platgovsalesforce/installingstrongpoint/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Install Platform Governance for Salesforce", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installing_strongpoint" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/installingstrongpoint/config_and_stats.md b/docs/platgovsalesforce/installingstrongpoint/config_and_stats.md new file mode 100644 index 0000000000..0879f29787 --- /dev/null +++ b/docs/platgovsalesforce/installingstrongpoint/config_and_stats.md @@ -0,0 +1,164 @@ +--- +title: "Configuration and Stats" +description: "Configuration and Stats" +sidebar_position: 110 +--- + +# Configuration and Stats + +The Configuration and Stats report is a live update on the status and results of the Automated +Documentation system. + +From the Netwrix Dashboard: + +Click **Configuration and Stats** in the **Resources** section, or open **Settings** > +**Configuration and Stats**. + +The **License Type** displays your current license. + +![Configuration and Stats report](/img/product_docs/platgovsalesforce/installing_strongpoint/config_stats_overview.webp) + +The report is divided into multiple tabs: + +> Scanner Status +> +> > Documentation Stats +> > +> > Scanner Logs +> > +> > Scanner Additional Information +> > +> > Change Log Creation (sandbox option) +> +> Jira Configuration +> +> Orgs Credentials + +## Scanner Status + +Accesses the documentation stats, scanner logs, scanner additional configuration and change log +creation (sandbox). + +### Documentation Stats + +This section displays the current status of the documentation Platform Governance for Salesforce has +created for your account. The statistics included the total number of customization, and the various +**junctions** created to track the relationships between customizations. **junctions** represent +critical relationship information to help you determine if it is safe to delete or change something, +and how it affects other items. Click **Download PDF** to export a copy of the report. + +![Configuration and Stats - Documentation Stats](/img/product_docs/platgovsalesforce/installing_strongpoint/config_doc_stats.webp) + +### Scanner Logs + +The section displays details for each of the scanner logs: + +- Scanner Log Name +- Salesforce Type: +- Retrieved Stage: this column displays the current status when a scanner is running. For example, + **DeDuplicate** is displayed if the scanner is running the **DeDuplicate** process during the + scan. +- Total Customization: this column shows the number of customizations processed while a scanner is + running. When the scan is complete, the column matches the total **Scanner Count**. +- Scanner Count + +![Configuration and Stats - Scanner Logs](/img/product_docs/platgovsalesforce/installing_strongpoint/config_scanner_logs.webp) + +### Scanner Additional Information + +This section only applies to sandbox orgs. It displays each scanner function and the status: + +- Last Scanner Run Date +- Last Automated Scanner Run Date +- Last Scanner Run Status + +![Configuration and Stas - Scanner Additional Information](/img/product_docs/platgovsalesforce/installing_strongpoint/config_scan_add_info.webp) + +### Change Log Creation + +If you are in a sandbox, you can control whether change logs are created. Due to Salesforce space +limits on different +[sandbox accounts](https://help.salesforce.com/articleView?id=data_sandbox_environments.htmandtype=5), +you may want to disable change logs to save space. + +![Control Change Log Creation in Sandbox](/img/product_docs/platgovsalesforce/installing_strongpoint/config_stats_enable_change_log.webp) + +## Jira Configuration + +Use these features to enter your Jira credentials and map the statuses between Jira and Platform +Governance for Salesforce. + +- Credentials +- Status Mapping +- [Jira Field Mapping](/docs/platgovsalesforce/integrations/jiraintegration/jira_field_map.md) (separate topic) + +### Credentials + +Your credentials are generated in Jira. Enter them here for the Platform Governance for Salesforce +Jira integration. + +1. Open **Netwrix Dashboard** > **Settings** > **Configuration and Stats**. +2. Open the **Jira Configuration** tab. It opens on the **Credentials** tab. + + ![Open the credentials](/img/product_docs/platgovsalesforce/integrations/jira_sp_credentials.webp) + +3. Enter your credentials: + + - **Jira Username** is your Jira login email associated with your Jira API token. + - **Jira Token** is your Jira API token. If you do not have your token, follow the steps in the + [Atlassian](https://confluence.atlassian.com/cloud/api-tokens-938839638.html) documentation. + - **Jira Account Name** is the _company specific part_ of the Jira site URL + (**https://\_**JiraAccountName**\_.atlassian.net**). Only enter the _JiraAccountName_, not the + entire URL. + - **Site URL** is **https://site.force.secure.com** + +4. Click **Save**. + +### Status Mapping + +1. Open **Netwrix Dashboard** > **Settings** > **Configuration and Stats**. +2. Open the **Jira Configuration** tab. +3. Open the **Status Mapping** tab. + + ![Set up the Jira status mappings for Change Request status](/img/product_docs/platgovsalesforce/integrations/jira_status_settings.webp) + +4. Enter the mappings between your Jira statuses and the Change Request statuses. You must define + your Jira statuses prior to this step. You can enter multiple Jira statuses for each Change + Request status, separated by commas. For example, **In Progress, Backlog**. Assign your mapping + for each of the Change Request statuses: + + - **Approved Values** + - **Complete Values** + - **In Progress Values** + - **Pending Approval Values** + - **Rejected Values** + +5. Check **Is Automatic Sync** to enable Platform Governance for Salesforce to handle the + synchronization between Jira and Salesforce when a Ticket status is updated to a mapped status. + without having to click **Push**. If you are using an org where you do not want to create a + Change Request, leave this unchecked so you can do your research or testing without generating + Change Requests. +6. Change Requests are not automatically created, as not all tickets result in a Change Request. + Tickets must be pushed to Platform Governance for Salesforce to begin the process. If Automatic + Synchronization is turned on, then changes to the Status and Customizations are synchronized + between Jira and Platform Governance for Salesforce without the need to keep manually pushing the + changes. +7. Click **Save**. + +## Orgs Credentials + +Create credentials for your Salesforce orgs and link the a Named Credential Change Request +deployments. + +1. Open **Netwrix Dashboard** > **Settings** > **Configuration and Stats**. +2. Open the **Orgs** Credentials tab. + + ![Orgs Credentials](/img/product_docs/platgovsalesforce/installing_strongpoint/orgs_credentials.webp) + +3. Click **New** to enter new credentials. For existing credentials, you can click **Edit** to + modify the credential, **Delete** to remove it, or the **credential name** to sync your + credentials. + + ![New org credentials](/img/product_docs/platgovsalesforce/installing_strongpoint/orgs_credentials_new.webp) + +4. Click **Save**. diff --git a/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md b/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md new file mode 100644 index 0000000000..328bc70ca2 --- /dev/null +++ b/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md @@ -0,0 +1,88 @@ +--- +title: "Features by License Type" +description: "Features by License Type" +sidebar_position: 80 +--- + +# Features by License Type + +Platform Governance for Salesforce offers three license types: + +> Automated Documentation +> +> Intelligent Change Enablement +> +> Enterprise Compliance + +This table summarizes what is included in each type. + +| Feature | Automated Documentation | Intelligent Change Enablement | Enterprise Compliance | +| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | +| Customization, Scanners and DRD | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Field-Level Scanner | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Clean Up: Reports, and Scheduler, Processes, DLU | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Profile / Permission Set Comparison | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| User Access Assistance | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| User Activity | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Implementation, Planned Customizations, Map Customizations | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Change Request (Change Management) | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Release & Deployment (Deployment, Rollback & Sync Tool) | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Compare Environments | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | +| Financial Controls | | | ![orangecheck](/img/product_docs/platgovsalesforce/installing_strongpoint/orangecheck.webp) | + +## Automated Documentation + +This option is best suited for teams that need great documentation and excellent clean up and +optimization tools. + +Automated Documentation includes the following features: + +- Customizations, Scanners and DRD +- Field-Level Scanner +- Generate and download object configurations +- Clean Up and Optimization that tracks DLU (Date Last Used) +- Reports for Unused Customizations +- Script Management +- Profile / Permission Set Comparison + +## Intelligent Change Enablement + +This license is best for companies that need to manage changes in their account(s). + +Intelligent Change Management includes the following features: + +- Customizations, Scanners, and DRD +- Field-Level Scanner +- Generate and download object configurations +- Clean Up and Optimization that tracks DLU (Date Last Used) +- Reports for Unused Customizations +- Scheduler +- Implementation, Planned Customizations, Map Customizations +- Change Requests +- Release and Deployment (Deployment, Rollback and Enviro Sync Tool) +- Compare Environments +- Profile / Permission Set Comparison +- User Access Assistance +- User Activity + +## Enterprise Compliance + +The Enterprise Compliance option is for companies that need to safely manage and automate key +financial and IT controls and release processes and document them for audit purposes. + +Enterprise Compliance includes the following features: + +- Customizations, Scanners, and DRD +- Field-Level Scanner +- Generate and download object configurations +- Clean Up and Optimization that tracks DLU (Date Last Used) +- Reports for Unused Customizations +- Scheduler +- Implementation, Planned Customizations, Map Customizations +- Change Requests +- Release and Deployment (Deployment, Rollback and Enviro Sync Tool) and Compare Environments +- Financial Controls +- Audit Reports and Fields +- Profile / Permission Set Comparison +- User Access Assistance +- User Activity diff --git a/docs/platgovsalesforce/installingstrongpoint/installing_strongpoint.md b/docs/platgovsalesforce/installingstrongpoint/installing_strongpoint.md new file mode 100644 index 0000000000..cd9591cb28 --- /dev/null +++ b/docs/platgovsalesforce/installingstrongpoint/installing_strongpoint.md @@ -0,0 +1,58 @@ +--- +title: "Install Platform Governance for Salesforce" +description: "Install Platform Governance for Salesforce" +sidebar_position: 10 +--- + +# Install Platform Governance for Salesforce + +Platform Governance for Salesforce is installed with package installation file sent to you by our +customer success team. To install: + +1. Click on the install URL, if installing in the sandbox, replace the initial portion of the URL + with [http://test.salesforce.com](http://test.salesforce.com) +2. Select **Install for Admins Only** +3. Click **Install** + ![install1](/img/product_docs/platgovsalesforce/installing_strongpoint/install1.webp) + +The installation runs in the background. An email notification is sent to you when the installation +is complete. + +## Configure Platform Governance for Salesforce + +The following items are needed: + +- Create a **Connected App** to generate and extract the Salesforce **Consumer Key** and the + Salesforce **Consumer Secret Key** +- Your Salesforce **username**, **password** and **authentication token** + +1. Open Salesforce **Setup** > **Apps** > **App Manager** +2. Click **New Connected App** +3. Select **Create a Connected App** and click **Continue** +4. Under **Basic Information** enter the required fields: + +- **Connected App Name**: **Netwrix Platform Governance** +- **API Name**: **Netwrix_Platform_Governance** +- **Contact E-mail** + +5. Click **API (Enable OAuth Settings)** to expand the section. +6. Set **Call Back URL** to **[https://localhost.com](https://localhost.com)** +7. Set **Selected OAuth Scopes** to **Full access (full)** + + ![Setting for Connected App](/img/product_docs/platgovsalesforce/integrations/connected_app.webp) + + **The Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows** + should not be checked. + +8. Click **Save**. **Netwrix Platform Governance**is now listed under **Custom Apps**. +9. Click on **Netwrix Platform Governance**. + + ![configure-1](/img/product_docs/platgovsalesforce/installing_strongpoint/configure-1.webp) + +10. Click **Manage Consumer Details**. You must verify your identity before you can proceed. +11. Copy the **Consumer Key** and the **Consumer Secret Key**. +12. Open the Salesforce App Launcher. +13. Locate and select **Netwrix Lightning**. +14. Click **I Accept** for the EULA. + +**Next Step:** [Using the Getting Started Wizard](/docs/platgovsalesforce/installingstrongpoint/using_getting_started_wizard.md) diff --git a/docs/platgovsalesforce/installingstrongpoint/license_manager.md b/docs/platgovsalesforce/installingstrongpoint/license_manager.md new file mode 100644 index 0000000000..8879b808e6 --- /dev/null +++ b/docs/platgovsalesforce/installingstrongpoint/license_manager.md @@ -0,0 +1,32 @@ +--- +title: "Upgrade / Downgrade License" +description: "Upgrade / Downgrade License" +sidebar_position: 70 +--- + +# Upgrade / Downgrade License + +Your current license type is listed on the Status Report: + +From the Netwrix Dashboard: + +Click **Configuration and Stats** in the **Resources** section, or open **Settings** > +**Configuration and Stats**. + +## Upgrade or Downgrade a License + +1. Send a request for an upgrade or downgrade to Netwrix support: + [sp.support@netwrix.com](mailto:sp.support@netwrix.com?subject=Salesforce_Support) + When you contact support, you must provide your **Instance ID** (**Setup** > **Company + Settings** > **Company Information**) + A representative will contact you and provide an authorization token. +2. Open **Netwrix Dashboard** > **Settings** > **Upgrade/Downgrade Package** +3. Copy and paste the **Authorization Token** +4. Click **Accept** + + ![input_auth_token](/img/product_docs/platgovsalesforce/installing_strongpoint/input_auth_token.webp) + +5. Open **Netwrix Dashboard** > **Scanner** > **Manual Scanners** +6. Click **Name** to select all. +7. Click **Run Scanner** to make sure that everything is updated and documented in your account + after the license change. diff --git a/docs/platgovsalesforce/installingstrongpoint/platform_governor.md b/docs/platgovsalesforce/installingstrongpoint/platform_governor.md new file mode 100644 index 0000000000..0de0374cc4 --- /dev/null +++ b/docs/platgovsalesforce/installingstrongpoint/platform_governor.md @@ -0,0 +1,25 @@ +--- +title: "Platform Governor Status" +description: "Platform Governor Status" +sidebar_position: 90 +--- + +# Platform Governor Status + +This is a live status update of the Usage of SFDC Governor Limit. Access it from **Netwrix +Dashboard** > **Settings** > **Platform Governor Status** + +When Platform Governance for Salesforce reaches the threshold, executions are reschedule for the +next day so the organization limit is not reached. + +![governor](/img/product_docs/platgovsalesforce/installing_strongpoint/governor.webp) + +## Set a Threshold + +You can set or edit the organization limits through the Setup menu. + +1. Open **Setup** > **Custom Code** > **Custom Settings** +2. Click **Manage** next to **Strongpoint General Config CS** +3. Click **Edit** next to **Strongpoint Apex Method Daily** +4. Change the **Value Number** as needed. +5. Click **Save** diff --git a/docs/platgovsalesforce/installing_strongpoint/running_scanner.md b/docs/platgovsalesforce/installingstrongpoint/running_scanner.md similarity index 94% rename from docs/platgovsalesforce/installing_strongpoint/running_scanner.md rename to docs/platgovsalesforce/installingstrongpoint/running_scanner.md index cfff3d6d0c..d98ae10dc6 100644 --- a/docs/platgovsalesforce/installing_strongpoint/running_scanner.md +++ b/docs/platgovsalesforce/installingstrongpoint/running_scanner.md @@ -1,3 +1,9 @@ +--- +title: "Manual Scanners" +description: "Manual Scanners" +sidebar_position: 40 +--- + # Manual Scanners When the initial scan is complete, you can run additional on demand scans as required. @@ -39,4 +45,4 @@ To run the scanner: 6. From the Netwrix Dashboard: click **Configuration and Stats** in the **Resources** section, or open **Settings** > **Configuration and Stats**. -**Next Step:** [Validate the Data ](/docs/platgovsalesforce/installing_strongpoint/validating_data.md) +**Next Step:** [Validate the Data ](/docs/platgovsalesforce/installingstrongpoint/validating_data.md) diff --git a/docs/platgovsalesforce/installing_strongpoint/sandbox_dev_orgs.md b/docs/platgovsalesforce/installingstrongpoint/sandbox_dev_orgs.md similarity index 91% rename from docs/platgovsalesforce/installing_strongpoint/sandbox_dev_orgs.md rename to docs/platgovsalesforce/installingstrongpoint/sandbox_dev_orgs.md index 7a071077fe..5e5addb20a 100644 --- a/docs/platgovsalesforce/installing_strongpoint/sandbox_dev_orgs.md +++ b/docs/platgovsalesforce/installingstrongpoint/sandbox_dev_orgs.md @@ -1,3 +1,9 @@ +--- +title: "Sandbox Accounts" +description: "Sandbox Accounts" +sidebar_position: 100 +--- + # Sandbox Accounts Salesforce sandbox accounts are set up for testing. Data storage is now optimized in these accounts @@ -29,5 +35,5 @@ From the Netwrix Dashboard: click **Configuration and Stats** in the **Resources ![Enabling/Disabling Change Log Creation for Sandboxes](/img/product_docs/platgovsalesforce/installing_strongpoint/config_stats_enable_change_log.webp) -The initial setting is selected on the [Scanner](/docs/platgovsalesforce/installing_strongpoint/setting_up_initial_scan.md) page of the **Install +The initial setting is selected on the [Scanner](/docs/platgovsalesforce/installingstrongpoint/setting_up_initial_scan.md) page of the **Install Wizard** when installing the sandbox. diff --git a/docs/platgovsalesforce/installing_strongpoint/setting_access_permission.md b/docs/platgovsalesforce/installingstrongpoint/setting_access_permission.md similarity index 89% rename from docs/platgovsalesforce/installing_strongpoint/setting_access_permission.md rename to docs/platgovsalesforce/installingstrongpoint/setting_access_permission.md index 8e2f9a3d6b..b9aeccea7c 100644 --- a/docs/platgovsalesforce/installing_strongpoint/setting_access_permission.md +++ b/docs/platgovsalesforce/installingstrongpoint/setting_access_permission.md @@ -1,3 +1,9 @@ +--- +title: "Set Access and Permissions" +description: "Set Access and Permissions" +sidebar_position: 60 +--- + # Set Access and Permissions Platform Governance for Salesforce access is only granted to system administrations. To extend diff --git a/docs/platgovsalesforce/installing_strongpoint/setting_up_initial_scan.md b/docs/platgovsalesforce/installingstrongpoint/setting_up_initial_scan.md similarity index 90% rename from docs/platgovsalesforce/installing_strongpoint/setting_up_initial_scan.md rename to docs/platgovsalesforce/installingstrongpoint/setting_up_initial_scan.md index 54b0cd661d..86666bac59 100644 --- a/docs/platgovsalesforce/installing_strongpoint/setting_up_initial_scan.md +++ b/docs/platgovsalesforce/installingstrongpoint/setting_up_initial_scan.md @@ -1,3 +1,9 @@ +--- +title: "Set Up the Initial Scan" +description: "Set Up the Initial Scan" +sidebar_position: 30 +--- + # Set Up the Initial Scan The Metadata Scanner form is displayed. @@ -10,7 +16,7 @@ If you are installing in a sandbox, there is an option for **Change Log Creation change logs are created in the sandbox. Due to Salesforce space limits on different [sandbox accounts](https://help.salesforce.com/articleView?id=data_sandbox_environments.htmandtype=5), you may want to disable change logs to save space. This option can also be accessed on the -[Configuration and Stats](/docs/platgovsalesforce/installing_strongpoint/config_and_stats.md) page for the sandbox. +[Configuration and Stats](/docs/platgovsalesforce/installingstrongpoint/config_and_stats.md) page for the sandbox. Here are the options for a Sandbox installation. Be sure to **Save** each setting you change. Scroll down to find the Scanner options. @@ -55,4 +61,4 @@ If you open the home page, you see the **Scanner Status** is **In Progress**. ![Scanner status on home page](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_wizard11.webp) -**Next Step:** [Run the Scanner](/docs/platgovsalesforce/installing_strongpoint/running_scanner.md) +**Next Step:** [Run the Scanner](/docs/platgovsalesforce/installingstrongpoint/running_scanner.md) diff --git a/docs/platgovsalesforce/installingstrongpoint/using_getting_started_wizard.md b/docs/platgovsalesforce/installingstrongpoint/using_getting_started_wizard.md new file mode 100644 index 0000000000..c1f97b0114 --- /dev/null +++ b/docs/platgovsalesforce/installingstrongpoint/using_getting_started_wizard.md @@ -0,0 +1,63 @@ +--- +title: "Run the Getting Started Wizard" +description: "Run the Getting Started Wizard" +sidebar_position: 20 +--- + +# Run the Getting Started Wizard + +The Getting Started Wizard helps you set up Platform Governance for Salesforce after you have done +the [basic installation](/docs/platgovsalesforce/installingstrongpoint/installing_strongpoint.md) and configuration. + +To use the Getting Started Wizard: + +1. Open **Netwrix Dashboard**. +2. Open **Settings**> **Getting Started Wizard** + +The **Getting Started Wizard** opens to help you finish the configuration and set up. + +## Choose Your License Type + +On the Initial Setup Wizard page, choose the package type you have purchased. If you have an +Intelligent Change Management or Enterprise Compliance License, enter the **Input Authorization +Token** sent to you. Click **Next**. + +![getting_started_wizard2](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_wizard2.webp) + +## Add your Credentials + +Once you have chosen your license type, you need to add your credentials. If your credentials +change, an alert is sent to update the saved credentials. Expired credentials can cause auto +scanners to fail. Use **Netwrix Dashboard** > **Settings**> **SP Credentials** to update your +credentials. + +![getting_started_wizard3](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_wizard3.webp) + +1. On the Credentials page, add the following values: + +- **Salesforce Username** +- **Salesforce Password** +- **Salesforce Security Token** +- **Salesforce Consumer Key** Extracted when you created the Strongpoint Connected App +- **Salesforce Consumer Secret** Extracted when you created the Strongpoint Connected App + +2. Click **Next** + +## Test Your Connection + +Once you have set up your credentials, you need to configure the remote site settings. + +![Testing the connection](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_wizard10.webp) + +1. Open Salesforce **Setup** > **Security** > **Remote Site Settings**. +2. Click **New Remote Site**. + + ![New Remote Site](/img/product_docs/platgovsalesforce/installing_strongpoint/getting_started_new_rss.webp) + +3. Copy/paste the information from the wizard to create the remote sites. +4. Click on **Test Connection**. **Test connection was Successful** is displayed if the connection + succeeds. If the connection fails, the wizard suggests troubleshooting steps to resolve the + issue. +5. Click **Next**. + +**Next Step:** [Set Up the Initial Scan](/docs/platgovsalesforce/installingstrongpoint/setting_up_initial_scan.md) diff --git a/docs/platgovsalesforce/installing_strongpoint/validating_data.md b/docs/platgovsalesforce/installingstrongpoint/validating_data.md similarity index 94% rename from docs/platgovsalesforce/installing_strongpoint/validating_data.md rename to docs/platgovsalesforce/installingstrongpoint/validating_data.md index 2fab6b8763..022c6c108d 100644 --- a/docs/platgovsalesforce/installing_strongpoint/validating_data.md +++ b/docs/platgovsalesforce/installingstrongpoint/validating_data.md @@ -1,3 +1,9 @@ +--- +title: "Validate the Data" +description: "Validate the Data" +sidebar_position: 50 +--- + # Validate the Data Accurate documentation is critical to support your change management and clean up processes. diff --git a/docs/platgovsalesforce/integrations/_category_.json b/docs/platgovsalesforce/integrations/_category_.json new file mode 100644 index 0000000000..cdb707a17b --- /dev/null +++ b/docs/platgovsalesforce/integrations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integrations", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "integrations_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/integrations/integrations_overview.md b/docs/platgovsalesforce/integrations/integrations_overview.md index 7ce9c1381b..58f0278f41 100644 --- a/docs/platgovsalesforce/integrations/integrations_overview.md +++ b/docs/platgovsalesforce/integrations/integrations_overview.md @@ -1,3 +1,9 @@ +--- +title: "Integrations" +description: "Integrations" +sidebar_position: 100 +--- + # Integrations Many customers use ticketing and change approval systems in the management of changes to all of @@ -8,7 +14,7 @@ including the impact analysis, release management and change reconciliation feat Integrations with Salesforce include: -- [Jira](/docs/platgovsalesforce/change_management/creating_change_request.md) +- [Jira](/docs/platgovsalesforce/changemanagement/creating_change_request.md) ## Jira @@ -25,4 +31,4 @@ logs during an audit. This provides the following benefits to your users: ![Jira Integration](/img/product_docs/platgovsalesforce/integrations/jira_overview.webp) -**Next Step:** [ Set Up the Jira Integration](/docs/platgovsalesforce/integrations/jira_integration.md) +**Next Step:** [ Set Up the Jira Integration](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md) diff --git a/docs/platgovsalesforce/integrations/jira_integration.md b/docs/platgovsalesforce/integrations/jira_integration.md deleted file mode 100644 index b83783d1c9..0000000000 --- a/docs/platgovsalesforce/integrations/jira_integration.md +++ /dev/null @@ -1,199 +0,0 @@ -# Set Up the Jira Integration - -Platform Governance for Salesforce's Change Enablement capabilities are integrated with Jira, one of -the most popular issue ticketing and development project management systems. Customers are able to -look for and include Salesforce Customizations, assess impacts for requested changes, and push Jira -change tickets into a Change Request. This enables easy management of changes, seamless tracking of -compliant changes and automating the reconciliation of change logs during an audit. - -User benefits include: - -- Avoid duplicate effort of creating tickets in two different systems. -- Perform impact analysis assessment. -- Navigate to DRD views. -- Enable automatic synchronization of Jira and Platform Governance for Salesforce change tickets. - -Change Requests are not automatically created, as not all tickets result in a Change Request. -Tickets must be pushed to Platform Governance for Salesforce to begin the process. If Automatic -Synchronization is turned on, then changes to the Status and Customizations are synchronized between -Jira and Platform Governance for Salesforce without the need to keep manually pushing the changes. - -To set up the Jira integration: - -1. Review Your Jira Statuses -2. Install the App -3. Set Up Jira Cloud Integration Credentials -4. Set Up Status Mapping - -You can map custom fields between Change Requests and Jira. Refer to -[Jira Field Mapping](/docs/platgovsalesforce/integrations/jira_field_map.md) for details. - -## Review Your Jira Statuses - -To take advantage of the automatic synchronization feature, we recommend reviewing your Jira -statuses to be mapped to the Change Request statuses. When a ticket status is updated to a mapped -status, Platform Governance for Salesforce handles the synchronization between Jira and Salesforce. - -The mapping allows multiple Jira statuses to map to each Change Request status. -The mapping is part of the Set Up Status Mapping procedure. - -Refer to the Atlassian documentation for instructions on -[Defining status field values](https://confluence.atlassian.com/adminjiraserver070/defining-status-field-values-749382903.html?_ga=2.262596428.1900070949.1572132057-2138500458.1540834491). - -## Install the App - -Use the Jira Cloud Installation, then complete the Access Data with API Integration or Set Up Jira -Cloud Integration Credentials after installing the app. - -### Jira Cloud Installation - -You must be a Jira system administrator to install the **Strongpoint for Salesforce** app. Contact -your Jira system administrator if you do not have administrative permissions. - -1. Open your **Jira Software Dashboard**. -2. Select **Apps** > **Explore more Apps >** -3. Search for **Strongpoint**. - - ![Strongpoint apps in the Jira Marketplace](/img/product_docs/platgovsalesforce/integrations/jira_marketplace.webp) - -4. Click **Strongpoint for Salesforce** to install the app. - -#### Access Data with API Integration - -You can use a connected app to request access to Salesforce data. These steps connect your Jira -Cloud app to your Salesforce instance. - -For a connected app to request access, it must be integrated with the Salesforce API using the OAuth -2.0 protocol. OAuth 2.0 is an open protocol that authorizes secure data sharing between applications -through the exchange of tokens. - -Configure the connected app: - -1. Log in to your Salesforce org. -2. Open the Connected App: - **Setup** > **Apps** > **App Manager** > **Strongpoint** (where **App Type** = **Connected**) - - ![Open the Strongpoint Connected App](/img/product_docs/platgovsalesforce/integrations/connected_app.webp) - -3. Click the drop down arrow on the right side and select **Edit**. -4. Set the **Callback URL** to **https://spjira.my.salesforce-sites.com/SpHandleJiraAuth** -5. These **Oauth Scopes** must be selected: - **Full access (full)** - **Perform requests at any time (refresh_token, offline_access)** -6. Click **Save**. - - Your connected app requires 2-10 minutes after you save before it is available. - -7. Click **Manage Consumer Details**. - - ![Click Manage Consumer Details](/img/product_docs/platgovsalesforce/integrations/manage_consumer_details.webp) - -8. Copy the Consumer Key and the Consumer Secret codes to a clipboard. You are prompted for this - information when you use the app. - -If you do not use a connected app, you can set up Jira Cloud Integration Credentials as an -alternative. - -#### Set Up Jira Cloud Integration Credentials - -1. From the Netwrix Dashboard: click **Configuration and Stats** in the **Resources** section, or - open **Settings** > **Configuration and Stats**. -2. Open the **Jira Configuration** tab. - - ![Open the credentials](/img/product_docs/platgovsalesforce/integrations/jira_sp_credentials.webp) - -3. Enter your credentials: - - - **Jira Username** is your Jira login email associated with your Jira API token. - - **Jira Token** is your Jira API token. If you do not have your token, follow the steps in the - [Atlassian](https://confluence.atlassian.com/cloud/api-tokens-938839638.html) documentation. - - **Jira Account Name** is the _company specific part_ of the Jira site URL - (**https://\_**JiraAccountName**\_.atlassian.net**). Only enter the _JiraAccountName_, not the - entire URL. - - **Site URL** is **https://site.force.secure.com** - -4. Click **Save**. - -#### Restricting Access to a Project - -By default, all projects are visible for the Jira Platform Governance for Salesforce integration. -You can restrict this by project or profile. - -Users opening a restricted project receive a information message, instructions for enabling access, -and a link to this topic. Follow the instructions for Restricting Access to a Project or Setting -Groups/Profiles Visibility to grant the user appropriate access. - -> _The Strongpoint Salesforce Integration is not supported for this project._ - -1. Open a Jira project. - - ![Open a project](/img/product_docs/platgovsalesforce/integrations/jira_restrict_access1.webp) - -2. Select **Strongpoint Sf Settings**. -3. Select the **Project Visability Settings** tab. -4. Enter the name of the project in the **Visibility Settings**. The specified project is the only - one that is available to the Platform Governance for Salesforce integration. Leave **Visibility - Settings** blank to allow all projects access. -5. Click **Save**. - -Only the specified project has access to the Platform Governance for Salesforce Jira installation. -If **Visibility Settings** is blank, all projects have access. - -#### Setting Groups/Profiles Visibility - -Access to the Jira Platform Governance for Salesforce integration can also be performed with Profile -groups. - -Users opening a restricted project receive a information message, instructions for enabling access, -and a link to this topic. Follow the instructions for Restricting Access to a Project or Setting -Groups/Profiles Visibility to grant the user appropriate access. - -> _The Strongpoint Salesforce Integration is not supported for this project._ - -1. Open a Jira project. -2. Select **Strongpoint Sf Settings**. -3. Select the **Profile Visability Settings** tab. There are two lists: - **Existing Groups** are all of the current groups in Jira - **Selected Groups** are groups that can see the Platform Governance for Salesforce Jira - integration. If **Selected Groups** is blank, all groups have access to the integration. - - ![Profile Visibility Settings](/img/product_docs/platgovsalesforce/integrations/profile_visability1.webp) - -4. Select an existing group and click **Add** to include it as a **Selected Group**. To remove a - group from the selected list, select it and click **Remove**. If **Selected Groups** is blank, - all groups have access to the integration. If there are one or more groups, then access is - restricted to the specified group. - -## Set Up Status Mapping - -1. From the Netwrix Dashboard: click **Configuration and Stats** in the **Resources** section, or - open **Settings** > **Configuration and Stats**. -2. Open the **Jira Configuration** tab. -3. Open the **Status Mapping** tab. - - ![Set up the Jira status mappings for Change Request status](/img/product_docs/platgovsalesforce/integrations/jira_status_settings.webp) - -4. Enter the mappings between your Jira statuses and the Change Request statuses. You must define - your Jira statuses prior to this step. You can enter multiple Jira statuses for each Change - Request status, separated by commas. For example, **In Progress, Backlog**. Assign your mapping - for each of the Change Request statuses: - - - **Approved Values** - - **Complete Values** - - **In Progress Values** - - **Pending Approval Values** - - **Rejected Values** - -5. Check **Is Automatic Sync** to enable Platform Governance for Salesforce to handle the - synchronization between Jira and Salesforce when a Ticket status is updated to a mapped status. - without having to click **Push**. If you are using an org where you do not want to create a - Change Request, leave this unchecked so you can do your research or testing without generating - Change Requests. -6. Change Requests are not automatically created, as not all tickets result in a Change Request. - Tickets must be pushed to Platform Governance for Salesforce to begin the process. If Automatic - Synchronization is turned on, then changes to the Status and Customizations are synchronized - between Jira and Platform Governance for Salesforce without the need to keep manually pushing the - changes. -7. Click **Save**. - -**Next Step:** [Jira Walkthrough Example](/docs/platgovsalesforce/integrations/jira_walkthrough_example.md) diff --git a/docs/platgovsalesforce/integrations/jira_troubleshooting.md b/docs/platgovsalesforce/integrations/jira_troubleshooting.md deleted file mode 100644 index 6e9a1db261..0000000000 --- a/docs/platgovsalesforce/integrations/jira_troubleshooting.md +++ /dev/null @@ -1,73 +0,0 @@ -# Jira Integration Troubleshooting - -Jira Integration errors - -## Error with Jira Credentials - -Error message: - -_Please verify your Jira Credentials. Go to_ **Netwrix Dashboard** _>_ **Configurations and Stats** -_>_ **Jira Configuration** _>_ **Credentials** - -Solution: - -Refer to [Credentials](/docs/platgovsalesforce/installing_strongpoint/config_and_stats.md#credentials) for more -information on entering your credentials. - -## Error with Mapping Jira Statuses - -Error message: - -_Please verify your Jira Credentials. Go to_ **Netwrix Dashboard** _>_ **Configurations and Stats** -_>_ **Jira Configuration** _->_ **Status Mapping** - -Solution: - -Refer to [Status Mapping](/docs/platgovsalesforce/installing_strongpoint/config_and_stats.md#status-mapping) for more -information on mapping your statuses. - -## Error with Salesforce Credentials - -Error message: - -Please verify Your User Credentials: It may be an Invalid username, wrong password, or invalid -security token. - -If you are using Salesforce Authenticator, please update it to the most recent Six-digit code. - -Or please verify that the user is not locked. - -Solution: - -Check the user's information in Salesforce. - -## Error with Connected App Key - -Error message: - -error=invalid_client_id&error_description=client%20identifier%20invalid - -Refer to [Access Data with API Integration](jira_integration.md#access-data-with-apiintegration) for -more information on setting up the connected app. - -## Error with Consumer Secret - -Error message: - -Please verify the Consumers Secret from the Connected App. - -Solution: - -Refer to [Credentials](/docs/platgovsalesforce/installing_strongpoint/config_and_stats.md#credentials) for more -information on entering your credentials - -## URL Errors - -Error message: - -error=redirect_uri_mismatch - -Solution: - -Refer to [Connected App](jira_walkthrough_example.md#connected-app) Connected App for more -information on setting up the connected app. diff --git a/docs/platgovsalesforce/integrations/jira_upload_addon_not_showing.md b/docs/platgovsalesforce/integrations/jira_upload_addon_not_showing.md deleted file mode 100644 index c28b4696df..0000000000 --- a/docs/platgovsalesforce/integrations/jira_upload_addon_not_showing.md +++ /dev/null @@ -1,12 +0,0 @@ -# Jira Upload Add On Not Showing - -If the Upload add on is not shown on your screen, you are either not a Jira administrator or you -have not checked **Enable development mode**. - -To enable development mode: - -1. Open Jira. -2. Click **Settings** -3. Click **Enable development mode** - -![Jira Enable Development Mode](/img/product_docs/platgovnetsuite/integrations/jira_enable_dev_mode.webp) diff --git a/docs/platgovsalesforce/integrations/jira_walkthrough_example.md b/docs/platgovsalesforce/integrations/jira_walkthrough_example.md deleted file mode 100644 index 212c3f6875..0000000000 --- a/docs/platgovsalesforce/integrations/jira_walkthrough_example.md +++ /dev/null @@ -1,242 +0,0 @@ -# Jira Walkthrough Example - -This walkthrough is one example based on our test account. You must -[install and configure](/docs/platgovsalesforce/integrations/jira_integration.md) the Platform Governance for Salesforce Salesforce Jira -integration, including setting up the **[Jira Statuses](/docs/platgovsalesforce/integrations/jira_integration.md)** prior to using this -walkthrough. - -The walkthrough demonstrates these steps: - -- Create a Jira Ticket -- Connect to the App -- Add Customizations -- Perform Risk Assessment -- Ready for Development -- Deploy Changes and Complete the Ticket - -## Create a Jira Ticket - -1. Login in to your Jira account. -2. Open a Project. -3. Click **Create** (**+**). - - ![Create a Jira ticket](/img/product_docs/platgovnetsuite/integrations/jira_example_create_issue.webp) - -4. Enter your information on the **Create issue** form: - - - **Project**: Select your Project. **NS & SF Jira Demo (SJD)** is selected for this example. - - **Issue Type**: Select your Jira type. **Task** is selected for this example. - - **Summary**: Add a name - - **Description** (optional) - -5. Click **Create**. -6. Alerts and notifications may occur during this walkthrough, and are not included in these steps. - For example, override alert, notifications for approvers, and notification for the change - request. - -## Connect to the App - -1. Open the **Comments** tab and select **Strongpoint Salesforce**. - - ![Accessing the Strongpoint Salesforce app](/img/product_docs/platgovsalesforce/integrations/jira_comments_open_app.webp) - -2. There are two ways to connect: **Login User** or **Connected App** tabs. - - ![Connection options](/img/product_docs/platgovsalesforce/integrations/connection_options.webp) - -### Connected App - -Use the **Connected App** tab if you set up the connected app using the procedure: -[Access Data with API Integration](jira_integration.md#access-data-with-apiintegration) - -1. Open the **Connected App** tab. - - ![Using the connected app](/img/product_docs/platgovsalesforce/integrations/connection_options_app.webp) - -2. Enter the **Consumer Key** and **Consumer Secret**. -3. Click **Is Sandbox account?** if you are logging in to a sandbox. -4. Click **Connect**. If this is the first time you are using the connected app, you are prompted to - select your username. The connected app is configured for you. Once finished, click **Close** on - the confirmation screen. The Strongpoint form is displayed. Your connection persists unless you - click **Change Account** on the integration page. - -If the configuration fails, an error message is displayed. For example, - -> **error=redirect_uri_mismatch** -> -> - The 10 minutes timing slot from Salesforce is not completed yet. Please wait -> - If the error persists, check the [Callback URL](/docs/platgovsalesforce/integrations/jira_integration.md). -> -> - You may have left a space between the two Callback URLs -> - You may have an error in the newly added Callback URL it should be: -> **https://spjira.my.salesforce-sites.com/SpHandleJiraAuth** - -### Login User - -Enter your Salesforce **Username**, **Password** and **Security Token**. If you are using MFA or -SSO: use your SSO Password. The Security token is the changing 6 digit code from your SSO or MFA -app. - -![Enter your Jira credentials](/img/product_docs/platgovsalesforce/integrations/jira_credentials.webp) - -If you do not have your security token, you can use these steps to reset your token: - -1. Log in to your Salesforce account. -2. Open **View Profile** > **Settings**. - ![Open your Salesforce Profile settings](/img/product_docs/platgovsalesforce/integrations/jira_example_settings.webp) -3. Select **Reset My Security Token** from the menu. -4. Click **Reset Security Token**. Check your email for your new token. -5. Click **Sandbox Account?** if you are using your sandbox. -6. Click **Connect**. If the connection is successful, the form is displayed (see Add Customizations - section). The **Synchronized with** status displays the org you are logged into for Salesforce. - -You cannot login if you do not have the **appropriate role permissions to create a change request**. - -If you do not enter the correct credentials, an error is displayed. After six unsuccessful -consecutive attempts to login, your account is suspended for 30 minutes. - -## Add Customizations - -Once you have logged in, the form is displayed. - -![Connection details for the ticket](/img/product_docs/platgovsalesforce/integrations/jira_connection.webp) - -- **Synchronized with** displays the connected Org. Click **Change Account** if you need to switch - Orgs. -- **Policy** is blank until Customizations have been added. The Policy is determined by the - Customization with the strictest policy. -- **Change Level Req** is blank until Customizations have been added. If there are multiple change - levels, the most stringent one is applied. -- **Select Customizations** is where you specify the Customizations you are changing or adding. If - the Customization exists in your account, it is added to the **Select Customizations** list. **Add - Proposed Customizations** are added to the **Proposed Customizations** list. You can delete added - Customizations with the - ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp) icon. -- **View DRD** and **Impact Analysis** are tools to Perform Risk Assessment. -- **Push** creates the Change Request in Salesforce. **Push** is also used to manually update your - Change Request if you are not using the [Automatic Synchronization](/docs/platgovsalesforce/integrations/jira_integration.md) feature. - -### Add Existing Customizations by Name or API Name - -1. Enter all or part of a Name in **Add customization** for **Existing Customizations**. This - example uses **maintenance** as the search string. -2. Click **+** to search for matching Customizations. Hover over **View** to display the **Type** - and **API Name** for a Customization. - - ![Add an existing customization](/img/product_docs/platgovsalesforce/integrations/jira_customization_add.webp) - -3. Select one or more Customizations. This example uses **Maintenance Type (Parent: Account)**, a - customization in the _Strongpoint Demo Org_. -4. Click **Add Selected Customizations**. The selected Customization is added to the **Existing - Customizations** list. - - ![Add an existing customization](/img/product_docs/platgovsalesforce/integrations/jira_example_add_existing.webp) - -5. Enter an **API Name** in **Add customization** for **Existing Customizations** and click **+**. - This example uses **UpsellOpportunities**, an API in the _Strongpoint Demo Org_. -6. The **API Name** is displayed. Select it, and click **Add Selected Customizations**. The selected - Customization is added to the **Existing Customizations** list. This example shows - **UpsellOpportunities (ApexClass)**, an API in the _Strongpoint Demo Org_. - - ![Add an existing customization by API Name](/img/product_docs/platgovsalesforce/integrations/jira_example_add_existing_api.webp) - -### Add Proposed Customizations - -In this procedure, we are adding a new Customization. - -1. Enter a new, valid API Name in the **Add Customization** for **Proposed Customizations** field. - For this example, enter **CustomerPriorities**. -2. Click (**+**) to add it. If the API Name is valid, and does not match an existing API Name, the - new Customization is added to the **Proposed Customizations** list. - - ![Add a proposed customization](/img/product_docs/platgovsalesforce/integrations/jira_example_proposed.webp) - -### Create the Change Request - -Using the Platform Governance for Salesforce Jira integration, your Change Requests are created -automatically when you add a Customization. To setup or update the status mapping, refer to setting -up the **[Jira Statuses](/docs/platgovsalesforce/integrations/jira_integration.md)** procedure. - -1. Change the Jira status of your ticket to match the status set up for **CR In Progress**. For - example, **In Progress**. Refer to setting up the **[Jira Statuses](/docs/platgovsalesforce/integrations/jira_integration.md)** - procedure. -2. Click **Push** to create the Change Request if you are not using the - [Automatic Synchronization](/docs/platgovsalesforce/integrations/jira_integration.md) feature. The change request is created in - Salesforce with the **In Progress** status. -3. Expand the **Change Request** field on the right. The status is now **None/In Progress**. There - is a link to open the Change Request in Salesforce. - - ![Change Request is In Progress](/img/product_docs/platgovsalesforce/integrations/jira_example_in_progress_status.webp) - -Note the **Policy** and **Change Level Req** reflect the most stringent requirement for your -selected customizations, in this example, **Change Request**. - -![Policy and Change Level Req have been updated](/img/product_docs/platgovsalesforce/integrations/jira_example_policy.webp) - -## Perform Risk Assessment - -### Impact Analysis - -The impact analysis tool reviews your customizations for dependencies or risks. Click **Impact -Analysis** to run the tool. Here is an example report showing the Customizations that **Cannot be -Safely Deleted or Modified** tab: - -![Impact analysis report](/img/product_docs/platgovnetsuite/integrations/jira_example_impact_analysis.webp) - -Before proceeding with your changes, review each warning to ensure your change does not break -something. Dependencies can easily be reviewed with the DRD tool. - -### View DRD - -The [Dependency Relationship Diagram](/docs/platgovsalesforce/tools/viewing_drd.md) (DRD) tool graphically displays your -Customizations and all dependencies. - -1. Click **View DRD**. -2. When the diagram opens, you can explore the dependencies to evaluate the effect of your intended - changes. - -![Use the DRD to explore dependencies](/img/product_docs/platgovsalesforce/integrations/jira_example_drd.webp) - -## Ready for Development - -Once you have resolved any risk or conflicts, your changes are ready for development: - -1. Change the Jira status of your ticket to match the status set up for **CR Pending Approval**. For - example, **Selected for Development**. -2. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovsalesforce/integrations/jira_integration.md) to push - status changes. -3. Expand the **Change Request** field on the right. The status is now **Pending Approval / In - Progress**. There is a link to open the Change Request in Salesforce. - - ![Change Request in Pending Approval](/img/product_docs/platgovsalesforce/integrations/jira_example_pending_approval_status.webp) - -4. Click the **Go To Record** link to view the Change Request. - - ![Change Request is In Progress / Pending Approval](/img/product_docs/platgovsalesforce/integrations/jira_example_pending_approval_change_request.webp) - -## Deploy Changes and Complete the Ticket - -When development is done, and the Change Request is approved according to your policy, the Jira -ticket is ready to be updated. - -1. Expand the **Change Request** field on the right. The status is **Approved / In Progress**. - - ![Change Request is approved](/img/product_docs/platgovsalesforce/integrations/jira_example_approved_status.webp) - -2. Change the Jira status of your ticket to match the status set up for **CR Approved**. For - example, **Ready for Deployment**. -3. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovsalesforce/integrations/jira_integration.md) to push - status changes. -4. Once your deployment and verification activities are complete, change the Jira status of your - ticket to match the status set up **CR Complete**. For example, **Done**. - -If you open the Change Request in Salesforce: - -- All Customizations added from Jira are displayed. -- **Change Overview** is set to the Jira ticket description. -- **Change Type** is **Jira**, and **External Change Request Number** is the Ticket number. -- Change Request shows as **Completed**. -- **External Created By**: is the user that created the Jira ticket . -- **External last Modified by**: is the last user who modified the Jira ticket. - - ![user_guide_example](/img/product_docs/platgovsalesforce/integrations/user_guide_example.webp) diff --git a/docs/platgovsalesforce/integrations/jiraintegration/_category_.json b/docs/platgovsalesforce/integrations/jiraintegration/_category_.json new file mode 100644 index 0000000000..752014fd9e --- /dev/null +++ b/docs/platgovsalesforce/integrations/jiraintegration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Set Up the Jira Integration", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "jira_integration" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/integrations/finding_change_requests_from_jira.md b/docs/platgovsalesforce/integrations/jiraintegration/finding_change_requests_from_jira.md similarity index 81% rename from docs/platgovsalesforce/integrations/finding_change_requests_from_jira.md rename to docs/platgovsalesforce/integrations/jiraintegration/finding_change_requests_from_jira.md index d8eb689fdd..ba8e7ff668 100644 --- a/docs/platgovsalesforce/integrations/finding_change_requests_from_jira.md +++ b/docs/platgovsalesforce/integrations/jiraintegration/finding_change_requests_from_jira.md @@ -1,3 +1,9 @@ +--- +title: "Find Change Requests from Jira" +description: "Find Change Requests from Jira" +sidebar_position: 30 +--- + # Find Change Requests from Jira To find your change requests that originated in Jira: diff --git a/docs/platgovsalesforce/integrations/jira_field_map.md b/docs/platgovsalesforce/integrations/jiraintegration/jira_field_map.md similarity index 98% rename from docs/platgovsalesforce/integrations/jira_field_map.md rename to docs/platgovsalesforce/integrations/jiraintegration/jira_field_map.md index 518b12f322..c0aab8daf1 100644 --- a/docs/platgovsalesforce/integrations/jira_field_map.md +++ b/docs/platgovsalesforce/integrations/jiraintegration/jira_field_map.md @@ -1,3 +1,9 @@ +--- +title: "Jira Field Mapping" +description: "Jira Field Mapping" +sidebar_position: 10 +--- + # Jira Field Mapping The Jira Field Mapping tool maps a Jira field to a Netwrix Change Request. To access the Field diff --git a/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md b/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md new file mode 100644 index 0000000000..fe390cf720 --- /dev/null +++ b/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md @@ -0,0 +1,205 @@ +--- +title: "Set Up the Jira Integration" +description: "Set Up the Jira Integration" +sidebar_position: 10 +--- + +# Set Up the Jira Integration + +Platform Governance for Salesforce's Change Enablement capabilities are integrated with Jira, one of +the most popular issue ticketing and development project management systems. Customers are able to +look for and include Salesforce Customizations, assess impacts for requested changes, and push Jira +change tickets into a Change Request. This enables easy management of changes, seamless tracking of +compliant changes and automating the reconciliation of change logs during an audit. + +User benefits include: + +- Avoid duplicate effort of creating tickets in two different systems. +- Perform impact analysis assessment. +- Navigate to DRD views. +- Enable automatic synchronization of Jira and Platform Governance for Salesforce change tickets. + +Change Requests are not automatically created, as not all tickets result in a Change Request. +Tickets must be pushed to Platform Governance for Salesforce to begin the process. If Automatic +Synchronization is turned on, then changes to the Status and Customizations are synchronized between +Jira and Platform Governance for Salesforce without the need to keep manually pushing the changes. + +To set up the Jira integration: + +1. Review Your Jira Statuses +2. Install the App +3. Set Up Jira Cloud Integration Credentials +4. Set Up Status Mapping + +You can map custom fields between Change Requests and Jira. Refer to +[Jira Field Mapping](/docs/platgovsalesforce/integrations/jiraintegration/jira_field_map.md) for details. + +## Review Your Jira Statuses + +To take advantage of the automatic synchronization feature, we recommend reviewing your Jira +statuses to be mapped to the Change Request statuses. When a ticket status is updated to a mapped +status, Platform Governance for Salesforce handles the synchronization between Jira and Salesforce. + +The mapping allows multiple Jira statuses to map to each Change Request status. +The mapping is part of the Set Up Status Mapping procedure. + +Refer to the Atlassian documentation for instructions on +[Defining status field values](https://confluence.atlassian.com/adminjiraserver070/defining-status-field-values-749382903.html?_ga=2.262596428.1900070949.1572132057-2138500458.1540834491). + +## Install the App + +Use the Jira Cloud Installation, then complete the Access Data with API Integration or Set Up Jira +Cloud Integration Credentials after installing the app. + +### Jira Cloud Installation + +You must be a Jira system administrator to install the **Strongpoint for Salesforce** app. Contact +your Jira system administrator if you do not have administrative permissions. + +1. Open your **Jira Software Dashboard**. +2. Select **Apps** > **Explore more Apps >** +3. Search for **Strongpoint**. + + ![Strongpoint apps in the Jira Marketplace](/img/product_docs/platgovsalesforce/integrations/jira_marketplace.webp) + +4. Click **Strongpoint for Salesforce** to install the app. + +#### Access Data with API Integration + +You can use a connected app to request access to Salesforce data. These steps connect your Jira +Cloud app to your Salesforce instance. + +For a connected app to request access, it must be integrated with the Salesforce API using the OAuth +2.0 protocol. OAuth 2.0 is an open protocol that authorizes secure data sharing between applications +through the exchange of tokens. + +Configure the connected app: + +1. Log in to your Salesforce org. +2. Open the Connected App: + **Setup** > **Apps** > **App Manager** > **Strongpoint** (where **App Type** = **Connected**) + + ![Open the Strongpoint Connected App](/img/product_docs/platgovsalesforce/integrations/connected_app.webp) + +3. Click the drop down arrow on the right side and select **Edit**. +4. Set the **Callback URL** to **https://spjira.my.salesforce-sites.com/SpHandleJiraAuth** +5. These **Oauth Scopes** must be selected: + **Full access (full)** + **Perform requests at any time (refresh_token, offline_access)** +6. Click **Save**. + + Your connected app requires 2-10 minutes after you save before it is available. + +7. Click **Manage Consumer Details**. + + ![Click Manage Consumer Details](/img/product_docs/platgovsalesforce/integrations/manage_consumer_details.webp) + +8. Copy the Consumer Key and the Consumer Secret codes to a clipboard. You are prompted for this + information when you use the app. + +If you do not use a connected app, you can set up Jira Cloud Integration Credentials as an +alternative. + +#### Set Up Jira Cloud Integration Credentials + +1. From the Netwrix Dashboard: click **Configuration and Stats** in the **Resources** section, or + open **Settings** > **Configuration and Stats**. +2. Open the **Jira Configuration** tab. + + ![Open the credentials](/img/product_docs/platgovsalesforce/integrations/jira_sp_credentials.webp) + +3. Enter your credentials: + + - **Jira Username** is your Jira login email associated with your Jira API token. + - **Jira Token** is your Jira API token. If you do not have your token, follow the steps in the + [Atlassian](https://confluence.atlassian.com/cloud/api-tokens-938839638.html) documentation. + - **Jira Account Name** is the _company specific part_ of the Jira site URL + (**https://\_**JiraAccountName**\_.atlassian.net**). Only enter the _JiraAccountName_, not the + entire URL. + - **Site URL** is **https://site.force.secure.com** + +4. Click **Save**. + +#### Restricting Access to a Project + +By default, all projects are visible for the Jira Platform Governance for Salesforce integration. +You can restrict this by project or profile. + +Users opening a restricted project receive a information message, instructions for enabling access, +and a link to this topic. Follow the instructions for Restricting Access to a Project or Setting +Groups/Profiles Visibility to grant the user appropriate access. + +> _The Strongpoint Salesforce Integration is not supported for this project._ + +1. Open a Jira project. + + ![Open a project](/img/product_docs/platgovsalesforce/integrations/jira_restrict_access1.webp) + +2. Select **Strongpoint Sf Settings**. +3. Select the **Project Visability Settings** tab. +4. Enter the name of the project in the **Visibility Settings**. The specified project is the only + one that is available to the Platform Governance for Salesforce integration. Leave **Visibility + Settings** blank to allow all projects access. +5. Click **Save**. + +Only the specified project has access to the Platform Governance for Salesforce Jira installation. +If **Visibility Settings** is blank, all projects have access. + +#### Setting Groups/Profiles Visibility + +Access to the Jira Platform Governance for Salesforce integration can also be performed with Profile +groups. + +Users opening a restricted project receive a information message, instructions for enabling access, +and a link to this topic. Follow the instructions for Restricting Access to a Project or Setting +Groups/Profiles Visibility to grant the user appropriate access. + +> _The Strongpoint Salesforce Integration is not supported for this project._ + +1. Open a Jira project. +2. Select **Strongpoint Sf Settings**. +3. Select the **Profile Visability Settings** tab. There are two lists: + **Existing Groups** are all of the current groups in Jira + **Selected Groups** are groups that can see the Platform Governance for Salesforce Jira + integration. If **Selected Groups** is blank, all groups have access to the integration. + + ![Profile Visibility Settings](/img/product_docs/platgovsalesforce/integrations/profile_visability1.webp) + +4. Select an existing group and click **Add** to include it as a **Selected Group**. To remove a + group from the selected list, select it and click **Remove**. If **Selected Groups** is blank, + all groups have access to the integration. If there are one or more groups, then access is + restricted to the specified group. + +## Set Up Status Mapping + +1. From the Netwrix Dashboard: click **Configuration and Stats** in the **Resources** section, or + open **Settings** > **Configuration and Stats**. +2. Open the **Jira Configuration** tab. +3. Open the **Status Mapping** tab. + + ![Set up the Jira status mappings for Change Request status](/img/product_docs/platgovsalesforce/integrations/jira_status_settings.webp) + +4. Enter the mappings between your Jira statuses and the Change Request statuses. You must define + your Jira statuses prior to this step. You can enter multiple Jira statuses for each Change + Request status, separated by commas. For example, **In Progress, Backlog**. Assign your mapping + for each of the Change Request statuses: + + - **Approved Values** + - **Complete Values** + - **In Progress Values** + - **Pending Approval Values** + - **Rejected Values** + +5. Check **Is Automatic Sync** to enable Platform Governance for Salesforce to handle the + synchronization between Jira and Salesforce when a Ticket status is updated to a mapped status. + without having to click **Push**. If you are using an org where you do not want to create a + Change Request, leave this unchecked so you can do your research or testing without generating + Change Requests. +6. Change Requests are not automatically created, as not all tickets result in a Change Request. + Tickets must be pushed to Platform Governance for Salesforce to begin the process. If Automatic + Synchronization is turned on, then changes to the Status and Customizations are synchronized + between Jira and Platform Governance for Salesforce without the need to keep manually pushing the + changes. +7. Click **Save**. + +**Next Step:** [Jira Walkthrough Example](/docs/platgovsalesforce/integrations/jiraintegration/jira_walkthrough_example.md) diff --git a/docs/platgovsalesforce/integrations/jiraintegration/jira_troubleshooting.md b/docs/platgovsalesforce/integrations/jiraintegration/jira_troubleshooting.md new file mode 100644 index 0000000000..721bc71076 --- /dev/null +++ b/docs/platgovsalesforce/integrations/jiraintegration/jira_troubleshooting.md @@ -0,0 +1,79 @@ +--- +title: "Jira Integration Troubleshooting" +description: "Jira Integration Troubleshooting" +sidebar_position: 50 +--- + +# Jira Integration Troubleshooting + +Jira Integration errors + +## Error with Jira Credentials + +Error message: + +_Please verify your Jira Credentials. Go to_ **Netwrix Dashboard** _>_ **Configurations and Stats** +_>_ **Jira Configuration** _>_ **Credentials** + +Solution: + +Refer to [Credentials](/docs/platgovsalesforce/installingstrongpoint/config_and_stats.md#credentials) for more +information on entering your credentials. + +## Error with Mapping Jira Statuses + +Error message: + +_Please verify your Jira Credentials. Go to_ **Netwrix Dashboard** _>_ **Configurations and Stats** +_>_ **Jira Configuration** _->_ **Status Mapping** + +Solution: + +Refer to [Status Mapping](/docs/platgovsalesforce/installingstrongpoint/config_and_stats.md#status-mapping) for more +information on mapping your statuses. + +## Error with Salesforce Credentials + +Error message: + +Please verify Your User Credentials: It may be an Invalid username, wrong password, or invalid +security token. + +If you are using Salesforce Authenticator, please update it to the most recent Six-digit code. + +Or please verify that the user is not locked. + +Solution: + +Check the user's information in Salesforce. + +## Error with Connected App Key + +Error message: + +error=invalid_client_id&error_description=client%20identifier%20invalid + +Refer to [Access Data with API Integration](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md#access-data-with-apiintegration) for +more information on setting up the connected app. + +## Error with Consumer Secret + +Error message: + +Please verify the Consumers Secret from the Connected App. + +Solution: + +Refer to [Credentials](/docs/platgovsalesforce/installingstrongpoint/config_and_stats.md#credentials) for more +information on entering your credentials + +## URL Errors + +Error message: + +error=redirect_uri_mismatch + +Solution: + +Refer to [Connected App](jira_walkthrough_example.md#connected-app) Connected App for more +information on setting up the connected app. diff --git a/docs/platgovsalesforce/integrations/jiraintegration/jira_upload_addon_not_showing.md b/docs/platgovsalesforce/integrations/jiraintegration/jira_upload_addon_not_showing.md new file mode 100644 index 0000000000..d45108da1a --- /dev/null +++ b/docs/platgovsalesforce/integrations/jiraintegration/jira_upload_addon_not_showing.md @@ -0,0 +1,18 @@ +--- +title: "Jira Upload Add On Not Showing" +description: "Jira Upload Add On Not Showing" +sidebar_position: 40 +--- + +# Jira Upload Add On Not Showing + +If the Upload add on is not shown on your screen, you are either not a Jira administrator or you +have not checked **Enable development mode**. + +To enable development mode: + +1. Open Jira. +2. Click **Settings** +3. Click **Enable development mode** + +![Jira Enable Development Mode](/img/product_docs/platgovnetsuite/integrations/jira_enable_dev_mode.webp) diff --git a/docs/platgovsalesforce/integrations/jiraintegration/jira_walkthrough_example.md b/docs/platgovsalesforce/integrations/jiraintegration/jira_walkthrough_example.md new file mode 100644 index 0000000000..904612b9c7 --- /dev/null +++ b/docs/platgovsalesforce/integrations/jiraintegration/jira_walkthrough_example.md @@ -0,0 +1,248 @@ +--- +title: "Jira Walkthrough Example" +description: "Jira Walkthrough Example" +sidebar_position: 20 +--- + +# Jira Walkthrough Example + +This walkthrough is one example based on our test account. You must +[install and configure](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md) the Platform Governance for Salesforce Salesforce Jira +integration, including setting up the **[Jira Statuses](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md)** prior to using this +walkthrough. + +The walkthrough demonstrates these steps: + +- Create a Jira Ticket +- Connect to the App +- Add Customizations +- Perform Risk Assessment +- Ready for Development +- Deploy Changes and Complete the Ticket + +## Create a Jira Ticket + +1. Login in to your Jira account. +2. Open a Project. +3. Click **Create** (**+**). + + ![Create a Jira ticket](/img/product_docs/platgovnetsuite/integrations/jira_example_create_issue.webp) + +4. Enter your information on the **Create issue** form: + + - **Project**: Select your Project. **NS & SF Jira Demo (SJD)** is selected for this example. + - **Issue Type**: Select your Jira type. **Task** is selected for this example. + - **Summary**: Add a name + - **Description** (optional) + +5. Click **Create**. +6. Alerts and notifications may occur during this walkthrough, and are not included in these steps. + For example, override alert, notifications for approvers, and notification for the change + request. + +## Connect to the App + +1. Open the **Comments** tab and select **Strongpoint Salesforce**. + + ![Accessing the Strongpoint Salesforce app](/img/product_docs/platgovsalesforce/integrations/jira_comments_open_app.webp) + +2. There are two ways to connect: **Login User** or **Connected App** tabs. + + ![Connection options](/img/product_docs/platgovsalesforce/integrations/connection_options.webp) + +### Connected App + +Use the **Connected App** tab if you set up the connected app using the procedure: +[Access Data with API Integration](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md#access-data-with-apiintegration) + +1. Open the **Connected App** tab. + + ![Using the connected app](/img/product_docs/platgovsalesforce/integrations/connection_options_app.webp) + +2. Enter the **Consumer Key** and **Consumer Secret**. +3. Click **Is Sandbox account?** if you are logging in to a sandbox. +4. Click **Connect**. If this is the first time you are using the connected app, you are prompted to + select your username. The connected app is configured for you. Once finished, click **Close** on + the confirmation screen. The Strongpoint form is displayed. Your connection persists unless you + click **Change Account** on the integration page. + +If the configuration fails, an error message is displayed. For example, + +> **error=redirect_uri_mismatch** +> +> - The 10 minutes timing slot from Salesforce is not completed yet. Please wait +> - If the error persists, check the [Callback URL](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md). +> +> - You may have left a space between the two Callback URLs +> - You may have an error in the newly added Callback URL it should be: +> **https://spjira.my.salesforce-sites.com/SpHandleJiraAuth** + +### Login User + +Enter your Salesforce **Username**, **Password** and **Security Token**. If you are using MFA or +SSO: use your SSO Password. The Security token is the changing 6 digit code from your SSO or MFA +app. + +![Enter your Jira credentials](/img/product_docs/platgovsalesforce/integrations/jira_credentials.webp) + +If you do not have your security token, you can use these steps to reset your token: + +1. Log in to your Salesforce account. +2. Open **View Profile** > **Settings**. + ![Open your Salesforce Profile settings](/img/product_docs/platgovsalesforce/integrations/jira_example_settings.webp) +3. Select **Reset My Security Token** from the menu. +4. Click **Reset Security Token**. Check your email for your new token. +5. Click **Sandbox Account?** if you are using your sandbox. +6. Click **Connect**. If the connection is successful, the form is displayed (see Add Customizations + section). The **Synchronized with** status displays the org you are logged into for Salesforce. + +You cannot login if you do not have the **appropriate role permissions to create a change request**. + +If you do not enter the correct credentials, an error is displayed. After six unsuccessful +consecutive attempts to login, your account is suspended for 30 minutes. + +## Add Customizations + +Once you have logged in, the form is displayed. + +![Connection details for the ticket](/img/product_docs/platgovsalesforce/integrations/jira_connection.webp) + +- **Synchronized with** displays the connected Org. Click **Change Account** if you need to switch + Orgs. +- **Policy** is blank until Customizations have been added. The Policy is determined by the + Customization with the strictest policy. +- **Change Level Req** is blank until Customizations have been added. If there are multiple change + levels, the most stringent one is applied. +- **Select Customizations** is where you specify the Customizations you are changing or adding. If + the Customization exists in your account, it is added to the **Select Customizations** list. **Add + Proposed Customizations** are added to the **Proposed Customizations** list. You can delete added + Customizations with the + ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp) icon. +- **View DRD** and **Impact Analysis** are tools to Perform Risk Assessment. +- **Push** creates the Change Request in Salesforce. **Push** is also used to manually update your + Change Request if you are not using the [Automatic Synchronization](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md) feature. + +### Add Existing Customizations by Name or API Name + +1. Enter all or part of a Name in **Add customization** for **Existing Customizations**. This + example uses **maintenance** as the search string. +2. Click **+** to search for matching Customizations. Hover over **View** to display the **Type** + and **API Name** for a Customization. + + ![Add an existing customization](/img/product_docs/platgovsalesforce/integrations/jira_customization_add.webp) + +3. Select one or more Customizations. This example uses **Maintenance Type (Parent: Account)**, a + customization in the _Strongpoint Demo Org_. +4. Click **Add Selected Customizations**. The selected Customization is added to the **Existing + Customizations** list. + + ![Add an existing customization](/img/product_docs/platgovsalesforce/integrations/jira_example_add_existing.webp) + +5. Enter an **API Name** in **Add customization** for **Existing Customizations** and click **+**. + This example uses **UpsellOpportunities**, an API in the _Strongpoint Demo Org_. +6. The **API Name** is displayed. Select it, and click **Add Selected Customizations**. The selected + Customization is added to the **Existing Customizations** list. This example shows + **UpsellOpportunities (ApexClass)**, an API in the _Strongpoint Demo Org_. + + ![Add an existing customization by API Name](/img/product_docs/platgovsalesforce/integrations/jira_example_add_existing_api.webp) + +### Add Proposed Customizations + +In this procedure, we are adding a new Customization. + +1. Enter a new, valid API Name in the **Add Customization** for **Proposed Customizations** field. + For this example, enter **CustomerPriorities**. +2. Click (**+**) to add it. If the API Name is valid, and does not match an existing API Name, the + new Customization is added to the **Proposed Customizations** list. + + ![Add a proposed customization](/img/product_docs/platgovsalesforce/integrations/jira_example_proposed.webp) + +### Create the Change Request + +Using the Platform Governance for Salesforce Jira integration, your Change Requests are created +automatically when you add a Customization. To setup or update the status mapping, refer to setting +up the **[Jira Statuses](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md)** procedure. + +1. Change the Jira status of your ticket to match the status set up for **CR In Progress**. For + example, **In Progress**. Refer to setting up the **[Jira Statuses](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md)** + procedure. +2. Click **Push** to create the Change Request if you are not using the + [Automatic Synchronization](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md) feature. The change request is created in + Salesforce with the **In Progress** status. +3. Expand the **Change Request** field on the right. The status is now **None/In Progress**. There + is a link to open the Change Request in Salesforce. + + ![Change Request is In Progress](/img/product_docs/platgovsalesforce/integrations/jira_example_in_progress_status.webp) + +Note the **Policy** and **Change Level Req** reflect the most stringent requirement for your +selected customizations, in this example, **Change Request**. + +![Policy and Change Level Req have been updated](/img/product_docs/platgovsalesforce/integrations/jira_example_policy.webp) + +## Perform Risk Assessment + +### Impact Analysis + +The impact analysis tool reviews your customizations for dependencies or risks. Click **Impact +Analysis** to run the tool. Here is an example report showing the Customizations that **Cannot be +Safely Deleted or Modified** tab: + +![Impact analysis report](/img/product_docs/platgovnetsuite/integrations/jira_example_impact_analysis.webp) + +Before proceeding with your changes, review each warning to ensure your change does not break +something. Dependencies can easily be reviewed with the DRD tool. + +### View DRD + +The [Dependency Relationship Diagram](/docs/platgovsalesforce/tools/viewing_drd.md) (DRD) tool graphically displays your +Customizations and all dependencies. + +1. Click **View DRD**. +2. When the diagram opens, you can explore the dependencies to evaluate the effect of your intended + changes. + +![Use the DRD to explore dependencies](/img/product_docs/platgovsalesforce/integrations/jira_example_drd.webp) + +## Ready for Development + +Once you have resolved any risk or conflicts, your changes are ready for development: + +1. Change the Jira status of your ticket to match the status set up for **CR Pending Approval**. For + example, **Selected for Development**. +2. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md) to push + status changes. +3. Expand the **Change Request** field on the right. The status is now **Pending Approval / In + Progress**. There is a link to open the Change Request in Salesforce. + + ![Change Request in Pending Approval](/img/product_docs/platgovsalesforce/integrations/jira_example_pending_approval_status.webp) + +4. Click the **Go To Record** link to view the Change Request. + + ![Change Request is In Progress / Pending Approval](/img/product_docs/platgovsalesforce/integrations/jira_example_pending_approval_change_request.webp) + +## Deploy Changes and Complete the Ticket + +When development is done, and the Change Request is approved according to your policy, the Jira +ticket is ready to be updated. + +1. Expand the **Change Request** field on the right. The status is **Approved / In Progress**. + + ![Change Request is approved](/img/product_docs/platgovsalesforce/integrations/jira_example_approved_status.webp) + +2. Change the Jira status of your ticket to match the status set up for **CR Approved**. For + example, **Ready for Deployment**. +3. Click **Push** if you are not using [Automatic Synchronization](/docs/platgovsalesforce/integrations/jiraintegration/jira_integration.md) to push + status changes. +4. Once your deployment and verification activities are complete, change the Jira status of your + ticket to match the status set up **CR Complete**. For example, **Done**. + +If you open the Change Request in Salesforce: + +- All Customizations added from Jira are displayed. +- **Change Overview** is set to the Jira ticket description. +- **Change Type** is **Jira**, and **External Change Request Number** is the Ticket number. +- Change Request shows as **Completed**. +- **External Created By**: is the user that created the Jira ticket . +- **External last Modified by**: is the last user who modified the Jira ticket. + + ![user_guide_example](/img/product_docs/platgovsalesforce/integrations/user_guide_example.webp) diff --git a/docs/platgovsalesforce/release_management/release_management_overview.md b/docs/platgovsalesforce/release_management/release_management_overview.md deleted file mode 100644 index 6eaafec693..0000000000 --- a/docs/platgovsalesforce/release_management/release_management_overview.md +++ /dev/null @@ -1,16 +0,0 @@ -# Release Management Overview - -Platform Governance for Salesforce’s release management assists with planning, scheduling and -controlling the movement of your deployments from your development and testing to production -environments. The process ensures your production environment is protected and the correct -deployments are released. - -Release Management is enabled for Intelligent Change Management and Enterprise Compliance Licenses. - -> [Deployments](/docs/platgovsalesforce/release_management/deployments.md): Documents your deployment process so you can safely moves -> deployments from one environment to another. -> -> [Rollback](/docs/platgovsalesforce/release_management/rollback.md): Enables you to safely rollback your deployments. -> -> [Multiple Environment Deployment](/docs/platgovsalesforce/release_management/multiple_environments.md): Manages changes between your -> Production, Development and Testing accounts. diff --git a/docs/platgovsalesforce/release_management/rollback.md b/docs/platgovsalesforce/release_management/rollback.md deleted file mode 100644 index 75e5edcf63..0000000000 --- a/docs/platgovsalesforce/release_management/rollback.md +++ /dev/null @@ -1,60 +0,0 @@ -# Rollback - -When deploying changes in a single Salesforce environment, you may find instances where you need to -rollback to a previous state after a deployment. Platform Governance for Salesforce's rollback tool -gives you the flexibility of rolling back all or selected components of your deployment,enabling you -to take action on a specific problem. There are two steps: - -> Create the Rollback Record -> -> Execute and Validate the Rollback - -## Create the Rollback Record - -The Deployment Record status must be **Completed** to be eligible for Rollback. - -1. Open the Deployment Record to rollback. To locate the record, click **Change Requests** and - change the view to **Deployments**. -2. Click **Rollback** - - ![Rollback button is only available for Completed Deployment Records](/img/product_docs/platgovsalesforce/release_management/rollback_button.webp) - -3. Click **Test Connection** to ensure your credentials are working. If your credentials are not - correct, you can click on **Save Credentials** and edit. - - ![Rollback selected customizations](/img/product_docs/platgovsalesforce/release_management/rollback_selected.webp) - -4. By default, all of the customizations are selected for rollback. Deselect any customizations to - keep. The **Rollback Type** specifies the effect of the rollback: - - - **Delete**: If a customization was created during the deployment, it is deleted during the - rollback. - - **Override**: If a customization existed in the target environment and was changed during - deployment, it is reset to the previous version. - -5. Click **Rollback Selected Customizations**. The **Rollback Confirmation** is displayed. - - ![Rollback confirmation](/img/product_docs/platgovsalesforce/release_management/rollback_confirmation.webp) - -6. Click **Yes** to continue. A Rollback Record is created. -7. Click **Submit for Approval** on the Rollback Record. - -## Execute and Validate the Rollback - -The Rollback Record must be approved before it can be executed. - -1. Open the Rollback Record. To locate the record, click **Change Requests** and change the view to - **Deployments**. -2. Click **Test Connection** to ensure your credentials are working. -3. Click **Execute Rollback**. A Confirmation is displayed. Click **Yes** to continue. -4. When the rollback is complete, click **Validate Rollback**. - - ![Validate the Rollback](/img/product_docs/platgovsalesforce/release_management/rollback_validation.webp) - -5. Open **Netwrix Dashboard** > **Reports** > **Release and Deployment** > **Rollback Logs** - You can use **Customize** to add the **Status** column to your report. Here is an example of a - failed rollback [deployment log](/docs/platgovsalesforce/release_management/deployment_logs.md). - - ![Review the Rollback log](/img/product_docs/platgovsalesforce/release_management/rollback_log.webp) - -6. Click on the report to open it. Check the **Notes & Attachments** for a rollback validation file. diff --git a/docs/platgovsalesforce/releasemanagement/_category_.json b/docs/platgovsalesforce/releasemanagement/_category_.json new file mode 100644 index 0000000000..6bb3380218 --- /dev/null +++ b/docs/platgovsalesforce/releasemanagement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Release Management Overview", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "release_management_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/release_management/deployment_logs.md b/docs/platgovsalesforce/releasemanagement/deployment_logs.md similarity index 97% rename from docs/platgovsalesforce/release_management/deployment_logs.md rename to docs/platgovsalesforce/releasemanagement/deployment_logs.md index 1f7d9c2f1f..b15121a502 100644 --- a/docs/platgovsalesforce/release_management/deployment_logs.md +++ b/docs/platgovsalesforce/releasemanagement/deployment_logs.md @@ -1,3 +1,9 @@ +--- +title: "Deployment Logs" +description: "Deployment Logs" +sidebar_position: 30 +--- + # Deployment Logs The deployment log is attached to the Deployment Record on the **Related Lists** tab. You can also diff --git a/docs/platgovsalesforce/release_management/deployments.md b/docs/platgovsalesforce/releasemanagement/deployments.md similarity index 95% rename from docs/platgovsalesforce/release_management/deployments.md rename to docs/platgovsalesforce/releasemanagement/deployments.md index c97f3fd5a4..4cef5cffcd 100644 --- a/docs/platgovsalesforce/release_management/deployments.md +++ b/docs/platgovsalesforce/releasemanagement/deployments.md @@ -1,3 +1,9 @@ +--- +title: "Deployments" +description: "Deployments" +sidebar_position: 10 +--- + # Deployments Your deployments can be documented across your test environment(s) to your production @@ -76,7 +82,7 @@ These steps can be completed after the deployment record is approved. When the deployment process is finished: -1. Check the [Deployment Logs](/docs/platgovsalesforce/release_management/deployment_logs.md). +1. Check the [Deployment Logs](/docs/platgovsalesforce/releasemanagement/deployment_logs.md). 2. Fix any errors and repeat the deployment if needed. 3. Once the deployment is successful, open the change request and set the status to **Completed**. diff --git a/docs/platgovsalesforce/release_management/multiple_env_deployment_tracking.md b/docs/platgovsalesforce/releasemanagement/multiple_env_deployment_tracking.md similarity index 95% rename from docs/platgovsalesforce/release_management/multiple_env_deployment_tracking.md rename to docs/platgovsalesforce/releasemanagement/multiple_env_deployment_tracking.md index f775d0210c..ca35f87164 100644 --- a/docs/platgovsalesforce/release_management/multiple_env_deployment_tracking.md +++ b/docs/platgovsalesforce/releasemanagement/multiple_env_deployment_tracking.md @@ -1,3 +1,9 @@ +--- +title: "Multiple Environment Deployment Tracking" +description: "Multiple Environment Deployment Tracking" +sidebar_position: 50 +--- + # Multiple Environment Deployment Tracking A best practice is to create change requests in your production account so that they are not lost, @@ -114,7 +120,7 @@ These steps can be completed after the deployment record is approved. When the deployment process is finished: -1. Check the [Deployment Logs](/docs/platgovsalesforce/release_management/deployment_logs.md). +1. Check the [Deployment Logs](/docs/platgovsalesforce/releasemanagement/deployment_logs.md). 2. Fix any errors and repeat the deployment if needed. 3. Once the deployment is successful, open the change request and set the status to **Completed**. diff --git a/docs/platgovsalesforce/release_management/multiple_environments.md b/docs/platgovsalesforce/releasemanagement/multiple_environments.md similarity index 95% rename from docs/platgovsalesforce/release_management/multiple_environments.md rename to docs/platgovsalesforce/releasemanagement/multiple_environments.md index 933b0e84c1..3f763e3f96 100644 --- a/docs/platgovsalesforce/release_management/multiple_environments.md +++ b/docs/platgovsalesforce/releasemanagement/multiple_environments.md @@ -1,3 +1,9 @@ +--- +title: "Multiple Environment Deployments" +description: "Multiple Environment Deployments" +sidebar_position: 40 +--- + # Multiple Environment Deployments Multiple Environment Deployment Tracking helps you manage changes between your Production and diff --git a/docs/platgovsalesforce/releasemanagement/release_management_overview.md b/docs/platgovsalesforce/releasemanagement/release_management_overview.md new file mode 100644 index 0000000000..9d652408c6 --- /dev/null +++ b/docs/platgovsalesforce/releasemanagement/release_management_overview.md @@ -0,0 +1,22 @@ +--- +title: "Release Management Overview" +description: "Release Management Overview" +sidebar_position: 110 +--- + +# Release Management Overview + +Platform Governance for Salesforce’s release management assists with planning, scheduling and +controlling the movement of your deployments from your development and testing to production +environments. The process ensures your production environment is protected and the correct +deployments are released. + +Release Management is enabled for Intelligent Change Management and Enterprise Compliance Licenses. + +> [Deployments](/docs/platgovsalesforce/releasemanagement/deployments.md): Documents your deployment process so you can safely moves +> deployments from one environment to another. +> +> [Rollback](/docs/platgovsalesforce/releasemanagement/rollback.md): Enables you to safely rollback your deployments. +> +> [Multiple Environment Deployment](/docs/platgovsalesforce/releasemanagement/multiple_environments.md): Manages changes between your +> Production, Development and Testing accounts. diff --git a/docs/platgovsalesforce/releasemanagement/rollback.md b/docs/platgovsalesforce/releasemanagement/rollback.md new file mode 100644 index 0000000000..161e9587b1 --- /dev/null +++ b/docs/platgovsalesforce/releasemanagement/rollback.md @@ -0,0 +1,66 @@ +--- +title: "Rollback" +description: "Rollback" +sidebar_position: 20 +--- + +# Rollback + +When deploying changes in a single Salesforce environment, you may find instances where you need to +rollback to a previous state after a deployment. Platform Governance for Salesforce's rollback tool +gives you the flexibility of rolling back all or selected components of your deployment,enabling you +to take action on a specific problem. There are two steps: + +> Create the Rollback Record +> +> Execute and Validate the Rollback + +## Create the Rollback Record + +The Deployment Record status must be **Completed** to be eligible for Rollback. + +1. Open the Deployment Record to rollback. To locate the record, click **Change Requests** and + change the view to **Deployments**. +2. Click **Rollback** + + ![Rollback button is only available for Completed Deployment Records](/img/product_docs/platgovsalesforce/release_management/rollback_button.webp) + +3. Click **Test Connection** to ensure your credentials are working. If your credentials are not + correct, you can click on **Save Credentials** and edit. + + ![Rollback selected customizations](/img/product_docs/platgovsalesforce/release_management/rollback_selected.webp) + +4. By default, all of the customizations are selected for rollback. Deselect any customizations to + keep. The **Rollback Type** specifies the effect of the rollback: + + - **Delete**: If a customization was created during the deployment, it is deleted during the + rollback. + - **Override**: If a customization existed in the target environment and was changed during + deployment, it is reset to the previous version. + +5. Click **Rollback Selected Customizations**. The **Rollback Confirmation** is displayed. + + ![Rollback confirmation](/img/product_docs/platgovsalesforce/release_management/rollback_confirmation.webp) + +6. Click **Yes** to continue. A Rollback Record is created. +7. Click **Submit for Approval** on the Rollback Record. + +## Execute and Validate the Rollback + +The Rollback Record must be approved before it can be executed. + +1. Open the Rollback Record. To locate the record, click **Change Requests** and change the view to + **Deployments**. +2. Click **Test Connection** to ensure your credentials are working. +3. Click **Execute Rollback**. A Confirmation is displayed. Click **Yes** to continue. +4. When the rollback is complete, click **Validate Rollback**. + + ![Validate the Rollback](/img/product_docs/platgovsalesforce/release_management/rollback_validation.webp) + +5. Open **Netwrix Dashboard** > **Reports** > **Release and Deployment** > **Rollback Logs** + You can use **Customize** to add the **Status** column to your report. Here is an example of a + failed rollback [deployment log](/docs/platgovsalesforce/releasemanagement/deployment_logs.md). + + ![Review the Rollback log](/img/product_docs/platgovsalesforce/release_management/rollback_log.webp) + +6. Click on the report to open it. Check the **Notes & Attachments** for a rollback validation file. diff --git a/docs/platgovsalesforce/reports/_category_.json b/docs/platgovsalesforce/reports/_category_.json new file mode 100644 index 0000000000..48a7e80e3b --- /dev/null +++ b/docs/platgovsalesforce/reports/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Reports", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "reports_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/reports/deployment_logs_environment_compare.md b/docs/platgovsalesforce/reports/deployment_logs_environment_compare.md index 6cb1d1aa04..945516bcfb 100644 --- a/docs/platgovsalesforce/reports/deployment_logs_environment_compare.md +++ b/docs/platgovsalesforce/reports/deployment_logs_environment_compare.md @@ -1,3 +1,9 @@ +--- +title: "Environment Compare Logs" +description: "Environment Compare Logs" +sidebar_position: 40 +--- + # Environment Compare Logs This built-in report is available from **Reports** > **Release and Deployment** > **Environment diff --git a/docs/platgovsalesforce/reports/deployment_logs_failures.md b/docs/platgovsalesforce/reports/deployment_logs_failures.md index 5f8e890670..a4080a6733 100644 --- a/docs/platgovsalesforce/reports/deployment_logs_failures.md +++ b/docs/platgovsalesforce/reports/deployment_logs_failures.md @@ -1,3 +1,9 @@ +--- +title: "Deployments with Failures" +description: "Deployments with Failures" +sidebar_position: 20 +--- + # Deployments with Failures This built-in report is available from **Reports** > **Release and Deployment** > **Deployments with diff --git a/docs/platgovsalesforce/reports/deployment_logs_pending_approval.md b/docs/platgovsalesforce/reports/deployment_logs_pending_approval.md index 5b2b9fc4a5..7a985d68dd 100644 --- a/docs/platgovsalesforce/reports/deployment_logs_pending_approval.md +++ b/docs/platgovsalesforce/reports/deployment_logs_pending_approval.md @@ -1,3 +1,9 @@ +--- +title: "Deployments Pending Approval Report" +description: "Deployments Pending Approval Report" +sidebar_position: 30 +--- + # Deployments Pending Approval Report This built-in report is available from **Reports** > **Release and Deployment** > **Deployments diff --git a/docs/platgovsalesforce/reports/deployment_logs_rollback.md b/docs/platgovsalesforce/reports/deployment_logs_rollback.md index deecbe8a0a..4e9bd3b8ed 100644 --- a/docs/platgovsalesforce/reports/deployment_logs_rollback.md +++ b/docs/platgovsalesforce/reports/deployment_logs_rollback.md @@ -1,3 +1,9 @@ +--- +title: "Rollback Logs" +description: "Rollback Logs" +sidebar_position: 50 +--- + # Rollback Logs This built-in report is available from **Reports** > **Release and Deployment** > **Rollback Logs** diff --git a/docs/platgovsalesforce/reports/deployment_logs_success.md b/docs/platgovsalesforce/reports/deployment_logs_success.md index 47f0ef6e1f..1477c14b9c 100644 --- a/docs/platgovsalesforce/reports/deployment_logs_success.md +++ b/docs/platgovsalesforce/reports/deployment_logs_success.md @@ -1,3 +1,9 @@ +--- +title: "Success Deployments" +description: "Success Deployments" +sidebar_position: 10 +--- + # Success Deployments This built-in report is available from **Reports** > **Release and Deployment** > **Success diff --git a/docs/platgovsalesforce/reports/reports_overview.md b/docs/platgovsalesforce/reports/reports_overview.md index 3c2ff2386f..7f7eca8d54 100644 --- a/docs/platgovsalesforce/reports/reports_overview.md +++ b/docs/platgovsalesforce/reports/reports_overview.md @@ -1,3 +1,9 @@ +--- +title: "Reports" +description: "Reports" +sidebar_position: 60 +--- + # Reports The Netwrix Dashboard **Reports** tab has links to all of the predefined reports and log files. @@ -70,7 +76,7 @@ name. Separate each name with a comma. > ![Access Report Profile Permissions Changes](/img/product_docs/platgovsalesforce/reports/access_reports_profile_changes.webp) > > **Changes to Users**: Displays the changes to tracked user data fields. Refer to -> [Enhanced CPQ Support](/docs/platgovsalesforce/change_management/enhanced_cpq_support.md) for more information on +> [Enhanced CPQ Support](/docs/platgovsalesforce/changemanagement/enhanced_cpq_support.md) for more information on > setting up tracking. > > If you see the message: _--String too long - Skipped lines due to CPU limit reached--_ it simply @@ -175,27 +181,27 @@ These reports are available from **Netwrix Dashboard** > **Reports** > **Customi These reports are available from **Netwrix Dashboard** > **Reports** > **Clean Up**. -> [Default Clean Up List View](/docs/platgovsalesforce/clean_up/cleanup_reports.md#default-clean-up-list-view) +> [Default Clean Up List View](/docs/platgovsalesforce/cleanup/cleanup_reports.md#default-clean-up-list-view) > -> [Open Clean Up Status](/docs/platgovsalesforce/clean_up/cleanup_reports.md#open-clean-up-status) +> [Open Clean Up Status](/docs/platgovsalesforce/cleanup/cleanup_reports.md#open-clean-up-status) > -> [Clean Up Waiting for Info](/docs/platgovsalesforce/clean_up/cleanup_reports.md#clean-up-waiting-for-info) +> [Clean Up Waiting for Info](/docs/platgovsalesforce/cleanup/cleanup_reports.md#clean-up-waiting-for-info) > -> [Customizations Excluded from Clean Up](/docs/platgovsalesforce/clean_up/cleanup_reports.md#customizations-excluded-from-clean-up) +> [Customizations Excluded from Clean Up](/docs/platgovsalesforce/cleanup/cleanup_reports.md#customizations-excluded-from-clean-up) > -> [Unused Fields](/docs/platgovsalesforce/clean_up/cleanup_reports.md#unused-fields) +> [Unused Fields](/docs/platgovsalesforce/cleanup/cleanup_reports.md#unused-fields) > -> [Unused Apex Code](/docs/platgovsalesforce/clean_up/cleanup_reports.md#unused-apex-code) +> [Unused Apex Code](/docs/platgovsalesforce/cleanup/cleanup_reports.md#unused-apex-code) > -> [Unused Reports](/docs/platgovsalesforce/clean_up/cleanup_reports.md#unused-reports) +> [Unused Reports](/docs/platgovsalesforce/cleanup/cleanup_reports.md#unused-reports) > -> [Customizations with Inactive Owners](/docs/platgovsalesforce/clean_up/cleanup_reports.md#customizations-with-inactive-owners) +> [Customizations with Inactive Owners](/docs/platgovsalesforce/cleanup/cleanup_reports.md#customizations-with-inactive-owners) > -> [Customizations without Related Processes](/docs/platgovsalesforce/clean_up/cleanup_reports.md#customizations-without-related-processes) +> [Customizations without Related Processes](/docs/platgovsalesforce/cleanup/cleanup_reports.md#customizations-without-related-processes) > -> [Custom Fields without Help Text](/docs/platgovsalesforce/clean_up/cleanup_reports.md#custom-fields-without-help-text) +> [Custom Fields without Help Text](/docs/platgovsalesforce/cleanup/cleanup_reports.md#custom-fields-without-help-text) > -> [Custom Fields without Description](/docs/platgovsalesforce/clean_up/cleanup_reports.md#custom-fields-without-description) +> [Custom Fields without Description](/docs/platgovsalesforce/cleanup/cleanup_reports.md#custom-fields-without-description) ## Change Enablement diff --git a/docs/platgovsalesforce/scanner/_category_.json b/docs/platgovsalesforce/scanner/_category_.json new file mode 100644 index 0000000000..3b819919d5 --- /dev/null +++ b/docs/platgovsalesforce/scanner/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Scanner Overview", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "scanner_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/scanners/daily_scan.md b/docs/platgovsalesforce/scanner/daily_scan.md similarity index 87% rename from docs/platgovsalesforce/scanners/daily_scan.md rename to docs/platgovsalesforce/scanner/daily_scan.md index 5518a8df42..72738ef342 100644 --- a/docs/platgovsalesforce/scanners/daily_scan.md +++ b/docs/platgovsalesforce/scanner/daily_scan.md @@ -1,3 +1,9 @@ +--- +title: "Daily Scan Configuration" +description: "Daily Scan Configuration" +sidebar_position: 30 +--- + # Daily Scan Configuration Administrators can use this feature to only scan specified objects on a daily schedule. The default diff --git a/docs/platgovsalesforce/scanners/field_level_scanner.md b/docs/platgovsalesforce/scanner/field_level_scanner.md similarity index 92% rename from docs/platgovsalesforce/scanners/field_level_scanner.md rename to docs/platgovsalesforce/scanner/field_level_scanner.md index cddd13b1b1..d2ef45ca5d 100644 --- a/docs/platgovsalesforce/scanners/field_level_scanner.md +++ b/docs/platgovsalesforce/scanner/field_level_scanner.md @@ -1,3 +1,9 @@ +--- +title: "Field Level Security Scanner" +description: "Field Level Security Scanner" +sidebar_position: 40 +--- + # Field Level Security Scanner The Field Level Security Scanner creates a comprehensive list of Customizations, Field API Name, diff --git a/docs/platgovsalesforce/scanner/scanner_overview.md b/docs/platgovsalesforce/scanner/scanner_overview.md new file mode 100644 index 0000000000..e80dba2eee --- /dev/null +++ b/docs/platgovsalesforce/scanner/scanner_overview.md @@ -0,0 +1,18 @@ +--- +title: "Scanner Overview" +description: "Scanner Overview" +sidebar_position: 40 +--- + +# Scanner Overview + +The Scanner menu is located on the Netwrix Dashboard page. + +- [Scheduler](/docs/platgovsalesforce/scanner/scheduler.md) schedules automatic scans. +- [Manual Scanners](/docs/platgovsalesforce/installingstrongpoint/running_scanner.md) accesses the list of scanners + where you can select one or more to run. **Manual Scanners** can also be run from **Netwrix + Dashboard**. +- [Daily Scan Configuration](/docs/platgovsalesforce/scanner/daily_scan.md) enables an administrator to select object types for + daily scanning, instead of defaulting to all types. +- [Field Level Security Scanner](/docs/platgovsalesforce/scanner/field_level_scanner.md) displays all fields using the selected + Salesforce object. diff --git a/docs/platgovsalesforce/scanner/scheduler.md b/docs/platgovsalesforce/scanner/scheduler.md new file mode 100644 index 0000000000..170b000037 --- /dev/null +++ b/docs/platgovsalesforce/scanner/scheduler.md @@ -0,0 +1,24 @@ +--- +title: "Scheduler" +description: "Scheduler" +sidebar_position: 10 +--- + +# Scheduler + +Platform Governance for Salesforce's scheduler creates automated scans, manages scripts, uses the +Agent and finds the date last used (DLU). The schedules are validated to prevent scanners from +running concurrently, potentially causing conflicts and incomplete documentation. A warning message +is displayed if you create an overlapping scanner schedule. + +To use the scheduler tool: + +1. Open **Netwrix Dashboard** > **Scanner** > **Scheduler** + All categories are initially disabled by default. + + ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) + +2. Select the category to automate by clicking on **Disabled** to enable it. There is no save + button, automation is turned on and saved by toggling **Disabled**/**Enabled**. +3. Select the **Frequency** , **Day** and **Time**. Your selections are automatically saved. +4. Click any menu item to close the **Scheduler**. diff --git a/docs/platgovsalesforce/scanners/scanner_overview.md b/docs/platgovsalesforce/scanners/scanner_overview.md deleted file mode 100644 index 81a17e98fd..0000000000 --- a/docs/platgovsalesforce/scanners/scanner_overview.md +++ /dev/null @@ -1,12 +0,0 @@ -# Scanner Overview - -The Scanner menu is located on the Netwrix Dashboard page. - -- [Scheduler](/docs/platgovsalesforce/scanners/scheduler.md) schedules automatic scans. -- [Manual Scanners](/docs/platgovsalesforce/installing_strongpoint/running_scanner.md) accesses the list of scanners - where you can select one or more to run. **Manual Scanners** can also be run from **Netwrix - Dashboard**. -- [Daily Scan Configuration](/docs/platgovsalesforce/scanners/daily_scan.md) enables an administrator to select object types for - daily scanning, instead of defaulting to all types. -- [Field Level Security Scanner](/docs/platgovsalesforce/scanners/field_level_scanner.md) displays all fields using the selected - Salesforce object. diff --git a/docs/platgovsalesforce/scanners/scheduler.md b/docs/platgovsalesforce/scanners/scheduler.md deleted file mode 100644 index b35d101929..0000000000 --- a/docs/platgovsalesforce/scanners/scheduler.md +++ /dev/null @@ -1,18 +0,0 @@ -# Scheduler - -Platform Governance for Salesforce's scheduler creates automated scans, manages scripts, uses the -Agent and finds the date last used (DLU). The schedules are validated to prevent scanners from -running concurrently, potentially causing conflicts and incomplete documentation. A warning message -is displayed if you create an overlapping scanner schedule. - -To use the scheduler tool: - -1. Open **Netwrix Dashboard** > **Scanner** > **Scheduler** - All categories are initially disabled by default. - - ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) - -2. Select the category to automate by clicking on **Disabled** to enable it. There is no save - button, automation is turned on and saved by toggling **Disabled**/**Enabled**. -3. Select the **Frequency** , **Day** and **Time**. Your selections are automatically saved. -4. Click any menu item to close the **Scheduler**. diff --git a/docs/platgovsalesforce/settings/_category_.json b/docs/platgovsalesforce/settings/_category_.json new file mode 100644 index 0000000000..a97d63ee0d --- /dev/null +++ b/docs/platgovsalesforce/settings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Settings Overview", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "settings_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/settings/credentials.md b/docs/platgovsalesforce/settings/credentials.md index 3127a521d3..3d5caa2ac9 100644 --- a/docs/platgovsalesforce/settings/credentials.md +++ b/docs/platgovsalesforce/settings/credentials.md @@ -1,3 +1,9 @@ +--- +title: "Credentials" +description: "Credentials" +sidebar_position: 40 +--- + # Credentials Credentials organizes your user credentials across all environments It is available from **Netwrix @@ -6,7 +12,7 @@ Dashboard** > **Settings** > **SP Credentials** ![credentials_handler](/img/product_docs/platgovsalesforce/settings/credentials_handler.webp) You must create a Connected App to run the scanner. Refer to -[Install Platform Governance for Salesforce](/docs/platgovsalesforce/installing_strongpoint/installing_strongpoint.md) +[Install Platform Governance for Salesforce](/docs/platgovsalesforce/installingstrongpoint/installing_strongpoint.md) for instructions. Click **New** to add a new credential or **Edit** and existing credential. **Search** finds and diff --git a/docs/platgovsalesforce/settings/settings_overview.md b/docs/platgovsalesforce/settings/settings_overview.md index 68ccf15da8..81221603f2 100644 --- a/docs/platgovsalesforce/settings/settings_overview.md +++ b/docs/platgovsalesforce/settings/settings_overview.md @@ -1,3 +1,9 @@ +--- +title: "Settings Overview" +description: "Settings Overview" +sidebar_position: 30 +--- + # Settings Overview The Settings menu is located on the Netwrix Dashboard page. diff --git a/docs/platgovsalesforce/techdebt/_category_.json b/docs/platgovsalesforce/techdebt/_category_.json new file mode 100644 index 0000000000..c353c710a0 --- /dev/null +++ b/docs/platgovsalesforce/techdebt/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Managing Technical Debt", + "position": 120, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "tech_debt_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_auto_documentation.md b/docs/platgovsalesforce/techdebt/tech_debt_auto_documentation.md similarity index 94% rename from docs/platgovsalesforce/tech_debt/tech_debt_auto_documentation.md rename to docs/platgovsalesforce/techdebt/tech_debt_auto_documentation.md index 7ceba55656..d33fbc704c 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_auto_documentation.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_auto_documentation.md @@ -1,3 +1,9 @@ +--- +title: "Automated Documentation" +description: "Automated Documentation" +sidebar_position: 20 +--- + # Automated Documentation Great documentation is easy with Platform Governance for Salesforce. Install the managed package in @@ -8,7 +14,7 @@ diagrams and clean up tools. You can print or export results for offline referen > **TIP** > > **Learning About the Scanners**: Review the -> [Running the Scanner](/docs/platgovsalesforce/installing_strongpoint/running_scanner.md) topic or reach out to the +> [Running the Scanner](/docs/platgovsalesforce/installingstrongpoint/running_scanner.md) topic or reach out to the > Customer Success team. It takes half an hour or so to get set up and on your way. > > The scanning process is a function of size: smaller orgs index in only a few hours, while large @@ -88,7 +94,7 @@ If you have Intelligent Change Enablement, you also see: The tabs on each Customization record break out the information you need to fully understand the basic metadata, dependencies by type and change history (requires _Intelligent Change Enablement_ or -_Enterprise Compliance_ [license](/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md)). Click +_Enterprise Compliance_ [license](/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md)). Click **Go To Record** to open the actual Salesforce record for users with proper access. Customization records can be edited to assist in organizing records for clean up and optimization. @@ -130,4 +136,4 @@ further research. Read more on [Exporting Objects](/docs/platgovsalesforce/tools Platform Governance for Salesforce is fully built into Salesforce so you can take advantage our our libraries of List Views and Reports or build your own. -**Next Technical Debt Topic:** [Change Monitoring](/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md) +**Next Technical Debt Topic:** [Change Monitoring](/docs/platgovsalesforce/techdebt/tech_debt_change_monitoring.md) diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md b/docs/platgovsalesforce/techdebt/tech_debt_change_monitoring.md similarity index 95% rename from docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md rename to docs/platgovsalesforce/techdebt/tech_debt_change_monitoring.md index cdb536192a..b6ff1bff24 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_change_monitoring.md @@ -1,3 +1,9 @@ +--- +title: "Change Monitoring" +description: "Change Monitoring" +sidebar_position: 30 +--- + # Change Monitoring Activating change monitoring is the next step on the path to reduce your Technical Debt. Change @@ -80,7 +86,7 @@ Create a List View or Report against one or both: - Change Logs filtered by the **Changed By** field showing the Customization, the date of the change, the person making the change, the resolution explanation and status (requires _Intelligent Change Enablement_ or _Enterprise Compliance_ - [license](/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md)). Either approach can also be + [license](/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md)). Either approach can also be very useful to monitor new hires. You can filter the Unresolved Non-Compliant Changes List View by the Changed By field. This has the @@ -115,7 +121,7 @@ To apply the policy to Customizations you are concerned about: ### Specific Changes Sometimes, you are more concerned about what is being changed than who is doing it. The Technical -Debt topic [Ongoing Monitoring](/docs/platgovsalesforce/tech_debt/tech_debt_org_ongoing_monitoring.md) has some specific examples for +Debt topic [Ongoing Monitoring](/docs/platgovsalesforce/techdebt/tech_debt_org_ongoing_monitoring.md) has some specific examples for watching your org to spot problems before they happen. ### Adding Custom Fields and Objects to the Policy @@ -137,4 +143,4 @@ the policy. 5. Select individual customizations or click the check box in the heading bar to select all. 6. Click **Save**. -**Next Technical Debt Topic:** [Org Clean Up](/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up.md) +**Next Technical Debt Topic:** [Org Clean Up](/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up.md) diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_managing_orgs.md b/docs/platgovsalesforce/techdebt/tech_debt_managing_orgs.md similarity index 95% rename from docs/platgovsalesforce/tech_debt/tech_debt_managing_orgs.md rename to docs/platgovsalesforce/techdebt/tech_debt_managing_orgs.md index 951bd796b0..8f9cad4230 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_managing_orgs.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_managing_orgs.md @@ -1,3 +1,9 @@ +--- +title: "Managing Orgs in the Real World" +description: "Managing Orgs in the Real World" +sidebar_position: 10 +--- + # Managing Orgs in the Real World In a perfect world, we have the time and resources to employ best practices by an experienced team @@ -45,4 +51,4 @@ stage. | Benefit | Plan your changes confidently with a firm understanding of what is in use | Monitor all changes in all orgs for technical and organizational risk | Simplify and maintain your orgs for future success | Improve time to value with automated tools that assess risk and intelligently distribute work within your team | | How Platform Governance for Salesforce Helps | Creates visual, searchable documentation making it easy to understand complex orgs | Instantiates policies to mitigate risky changes before they are deployed | Simplifies clean up with a combination of automated tools, dependency models and usage data | Ensures changes are made properly, safely and efficiently, resulting in up to 80% reduction in enhancement requests that require a CoE or CI/CD process | -**Next Technical Debt Topic:** [Automated Documentation](/docs/platgovsalesforce/tech_debt/tech_debt_auto_documentation.md) +**Next Technical Debt Topic:** [Automated Documentation](/docs/platgovsalesforce/techdebt/tech_debt_auto_documentation.md) diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_org_change_enablement.md b/docs/platgovsalesforce/techdebt/tech_debt_org_change_enablement.md similarity index 86% rename from docs/platgovsalesforce/tech_debt/tech_debt_org_change_enablement.md rename to docs/platgovsalesforce/techdebt/tech_debt_org_change_enablement.md index e990699c5d..4a5b196a6f 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_org_change_enablement.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_org_change_enablement.md @@ -1,3 +1,9 @@ +--- +title: "Change Enablement" +description: "Change Enablement" +sidebar_position: 80 +--- + # Change Enablement It is commonly believed doing things faster is more dangerous, and doing things slowly and carefully @@ -5,8 +11,8 @@ is safer. In today’s world, slower is simply not an option. Platform Governanc realized that **Faster** can also be **Safer** and sometimes **Very Fast** can be **Extremely Safe**. -In [Change Monitoring](/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md), we discussed setting up automated change -monitoring to deliver instant oversight of your org. [Org Clean Up](/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up.md) +In [Change Monitoring](/docs/platgovsalesforce/techdebt/tech_debt_change_monitoring.md), we discussed setting up automated change +monitoring to deliver instant oversight of your org. [Org Clean Up](/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up.md) described ongoing monitoring of specific changes. Automated Risk Management takes these disciplines and combines them with three goals: diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up.md b/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up.md similarity index 94% rename from docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up.md rename to docs/platgovsalesforce/techdebt/tech_debt_org_clean_up.md index 0a9e51001c..9de21f4114 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up.md @@ -1,3 +1,9 @@ +--- +title: "Org Clean Up" +description: "Org Clean Up" +sidebar_position: 40 +--- + # Org Clean Up Cleaning up your orgs is a process. The key to clean up success is to move forward through sets of @@ -36,7 +42,7 @@ generic definition is: > _The last date the Customization, or the data it contains, was created, changed, accessed, > processed or used._ -[DLU](/docs/platgovsalesforce/clean_up/date_last_used.md) is calculated differently for each Customization type. +[DLU](/docs/platgovsalesforce/cleanup/date_last_used.md) is calculated differently for each Customization type. For all clean up activities, consider the following items: @@ -122,7 +128,7 @@ the execution history of APEX-related objects. **Users referred to in objects**: Fields are not created for everything, but all the metadata is available. You can identify users (and other things) referred to in dashboard filters, formula fields, SOQL, or even code, by searching the raw XML, JSON or code. The -[Specific Clean Up Approaches](/docs/platgovsalesforce/tech_debt/tech_debt_org_specific_clean_up_approaches.md) section contains +[Specific Clean Up Approaches](/docs/platgovsalesforce/techdebt/tech_debt_org_specific_clean_up_approaches.md) section contains examples. ### Owners @@ -137,4 +143,4 @@ cases such as Reports, this is useful to understand who needs to approve a chang > change, is to update the Process record, which then updates the owner for all the affected > Customizations. -**Next Technical Debt Topic:**[ Org Clean Up Example](/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up_example.md) +**Next Technical Debt Topic:**[ Org Clean Up Example](/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up_example.md) diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up_example.md b/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up_example.md similarity index 96% rename from docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up_example.md rename to docs/platgovsalesforce/techdebt/tech_debt_org_clean_up_example.md index 24e9e16ce7..37f2a0975b 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up_example.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up_example.md @@ -1,3 +1,9 @@ +--- +title: "Org Clean Up Example" +description: "Org Clean Up Example" +sidebar_position: 50 +--- + # Org Clean Up Example Here is an example using the simplest clean up case: @@ -183,8 +189,8 @@ required by policy, but either not created or not approved. The report includes - Diff Summary (detailed comparison of before and after) - Related Change Requests, if they exist -The [Change Enablement Reports](/docs/platgovsalesforce/change_management/change_management_reports.md) and List Views +The [Change Enablement Reports](/docs/platgovsalesforce/changemanagement/change_management_reports.md) and List Views give you visibility into the changes occurring in your orgs. **Next Technical Debt Topic:** -[Specific Clean Up Approaches](/docs/platgovsalesforce/tech_debt/tech_debt_org_specific_clean_up_approaches.md) +[Specific Clean Up Approaches](/docs/platgovsalesforce/techdebt/tech_debt_org_specific_clean_up_approaches.md) diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_org_ongoing_monitoring.md b/docs/platgovsalesforce/techdebt/tech_debt_org_ongoing_monitoring.md similarity index 91% rename from docs/platgovsalesforce/tech_debt/tech_debt_org_ongoing_monitoring.md rename to docs/platgovsalesforce/techdebt/tech_debt_org_ongoing_monitoring.md index 7b1127c20a..e1cd7b3838 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_org_ongoing_monitoring.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_org_ongoing_monitoring.md @@ -1,3 +1,9 @@ +--- +title: "Ongoing Monitoring" +description: "Ongoing Monitoring" +sidebar_position: 70 +--- + # Ongoing Monitoring One of Platform Governance for Salesforce’s strengths is that it is built right into Salesforce. You @@ -25,4 +31,4 @@ or triggers. To learn more about simplifying governance and audit with Enterprise Compliance tools, reach out to your Customer Success Manager or Account Executive. -**Next Technical Debt Topic:** [Change Enablement](/docs/platgovsalesforce/tech_debt/tech_debt_org_change_enablement.md) +**Next Technical Debt Topic:** [Change Enablement](/docs/platgovsalesforce/techdebt/tech_debt_org_change_enablement.md) diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_org_specific_clean_up_approaches.md b/docs/platgovsalesforce/techdebt/tech_debt_org_specific_clean_up_approaches.md similarity index 96% rename from docs/platgovsalesforce/tech_debt/tech_debt_org_specific_clean_up_approaches.md rename to docs/platgovsalesforce/techdebt/tech_debt_org_specific_clean_up_approaches.md index 8e5570e162..d397874eb4 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_org_specific_clean_up_approaches.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_org_specific_clean_up_approaches.md @@ -1,3 +1,9 @@ +--- +title: "Specific Clean Up Approaches" +description: "Specific Clean Up Approaches" +sidebar_position: 60 +--- + # Specific Clean Up Approaches Cleaning up an org is driven by your priorities. Platform Governance for Salesforce documentation is @@ -18,7 +24,7 @@ Here are some guidelines to specific clean up problems: > Value-based Clean Up These guidelines assume you set up your List Views the same way as described -[Step 1: Identify and Prioritize Targets](/docs/platgovsalesforce/tech_debt/tech_debt_org_clean_up_example.md). +[Step 1: Identify and Prioritize Targets](/docs/platgovsalesforce/techdebt/tech_debt_org_clean_up_example.md). ## Unused, Risky @@ -138,4 +144,4 @@ Points to consider: lists or record types or is a commonly-used term in Salesforce's XML or is a common company-specific term. -**Next Technical Debt Topic:** [Ongoing Monitoring ](/docs/platgovsalesforce/tech_debt/tech_debt_org_ongoing_monitoring.md) +**Next Technical Debt Topic:** [Ongoing Monitoring ](/docs/platgovsalesforce/techdebt/tech_debt_org_ongoing_monitoring.md) diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_overview.md b/docs/platgovsalesforce/techdebt/tech_debt_overview.md similarity index 94% rename from docs/platgovsalesforce/tech_debt/tech_debt_overview.md rename to docs/platgovsalesforce/techdebt/tech_debt_overview.md index 227798417f..c8f0ac4cf4 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_overview.md +++ b/docs/platgovsalesforce/techdebt/tech_debt_overview.md @@ -1,3 +1,9 @@ +--- +title: "Managing Technical Debt" +description: "Managing Technical Debt" +sidebar_position: 120 +--- + # Managing Technical Debt These articles are best practices for managing and, over time, resolving technical debt for every @@ -44,4 +50,4 @@ significant cost and slows down innovation. It is time to tackle your tech debt and unleash your team’s innovation on the task of delivering great solutions to your business. -**Next Technical Debt Topic:** [Managing Orgs in the Real World](/docs/platgovsalesforce/tech_debt/tech_debt_managing_orgs.md) +**Next Technical Debt Topic:** [Managing Orgs in the Real World](/docs/platgovsalesforce/techdebt/tech_debt_managing_orgs.md) diff --git a/docs/platgovsalesforce/tools/_category_.json b/docs/platgovsalesforce/tools/_category_.json new file mode 100644 index 0000000000..0c00897e56 --- /dev/null +++ b/docs/platgovsalesforce/tools/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Tools Overview", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "tools_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/tools/access_review.md b/docs/platgovsalesforce/tools/access_review.md index 759b08f083..f98557aa61 100644 --- a/docs/platgovsalesforce/tools/access_review.md +++ b/docs/platgovsalesforce/tools/access_review.md @@ -1,9 +1,15 @@ +--- +title: "Access Review Assistant" +description: "Access Review Assistant" +sidebar_position: 90 +--- + # Access Review Assistant The Access Review Assistant creates a comprehensive display of permissions and profiles for a selected **Object**, **User**, or **Profile / PermissionSet**. The results can be exported to Excel. The Access Review Assistant feature is available with the Intelligent Change Enablement and -Enterprise Compliance [licenses](/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md). +Enterprise Compliance [licenses](/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md). Run the scanners before you perform comparisons to ensure you have the latest data. diff --git a/docs/platgovsalesforce/tools/automated_report_clean_up.md b/docs/platgovsalesforce/tools/automated_report_clean_up.md index 9982ce6276..8d4a5782bf 100644 --- a/docs/platgovsalesforce/tools/automated_report_clean_up.md +++ b/docs/platgovsalesforce/tools/automated_report_clean_up.md @@ -1,3 +1,9 @@ +--- +title: "Automated Report Clean Up" +description: "Automated Report Clean Up" +sidebar_position: 110 +--- + # Automated Report Clean Up Reports are powerful tools used throughout Salesforce and interconnected to other customizations. As diff --git a/docs/platgovsalesforce/tools/change_logs_clean_up.md b/docs/platgovsalesforce/tools/change_logs_clean_up.md index 1669b01bdb..3e51addb86 100644 --- a/docs/platgovsalesforce/tools/change_logs_clean_up.md +++ b/docs/platgovsalesforce/tools/change_logs_clean_up.md @@ -1,3 +1,9 @@ +--- +title: "Cleaning Up Change Logs" +description: "Cleaning Up Change Logs" +sidebar_position: 120 +--- + # Cleaning Up Change Logs The **Change Logs Clean Up** tool enables you to schedule an automatic clean up of old Change Logs. diff --git a/docs/platgovsalesforce/tools/environment_comparison.md b/docs/platgovsalesforce/tools/environment_comparison.md index 33f311f87e..2415bcf8a6 100644 --- a/docs/platgovsalesforce/tools/environment_comparison.md +++ b/docs/platgovsalesforce/tools/environment_comparison.md @@ -1,3 +1,9 @@ +--- +title: "Environment Comparison" +description: "Environment Comparison" +sidebar_position: 70 +--- + # Environment Comparison Administrators use this tool to compare environments and generate an Excel report file with the diff --git a/docs/platgovsalesforce/tools/export_object_attachment_records.md b/docs/platgovsalesforce/tools/export_object_attachment_records.md index c6d0eb887f..9ba9c60578 100644 --- a/docs/platgovsalesforce/tools/export_object_attachment_records.md +++ b/docs/platgovsalesforce/tools/export_object_attachment_records.md @@ -1,3 +1,9 @@ +--- +title: "Export Object Attachment Records" +description: "Export Object Attachment Records" +sidebar_position: 60 +--- + # Export Object Attachment Records When an [Environment Comparison](/docs/platgovsalesforce/tools/environment_comparison.md) is run, or [Object](/docs/platgovsalesforce/tools/export_objects.md), diff --git a/docs/platgovsalesforce/tools/export_objects.md b/docs/platgovsalesforce/tools/export_objects.md index a4671798c5..a3e873ac9f 100644 --- a/docs/platgovsalesforce/tools/export_objects.md +++ b/docs/platgovsalesforce/tools/export_objects.md @@ -1,3 +1,9 @@ +--- +title: "Export Objects" +description: "Export Objects" +sidebar_position: 30 +--- + # Export Objects Administrators can use this to export one or more objects, including all child objects, into a diff --git a/docs/platgovsalesforce/tools/export_profiles.md b/docs/platgovsalesforce/tools/export_profiles.md index ef54aaf956..098845d798 100644 --- a/docs/platgovsalesforce/tools/export_profiles.md +++ b/docs/platgovsalesforce/tools/export_profiles.md @@ -1,3 +1,9 @@ +--- +title: "Export Profiles and Permission Sets" +description: "Export Profiles and Permission Sets" +sidebar_position: 40 +--- + # Export Profiles and Permission Sets Administrators can use this tool to export all user permissions into a single view for easy review diff --git a/docs/platgovsalesforce/tools/export_users.md b/docs/platgovsalesforce/tools/export_users.md index 37529bced7..858e8a2791 100644 --- a/docs/platgovsalesforce/tools/export_users.md +++ b/docs/platgovsalesforce/tools/export_users.md @@ -1,3 +1,9 @@ +--- +title: "Export Users" +description: "Export Users" +sidebar_position: 50 +--- + # Export Users Exports user information to an XLS file. diff --git a/docs/platgovsalesforce/tools/finder.md b/docs/platgovsalesforce/tools/finder.md index 1548104f4c..8614ae0282 100644 --- a/docs/platgovsalesforce/tools/finder.md +++ b/docs/platgovsalesforce/tools/finder.md @@ -1,3 +1,9 @@ +--- +title: "Finder" +description: "Finder" +sidebar_position: 20 +--- + # Finder Platform Governance for Salesforce's **Finder** searches and finds standard and customized objects diff --git a/docs/platgovsalesforce/tools/package_usage.md b/docs/platgovsalesforce/tools/package_usage.md index 2e6d2c2370..0a6cc0ee7d 100644 --- a/docs/platgovsalesforce/tools/package_usage.md +++ b/docs/platgovsalesforce/tools/package_usage.md @@ -1,3 +1,9 @@ +--- +title: "Package Usage" +description: "Package Usage" +sidebar_position: 130 +--- + # Package Usage The Package Usage tool provides administrators real-time insights into the usage and allocation of @@ -6,7 +12,7 @@ cost savings. Used in conjunction with the existing [User Activity](/docs/platgo provides a comprehensive overview of who is accessing the environment and for what purpose. The Package Usage tool is available with the Intelligent Change Enablement and Enterprise Compliance -[licenses](/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md). +[licenses](/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md). Run the scanners first to ensure you have the latest data. diff --git a/docs/platgovsalesforce/tools/profile_permission_comparison.md b/docs/platgovsalesforce/tools/profile_permission_comparison.md index 767de586a4..6a96ff3a5c 100644 --- a/docs/platgovsalesforce/tools/profile_permission_comparison.md +++ b/docs/platgovsalesforce/tools/profile_permission_comparison.md @@ -1,3 +1,9 @@ +--- +title: "Profile Permission Comparison" +description: "Profile Permission Comparison" +sidebar_position: 80 +--- + # Profile Permission Comparison The Profile / Permission Set Comparison enables you to efficiently clean up and secure your Orgs. diff --git a/docs/platgovsalesforce/tools/tools_overview.md b/docs/platgovsalesforce/tools/tools_overview.md index 5e7b1c35b5..c0fb48a6a8 100644 --- a/docs/platgovsalesforce/tools/tools_overview.md +++ b/docs/platgovsalesforce/tools/tools_overview.md @@ -1,3 +1,9 @@ +--- +title: "Tools Overview" +description: "Tools Overview" +sidebar_position: 50 +--- + # Tools Overview There are links to access **Key Tools** on the Netwrix Dashboard page: diff --git a/docs/platgovsalesforce/tools/user_activity.md b/docs/platgovsalesforce/tools/user_activity.md index 52fdd6cf9f..21fe520bcd 100644 --- a/docs/platgovsalesforce/tools/user_activity.md +++ b/docs/platgovsalesforce/tools/user_activity.md @@ -1,3 +1,9 @@ +--- +title: "User Activity" +description: "User Activity" +sidebar_position: 100 +--- + # User Activity The User Login Activity creates a comprehensive display of user activity for the past 60 days. It @@ -5,7 +11,7 @@ can be run for all users or a selected user. The data can be used to ensure cont prior to deactivating a user. The User Login Activity feature is available with the Intelligent Change Enablement and Enterprise -Compliance [licenses](/docs/platgovsalesforce/installing_strongpoint/features_by_license_type.md). +Compliance [licenses](/docs/platgovsalesforce/installingstrongpoint/features_by_license_type.md). Run the scanners before you perform comparisons to ensure you have the latest data. diff --git a/docs/platgovsalesforce/tools/viewing_drd.md b/docs/platgovsalesforce/tools/viewing_drd.md index 7ec940edbc..f533ea2ac6 100644 --- a/docs/platgovsalesforce/tools/viewing_drd.md +++ b/docs/platgovsalesforce/tools/viewing_drd.md @@ -1,3 +1,9 @@ +--- +title: "Dependency Relationship Diagram" +description: "Dependency Relationship Diagram" +sidebar_position: 10 +--- + # Dependency Relationship Diagram Platform Governance for Salesforce's Dependency Relationship Diagram (DRD) displays objects, diff --git a/docs/platgovsalesforce/welcome.md b/docs/platgovsalesforce/welcome.md deleted file mode 100644 index 8b211ee0e7..0000000000 --- a/docs/platgovsalesforce/welcome.md +++ /dev/null @@ -1,90 +0,0 @@ -# Welcome - -Platform Governance for Salesforce is integrated into the Salesforce backend keeping all your data -within your Salesforce account. Your documentation is automatically maintained so it is always up to -date. - -By implementing Platform Governance for Salesforce you can: - -- Automatically catalog all custom fields, scripts, forms, searches, records and workflows. -- Visually browse standard and custom fields, lists and records to find all related scripts, - searches, users and departments. -- Capture and search script comments and identify poorly commented code. -- Automatically track changes to your customizations using the change logs, so you can see what - customizations were changed, how they were changed, when they were changed and who changed them. - -## Installation and Initial Scan - -Once you install Platform Governance for Salesforce, you simply click the **Start Spider** button -and your customizations are documented over the course of 4-5 days with minimal impact on system -performance. Once completed, you have a searchable database of all your customizations. - -## Documentation and Optimization - -After installation, it takes 4-5 days to document your customizations and approximately 3 weeks to -have your account both fully documented and optimized. - -### Clean Up - -Use the end to end documentation of custom objects and our Clean Up Tools to: - -- Identify unused fields, searches and other custom objects. -- Quickly identify dependencies to reduce the risk of breaking things in your account (i.e. see if a - search is being used in a script or workflow). -- Use Change Requests to keep your changes organized and capture approvals. - -### Script Management - -Critical Script Analysis enables you to determine how healthy your scripts are and what areas you -can fix to improve your account. With the tools and the Critical Script Analysis methodology you -can: - -- Identify high priority scripts based on usage. -- Identify people and departments triggering scripts to focus on scripts that could be - inappropriately triggered. -- Understand script execution times. - -## Intelligent Change Management - -Platform Governance for Salesforce is the only application for Salesforce that enables end to end -change management and compliance. This process can be achieved effectively in only 5 weeks after -install. - -By implementing Platform Governance for Salesforce you give your customers the ability to: - -- Track all changes to custom objects in Salesforce. -- Automatically be alerted to non-compliant changes. -- Set compliance requirements by risks based on System Complexity and Processes that are then - automatically tracked. -- Manage changes right in Salesforce by using the Change Request. -- Use automated impact analysis to identify the risks associated with changing custom objects. -- Use test records to manage tests in a central repository linked to the customization records. - -## Enterprise Compliance - -Once Intelligent Change Management is complete, it only takes between 3 to 4 weeks to achieve -Enterprise Compliance. - -### Environment Comparison - -The Environment Management Module enables Salesforce customers and consultants to quickly and -accurately identify differences between any two Salesforce accounts that have Intelligent Change -Management installed. Since both accounts have Platform Governance for Salesforce documentation in -place, the tool can quickly and easily compare them. It is principally used in four scenarios: - -- Sandbox Refreshes -- Migrating Customizations Between Developer and Sandbox Accounts -- User Acceptance Testing (UAT) and Performance Testing Environment Validation -- Deploying Changes to Production - -### Automated Audit - -Agent automates IT and financial controls and critical change practices to ensure configuration and -master data are compliant. It can: - -- Check for process problems regularly without user event scripts. -- Automatically generate and assign tasks and cases for each detected problem. -- Automatically alert key stakeholders. -- Log control violations for clearance. -- Store relevant data as a CSV to create a snapshot for compliance or troubleshooting purposes. -- Block unauthorized changes to critical records and fields (requires Advanced Change Management). diff --git a/docs/platgovsalesforce/welcome/_category_.json b/docs/platgovsalesforce/welcome/_category_.json new file mode 100644 index 0000000000..f4fec08824 --- /dev/null +++ b/docs/platgovsalesforce/welcome/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Welcome", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "welcome" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforce/navigate_strongpoint.md b/docs/platgovsalesforce/welcome/navigate_strongpoint.md similarity index 94% rename from docs/platgovsalesforce/navigate_strongpoint.md rename to docs/platgovsalesforce/welcome/navigate_strongpoint.md index f73bea33cd..87fabe0d43 100644 --- a/docs/platgovsalesforce/navigate_strongpoint.md +++ b/docs/platgovsalesforce/welcome/navigate_strongpoint.md @@ -1,3 +1,9 @@ +--- +title: "Launch Platform Governance for Salesforce" +description: "Launch Platform Governance for Salesforce" +sidebar_position: 30 +--- + # Launch Platform Governance for Salesforce To access Platform Governance for Salesforce: diff --git a/docs/platgovsalesforce/welcome/welcome.md b/docs/platgovsalesforce/welcome/welcome.md new file mode 100644 index 0000000000..83b1748dc1 --- /dev/null +++ b/docs/platgovsalesforce/welcome/welcome.md @@ -0,0 +1,96 @@ +--- +title: "Welcome" +description: "Welcome" +sidebar_position: 10 +--- + +# Welcome + +Platform Governance for Salesforce is integrated into the Salesforce backend keeping all your data +within your Salesforce account. Your documentation is automatically maintained so it is always up to +date. + +By implementing Platform Governance for Salesforce you can: + +- Automatically catalog all custom fields, scripts, forms, searches, records and workflows. +- Visually browse standard and custom fields, lists and records to find all related scripts, + searches, users and departments. +- Capture and search script comments and identify poorly commented code. +- Automatically track changes to your customizations using the change logs, so you can see what + customizations were changed, how they were changed, when they were changed and who changed them. + +## Installation and Initial Scan + +Once you install Platform Governance for Salesforce, you simply click the **Start Spider** button +and your customizations are documented over the course of 4-5 days with minimal impact on system +performance. Once completed, you have a searchable database of all your customizations. + +## Documentation and Optimization + +After installation, it takes 4-5 days to document your customizations and approximately 3 weeks to +have your account both fully documented and optimized. + +### Clean Up + +Use the end to end documentation of custom objects and our Clean Up Tools to: + +- Identify unused fields, searches and other custom objects. +- Quickly identify dependencies to reduce the risk of breaking things in your account (i.e. see if a + search is being used in a script or workflow). +- Use Change Requests to keep your changes organized and capture approvals. + +### Script Management + +Critical Script Analysis enables you to determine how healthy your scripts are and what areas you +can fix to improve your account. With the tools and the Critical Script Analysis methodology you +can: + +- Identify high priority scripts based on usage. +- Identify people and departments triggering scripts to focus on scripts that could be + inappropriately triggered. +- Understand script execution times. + +## Intelligent Change Management + +Platform Governance for Salesforce is the only application for Salesforce that enables end to end +change management and compliance. This process can be achieved effectively in only 5 weeks after +install. + +By implementing Platform Governance for Salesforce you give your customers the ability to: + +- Track all changes to custom objects in Salesforce. +- Automatically be alerted to non-compliant changes. +- Set compliance requirements by risks based on System Complexity and Processes that are then + automatically tracked. +- Manage changes right in Salesforce by using the Change Request. +- Use automated impact analysis to identify the risks associated with changing custom objects. +- Use test records to manage tests in a central repository linked to the customization records. + +## Enterprise Compliance + +Once Intelligent Change Management is complete, it only takes between 3 to 4 weeks to achieve +Enterprise Compliance. + +### Environment Comparison + +The Environment Management Module enables Salesforce customers and consultants to quickly and +accurately identify differences between any two Salesforce accounts that have Intelligent Change +Management installed. Since both accounts have Platform Governance for Salesforce documentation in +place, the tool can quickly and easily compare them. It is principally used in four scenarios: + +- Sandbox Refreshes +- Migrating Customizations Between Developer and Sandbox Accounts +- User Acceptance Testing (UAT) and Performance Testing Environment Validation +- Deploying Changes to Production + +### Automated Audit + +Agent automates IT and financial controls and critical change practices to ensure configuration and +master data are compliant. It can: + +- Check for process problems regularly without user event scripts. +- Automatically generate and assign tasks and cases for each detected problem. +- Automatically alert key stakeholders. +- Log control violations for clearance. +- Store relevant data as a CSV to create a snapshot for compliance or troubleshooting purposes. +- Block unauthorized changes to critical records and fields (requires Advanced Change Management). diff --git a/docs/platgovsalesforce/welcome/what_does_strongpoint_document.md b/docs/platgovsalesforce/welcome/what_does_strongpoint_document.md new file mode 100644 index 0000000000..cf8af40aac --- /dev/null +++ b/docs/platgovsalesforce/welcome/what_does_strongpoint_document.md @@ -0,0 +1,27 @@ +--- +title: "What is Documented" +description: "What is Documented" +sidebar_position: 20 +--- + +# What is Documented + +## Object Types Captured and Documented in the Customization Record + +Platform Governance for Salesforce documents over 120 Salesforce metadata types. Metadata is +organized into eight categories and 18 subcategories. Policies are set and applied at the +subcategory level. Open [Documented Metadata Types](/docs/platgovsalesforce/changemanagement/documented_metadata_types.md) +for a complete list of Metadata sorted by **Type** and by **Category**. + +| Metadata Category | Description | +| ---------------------- | ------------------------------------------------------------------------------------------------------------ | +| Code | Apex classes and triggers, Visualforce pages and components, Aura components, and Lightning Web Components | +| Data Model | Objects, Fields, and Custom Metadata | +| Automation | Flows, Process Builders, Workflows, Approvals, and Business Processes | +| Sharing and Visibility | Profiles, Permission Sets, Roles, Groups, Sharing Rules | +| Integration | Settings such as Remote Site Settings, Named Credentials, Certificates, and AuthProviders | +| Display / UI | Templates, Layouts, Labels, Translations, and Applications | +| Analytics | Reports, Dashboards, List Views, and Einstein | +| Configuration | Data Quality settings such as Duplicate Rules, Matching Rules, and Validation Rules. Other general settings. | + +![Metadata Categories documented by Strongpoint](/img/product_docs/platgovsalesforce/metadata_categories.webp) diff --git a/docs/platgovsalesforce/welcome/whatsnew.md b/docs/platgovsalesforce/welcome/whatsnew.md new file mode 100644 index 0000000000..4616bbd2f1 --- /dev/null +++ b/docs/platgovsalesforce/welcome/whatsnew.md @@ -0,0 +1,13 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 10 +--- + +# What's New + +## New Netwrix Community! + +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for +Platform Governance for Salesforce in the +[Platform Governance for Salesforce](https://community.netwrix.com/c/183) area of our new community. diff --git a/docs/platgovsalesforce/what_does_strongpoint_document.md b/docs/platgovsalesforce/what_does_strongpoint_document.md deleted file mode 100644 index cfcbc2e4c7..0000000000 --- a/docs/platgovsalesforce/what_does_strongpoint_document.md +++ /dev/null @@ -1,21 +0,0 @@ -# What is Documented - -## Object Types Captured and Documented in the Customization Record - -Platform Governance for Salesforce documents over 120 Salesforce metadata types. Metadata is -organized into eight categories and 18 subcategories. Policies are set and applied at the -subcategory level. Open [Documented Metadata Types](/docs/platgovsalesforce/change_management/documented_metadata_types.md) -for a complete list of Metadata sorted by **Type** and by **Category**. - -| Metadata Category | Description | -| ---------------------- | ------------------------------------------------------------------------------------------------------------ | -| Code | Apex classes and triggers, Visualforce pages and components, Aura components, and Lightning Web Components | -| Data Model | Objects, Fields, and Custom Metadata | -| Automation | Flows, Process Builders, Workflows, Approvals, and Business Processes | -| Sharing and Visibility | Profiles, Permission Sets, Roles, Groups, Sharing Rules | -| Integration | Settings such as Remote Site Settings, Named Credentials, Certificates, and AuthProviders | -| Display / UI | Templates, Layouts, Labels, Translations, and Applications | -| Analytics | Reports, Dashboards, List Views, and Einstein | -| Configuration | Data Quality settings such as Duplicate Rules, Matching Rules, and Validation Rules. Other general settings. | - -![Metadata Categories documented by Strongpoint](/img/product_docs/platgovsalesforce/metadata_categories.webp) diff --git a/docs/platgovsalesforce/whatsnew.md b/docs/platgovsalesforce/whatsnew.md deleted file mode 100644 index e2a67c1610..0000000000 --- a/docs/platgovsalesforce/whatsnew.md +++ /dev/null @@ -1,7 +0,0 @@ -# What's New - -## New Netwrix Community! - -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Platform Governance for Salesforce in the -[Platform Governance for Salesforce](https://community.netwrix.com/c/183) area of our new community. diff --git a/docs/platgovsalesforceflashlight/clean_up/cleanup_customizations.md b/docs/platgovsalesforceflashlight/clean_up/cleanup_customizations.md deleted file mode 100644 index 3e293aa7b7..0000000000 --- a/docs/platgovsalesforceflashlight/clean_up/cleanup_customizations.md +++ /dev/null @@ -1,63 +0,0 @@ -# Cleaning Up Customizations - -Use these processes to Clean up Individual Customization or Clean Up Multiple Customizations. - -## Clean up Individual Customization - -1. Open the customization. -2. Open the **Improvement** tab. -3. Under **Clean Up Status**, select a status: - - - **To Be Cleaned Up** - - **Send Request Info Emails** - - **Under Investigation** - - **Disabled / Hidden** - - **Archived** - - **Deleted** - - **Ignore** - - **Fix ScriptID** - - **Reassign Owner** - - **Closed** - -4. Under **Clean Up Comments**, add notes to help with clean up. -5. Attach to a **Change Request** associated with the customization (optional). -6. Assign a **Change/Approval Policy** if there is an object specific policy (optional). -7. Under **Clean-Up Classification**, add an overview of the clean up. - -![improvementtab_800x415](/img/product_docs/platgovsalesforceflashlight/clean_up/improvementtab_800x415.webp) - -## Clean Up Multiple Customizations - -1. Go to the **Customizations** tab. -2. Create a new list view for clean up by clicking on **Create New View**. -3. Enter a **View Name** and a **View Unique Name**. -4. Specify the filter criteria: - - - **Filter By Owner**: choose All Customizations or My Customizations. - - **Filter By Additional Fields**: choose Salesforce Type equals Report and Record Type equals - Report. - -5. Select fields to display: - -- **Clean Up Classification** -- **Clean Up Comments** -- **Clean Up Status** - -![createlist_view_for_cleanup_800x403](/img/product_docs/platgovsalesforceflashlight/clean_up/createlist_view_for_cleanup_800x403.webp)6. -Restrict Visibility. You can choose to have the list view: - -- Only visible to you, -- Visible to all users or -- Visible to certain groups of users. - -7. Click **Save**. -8. Once your list view has been created, you can multi-select customizations for clean up by - checking the box beside Action. - ![multi_select_cleanup_800x382](/img/product_docs/platgovsalesforceflashlight/clean_up/multi_select_cleanup_800x382.webp)9. - You can now choose what you want to edit for the multiple customizations selected. - For example, if you want to change the clean up status: -9. Go to **Edit Clean Up Status**. -10. Select a status such as To Be Cleaned Up. -11. Choose to **Apply changes to: All the selected records**. -12. Click **Save**. - ![flagging_mass_customizations_800x374](/img/product_docs/platgovsalesforceflashlight/clean_up/flagging_mass_customizations_800x374.webp) diff --git a/docs/platgovsalesforceflashlight/clean_up/cleanup_overview.md b/docs/platgovsalesforceflashlight/clean_up/cleanup_overview.md deleted file mode 100644 index fadb154e90..0000000000 --- a/docs/platgovsalesforceflashlight/clean_up/cleanup_overview.md +++ /dev/null @@ -1,84 +0,0 @@ -# Clean Up Overview - -Clean up involves some or all of the following steps: - -1. Identify and remove unused customizations (either individual or multiple): - -- Completely unused -- Useless or inefficient - -2. Identify and fix improperly set-up customizations (eg. no help text, inactive owner). -3. Describe each object and its clean up task (under the improvements tab.) -4. Assign change/approval policy. - -## Clean Up Tools - -Strongpoint has a series of built in Clean Up Tools to enable Administrators to clean up their -account in an organized and efficient manner. There are many types of clean up, but they generally -follow the same steps: - -1. Select the approach -2. Analyze and organize the results -3. Create a Change Request (if required) -4. Manage the clean up as appropriate -5. Run the scanner - -NOTE: Always check the Last Date Scanned on any object and re-scan that object if necessary to -ensure the information about that object is up to date. - -### Select the Approach - -Strongpoint can help you clean up: - -- Unused Customizations -- Unused Custom Fields -- Unused Scripts -- Unused Reports - -Customizations that do not follow best practices: - -- Customizations with No Related Process -- Customizations with No Description -- Customizations with No Help Text -- Customizations with No Active Owner - -Depending on what you want to clean up, you can view clean up reports from the Strongpoint tab under -Reports and then choosing Clean Up. You can also find the clean up reports at the bottom of the -Strongpoint homepage under Strongpoint Features and Reports. - -You can clean up individual or multiple customizations by going to the Customization tab and -selecting **Create New View**. Use the filters to generate your list. - -NOTE: Before moving on to other clean up activities, it is often a good idea to delete unused -customizations that are highly likely safe to delete, such as fields that have not been used in -years or that are not used by any other customization. - -### Analyze and Organize the Results - -Once you have selected the customizations that you want to clean up and have created a New View, you -can analyze the results. The results can then be sorted and filtered and are required to group and -manage the output for subsequent steps. You may chose to clean up based on Salesforce type and -record type (among other options). - -Every Customization record has a Clean-Up Status field that enables us to track the status of the -clean-up process for that object. - -The statuses are: - -- **To Be Cleaned Up**: Flags the customization to be cleaned up. -- **Send Request Info Emails**: Triggers an email warning that the customization is about to be - deleted. -- **Under Investigation**: Flags the customization as under investigation. -- **Disabled/Hidden**: Tracks that the customization has been disabled. -- **Archived**: Tracks that the data / set-up was archived. -- **Deleted**: Tracks that the customization has been deleted. The doc will be inactivated. -- **Ignore**: Removes it from the searches. -- **Fix ScriptID:** Changes the ID of the script. -- **Reassign Owner**: Changes the owner. -- **Closed**: Flags the clean up status as closed. - -### Run the Scanner - -At the end of the process of updating the customization record(s), the account should be scanned to -update the documentation for the customization changes. It can be re-scanned for just the specific -record type that was changed. diff --git a/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md b/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md deleted file mode 100644 index bf2d77eb64..0000000000 --- a/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md +++ /dev/null @@ -1,78 +0,0 @@ -# Running Clean Up Reports - -Strongpoint provides predefined reports to help you clean up your Salesforce Instance. The reports -are available by opening **Flashlight** > **Reports/List Views** > **Clean Up** and selecting a -report: - -- Default Clean Up List View -- Open Clean Up Status -- Clean Up Waiting for Info -- Customizations Excluded from Clean Up -- Unused Fields -- Unused Scripts -- Unused Reports -- Customizations with Inactive Owners -- Custom Fields without Help Text -- Custom Fields without Description - -## Using the Reports - -- **Filters** - ![filters_icon](/img/product_docs/platgovsalesforceflashlight/clean_up/filters_icon.webp): - Open the filters to see the criteria used for the report. You can modify the unlocked filters to - narrow the focus of the results. -- **Column Sort Order**: Use the toggler in the column heads to change the sort order of the results - based on the selected column. -- **Links**: Use the linked fields to open details about the customization or user. - -## Default Clean Up List View - -The results list all customizations of Record type **Objects & Fields**, starting with API Name -**Account**, Salesforce Type **CustomField** and used less than **180 Days Ago**. - -## Open Clean Up Status - -This report enables you to find customizations that have been identified and noted for clean up. - -## Clean Up Waiting for Info - -The results list customizations flagged with clean up status **Send Request Info Emails.** - -## Customizations Excluded from Clean Up - -The results list active customizations flagged with clean up status **Ignore**. - -## Unused Fields - -The results list all of the unused custom fields. - -## Unused Scripts - -The results list all of the unused scripts. - -## Unused Reports - -The results list all of the unused reports. - -## Customizations with Inactive Owners - -Ownership of customizations is important for clean up and accountability in the system. - -The results list customizations with owners who are either: - -- Not active in Salesforce -- Do not have access to Strongpoint - -## Custom Fields without Help Text - -Help and Descriptions enable users to more efficiently use the system. The results list -customizations missing help. - -To fix, open the customization, click **Update Description and Help Text**. - -## Custom Fields without Description - -Help and Descriptions enable users to more efficiently use the system. The results list -customizations missing descriptions. - -To fix, open the customization, click **Update Description and Help Text**. diff --git a/docs/platgovsalesforceflashlight/clean_up/date_last_used.md b/docs/platgovsalesforceflashlight/clean_up/date_last_used.md deleted file mode 100644 index 2fc1807200..0000000000 --- a/docs/platgovsalesforceflashlight/clean_up/date_last_used.md +++ /dev/null @@ -1,181 +0,0 @@ -# Date Last Used - -Date Last Used (DLU) captures changes triggered by users or other customizations. Specifically, the -last date the Customization, or the data it contains, was created, changed, accessed, processed or -used.The DLU value indicates that the customization was used at least as late as the DLU. It does -not indicate if it was used earlier. If DLU is blank, it indicates there in no verified date. - -> DLU CustomField Details -> -> Setting the DLU Expiration -> -> DLU Metadata Types -> -> Excluded Metadata Extended Types -> -> DLU Scheduler - -## DLU CustomField Details - -CustomField usage data improves the accuracy and usefulness of the Date Last Used, enabling you to -make better decisions about the value of maintaining specific CustomFields. Usage data includes: - -- how often the field has data (_frequency_) -- how recently the field has been used (_recency_) - -NOTE: DLU analysis should only be performed in Production orgs. Sandbox orgs do not reflect actual -usage. - -Usage data fields: - -- **% Populated** displays the percentage of Records with the field populated (not blank). Fields - with low usage are clean up candidates. For example, if the field appears on 1000 records, but - there is only data on 400 of the records, it is 40% populated. -- **DLU** is now defined to be the last time the field was updated with **Field History Tracking** - enabled. Field History Tracking ensures the DLU is accurate. If Field History Tracking is later - disabled, the DLU no longer updates and the data may not be accurate. The new Date DLU Analyzed - and DLU Status provide additional insight. -- **Date DLU Analyzed** displays the last time the scanner was run with Field History Tracking - enabled. -- **Parent Last Update Date** is set to the **CreatedDate** of the most-recently-created Record with - the CustomField populated. This provides usage recency information when Field History Tracking is - disabled. **CreatedDate** is more accurate for the CustomField than the **LastModifiedDate** for - the record. -- **DLU Status** displays the current status: - | DLU Status | DLU | Field History Tracking | Date DLU Analyzed | Parent Last Update Date | | --- - | --- | --- | --- | --- | | Unavailable | Blank | Never enabled for this field. | Blank | - Populated | | Pending | Blank | Enabled. Waiting for the scanner to run. | Blank | Populated | | - Current | Populated | Enabled. DLU is current and accurate using automated nightly scans. | Today - | Blank | | Recent | Populated, May be stale | Disabled. Last scan when enabled was within the - past three months. Three months is the default time period. See Setting the DLU Expiration. | - Within set time period | Populated | | Expired | Populated, May be stale | Disabled. Last scan - when enabled was longer than three months ago. Three months is the default time period. See - Setting the DLU Expiration. | Older than set time period | Populated | If Field History Tracking - is enabled for a CustomField with a **DLU Status** of either **Recent** or **Expired**, the status - is changed to **Pending**. Here is an example: - ![Example of the DLU status fields for a CustomField](/img/product_docs/platgovsalesforceflashlight/clean_up/dlu_status_example_customfield_800x294.webp) - -### Notes - -- When Field History Tracking is enabled, the **DLU** is accurate, and the **Parent Last Update - Date** is blank. -- If Field History Tracking has never been enabled, only **Parent Last Update Date** has a value. - Use **Parent Last Update Date**and **% Populated** together to get a sense of the usage. -- If Field History Tracking was enabled and later disabled, there are values in **DLU** and **Parent - Last Update Date**. Generally, you would use the most recent of the two together with **% - Populated** to get a sense of usage. If **DLU Status** is Expired, it is probably safe to ignore - **DLU**. - -### Setting the DLU Expiration - -The DLU Parameters specify the number of months to wait before changing the DLU Status from Recent -to Expired for a CustomField. This only applies to a CustomField where **Field Tracking History** -has been disabled. To change the time period: - -1. Open **Setup** -2. Expand **Custom Code** -3. Select **Custom Metadata Types** - ![Open Custom Metadata Types](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types.webp) -4. Click **Manage Records** by **Strongpoint DLU Parameter**. - ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) -5. Click **Edit** by **DLU Expiration**. - ![Edit the parameters](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_para.webp) -6. Set the **DLU Expiration (Months)**. The default is three. -7. Click **Save**. - -## DLU Metadata Types - -Metadata types marked with an **\*** must have the **Event Logs** enabled to gather DLU information. -DLU can be used for the following metadata types: - -| Salesforce Family Types & Joins | Metadata Types | DLU | -| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| Workflow | Workflow Rule | Date workflow rule was last run. | -| Workflow Approva lProcess Flow Validation Rule | Last date base record updated, if enabled | | -| Scripts | Apex Class**\*** Apex Trigger**\*** Apex Component**\*** Lightning Component Lightning Web Component | The last date the code was triggered by any script based on the log of the last time it was run. | -| Forms | Layout Compact Layout | If assigned to a profile, it is the date the last record that belongs to the layout was updated . | -| Apex Page**\*** | The last date the page was accessed (the code was triggered). | | -| Reports | Report | Last date report was run. | -| Dashboard | Last date dashboard report was run. | | -| Report Type | Last date report using the report type was run. | | -| Analytic Snapshot | Last date a dashboard it is on or dependent script was run. | | -| List View | Last date the List View was accessed. | | -| Data Sources | Standard Field | Last date the value changed. | -| Standard Object Custom Object | Last date a record was saved. | | -| Custom Field | Last date the value changed or if formula field, the maximum last date of the fields in the formula. | | -| Dependent Fields | Custom Field Lookup | Minimum of the DLU of the record it exists on and the DLU of the source field. | -| Profiles and Roles | User | Last login by the user. | -| Role | Calculated based on the last time someone logged in with that role. | | -| Profile | Calculated based on the last time someone logged in with that profile. | | -| Permission Set | Calculated based on the last time someone logged in with that permission set. | | -| Package | Text that displays the name of the package | Maximum DLU of object in the package. | -| Extended Types (Other) | App Menu | DLU of the parent Custom Application. | -| Assignment Rules | Date rule was last run. | | -| Auto Response Rules | Date Auto Response rule was last run. | | -| Call Center | | | -| Connected App | Date App was last run. | | -| Custom Application | Maximum DLU of customizations belonging to the application. | | -| Criteria Based Sharing Rule | Maximum of related Sharing Rules. | | -| Custom Application Component | Maximum DLU from parent applications. | | -| Custom Label | Maximum DLU of related field. | | -| Custom Metadata | Date modified of the object that has the value in the metadata. | | -| Custom Object Translation | DLU of the parent object. | | -| Custom Page Web Link | DLU of the APEX page. | | -| Custom Permission | DLU of a profile that has the custom permission. | | -| Custom Tab | DLU of the parent Custom Application. | | -| Document | Last time the file was opened or accessed by the system. | | -| Email Template | Date Template was last used to send emails. | | -| Escalation Rules | Date rule was last run. | | -| Field Set | Last date a field value changed. | | -| Flow Definition | Date flow last accessed. | | -| Global Picklist | Maximum DLU of fields that use the picklist. | | -| Group | Last time someone from the group accessed the system (always employees). | | -| Installed Package | Maximum DLU of component of the package | | -| Letterhead | Last date template accessed. | | -| Matching Rule | Date rule was last run. | | -| Post Template | Date Template was last used to send emails. | | -| Queue | Maximum DLU of code / workflow run on the Queue. | | -| Record Type | Maximum DLU of fields that use the record type. | | -| Sharing Rules | Date rule was last run. | | -| Static Resource | Max of last access date (document) or DLU code referencing it. | | -| Synonym Dictionary | Maximum DLU of related fields. | | -| Territory2 | Date Territory2 rule was last run. | | -| Territory2 Model | Date Territory2 rule was last run. | | -| Territory2 Rule | Date rule was last run. | | -| Territory2 Type | Date Territory2 rule was last run. | | -| Translations | Maximum DLU of related fields. | | - -## Excluded Metadata Extended Types - -DLU is not used for the following metadata Extended Types: - -| | | -| --------------------------- | ------------------------ | -| Action Link Group Template | Aura Definition Bundle | -| Auth Provider | Business Process | -| Certificate | Cors Whitelist Origin | -| Custom Feed Filter | Custom Site | -| Data Category Group | Delegate Group | -| Embedded Service Config | Event Delivery | -| Event Subscription | External Data Source | -| Flexi Page | Home Page Component | -| Home Page Layout | Named Credential | -| Path Assistant | Platform Cache Partition | -| Portal | Quick Action | -| Remote Site Setting | Saml Sso Config | -| S control | Sharing Reason | -| Sharing Set | Site Dot Com | -| Transaction Security Policy | Web Link | - -## DLU Scheduler - -The [Scheduler](/docs/platgovsalesforceflashlight/getting_started/scheduler.md) is where you can add frequency, day and time for -processes to run. Under **Field Usage and DLU**, you can set up the scheduler to update the last -used date field on customizations with the date the metadata was last used. It populates information -for field usage on custom fields and custom objects and catch any permission set assignments related -to users. - -![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) - -Once the scheduler has been set up, you can view the DLU under the **Metadata** tab on the -customization record. diff --git a/docs/platgovsalesforceflashlight/cleanup/_category_.json b/docs/platgovsalesforceflashlight/cleanup/_category_.json new file mode 100644 index 0000000000..b0fee82dc7 --- /dev/null +++ b/docs/platgovsalesforceflashlight/cleanup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Clean Up Overview", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "cleanup_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforceflashlight/cleanup/cleanup_customizations.md b/docs/platgovsalesforceflashlight/cleanup/cleanup_customizations.md new file mode 100644 index 0000000000..156da1c186 --- /dev/null +++ b/docs/platgovsalesforceflashlight/cleanup/cleanup_customizations.md @@ -0,0 +1,69 @@ +--- +title: "Cleaning Up Customizations" +description: "Cleaning Up Customizations" +sidebar_position: 20 +--- + +# Cleaning Up Customizations + +Use these processes to Clean up Individual Customization or Clean Up Multiple Customizations. + +## Clean up Individual Customization + +1. Open the customization. +2. Open the **Improvement** tab. +3. Under **Clean Up Status**, select a status: + + - **To Be Cleaned Up** + - **Send Request Info Emails** + - **Under Investigation** + - **Disabled / Hidden** + - **Archived** + - **Deleted** + - **Ignore** + - **Fix ScriptID** + - **Reassign Owner** + - **Closed** + +4. Under **Clean Up Comments**, add notes to help with clean up. +5. Attach to a **Change Request** associated with the customization (optional). +6. Assign a **Change/Approval Policy** if there is an object specific policy (optional). +7. Under **Clean-Up Classification**, add an overview of the clean up. + +![improvementtab_800x415](/img/product_docs/platgovsalesforceflashlight/clean_up/improvementtab_800x415.webp) + +## Clean Up Multiple Customizations + +1. Go to the **Customizations** tab. +2. Create a new list view for clean up by clicking on **Create New View**. +3. Enter a **View Name** and a **View Unique Name**. +4. Specify the filter criteria: + + - **Filter By Owner**: choose All Customizations or My Customizations. + - **Filter By Additional Fields**: choose Salesforce Type equals Report and Record Type equals + Report. + +5. Select fields to display: + +- **Clean Up Classification** +- **Clean Up Comments** +- **Clean Up Status** + +![createlist_view_for_cleanup_800x403](/img/product_docs/platgovsalesforceflashlight/clean_up/createlist_view_for_cleanup_800x403.webp)6. +Restrict Visibility. You can choose to have the list view: + +- Only visible to you, +- Visible to all users or +- Visible to certain groups of users. + +7. Click **Save**. +8. Once your list view has been created, you can multi-select customizations for clean up by + checking the box beside Action. + ![multi_select_cleanup_800x382](/img/product_docs/platgovsalesforceflashlight/clean_up/multi_select_cleanup_800x382.webp)9. + You can now choose what you want to edit for the multiple customizations selected. + For example, if you want to change the clean up status: +9. Go to **Edit Clean Up Status**. +10. Select a status such as To Be Cleaned Up. +11. Choose to **Apply changes to: All the selected records**. +12. Click **Save**. + ![flagging_mass_customizations_800x374](/img/product_docs/platgovsalesforceflashlight/clean_up/flagging_mass_customizations_800x374.webp) diff --git a/docs/platgovsalesforceflashlight/cleanup/cleanup_overview.md b/docs/platgovsalesforceflashlight/cleanup/cleanup_overview.md new file mode 100644 index 0000000000..6c9f9d1b6d --- /dev/null +++ b/docs/platgovsalesforceflashlight/cleanup/cleanup_overview.md @@ -0,0 +1,90 @@ +--- +title: "Clean Up Overview" +description: "Clean Up Overview" +sidebar_position: 50 +--- + +# Clean Up Overview + +Clean up involves some or all of the following steps: + +1. Identify and remove unused customizations (either individual or multiple): + +- Completely unused +- Useless or inefficient + +2. Identify and fix improperly set-up customizations (eg. no help text, inactive owner). +3. Describe each object and its clean up task (under the improvements tab.) +4. Assign change/approval policy. + +## Clean Up Tools + +Strongpoint has a series of built in Clean Up Tools to enable Administrators to clean up their +account in an organized and efficient manner. There are many types of clean up, but they generally +follow the same steps: + +1. Select the approach +2. Analyze and organize the results +3. Create a Change Request (if required) +4. Manage the clean up as appropriate +5. Run the scanner + +NOTE: Always check the Last Date Scanned on any object and re-scan that object if necessary to +ensure the information about that object is up to date. + +### Select the Approach + +Strongpoint can help you clean up: + +- Unused Customizations +- Unused Custom Fields +- Unused Scripts +- Unused Reports + +Customizations that do not follow best practices: + +- Customizations with No Related Process +- Customizations with No Description +- Customizations with No Help Text +- Customizations with No Active Owner + +Depending on what you want to clean up, you can view clean up reports from the Strongpoint tab under +Reports and then choosing Clean Up. You can also find the clean up reports at the bottom of the +Strongpoint homepage under Strongpoint Features and Reports. + +You can clean up individual or multiple customizations by going to the Customization tab and +selecting **Create New View**. Use the filters to generate your list. + +NOTE: Before moving on to other clean up activities, it is often a good idea to delete unused +customizations that are highly likely safe to delete, such as fields that have not been used in +years or that are not used by any other customization. + +### Analyze and Organize the Results + +Once you have selected the customizations that you want to clean up and have created a New View, you +can analyze the results. The results can then be sorted and filtered and are required to group and +manage the output for subsequent steps. You may chose to clean up based on Salesforce type and +record type (among other options). + +Every Customization record has a Clean-Up Status field that enables us to track the status of the +clean-up process for that object. + +The statuses are: + +- **To Be Cleaned Up**: Flags the customization to be cleaned up. +- **Send Request Info Emails**: Triggers an email warning that the customization is about to be + deleted. +- **Under Investigation**: Flags the customization as under investigation. +- **Disabled/Hidden**: Tracks that the customization has been disabled. +- **Archived**: Tracks that the data / set-up was archived. +- **Deleted**: Tracks that the customization has been deleted. The doc will be inactivated. +- **Ignore**: Removes it from the searches. +- **Fix ScriptID:** Changes the ID of the script. +- **Reassign Owner**: Changes the owner. +- **Closed**: Flags the clean up status as closed. + +### Run the Scanner + +At the end of the process of updating the customization record(s), the account should be scanned to +update the documentation for the customization changes. It can be re-scanned for just the specific +record type that was changed. diff --git a/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md b/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md new file mode 100644 index 0000000000..2913a4ada1 --- /dev/null +++ b/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md @@ -0,0 +1,84 @@ +--- +title: "Running Clean Up Reports" +description: "Running Clean Up Reports" +sidebar_position: 10 +--- + +# Running Clean Up Reports + +Strongpoint provides predefined reports to help you clean up your Salesforce Instance. The reports +are available by opening **Flashlight** > **Reports/List Views** > **Clean Up** and selecting a +report: + +- Default Clean Up List View +- Open Clean Up Status +- Clean Up Waiting for Info +- Customizations Excluded from Clean Up +- Unused Fields +- Unused Scripts +- Unused Reports +- Customizations with Inactive Owners +- Custom Fields without Help Text +- Custom Fields without Description + +## Using the Reports + +- **Filters** + ![filters_icon](/img/product_docs/platgovsalesforceflashlight/clean_up/filters_icon.webp): + Open the filters to see the criteria used for the report. You can modify the unlocked filters to + narrow the focus of the results. +- **Column Sort Order**: Use the toggler in the column heads to change the sort order of the results + based on the selected column. +- **Links**: Use the linked fields to open details about the customization or user. + +## Default Clean Up List View + +The results list all customizations of Record type **Objects & Fields**, starting with API Name +**Account**, Salesforce Type **CustomField** and used less than **180 Days Ago**. + +## Open Clean Up Status + +This report enables you to find customizations that have been identified and noted for clean up. + +## Clean Up Waiting for Info + +The results list customizations flagged with clean up status **Send Request Info Emails.** + +## Customizations Excluded from Clean Up + +The results list active customizations flagged with clean up status **Ignore**. + +## Unused Fields + +The results list all of the unused custom fields. + +## Unused Scripts + +The results list all of the unused scripts. + +## Unused Reports + +The results list all of the unused reports. + +## Customizations with Inactive Owners + +Ownership of customizations is important for clean up and accountability in the system. + +The results list customizations with owners who are either: + +- Not active in Salesforce +- Do not have access to Strongpoint + +## Custom Fields without Help Text + +Help and Descriptions enable users to more efficiently use the system. The results list +customizations missing help. + +To fix, open the customization, click **Update Description and Help Text**. + +## Custom Fields without Description + +Help and Descriptions enable users to more efficiently use the system. The results list +customizations missing descriptions. + +To fix, open the customization, click **Update Description and Help Text**. diff --git a/docs/platgovsalesforceflashlight/cleanup/date_last_used.md b/docs/platgovsalesforceflashlight/cleanup/date_last_used.md new file mode 100644 index 0000000000..9081314e54 --- /dev/null +++ b/docs/platgovsalesforceflashlight/cleanup/date_last_used.md @@ -0,0 +1,187 @@ +--- +title: "Date Last Used" +description: "Date Last Used" +sidebar_position: 30 +--- + +# Date Last Used + +Date Last Used (DLU) captures changes triggered by users or other customizations. Specifically, the +last date the Customization, or the data it contains, was created, changed, accessed, processed or +used.The DLU value indicates that the customization was used at least as late as the DLU. It does +not indicate if it was used earlier. If DLU is blank, it indicates there in no verified date. + +> DLU CustomField Details +> +> Setting the DLU Expiration +> +> DLU Metadata Types +> +> Excluded Metadata Extended Types +> +> DLU Scheduler + +## DLU CustomField Details + +CustomField usage data improves the accuracy and usefulness of the Date Last Used, enabling you to +make better decisions about the value of maintaining specific CustomFields. Usage data includes: + +- how often the field has data (_frequency_) +- how recently the field has been used (_recency_) + +NOTE: DLU analysis should only be performed in Production orgs. Sandbox orgs do not reflect actual +usage. + +Usage data fields: + +- **% Populated** displays the percentage of Records with the field populated (not blank). Fields + with low usage are clean up candidates. For example, if the field appears on 1000 records, but + there is only data on 400 of the records, it is 40% populated. +- **DLU** is now defined to be the last time the field was updated with **Field History Tracking** + enabled. Field History Tracking ensures the DLU is accurate. If Field History Tracking is later + disabled, the DLU no longer updates and the data may not be accurate. The new Date DLU Analyzed + and DLU Status provide additional insight. +- **Date DLU Analyzed** displays the last time the scanner was run with Field History Tracking + enabled. +- **Parent Last Update Date** is set to the **CreatedDate** of the most-recently-created Record with + the CustomField populated. This provides usage recency information when Field History Tracking is + disabled. **CreatedDate** is more accurate for the CustomField than the **LastModifiedDate** for + the record. +- **DLU Status** displays the current status: + | DLU Status | DLU | Field History Tracking | Date DLU Analyzed | Parent Last Update Date | | --- + | --- | --- | --- | --- | | Unavailable | Blank | Never enabled for this field. | Blank | + Populated | | Pending | Blank | Enabled. Waiting for the scanner to run. | Blank | Populated | | + Current | Populated | Enabled. DLU is current and accurate using automated nightly scans. | Today + | Blank | | Recent | Populated, May be stale | Disabled. Last scan when enabled was within the + past three months. Three months is the default time period. See Setting the DLU Expiration. | + Within set time period | Populated | | Expired | Populated, May be stale | Disabled. Last scan + when enabled was longer than three months ago. Three months is the default time period. See + Setting the DLU Expiration. | Older than set time period | Populated | If Field History Tracking + is enabled for a CustomField with a **DLU Status** of either **Recent** or **Expired**, the status + is changed to **Pending**. Here is an example: + ![Example of the DLU status fields for a CustomField](/img/product_docs/platgovsalesforceflashlight/clean_up/dlu_status_example_customfield_800x294.webp) + +### Notes + +- When Field History Tracking is enabled, the **DLU** is accurate, and the **Parent Last Update + Date** is blank. +- If Field History Tracking has never been enabled, only **Parent Last Update Date** has a value. + Use **Parent Last Update Date**and **% Populated** together to get a sense of the usage. +- If Field History Tracking was enabled and later disabled, there are values in **DLU** and **Parent + Last Update Date**. Generally, you would use the most recent of the two together with **% + Populated** to get a sense of usage. If **DLU Status** is Expired, it is probably safe to ignore + **DLU**. + +### Setting the DLU Expiration + +The DLU Parameters specify the number of months to wait before changing the DLU Status from Recent +to Expired for a CustomField. This only applies to a CustomField where **Field Tracking History** +has been disabled. To change the time period: + +1. Open **Setup** +2. Expand **Custom Code** +3. Select **Custom Metadata Types** + ![Open Custom Metadata Types](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types.webp) +4. Click **Manage Records** by **Strongpoint DLU Parameter**. + ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) +5. Click **Edit** by **DLU Expiration**. + ![Edit the parameters](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_para.webp) +6. Set the **DLU Expiration (Months)**. The default is three. +7. Click **Save**. + +## DLU Metadata Types + +Metadata types marked with an **\*** must have the **Event Logs** enabled to gather DLU information. +DLU can be used for the following metadata types: + +| Salesforce Family Types & Joins | Metadata Types | DLU | +| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| Workflow | Workflow Rule | Date workflow rule was last run. | +| Workflow Approva lProcess Flow Validation Rule | Last date base record updated, if enabled | | +| Scripts | Apex Class**\*** Apex Trigger**\*** Apex Component**\*** Lightning Component Lightning Web Component | The last date the code was triggered by any script based on the log of the last time it was run. | +| Forms | Layout Compact Layout | If assigned to a profile, it is the date the last record that belongs to the layout was updated . | +| Apex Page**\*** | The last date the page was accessed (the code was triggered). | | +| Reports | Report | Last date report was run. | +| Dashboard | Last date dashboard report was run. | | +| Report Type | Last date report using the report type was run. | | +| Analytic Snapshot | Last date a dashboard it is on or dependent script was run. | | +| List View | Last date the List View was accessed. | | +| Data Sources | Standard Field | Last date the value changed. | +| Standard Object Custom Object | Last date a record was saved. | | +| Custom Field | Last date the value changed or if formula field, the maximum last date of the fields in the formula. | | +| Dependent Fields | Custom Field Lookup | Minimum of the DLU of the record it exists on and the DLU of the source field. | +| Profiles and Roles | User | Last login by the user. | +| Role | Calculated based on the last time someone logged in with that role. | | +| Profile | Calculated based on the last time someone logged in with that profile. | | +| Permission Set | Calculated based on the last time someone logged in with that permission set. | | +| Package | Text that displays the name of the package | Maximum DLU of object in the package. | +| Extended Types (Other) | App Menu | DLU of the parent Custom Application. | +| Assignment Rules | Date rule was last run. | | +| Auto Response Rules | Date Auto Response rule was last run. | | +| Call Center | | | +| Connected App | Date App was last run. | | +| Custom Application | Maximum DLU of customizations belonging to the application. | | +| Criteria Based Sharing Rule | Maximum of related Sharing Rules. | | +| Custom Application Component | Maximum DLU from parent applications. | | +| Custom Label | Maximum DLU of related field. | | +| Custom Metadata | Date modified of the object that has the value in the metadata. | | +| Custom Object Translation | DLU of the parent object. | | +| Custom Page Web Link | DLU of the APEX page. | | +| Custom Permission | DLU of a profile that has the custom permission. | | +| Custom Tab | DLU of the parent Custom Application. | | +| Document | Last time the file was opened or accessed by the system. | | +| Email Template | Date Template was last used to send emails. | | +| Escalation Rules | Date rule was last run. | | +| Field Set | Last date a field value changed. | | +| Flow Definition | Date flow last accessed. | | +| Global Picklist | Maximum DLU of fields that use the picklist. | | +| Group | Last time someone from the group accessed the system (always employees). | | +| Installed Package | Maximum DLU of component of the package | | +| Letterhead | Last date template accessed. | | +| Matching Rule | Date rule was last run. | | +| Post Template | Date Template was last used to send emails. | | +| Queue | Maximum DLU of code / workflow run on the Queue. | | +| Record Type | Maximum DLU of fields that use the record type. | | +| Sharing Rules | Date rule was last run. | | +| Static Resource | Max of last access date (document) or DLU code referencing it. | | +| Synonym Dictionary | Maximum DLU of related fields. | | +| Territory2 | Date Territory2 rule was last run. | | +| Territory2 Model | Date Territory2 rule was last run. | | +| Territory2 Rule | Date rule was last run. | | +| Territory2 Type | Date Territory2 rule was last run. | | +| Translations | Maximum DLU of related fields. | | + +## Excluded Metadata Extended Types + +DLU is not used for the following metadata Extended Types: + +| | | +| --------------------------- | ------------------------ | +| Action Link Group Template | Aura Definition Bundle | +| Auth Provider | Business Process | +| Certificate | Cors Whitelist Origin | +| Custom Feed Filter | Custom Site | +| Data Category Group | Delegate Group | +| Embedded Service Config | Event Delivery | +| Event Subscription | External Data Source | +| Flexi Page | Home Page Component | +| Home Page Layout | Named Credential | +| Path Assistant | Platform Cache Partition | +| Portal | Quick Action | +| Remote Site Setting | Saml Sso Config | +| S control | Sharing Reason | +| Sharing Set | Site Dot Com | +| Transaction Security Policy | Web Link | + +## DLU Scheduler + +The [Scheduler](/docs/platgovsalesforceflashlight/gettingstarted/scheduler.md) is where you can add frequency, day and time for +processes to run. Under **Field Usage and DLU**, you can set up the scheduler to update the last +used date field on customizations with the date the metadata was last used. It populates information +for field usage on custom fields and custom objects and catch any permission set assignments related +to users. + +![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) + +Once the scheduler has been set up, you can view the DLU under the **Metadata** tab on the +customization record. diff --git a/docs/platgovsalesforceflashlight/customizations/understanding_customization_record.md b/docs/platgovsalesforceflashlight/customizations/understanding_customization_record.md deleted file mode 100644 index f36e487453..0000000000 --- a/docs/platgovsalesforceflashlight/customizations/understanding_customization_record.md +++ /dev/null @@ -1,136 +0,0 @@ -# Understanding the Customization Record - -The customization detail contains general information about the customization record. The -customization name appears in the banner with function buttons: - -- **Save**: saves the customization record. -- **Rescan**: runs the scanner on the record. You are prompted to refresh the page. -- **Go To Record**: brings up the customization record for editing or to view additional details. -- **Update Description and Help Text**: editor to add or modify the **Description** and **Help - Text** fields. - -Customization record fields include: - -- **Base Record**: Link to the base record for the customization. -- **Owner ID**: Link to the current owner. -- **Description**: Details added to the record. Click **Update Description and Help Text** to - update. -- **Salesforce Type**: Customization type. -- **API Name:** APIs associated with the record. -- **Help Text**: Helpful information detailing function and use of each customization. Click - **Update Description and Help Text** to update. -- **Related Objects**: Links to related objects. -- **Details**: Tabs to access details about the customization. Tabs include **Metadata**, - **Improvement**, **Permissions**, **Control**, **DRD**, **Raw Data** and **Related Lists**. - -![customization_record_800x315](/img/product_docs/platgovsalesforceflashlight/customizations/customization_record_800x315.webp) - -## Customization Record Tabs - -These are the tabs inside a customization record: - -> Metadata -> -> Improvements -> -> Control -> -> DRD -> -> Raw Data -> -> Related Lists - -### Metadata - -The metadata tab provides the metadata information about the customization, including: - -- **Date Last Used**: date the customization was last used. Refer to - [DLU](/docs/platgovsalesforceflashlight/clean_up/date_last_used.md) for more information. -- **Data type**: data type of the custom field. -- **Last Modified Date**: last date the customization was modified. -- **Active**: indicates whether the customization is a active. -- **Package**: indicates the package (if any) of the customization. -- **List**: Custom/Standard list used as a data source by the customization. -- **Last Modified File Date**: last date the file was modified -- **Customization Created By**: user who created the customization. -- **Customization Created Date**: date the customization was created. -- **Customization Last Modified By**: user who last modified the customization. -- **Script File Date**: date the script file was last modified. -- **Script File**: primary script file for a script customization. -- **Functions**: functions used in the script. -- **Script Fields**: fields used in the script file. -- **Attempt #**: number of times the script has tried to execute. -- **# of Lines**: number of lines in the script. -- **Manageable State**: the current state if it is from a managed/unmanaged package. - -### Improvements - -The improvement tab provides information about improvements that can be made on a customization such -as clean up: - -- **Clean Up Status**: This is the clean-up status of customizations that are to be deleted. -- **Change/Approval Policy**: This field designates the approval policy related to a customization. -- **Clean Up Comments**: This field is used to make notes during clean up and improvements. -- **Clean-up Classification**: This field shows an overview of the clean-up classification. -- **Add to Change Request**: Lookup tool to associate the clean up to an existing change request. - -- : This is one or more Customization records representing the data source(s) for this particular - field. - -### Control - -The control tab describes assigned controls on a customization record for example controls assigned -on a financial report. - -- **Control**: determines if the customization is a control. -- **Control Frequency**: frequency at which a control should be checked. -- **Track Duplicates**: specifies whether duplicate issues are to be tracked or not. -- **Control Type**: select count to record numbers, issues, tasks etc. -- **Control Assignee**: assign tasks, issues or alerts to someone other than the owner, if blank the - control alerts the owner of the customization. -- **Controlled Process**: process this customization controls. -- **Control Count**: custom field created for the account. -- **Alert Control Owner**: check box to alert owner of the control. -- **Next Control Date Time**: notes the date and time when to start monitoring. -- **Risk/Requirement**: process issue associated with the customization. -- **Last Control Run Date**: This is the last date the control was run. -- **Alert Process Owner**: check box to alert the process owner whenever an incident is detected. -- **Alert/Task Message**: The message that will be sent to the assignee on tasks or recipients of - alerts. -- **Instructions for Resolution**: instructions for resolving the issue. -- **Control Error/Warning**: errors or warnings encountered when control was last run. Blank - indicates no errors/warnings. - -### DRD - -Dependency Relationship Diagram ([DRD](/docs/platgovsalesforceflashlight/tools/viewing_drd.md)) displays objects, customizations -and their relationships and dependencies. - -### Raw Data - -This tab describes and list the XML code contained in a customization. - -- **Last Scanner Date**: Last date in which the scanner ran and evaluated the current customization. -- **Rescanner**: information for rescanning the customization and evaluating progress of Apex - Batches to show **In Progress**. -- **Make Join Date**: date customization was last passed to Make Join script. -- **Incomplete Object**: checked if the object is incomplete. -- **Suppress Changelog**: prevent changes from being made. -- **Script Fields (Raw)**: fields in the relevant script file. -- **Scripts (Raw)**: scripts used by other customizations. -- **Workflow/Approval Fields (Raw)**: data workflow fields. -- **Workflow Scripts (Raw)**: data workflow scripts. -- **Extended Types Fields (Raw)**: CSV of fields used by a customization. -- **Report/Search Fields (Raw)**: fields used in filter criteria or columns for a search. -- **Layout (Raw)**: custom field to hold custom fields of ListView, visual pages and layouts. -- **List (Raw)**: references related to this field. -- **Scanner Read**: check box to indicate if the retrieve and the customization was executed and - read. -- **Folder File Name**: name of the folder and file where Salesforce has the Metadata component. -- **Encoded API Name**: field to note the retrieve with encoded API name. -- **XML/Code**: XML/code representation of the page for a customization. - -### Related Lists - -Links to related lists: Change Logs, Notes & Attachments and Customization History. diff --git a/docs/platgovsalesforceflashlight/getting_started/config_and_stats.md b/docs/platgovsalesforceflashlight/getting_started/config_and_stats.md deleted file mode 100644 index a9a98c0aae..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/config_and_stats.md +++ /dev/null @@ -1,59 +0,0 @@ -# Viewing the Status Report - -The Configuration and Stats report is a live update on the status and results of the Strongpoint -Automated Documentation system. - -Open **Flashlight** > **Support** > **Status Report** - -Click **Download PDF** to create a PDF file of the current status. - -The report is divided into these sections: - -> Scanner Status Overview -> -> Documentation Stats -> -> Scanner Logs -> -> Scanner Additional Information - -## Scanner Status Overview - -This section displays the current status of the scanners. You can click to manually **Start** a -scanner or to **Stop** a running Scanner. -![Configuration and Stats - Scanner Status](/img/product_docs/platgovsalesforceflashlight/getting_started/config_scanner_status_800x354.webp) - -## Documentation Stats - -This section displays the current status of the documentation Strongpoint has created for your -account. The statistics included the total number of customization, and the various **joins** -Strongpoint has created to track the relationships between customizations. **Joins** represent -critical relationship information to help you determine if it is safe to delete or change something, -and how it affects other items. - -![Configuration and Stats - Documentation Stats](/img/product_docs/platgovsalesforceflashlight/getting_started/config_doc_stats_800x325.webp) - -## Scanner Logs - -The section displays details for each of the scanner logs: - -- **Scanner Log Name** -- **Salesforce Type** -- **Retrieved Stage**: this column displays the current status when a scanner is running. For - example, **DeDuplicate** is displayed if the scanner is running the **DeDuplicate** process during - the scan. -- **Total Customization**: this column shows the number of customizations processed while a scanner - is running. When the scan is complete, the column matches the total **Scanner Count**. -- **Scanner Count** - -![Configuration and Stats - Scanner Logs](/img/product_docs/platgovsalesforceflashlight/getting_started/config_scanner_logs_800x208.webp) - -## Scanner Additional Information - -This section displays each scanner function and the status: - -- Last Scanner Run Date -- Last Automated Scanner Run Date -- Last Scanner Run Status - -![Configuration and Stas - Scanner Additional Information](/img/product_docs/platgovsalesforceflashlight/getting_started/config_scan_add_info_800x127.webp) diff --git a/docs/platgovsalesforceflashlight/getting_started/dashboard.md b/docs/platgovsalesforceflashlight/getting_started/dashboard.md deleted file mode 100644 index c7b872cdf0..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/dashboard.md +++ /dev/null @@ -1,51 +0,0 @@ -# Using the Dashboard - -Flashlight comes with a comprehensive dashboard with everything to manage your org at your -fingertips. The dashboard provides key tools and reports to enable you to take full control of your -org and action problematic areas as required. - -- Scanner Status -- Recent Updates to Customizations -- Resources -- Key Tools -- DRD Generator - -## Scanner Status - -Displays the current status of the scanner (Not Started, In Progress, Completed) and the number of -days since the scanner was last run. It is recommended to run the scanner every week so your org -documentation is up-to-date. -![Scanner status on the dashboard](/img/product_docs/platgovsalesforceflashlight/getting_started/scanner_status.webp) - -## Recent Updates to Customizations - -Displays the number of New, Changed, and Deleted Customizations over the past seven days. -![Recent Updates to Customizations shown on the Dashboard](/img/product_docs/platgovsalesforceflashlight/getting_started/dashboard_updates_800x167.webp) - -Click on number to drill down into a Report for more information. For example, here is the report -for the 10 New Analytics Customizations: -![Drill down into a report for each number](/img/product_docs/platgovsalesforceflashlight/getting_started/dashboard_updates_report_800x406.webp) - -## Resources - -Links to key resources to help you learn to use Flashlight. - -![Resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) - -## Key Tools - -Links to useful Flashlight tools to give you more value out of your documentation. - -![Key Tools](/img/product_docs/platgovnetsuiteflashlight/getting_started/key_tools.webp) - -- **DRD**: Explore your customizations with Flashlight’s visual DRD and understand how - customizations relate to each other. -- **Finder**:[Find](/docs/platgovsalesforceflashlight/tools/finder.md) standard and customized objects created by the scanner. -- **Export Objects**: Open the [Export Objects](/docs/platgovsalesforceflashlight/tools/export_objects.md) tool. - -## DRD Generator - -A shortcut to open the DRD for the entered **Name** or **API Name**. -![Shortcut to the DRD tool](/img/product_docs/platgovsalesforceflashlight/getting_started/dashboard_drd_gen.webp) - -**Next Step:**[ Viewing the Status Report](/docs/platgovsalesforceflashlight/getting_started/config_and_stats.md) diff --git a/docs/platgovsalesforceflashlight/getting_started/getting_started_overview.md b/docs/platgovsalesforceflashlight/getting_started/getting_started_overview.md deleted file mode 100644 index dc1c1b6c88..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/getting_started_overview.md +++ /dev/null @@ -1,22 +0,0 @@ -# Getting Started Overview - -It is easy to be up and running with Flashlight by Strongpoint for Salesforce. - -1. [Install Flashlight by Strongpoint](/docs/platgovsalesforceflashlight/getting_started/installing_flashlight.md) -2. Run the [Getting Started Wizard](/docs/platgovsalesforceflashlight/getting_started/using_getting_started_wizard.md) to begin your first scan and - document your customizations. Once started, wait for the email notification the scan is finished. - -## Getting to Know Flashlight - -There are a variety of informational topics to help you see what Flashlight documents in your org: - -- [Using the Dashboard](/docs/platgovsalesforceflashlight/getting_started/dashboard.md) describes the items on the Flashlight Home page. -- [Configuration and Status](/docs/platgovsalesforceflashlight/getting_started/config_and_stats.md) and the - [Platform Governor Status](/docs/platgovsalesforceflashlight/getting_started/platform_governor.md) reports display Flashlight system information. -- [Running the Scheduler](/docs/platgovsalesforceflashlight/getting_started/scheduler.md) is where you set up automatic scans after your initial scan - is complete. -- [Customizations Overview](/docs/platgovsalesforceflashlight/customizations/customizations_overview.md) and - [Understanding the Customization Record](/docs/platgovsalesforceflashlight/customizations/understanding_customization_record.md) - provide insights into what Flashlight documents in your org. - -**Next Step:** [Installing Flashlight](/docs/platgovsalesforceflashlight/getting_started/installing_flashlight.md) diff --git a/docs/platgovsalesforceflashlight/getting_started/platform_governor.md b/docs/platgovsalesforceflashlight/getting_started/platform_governor.md deleted file mode 100644 index 43bfa28e8f..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/platform_governor.md +++ /dev/null @@ -1,20 +0,0 @@ -# Viewing the Platform Governor Status - -This is a live status update of the Strongpoint Usage of SFDC Governor Limit. Access it from -**Support** > **Platform Governor Status** - -When Strongpoint reaches the threshold, executions are reschedule for the next day so the -organization limit is not reached. - -![governor_800x271](/img/product_docs/platgovsalesforceflashlight/getting_started/governor_800x271.webp) - -## Setting a Threshold - -You can set or edit the organization limits through the **Setup** menu. - -1. Open **Setup** -2. Search for **Strongpoint General Config CS** -3. Click **Manage** next to **Strongpoint General Config CS** -4. Click **Edit** next to **Strongpoint Apex Method Daily** -5. Change the **Value Number** as needed. -6. Click **Save** diff --git a/docs/platgovsalesforceflashlight/getting_started/report_a_bug.md b/docs/platgovsalesforceflashlight/getting_started/report_a_bug.md deleted file mode 100644 index b548f9d15c..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/report_a_bug.md +++ /dev/null @@ -1,10 +0,0 @@ -# Report a Bug - -If you encounter any problems using Flashlight or you have suggested improvements, we would love to -hear from you! Your feedback is incredibly valuable to us and the continued success of Flashlight. -Follow these simple steps to provide feedback: - -1. Open **Flashlight** > **Support** > **Report a Bug** -2. Complete the form and our support team will contact you. - -![Report a Bug](/img/product_docs/platgovsalesforceflashlight/getting_started/report_bug_800x399.webp) diff --git a/docs/platgovsalesforceflashlight/getting_started/scheduler.md b/docs/platgovsalesforceflashlight/getting_started/scheduler.md deleted file mode 100644 index 5aec7703c4..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/scheduler.md +++ /dev/null @@ -1,12 +0,0 @@ -# Running the Scheduler - -Strongpoint's scheduler creates automated scans and documents the Field Usage and date last used -(DLU). - -To use the scheduler tool: - -1. Open **Flashlight** > **Support** > **Scheduler** - ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp)2. - Toggle **Enabled**/**Disabled**by the category. Your selections are automatically saved. -2. Select the **Frequency** , **Day** and **Time**. Your selections are automatically saved. -3. Click any menu item to close the **Scheduler**. diff --git a/docs/platgovsalesforceflashlight/getting_started/uninstalling_flashlight.md b/docs/platgovsalesforceflashlight/getting_started/uninstalling_flashlight.md deleted file mode 100644 index b8e2025e8c..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/uninstalling_flashlight.md +++ /dev/null @@ -1,14 +0,0 @@ -# Uninstalling Flashlight - -Here is how to uninstall the Flashlight app from your org: - -1. Open **Setup** from the Salesforce main menu. -2. Select **Apps** > **App Manager** -3. Locate **Flashlight** in the installed list. -4. Click the Action icon on the far right of the Flashlight entry and click - **Delete**![uninstall_flashlight_800x285](/img/product_docs/platgovsalesforceflashlight/getting_started/uninstall_flashlight_800x285.webp) - -NOTE: Once you uninstall the Flashlight app you must -email [flashlight@strongpoint.io](mailto:flashlight@strongpoint.io) to ensure you are not billed -again. If you cancel within 48 hours of your next scheduled billing, you may be charged and then -refunded diff --git a/docs/platgovsalesforceflashlight/getting_started/using_getting_started_wizard.md b/docs/platgovsalesforceflashlight/getting_started/using_getting_started_wizard.md deleted file mode 100644 index dbc7a10979..0000000000 --- a/docs/platgovsalesforceflashlight/getting_started/using_getting_started_wizard.md +++ /dev/null @@ -1,23 +0,0 @@ -# Using the Getting Started Wizard - -The Getting Started Wizard is available after you have installed the Flashlight -[app](/docs/platgovsalesforceflashlight/getting_started/installing_flashlight.md). - -To use the Getting Started Wizard: - -1. Open the Salesforce **App Launcher** and select **Flashlight**. - ![Launch the Flashlight app](/img/product_docs/platgovsalesforceflashlight/getting_started/install_flashlight2.webp) -2. Click on the **Flashlight** tab to open the Flashlight homepage. -3. Open **Support** > **Getting Started Wizard** - ![getting_started_wizard](/img/product_docs/platgovsalesforceflashlight/getting_started/getting_started_wizard.webp) - -4. Click **Run Scanner** to start the process. - ![Run the Scanner to start the documentation process](/img/product_docs/platgovsalesforceflashlight/getting_started/run_scanner.webp) -5. Click **Next**. -6. Click **Done**. - -Flashlight for Salesforce examines your org and begins the automated documentation process. The -process runs in the background. You receive an email notification when it is finished. The length of -time depends on the size of your org. - -**Next Step:** [Using the Dashboard](/docs/platgovsalesforceflashlight/getting_started/dashboard.md) diff --git a/docs/platgovsalesforceflashlight/gettingstarted/_category_.json b/docs/platgovsalesforceflashlight/gettingstarted/_category_.json new file mode 100644 index 0000000000..445483f193 --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Started Overview", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "getting_started_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforceflashlight/gettingstarted/config_and_stats.md b/docs/platgovsalesforceflashlight/gettingstarted/config_and_stats.md new file mode 100644 index 0000000000..e06e7f8def --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/config_and_stats.md @@ -0,0 +1,65 @@ +--- +title: "Viewing the Status Report" +description: "Viewing the Status Report" +sidebar_position: 40 +--- + +# Viewing the Status Report + +The Configuration and Stats report is a live update on the status and results of the Strongpoint +Automated Documentation system. + +Open **Flashlight** > **Support** > **Status Report** + +Click **Download PDF** to create a PDF file of the current status. + +The report is divided into these sections: + +> Scanner Status Overview +> +> Documentation Stats +> +> Scanner Logs +> +> Scanner Additional Information + +## Scanner Status Overview + +This section displays the current status of the scanners. You can click to manually **Start** a +scanner or to **Stop** a running Scanner. +![Configuration and Stats - Scanner Status](/img/product_docs/platgovsalesforceflashlight/getting_started/config_scanner_status_800x354.webp) + +## Documentation Stats + +This section displays the current status of the documentation Strongpoint has created for your +account. The statistics included the total number of customization, and the various **joins** +Strongpoint has created to track the relationships between customizations. **Joins** represent +critical relationship information to help you determine if it is safe to delete or change something, +and how it affects other items. + +![Configuration and Stats - Documentation Stats](/img/product_docs/platgovsalesforceflashlight/getting_started/config_doc_stats_800x325.webp) + +## Scanner Logs + +The section displays details for each of the scanner logs: + +- **Scanner Log Name** +- **Salesforce Type** +- **Retrieved Stage**: this column displays the current status when a scanner is running. For + example, **DeDuplicate** is displayed if the scanner is running the **DeDuplicate** process during + the scan. +- **Total Customization**: this column shows the number of customizations processed while a scanner + is running. When the scan is complete, the column matches the total **Scanner Count**. +- **Scanner Count** + +![Configuration and Stats - Scanner Logs](/img/product_docs/platgovsalesforceflashlight/getting_started/config_scanner_logs_800x208.webp) + +## Scanner Additional Information + +This section displays each scanner function and the status: + +- Last Scanner Run Date +- Last Automated Scanner Run Date +- Last Scanner Run Status + +![Configuration and Stas - Scanner Additional Information](/img/product_docs/platgovsalesforceflashlight/getting_started/config_scan_add_info_800x127.webp) diff --git a/docs/platgovsalesforceflashlight/customizations/customizations_overview.md b/docs/platgovsalesforceflashlight/gettingstarted/customizations_overview.md similarity index 93% rename from docs/platgovsalesforceflashlight/customizations/customizations_overview.md rename to docs/platgovsalesforceflashlight/gettingstarted/customizations_overview.md index 33935ba825..1f5c4279d8 100644 --- a/docs/platgovsalesforceflashlight/customizations/customizations_overview.md +++ b/docs/platgovsalesforceflashlight/gettingstarted/customizations_overview.md @@ -1,3 +1,9 @@ +--- +title: "Customizations Overview and Reports" +description: "Customizations Overview and Reports" +sidebar_position: 70 +--- + # Customizations Overview and Reports Customization records are documentation about each customization. They are automatically built and diff --git a/docs/platgovsalesforceflashlight/gettingstarted/dashboard.md b/docs/platgovsalesforceflashlight/gettingstarted/dashboard.md new file mode 100644 index 0000000000..21ab68f754 --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/dashboard.md @@ -0,0 +1,57 @@ +--- +title: "Using the Dashboard" +description: "Using the Dashboard" +sidebar_position: 30 +--- + +# Using the Dashboard + +Flashlight comes with a comprehensive dashboard with everything to manage your org at your +fingertips. The dashboard provides key tools and reports to enable you to take full control of your +org and action problematic areas as required. + +- Scanner Status +- Recent Updates to Customizations +- Resources +- Key Tools +- DRD Generator + +## Scanner Status + +Displays the current status of the scanner (Not Started, In Progress, Completed) and the number of +days since the scanner was last run. It is recommended to run the scanner every week so your org +documentation is up-to-date. +![Scanner status on the dashboard](/img/product_docs/platgovsalesforceflashlight/getting_started/scanner_status.webp) + +## Recent Updates to Customizations + +Displays the number of New, Changed, and Deleted Customizations over the past seven days. +![Recent Updates to Customizations shown on the Dashboard](/img/product_docs/platgovsalesforceflashlight/getting_started/dashboard_updates_800x167.webp) + +Click on number to drill down into a Report for more information. For example, here is the report +for the 10 New Analytics Customizations: +![Drill down into a report for each number](/img/product_docs/platgovsalesforceflashlight/getting_started/dashboard_updates_report_800x406.webp) + +## Resources + +Links to key resources to help you learn to use Flashlight. + +![Resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) + +## Key Tools + +Links to useful Flashlight tools to give you more value out of your documentation. + +![Key Tools](/img/product_docs/platgovnetsuiteflashlight/getting_started/key_tools.webp) + +- **DRD**: Explore your customizations with Flashlight’s visual DRD and understand how + customizations relate to each other. +- **Finder**:[Find](/docs/platgovsalesforceflashlight/tools/finder.md) standard and customized objects created by the scanner. +- **Export Objects**: Open the [Export Objects](/docs/platgovsalesforceflashlight/tools/export_objects.md) tool. + +## DRD Generator + +A shortcut to open the DRD for the entered **Name** or **API Name**. +![Shortcut to the DRD tool](/img/product_docs/platgovsalesforceflashlight/getting_started/dashboard_drd_gen.webp) + +**Next Step:**[ Viewing the Status Report](/docs/platgovsalesforceflashlight/gettingstarted/config_and_stats.md) diff --git a/docs/platgovsalesforceflashlight/gettingstarted/getting_started_overview.md b/docs/platgovsalesforceflashlight/gettingstarted/getting_started_overview.md new file mode 100644 index 0000000000..ddf4156b5d --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/getting_started_overview.md @@ -0,0 +1,28 @@ +--- +title: "Getting Started Overview" +description: "Getting Started Overview" +sidebar_position: 30 +--- + +# Getting Started Overview + +It is easy to be up and running with Flashlight by Strongpoint for Salesforce. + +1. [Install Flashlight by Strongpoint](/docs/platgovsalesforceflashlight/gettingstarted/installing_flashlight.md) +2. Run the [Getting Started Wizard](/docs/platgovsalesforceflashlight/gettingstarted/using_getting_started_wizard.md) to begin your first scan and + document your customizations. Once started, wait for the email notification the scan is finished. + +## Getting to Know Flashlight + +There are a variety of informational topics to help you see what Flashlight documents in your org: + +- [Using the Dashboard](/docs/platgovsalesforceflashlight/gettingstarted/dashboard.md) describes the items on the Flashlight Home page. +- [Configuration and Status](/docs/platgovsalesforceflashlight/gettingstarted/config_and_stats.md) and the + [Platform Governor Status](/docs/platgovsalesforceflashlight/gettingstarted/platform_governor.md) reports display Flashlight system information. +- [Running the Scheduler](/docs/platgovsalesforceflashlight/gettingstarted/scheduler.md) is where you set up automatic scans after your initial scan + is complete. +- [Customizations Overview](/docs/platgovsalesforceflashlight/gettingstarted/customizations_overview.md) and + [Understanding the Customization Record](/docs/platgovsalesforceflashlight/gettingstarted/understanding_customization_record.md) + provide insights into what Flashlight documents in your org. + +**Next Step:** [Installing Flashlight](/docs/platgovsalesforceflashlight/gettingstarted/installing_flashlight.md) diff --git a/docs/platgovsalesforceflashlight/getting_started/installing_flashlight.md b/docs/platgovsalesforceflashlight/gettingstarted/installing_flashlight.md similarity index 83% rename from docs/platgovsalesforceflashlight/getting_started/installing_flashlight.md rename to docs/platgovsalesforceflashlight/gettingstarted/installing_flashlight.md index 4c4f58a4ea..c0661d4aef 100644 --- a/docs/platgovsalesforceflashlight/getting_started/installing_flashlight.md +++ b/docs/platgovsalesforceflashlight/gettingstarted/installing_flashlight.md @@ -1,3 +1,9 @@ +--- +title: "Installing Flashlight by Strongpoint" +description: "Installing Flashlight by Strongpoint" +sidebar_position: 10 +--- + # Installing Flashlight by Strongpoint The Flashlight app package is available on the Salesforce AppExchange. To install Flashlight by @@ -17,4 +23,4 @@ Strongpoint: NOTE: Strongpoint installs in the background. An email notification is sent to you when the installation is complete. -**Next Step:** [Using the Getting Started Wizard](/docs/platgovsalesforceflashlight/getting_started/using_getting_started_wizard.md) +**Next Step:** [Using the Getting Started Wizard](/docs/platgovsalesforceflashlight/gettingstarted/using_getting_started_wizard.md) diff --git a/docs/platgovsalesforceflashlight/gettingstarted/platform_governor.md b/docs/platgovsalesforceflashlight/gettingstarted/platform_governor.md new file mode 100644 index 0000000000..6352afd67f --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/platform_governor.md @@ -0,0 +1,26 @@ +--- +title: "Viewing the Platform Governor Status" +description: "Viewing the Platform Governor Status" +sidebar_position: 50 +--- + +# Viewing the Platform Governor Status + +This is a live status update of the Strongpoint Usage of SFDC Governor Limit. Access it from +**Support** > **Platform Governor Status** + +When Strongpoint reaches the threshold, executions are reschedule for the next day so the +organization limit is not reached. + +![governor_800x271](/img/product_docs/platgovsalesforceflashlight/getting_started/governor_800x271.webp) + +## Setting a Threshold + +You can set or edit the organization limits through the **Setup** menu. + +1. Open **Setup** +2. Search for **Strongpoint General Config CS** +3. Click **Manage** next to **Strongpoint General Config CS** +4. Click **Edit** next to **Strongpoint Apex Method Daily** +5. Change the **Value Number** as needed. +6. Click **Save** diff --git a/docs/platgovsalesforceflashlight/gettingstarted/report_a_bug.md b/docs/platgovsalesforceflashlight/gettingstarted/report_a_bug.md new file mode 100644 index 0000000000..d4700dbdf4 --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/report_a_bug.md @@ -0,0 +1,16 @@ +--- +title: "Report a Bug" +description: "Report a Bug" +sidebar_position: 100 +--- + +# Report a Bug + +If you encounter any problems using Flashlight or you have suggested improvements, we would love to +hear from you! Your feedback is incredibly valuable to us and the continued success of Flashlight. +Follow these simple steps to provide feedback: + +1. Open **Flashlight** > **Support** > **Report a Bug** +2. Complete the form and our support team will contact you. + +![Report a Bug](/img/product_docs/platgovsalesforceflashlight/getting_started/report_bug_800x399.webp) diff --git a/docs/platgovsalesforceflashlight/gettingstarted/scheduler.md b/docs/platgovsalesforceflashlight/gettingstarted/scheduler.md new file mode 100644 index 0000000000..6ca7b97a57 --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/scheduler.md @@ -0,0 +1,18 @@ +--- +title: "Running the Scheduler" +description: "Running the Scheduler" +sidebar_position: 60 +--- + +# Running the Scheduler + +Strongpoint's scheduler creates automated scans and documents the Field Usage and date last used +(DLU). + +To use the scheduler tool: + +1. Open **Flashlight** > **Support** > **Scheduler** + ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp)2. + Toggle **Enabled**/**Disabled**by the category. Your selections are automatically saved. +2. Select the **Frequency** , **Day** and **Time**. Your selections are automatically saved. +3. Click any menu item to close the **Scheduler**. diff --git a/docs/platgovsalesforceflashlight/gettingstarted/understanding_customization_record.md b/docs/platgovsalesforceflashlight/gettingstarted/understanding_customization_record.md new file mode 100644 index 0000000000..e66e1d9580 --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/understanding_customization_record.md @@ -0,0 +1,142 @@ +--- +title: "Understanding the Customization Record" +description: "Understanding the Customization Record" +sidebar_position: 80 +--- + +# Understanding the Customization Record + +The customization detail contains general information about the customization record. The +customization name appears in the banner with function buttons: + +- **Save**: saves the customization record. +- **Rescan**: runs the scanner on the record. You are prompted to refresh the page. +- **Go To Record**: brings up the customization record for editing or to view additional details. +- **Update Description and Help Text**: editor to add or modify the **Description** and **Help + Text** fields. + +Customization record fields include: + +- **Base Record**: Link to the base record for the customization. +- **Owner ID**: Link to the current owner. +- **Description**: Details added to the record. Click **Update Description and Help Text** to + update. +- **Salesforce Type**: Customization type. +- **API Name:** APIs associated with the record. +- **Help Text**: Helpful information detailing function and use of each customization. Click + **Update Description and Help Text** to update. +- **Related Objects**: Links to related objects. +- **Details**: Tabs to access details about the customization. Tabs include **Metadata**, + **Improvement**, **Permissions**, **Control**, **DRD**, **Raw Data** and **Related Lists**. + +![customization_record_800x315](/img/product_docs/platgovsalesforceflashlight/customizations/customization_record_800x315.webp) + +## Customization Record Tabs + +These are the tabs inside a customization record: + +> Metadata +> +> Improvements +> +> Control +> +> DRD +> +> Raw Data +> +> Related Lists + +### Metadata + +The metadata tab provides the metadata information about the customization, including: + +- **Date Last Used**: date the customization was last used. Refer to + [DLU](/docs/platgovsalesforceflashlight/cleanup/date_last_used.md) for more information. +- **Data type**: data type of the custom field. +- **Last Modified Date**: last date the customization was modified. +- **Active**: indicates whether the customization is a active. +- **Package**: indicates the package (if any) of the customization. +- **List**: Custom/Standard list used as a data source by the customization. +- **Last Modified File Date**: last date the file was modified +- **Customization Created By**: user who created the customization. +- **Customization Created Date**: date the customization was created. +- **Customization Last Modified By**: user who last modified the customization. +- **Script File Date**: date the script file was last modified. +- **Script File**: primary script file for a script customization. +- **Functions**: functions used in the script. +- **Script Fields**: fields used in the script file. +- **Attempt #**: number of times the script has tried to execute. +- **# of Lines**: number of lines in the script. +- **Manageable State**: the current state if it is from a managed/unmanaged package. + +### Improvements + +The improvement tab provides information about improvements that can be made on a customization such +as clean up: + +- **Clean Up Status**: This is the clean-up status of customizations that are to be deleted. +- **Change/Approval Policy**: This field designates the approval policy related to a customization. +- **Clean Up Comments**: This field is used to make notes during clean up and improvements. +- **Clean-up Classification**: This field shows an overview of the clean-up classification. +- **Add to Change Request**: Lookup tool to associate the clean up to an existing change request. + +- : This is one or more Customization records representing the data source(s) for this particular + field. + +### Control + +The control tab describes assigned controls on a customization record for example controls assigned +on a financial report. + +- **Control**: determines if the customization is a control. +- **Control Frequency**: frequency at which a control should be checked. +- **Track Duplicates**: specifies whether duplicate issues are to be tracked or not. +- **Control Type**: select count to record numbers, issues, tasks etc. +- **Control Assignee**: assign tasks, issues or alerts to someone other than the owner, if blank the + control alerts the owner of the customization. +- **Controlled Process**: process this customization controls. +- **Control Count**: custom field created for the account. +- **Alert Control Owner**: check box to alert owner of the control. +- **Next Control Date Time**: notes the date and time when to start monitoring. +- **Risk/Requirement**: process issue associated with the customization. +- **Last Control Run Date**: This is the last date the control was run. +- **Alert Process Owner**: check box to alert the process owner whenever an incident is detected. +- **Alert/Task Message**: The message that will be sent to the assignee on tasks or recipients of + alerts. +- **Instructions for Resolution**: instructions for resolving the issue. +- **Control Error/Warning**: errors or warnings encountered when control was last run. Blank + indicates no errors/warnings. + +### DRD + +Dependency Relationship Diagram ([DRD](/docs/platgovsalesforceflashlight/tools/viewing_drd.md)) displays objects, customizations +and their relationships and dependencies. + +### Raw Data + +This tab describes and list the XML code contained in a customization. + +- **Last Scanner Date**: Last date in which the scanner ran and evaluated the current customization. +- **Rescanner**: information for rescanning the customization and evaluating progress of Apex + Batches to show **In Progress**. +- **Make Join Date**: date customization was last passed to Make Join script. +- **Incomplete Object**: checked if the object is incomplete. +- **Suppress Changelog**: prevent changes from being made. +- **Script Fields (Raw)**: fields in the relevant script file. +- **Scripts (Raw)**: scripts used by other customizations. +- **Workflow/Approval Fields (Raw)**: data workflow fields. +- **Workflow Scripts (Raw)**: data workflow scripts. +- **Extended Types Fields (Raw)**: CSV of fields used by a customization. +- **Report/Search Fields (Raw)**: fields used in filter criteria or columns for a search. +- **Layout (Raw)**: custom field to hold custom fields of ListView, visual pages and layouts. +- **List (Raw)**: references related to this field. +- **Scanner Read**: check box to indicate if the retrieve and the customization was executed and + read. +- **Folder File Name**: name of the folder and file where Salesforce has the Metadata component. +- **Encoded API Name**: field to note the retrieve with encoded API name. +- **XML/Code**: XML/code representation of the page for a customization. + +### Related Lists + +Links to related lists: Change Logs, Notes & Attachments and Customization History. diff --git a/docs/platgovsalesforceflashlight/gettingstarted/uninstalling_flashlight.md b/docs/platgovsalesforceflashlight/gettingstarted/uninstalling_flashlight.md new file mode 100644 index 0000000000..5635ad8f45 --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/uninstalling_flashlight.md @@ -0,0 +1,20 @@ +--- +title: "Uninstalling Flashlight" +description: "Uninstalling Flashlight" +sidebar_position: 90 +--- + +# Uninstalling Flashlight + +Here is how to uninstall the Flashlight app from your org: + +1. Open **Setup** from the Salesforce main menu. +2. Select **Apps** > **App Manager** +3. Locate **Flashlight** in the installed list. +4. Click the Action icon on the far right of the Flashlight entry and click + **Delete**![uninstall_flashlight_800x285](/img/product_docs/platgovsalesforceflashlight/getting_started/uninstall_flashlight_800x285.webp) + +NOTE: Once you uninstall the Flashlight app you must +email [flashlight@strongpoint.io](mailto:flashlight@strongpoint.io) to ensure you are not billed +again. If you cancel within 48 hours of your next scheduled billing, you may be charged and then +refunded diff --git a/docs/platgovsalesforceflashlight/gettingstarted/using_getting_started_wizard.md b/docs/platgovsalesforceflashlight/gettingstarted/using_getting_started_wizard.md new file mode 100644 index 0000000000..796f92c307 --- /dev/null +++ b/docs/platgovsalesforceflashlight/gettingstarted/using_getting_started_wizard.md @@ -0,0 +1,29 @@ +--- +title: "Using the Getting Started Wizard" +description: "Using the Getting Started Wizard" +sidebar_position: 20 +--- + +# Using the Getting Started Wizard + +The Getting Started Wizard is available after you have installed the Flashlight +[app](/docs/platgovsalesforceflashlight/gettingstarted/installing_flashlight.md). + +To use the Getting Started Wizard: + +1. Open the Salesforce **App Launcher** and select **Flashlight**. + ![Launch the Flashlight app](/img/product_docs/platgovsalesforceflashlight/getting_started/install_flashlight2.webp) +2. Click on the **Flashlight** tab to open the Flashlight homepage. +3. Open **Support** > **Getting Started Wizard** + ![getting_started_wizard](/img/product_docs/platgovsalesforceflashlight/getting_started/getting_started_wizard.webp) + +4. Click **Run Scanner** to start the process. + ![Run the Scanner to start the documentation process](/img/product_docs/platgovsalesforceflashlight/getting_started/run_scanner.webp) +5. Click **Next**. +6. Click **Done**. + +Flashlight for Salesforce examines your org and begins the automated documentation process. The +process runs in the background. You receive an email notification when it is finished. The length of +time depends on the size of your org. + +**Next Step:** [Using the Dashboard](/docs/platgovsalesforceflashlight/gettingstarted/dashboard.md) diff --git a/docs/platgovsalesforceflashlight/tools/_category_.json b/docs/platgovsalesforceflashlight/tools/_category_.json new file mode 100644 index 0000000000..4d5694a96d --- /dev/null +++ b/docs/platgovsalesforceflashlight/tools/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Using Flashlight Overview", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "tools_overview" + } +} \ No newline at end of file diff --git a/docs/platgovsalesforceflashlight/tools/export_object_attachment_records.md b/docs/platgovsalesforceflashlight/tools/export_object_attachment_records.md index b95b0271a5..df62e8ea57 100644 --- a/docs/platgovsalesforceflashlight/tools/export_object_attachment_records.md +++ b/docs/platgovsalesforceflashlight/tools/export_object_attachment_records.md @@ -1,3 +1,9 @@ +--- +title: "Export Object Attachment Records" +description: "Export Object Attachment Records" +sidebar_position: 70 +--- + # Export Object Attachment Records When [Object](/docs/platgovsalesforceflashlight/tools/export_objects.md), [Profile and Permission Set](/docs/platgovsalesforceflashlight/tools/export_profiles.md) or diff --git a/docs/platgovsalesforceflashlight/tools/export_objects.md b/docs/platgovsalesforceflashlight/tools/export_objects.md index dcaf9a1df5..224ca37dfd 100644 --- a/docs/platgovsalesforceflashlight/tools/export_objects.md +++ b/docs/platgovsalesforceflashlight/tools/export_objects.md @@ -1,3 +1,9 @@ +--- +title: "Export Objects" +description: "Export Objects" +sidebar_position: 40 +--- + # Export Objects Administrators can use this to export one or more objects, including all child objects, into a diff --git a/docs/platgovsalesforceflashlight/tools/export_profiles.md b/docs/platgovsalesforceflashlight/tools/export_profiles.md index 3154cf7bd0..ca5847bc8a 100644 --- a/docs/platgovsalesforceflashlight/tools/export_profiles.md +++ b/docs/platgovsalesforceflashlight/tools/export_profiles.md @@ -1,3 +1,9 @@ +--- +title: "Export Profiles and Permission Sets" +description: "Export Profiles and Permission Sets" +sidebar_position: 50 +--- + # Export Profiles and Permission Sets Administrators can use this tool to export all user permissions into a single view for easy review diff --git a/docs/platgovsalesforceflashlight/tools/export_users.md b/docs/platgovsalesforceflashlight/tools/export_users.md index 02542219ff..83840ebaf0 100644 --- a/docs/platgovsalesforceflashlight/tools/export_users.md +++ b/docs/platgovsalesforceflashlight/tools/export_users.md @@ -1,3 +1,9 @@ +--- +title: "Export Users" +description: "Export Users" +sidebar_position: 60 +--- + # Export Users Exports user information to an XLS file. diff --git a/docs/platgovsalesforceflashlight/tools/finder.md b/docs/platgovsalesforceflashlight/tools/finder.md index 91ba67ed82..40a5cfbbeb 100644 --- a/docs/platgovsalesforceflashlight/tools/finder.md +++ b/docs/platgovsalesforceflashlight/tools/finder.md @@ -1,3 +1,9 @@ +--- +title: "Using the Finder" +description: "Using the Finder" +sidebar_position: 30 +--- + # Using the Finder Strongpoint's **Finder** searches and finds standard and customized objects created by the scanner. diff --git a/docs/platgovsalesforceflashlight/tools/reports_overview.md b/docs/platgovsalesforceflashlight/tools/reports_overview.md index 9f50586b72..6ebb7213ed 100644 --- a/docs/platgovsalesforceflashlight/tools/reports_overview.md +++ b/docs/platgovsalesforceflashlight/tools/reports_overview.md @@ -1,3 +1,9 @@ +--- +title: "Accessing Reports" +description: "Accessing Reports" +sidebar_position: 80 +--- + # Accessing Reports The Flashlight **Reports / List Views** tab has links to all of the predefined reports and log @@ -29,22 +35,22 @@ These reports are available from **Flashlight** > **Reports / List Views** > **C These reports are available from **Flashlight** > **Reports / List Views** > **Clean Up**. -> [Default Clean Up List View](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#default-clean-up-list-view) +> [Default Clean Up List View](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#default-clean-up-list-view) > -> [Open Clean Up Status](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#open-clean-up-status) +> [Open Clean Up Status](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#open-clean-up-status) > -> [Clean Up Waiting for Info](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#clean-up-waiting-for-info) +> [Clean Up Waiting for Info](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#clean-up-waiting-for-info) > -> [Customizations Excluded from Clean Up](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#customizations-excluded-from-clean-up) +> [Customizations Excluded from Clean Up](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#customizations-excluded-from-clean-up) > -> [Unused Fields](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#unused-fields) +> [Unused Fields](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#unused-fields) > -> [Unused Scripts](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#unused-scripts) +> [Unused Scripts](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#unused-scripts) > -> [Unused Reports](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#unused-reports) +> [Unused Reports](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#unused-reports) > -> [Customizations with Inactive Owners](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#customizations-with-inactive-owners) +> [Customizations with Inactive Owners](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#customizations-with-inactive-owners) > -> [Custom Fields without Help Text](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#custom-fields-without-help-text) +> [Custom Fields without Help Text](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#custom-fields-without-help-text) > -> [Custom Fields without Description](/docs/platgovsalesforceflashlight/clean_up/cleanup_reports.md#custom-fields-without-description) +> [Custom Fields without Description](/docs/platgovsalesforceflashlight/cleanup/cleanup_reports.md#custom-fields-without-description) diff --git a/docs/platgovsalesforceflashlight/tools/running_scanner.md b/docs/platgovsalesforceflashlight/tools/running_scanner.md index daa847f418..10eab43d25 100644 --- a/docs/platgovsalesforceflashlight/tools/running_scanner.md +++ b/docs/platgovsalesforceflashlight/tools/running_scanner.md @@ -1,3 +1,9 @@ +--- +title: "Running the Scanner" +description: "Running the Scanner" +sidebar_position: 20 +--- + # Running the Scanner When the initial scan is complete, you can run additional on demand scans as required. diff --git a/docs/platgovsalesforceflashlight/tools/tools_overview.md b/docs/platgovsalesforceflashlight/tools/tools_overview.md index 1e5a0a809d..7b0a882d7b 100644 --- a/docs/platgovsalesforceflashlight/tools/tools_overview.md +++ b/docs/platgovsalesforceflashlight/tools/tools_overview.md @@ -1,3 +1,9 @@ +--- +title: "Using Flashlight Overview" +description: "Using Flashlight Overview" +sidebar_position: 40 +--- + # Using Flashlight Overview There are links to access **Key Tools** on the Flashlight **Home** page. diff --git a/docs/platgovsalesforceflashlight/tools/validating_data.md b/docs/platgovsalesforceflashlight/tools/validating_data.md index a337c83d9b..ca319e4489 100644 --- a/docs/platgovsalesforceflashlight/tools/validating_data.md +++ b/docs/platgovsalesforceflashlight/tools/validating_data.md @@ -1,3 +1,9 @@ +--- +title: "Validating the Data" +description: "Validating the Data" +sidebar_position: 90 +--- + # Validating the Data Accurate documentation is critical for Strongpoint to support your change management and clean up diff --git a/docs/platgovsalesforceflashlight/tools/viewing_drd.md b/docs/platgovsalesforceflashlight/tools/viewing_drd.md index 6b6b342f2d..33a24767c9 100644 --- a/docs/platgovsalesforceflashlight/tools/viewing_drd.md +++ b/docs/platgovsalesforceflashlight/tools/viewing_drd.md @@ -1,3 +1,9 @@ +--- +title: "Dependency Relationship Diagram" +description: "Dependency Relationship Diagram" +sidebar_position: 10 +--- + # Dependency Relationship Diagram Strongpoint's Dependency Relationship Diagram (DRD) displays objects, customizations and their diff --git a/docs/platgovsalesforceflashlight/welcome.md b/docs/platgovsalesforceflashlight/welcome.md index c2bc26ebac..c606933824 100644 --- a/docs/platgovsalesforceflashlight/welcome.md +++ b/docs/platgovsalesforceflashlight/welcome.md @@ -1,3 +1,9 @@ +--- +title: "Welcome" +description: "Welcome" +sidebar_position: 10 +--- + # Welcome Flashlight™ by Strongpoint is Salesforce Documentation for Everybody! Easy to install, easy to @@ -22,7 +28,7 @@ Flashlight provides your organization these key benefits: #### Move Faster -- Use the Flashlight [Dashboard](/docs/platgovsalesforceflashlight/getting_started/dashboard.md) and the Dependency Relationship +- Use the Flashlight [Dashboard](/docs/platgovsalesforceflashlight/gettingstarted/dashboard.md) and the Dependency Relationship Diagrams to spot problems before they happen and respond to your users more quickly. - Now you can make better, faster decisions to drive your business forward. diff --git a/docs/platgovsalesforceflashlight/what_flashlight_documents.md b/docs/platgovsalesforceflashlight/what_flashlight_documents.md index f8b962144c..6d299e3fe8 100644 --- a/docs/platgovsalesforceflashlight/what_flashlight_documents.md +++ b/docs/platgovsalesforceflashlight/what_flashlight_documents.md @@ -1,3 +1,9 @@ +--- +title: "What Does Flashlight Document?" +description: "What Does Flashlight Document?" +sidebar_position: 20 +--- + # What Does Flashlight Document? Flashlight documents over 120 Salesforce metadata types. For display within the Flashlight diff --git a/docs/privilegesecure/4.2/accessmanagement/_category_.json b/docs/privilegesecure/4.2/accessmanagement/_category_.json new file mode 100644 index 0000000000..b957a88234 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Privilege Secure for Access Management v4.2 Documentation", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/_category_.json new file mode 100644 index 0000000000..51435b6e32 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Administration", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/access/createsession.md b/docs/privilegesecure/4.2/accessmanagement/admin/access/createsession.md deleted file mode 100644 index a576c5cbb2..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/access/createsession.md +++ /dev/null @@ -1,49 +0,0 @@ -# Create My Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Select an **Activity** to expand the session ribbon. - -![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) - -**Step 2 –** Click **Create Session** to start a new activity session. - -- If an Activity is assigned to a single resource, the Activity card will display the name of the - resource; selecting **Create Session** from the session ribbon will immediately start the - Activity. -- If the Activity is assigned to more than one resource, the Activity card will display the number - of resources; selecting **Create Session** from the session ribbon will open the Configure Session - window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. - -![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) - -**Step 3 –** Enter the following information: - -- If the Activity is a member of more than one Access Policy, the Access Policy field will change to - a drop-down selection. Based the resources assigned to the selected access policy, the list of - resources will change in the table. -- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should - be optional or mandatory for the session in the related Connection Profile) -- Select the resources required for the Activity session. Use the **Search** field to filter the - resource list. -- Click **Start Session** to start the provisioning process. - -![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) - -**NOTE:** If an approval is required, the Waiting for approval message will display until it has -been granted. - -![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) - -**Step 4 –** When provisioned, an activity session will display an Available status with a green -icon. Click **Available** to launch the session. - -- The contextual menu (…) to the top right of the active session card contains options to stop an - active session and to copy/view the login account password, if enabled in the related Connection - Profile. -- All sessions may be managed via the Dashboard interface, and the My Activities interface - interchangeably. - -Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md deleted file mode 100644 index ae598d5a1d..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md +++ /dev/null @@ -1,21 +0,0 @@ -# Access > My Activities Page - -The Access > My Activities page displays activities mapped to the user as individual cards, -organized alphabetically or by Access Policy. - -![My Activities Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.webp) - -To access the My Activities page, open the Access interface. If there is only a single activity card -present on this page that activity will open automatically. - -Activities may be sorted in alphabetical order (the default) or organized into groups according to -Access Policy. Duplicate activities will be automatically grouped into a single card on this -interface. In the modal for provisioning the session, the user can still select from the multiple -Access Policies that are duplicating their access to the activity. - -An Activity may appear in more than one Access Policy group if the Activity is a member of more than -one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by -the resource list of the Access Policy. - -To create an Activity Session, click the **plus** button to begin. See the -[Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/admin/access/createsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md deleted file mode 100644 index 400336dca0..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md +++ /dev/null @@ -1,17 +0,0 @@ -# Audit & Reporting Interface - -The Audit and Reporting interface provides auditing and reporting tools to interrogate all logged -activity data in the Privilege Secure Console. This chapter explains the interface features and how -to use them. - -![interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.webp) - -Click Audit and Reporting to expand the menu. Settings can be configured for: - -- [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md) — Audit and remediate user access -- [Activity Log Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/activitylog.md) — View activity logs for users and resources -- [DB Change History Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/dbchangehistory.md) — View records of database additions, updates, - and deletions -- [Events Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/events.md) — View the console event log -- [Log Files Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfiles.md) — View the log files from within the console -- [Reporting](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/reporting.md) – View reports on activity diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/events.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/events.md deleted file mode 100644 index 2e45478c58..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/events.md +++ /dev/null @@ -1,22 +0,0 @@ -# Events Page - -The Events page shows event logs for the Privilege Secure Console. - -![Audit and Reporting Events Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/eventspage.webp) - -The Events page has the following features: - -- Search – Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Column headers can be sorted in ascending or descending order: - - - Status – Shows status information for the session - - - Information - - Error - - - Time – Timestamp of the event - - User – User associated with the event - - Access Policy – Name of the Access Policy - - Event Message – Description of the event - - Session ID – Unique identifier for the session diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfiles.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfiles.md deleted file mode 100644 index 160e0f59af..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfiles.md +++ /dev/null @@ -1,25 +0,0 @@ -# Log Files Page - -The Logs page shows the log files. From here, search and investigate the records. - -![Audit and Reporting Log Files Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfilespage.webp) - -On the left of the page, the Log list shows the log files: - -- Search – Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- List of Log files – Select a log file from the list to view it contents - -The right of the page shows the contents of the selected log file and has the following features: - -- Search – Search the contents of the log file -- Oldest/Newest Are At The Top button – Click to toggle the list by ascending or descending order -- Go To Top button – Return to the top of the list -- List of log entries – Itemized lines from log entry file - -The log files are saved in the default location: - -C:\ProgramData\Stealthbits\PAM\Log - -The log files are saved with a naming format of: `PAM-[Service][yyyymmdd]`. For example: -`PAM-ActionService20191002.log` diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/reporting.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/reporting.md deleted file mode 100644 index c265cd97da..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/reporting.md +++ /dev/null @@ -1,186 +0,0 @@ -# Reporting - -Reports can be viewed and configured on the Reporting page. Predefined reports are available, as -well as platform-based reports based on the same data sources as the predefined reports. -Additionally, custom reports can be generated based on the predefined reports. All reports can be -downloaded as a PDF or CSV file or subscribed to via email. - -## Reports Tree - -The reports on the Reporting page are organized into folders in a tree menu. Reports can be added to -the Favorites folder or removed from the Favorites folder by clicking the star icon next to the -report name. Each report has a Filters tab (which allows the report to be run, downloaded, or -configured) and a Subscriptions tab (which allows the Privilege Secure user to Subscribe to the -report via email). - -![Reports Tree](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/reportstree.webp) - -The Search Reports box will search all report names, both predefined and custom, for the specified -report name. The report tree will then be filtered down to the matching reports. - -## Report Folders - -The Reports tree contains the following folders. - -Favorites Folder - -This folder in the report tree contains reports that have been marked with a star for easy access. -Clicking the star on a favorite report will remove it from the Favorites folder. - -Predefined Reports - -This folder contains predefined reports covering common reporting uses cases. Included are: - -- Account Password Age -- All Activity Sessions -- Password Rotations - -Predefined Platform-Based Reports - -This folder contains predefined reports that are filtered to specific platforms. Included are: - -- All Active Directory Sessions -- All Entra ID Sessions -- All Cisco Sessions -- All Linux Sessions -- All Microsoft SQL Server Sessions -- All Oracle Sessions -- All Website Sessions -- All Windows Sessions - -My Reports - -This folder contains all reports created using the “+” icon next to the Search Reports field or -created by modifying and saving an existing predefined or platform based report. - -## Add a New Report - -Click the + icon next to the Search Reports field to open a new custom report. Enter a name for the -new report in the Enter Report Name box. - -### Filters Tab - -The Filters tab provides customization options for the new report. - -![Reporting Filters Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/filterstab.webp) - -The Filters tab has the following configuration options: - -- Save – Saves the report and add it to the My Reports folder in the report tree -- Cancel – Cancels the creation of the report and clear all edits that have been made to the new - report -- Source Drop-down List – Contains data sources that allow the report to look at different data sets - related to Privilege Secure administration. See the Data Sources topic for additional information. -- Timeframe Drop-down List – Contains a number of predefined timeframes, ranging from “Last Hour” to - “Last 30 Days”. Additionally, “Custom” can be selected, which makes visible a “Start date” date - picker and an “End date” date picker. -- Attribute Drop-down List – Contains attributes from the given Source that can be paired with an - operator and a value -- Operator – Contains operators that can be used to filter an attribute -- Value – This field allows manual entry of a value against which the operator will be applied. The - field also offers a drop-down menu which is populated with values from the backend database. - -### Data Sources - -The Source drop-down list contains the following data sources for reports. - -Activity Sessions - -This data source contains activity session information, and allows the report to be filtered on the -following attributes for a given activity session: - -- Domain -- Platform -- Activity -- Target User -- Target Host -- User - -Resource Sync - -This data source contains resource sync information, and allows the report to be filtered on the -following attributes for a given synced resource: - -- Version -- Name -- IP Address -- Operating System - -Password Rotation - -This data source contains password rotation information, and allows the report to be filtered on the -following attributes for a given password rotation event: - -- Target Rotation -- Results -- Change Reason -- User - -Password Age - -This data source contains password age information, and allows the report to be filtered on the -following attributes for a given user account: - -- Account Name -- Computer -- Password Age -- Name -- Privilege - -**NOTE:** The Subscriptions tab will not be enabled until saving the report. See the Subscriptions -Tab topic for additional information. - -## Customize an Existing Report - -Any predefined report, platform-based report, or custom report under My Reports functions -identically. - -### Filters Tab - -Customize the desired configuration settings in the Filters tab. - -![Reporting Filters Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/filterstab.webp) - -The Filters tab has the following configuration options: - -- Run Query – Runs the query for the given report, and returns any data matching the configured - query -- Download Report – Generates and downloads the report, either as PDF or as CSV. The file name of - the downloaded report will indicate the name of the report and the time of download. For example, - "All Linux Sessions-24-05-07-164307". -- Save – Saves any modifications to the report. If this is a predefined or platform based report, it - will save as a new report under My Reports -- Delete **(available for custom reports only)** – Deletes the custom report -- Source Drop-down List – Contains data sources that allow the report to look at different data sets - related to Privilege Secure administration. See the Data Sources topic for additional information. -- Timeframe Drop-down List – Contains several predefined timeframes, ranging from “Last Hour” to - “Last 30 Days”. Additionally, “Custom” can be selected, which makes visible a “Start date” date - picker and an “End date” date picker. -- Attribute Drop-down List – Contains attributes from the given Source that can be paired with an - operator and a value. -- Operator – Contains operators that can be used to filter an attribute. -- Value – Allows manual entry of a value against which the operator will be applied. The field also - offers a drop-down menu which is populated with values from the backend database. - -### Subscriptions Tab - -The Subscriptions tab allows the Privilege Secure user to Subscribe to the report via email. - -![Reporting Subscriptions Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/subscriptionstab.webp) - -The report will be emailed to the Email value for the user, which is populated based on Active -Directory attributes and can be confirmed for a given user by checking the Users and Groups page. If -a new custom schedule is needed for a Subscription, one can be created under the **Policy** > -**Platforms** > **Schedule Policies** menu. All Schedule Policies will show up in the list when you -Subscribe to a report. See the [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic -for additional information. - -The Subscriptions tab has the following configuration options: - -- Search – Allows the subscriptions for this report to be searched based on the username of the - subscribed Privilege Secure user -- Subscribe/Unsubscribe button – Subscribe or unsubscribe the logged in user to the report according - to a specified schedule from the drop-down menu -- CSV checkbox – If checked, a CSV of the report will be emailed to the subscribed user -- PDF checkbox – If checked, a PDF of the report will be emailed to the subscribed user -- Subscriptions table – Shows the subscribed users for the report, and their subscription schedule diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md deleted file mode 100644 index 4b6a1742f1..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md +++ /dev/null @@ -1,74 +0,0 @@ -# Users Tab for Access Certification - -The Users tab shows the users and groups in the selected access certification task for which the -reviewer must certify access entitlement. - -![userstab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/userstab.webp) - -The Users table has the following features: - -- Search – Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Column headers can be resized and sorted by ascending or descending order: - - - Name – Click to open the Users and Groups Details page. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) - topic for additional information. - - User Name – Displays the name of the account - - Email – Displays the associated email address, if available - - Type – User or Group - -- Add button (Only visible when adding a new task) – Opens the Add Users and Groups window. See the - Add Users to Review topic for additional information. - -## Add Users to Review - -Follow the steps to add users and groups to the access certification task. - -**NOTE:** It is not possible to add or remove users after they have been added. - -**Step 1 –** Navigate to the Audit and Reporting > Access Certification page. - -**Step 2 –** In the Access Certification Task list, select the name of the task and select the Users -tab - -**Step 3 –** Click Add to open the Add Users and Groups window. - -![addusers](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/addusers.webp) - -The Add Users and Groups window has the following features: - -- Filter by users or groups -- Search – Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Available Users/Groups – Shows all users and groups added to the console -- Users & Groups to Add – Shows the users to be added to the access certification task -- Column headers can be sorted in ascending or descending order: - - - Name – Displays the name of the account - - User Name – SAM Account Name for the user or group - - User Principal Name – User Principal Name (UPN) of the user or group - - Email – Displays the associated email address, if available - -**Step 4 –** Filter by Users or Groups, or use the Search feature. - -**Step 5 –** To add a user or group to the access certification task, click a row in the Available -Users/Groups table and it is immediately moved to the Users & Groups to Add table. - -**Step 6 –** (Optional) Click a row in the Users & Groups to Add table to move it back to the -Available Users/Groups table. - -**CAUTION:** It is not possible to add or remove users after they have been added to the access -certification task. - -**Step 7 –** Click Add to add the user(s) and group(s) to the access certification task. - -The new user(s) and group(s) are added to the certification task and are shown on the Users Tab for -Access Certification. - -**NOTE:** Only the assigned reviewer can interact with the entitlements once the access -certification task is created. - -The reviewer can now log in to see the access certification task(s) assigned to them and begin the -review process. See the [Entitlements Tab for Access Certification](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/entitlements.md) topic for -additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/authenticationconnector.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/authenticationconnector.md deleted file mode 100644 index a1f42e8574..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/authenticationconnector.md +++ /dev/null @@ -1,32 +0,0 @@ -# Add Authentication Connector - -Follow the steps to add an authentication connector to the console. - -**Step 1 –** Navigate to the **Configuration** > **Authentication** page. - -**Step 2 –** In the Connectors list, click the **Plus** icon. - -![addauthentication](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addauthentication.webp) - -**Step 3 –** Enter the following information: - -- Authentication Connector Name – Displays the name of the authentication connector -- Connector Description (Optional) – Enter a brief description to identify the service account -- Connection Type – Indicates the type of authentication - -**NOTE:** Once the Connection Type is selected, additional fields become available. The available -fields will change depending on the selection. - -**Step 4 –** Enter the information from the applicable authentication connector provider. See the -[Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md) section for detailed descriptions of the fields. - -- For OpenID Connect, open the - [OpenID Connect Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/openidconnectconfiguration.md) -- For SAML, open the [SAML Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/samlconfiguration.md) - -See the [OpenID Connect Authentication](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/openidconnectauthentication.md) -appendices for additional information on how to configure third party Authentication Connectors. - -**Step 5 –** Click **Save** to create the new authentication connector. - -The new authentication connector is added to the Connectors list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationaccessanalyzer.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationaccessanalyzer.md index 47efb74226..93e51cd968 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationaccessanalyzer.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationaccessanalyzer.md @@ -69,7 +69,7 @@ used to get data from the Access Analyzer endpoint. ## Add Service Account for Enterprise Auditor Connector Follow the steps to add the service accounts for the Access Analyzer integration connector. See the -[Add Service Account](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/serviceaccount.md) topic for additional information. +[Add Service Account](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccount.md) topic for additional information. **Step 1 –** In the Privilege Secure Console, navigate to the Configuration > Service Accounts page. @@ -141,4 +141,4 @@ Import connector. **Step 3 –** Click **Sync** **StealthAUDIT** to begin the data collection. This may take some time. To view the import progress, navigate to **Service Nodes** > Action Services. See the -[Action Service](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/action.md) topic for additional information. +[Action Service](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/action.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/serviceaccount.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/serviceaccount.md deleted file mode 100644 index 392d314eda..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/serviceaccount.md +++ /dev/null @@ -1,20 +0,0 @@ -# Add Service Account - -Follow the steps to add a service account to the console. - -**Step 1 –** Navigate to the Configuration > Service Accounts page. - -**Step 2 –** In the Service Account list, click the Plus icon. - -![Add Service Account](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addserviceaccount.webp) - -**Step 3 –** Enter the applicable information. See the -[Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) section for detailed descriptions of the fields. - -- For service accounts checked out through a vault connector, select a previously added vault - connector from the drop-down list. See the - [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationbyov.md) topic for additional information. - -**Step 4 –** Click Save to create the new service account. - -The new service account is added to the Service Accounts list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md deleted file mode 100644 index b73d1b9017..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md +++ /dev/null @@ -1,34 +0,0 @@ -# Configuration Interface - -The Configuration interface provides information and management options for advanced configuration -settings. - -![Configuration Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.webp) - -Expand the Configuration menu in the Navigation pane for related pages: - -- [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) — Add or modify service accounts -- Service Nodes: - - - [Service Nodes Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/servicenodes.md) — View the status and details of Privilege Secure - Services - - [Scheduled Tasks Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtasks.md) — View or modify recurring tasks - -- System Settings — Modify the system settings: - - - [Action Service Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/actionservicesettings.md) - - [Database Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/database.md) - - [Email Configuration Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/emailconfiguration.md) - - [Global Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettings.md) - - [Local Account Password Options Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/localaccountpasswordoptions.md) - - [Password History Options Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/passwordhistoryoptions.md) - - [Local Account Password Options Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/localaccountpasswordoptions.md) - - [Services Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/services.md) - -- [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md) — Add or modify multi-factor authentication (MFA) -- [Integration Connectors Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/integrationconnectors.md) — Configure settings for integration - with other applications -- SIEM: - - - [SIEM Server Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemserver.md) — Add or modify SIEM servers - - [SIEM Templates Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md) — Add or modify SIEM templates diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md deleted file mode 100644 index 30131c29f9..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md +++ /dev/null @@ -1,119 +0,0 @@ -# Authentication Page - -The Authentication page is accessible from the Navigation pane under Configuration. It shows the -configured multi-factor authentication (MFA) or other third-party authentication connectors such as -OpenID Connect and SAML. - -Once configured, an authentication method may be assigned to any users who will use the method for -accessing the application. See the -[Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authenticationconnector.md) topic for -additional information. - -![Authentication Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationpage.webp) - -The pane on the left side of the page displays a list of the configured authentication connectors. -This pane has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- - button — Create a new connector. See the - [Add Authentication Connector](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/authenticationconnector.md) topic for additional - information. -- Default icon — Indicates if connector is set as default. Icon appears when activity is hovered - over. Click the icon to change or clear the default. -- Exclusive icon — Indicates if connector is set as exclusive. Icon appears when activity is hovered - over. Click the icon to change or clear the default. -- Trashcan icon — Deletes the connector. Icon appears when activity is hovered over. A confirmation - window will display. - -The selected connector details display at the top of the main pane: - -- Name — Displays the name of the authentication connector -- Description — Description of the policy -- Connector Type — Indicates the type of authentication: MFA, OpenID Connect, and SAML. Remaining - fields vary based on the Connector Type selected. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -## MFA Connector Type - -The following fields apply to the MFA Connector Type: - -- Server FQDN / IP — Address of the RADIUS server proxy -- Remote Port — Port of the RADIUS server proxy -- Auth Type — Security protocol used for communications between the Privilege Secure server and the - RADIUS proxy -- Shared Secret — Shared secret for the RADIUS proxy -- Max Retries — Indicates how many times the Privilege Secure server will attempt to communicate - with the RADIUS proxy -- Timeout (Seconds) — Indicates how long before Privilege Secure determines that the communication - with the RADIUS proxy has failed -- Title for MFA Auth Dialog — Title that will appear at the top of the authentication dialog -- Text for MFA Auth Dialog — Text that will be displayed to the user prompting for action -- Send NAS Identifier checkbox — Indicates if the NAS identifiers are transmitted to the RADIUS - proxy. This is required for certain RADIUS proxy implementations that require it. The NAS IP - Address value is the IP address of the Privilege Secure server; the NAS Identifier is “SbPAM”. -- Send Initial Text checkbox — Indicates if the value in the Initial Auto Response Text is - automatically sent to the RADIUS proxy without user action -- Initial Auto Response Text — This value is sent to the RADIUS server automatically if the Send - Initial Text option is enabled. For example, this might be “push” to immediately have the user’s - phone app prompt for authorization. -- Prefix for Response Text — Displays the value that is added to the beginning of the responses. The - value will vary according to server. -- Format for Username (Allows Custom Entries) — Displays the Username value that is sent to the - RADIUS server (default: SAMAccountname@NetBiosDomain). This format will be used by the - authenticator at log in. If configured to use "Email" or "UPN" (optional attributes) the - authenticator will use that format at log in, but send the default value to the RADIUS server. - -## OpenID Connect Connector Type - -The following fields apply to the OpenID Connect Connector Type: - -- Configuration Wizard button — Opens the Configuration Wizard for the selected type of connector. - See the [OpenID Connect Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/openidconnectconfiguration.md) topic for - additional information. -- Show / Hide Data link — Click the link to view or hide additional details -- Issuer — Displays the OpenID Connect provider issuer URI -- Client Id — Displays the OpenID Connect provider application Id for Privilege Secure -- Login Format — Indicates which Active Directory user ID property is used for the user login name: - sAMAccountName, User Principal Name, Email, or SID -- User Id Source — Displays the source from which the User Id data is extracted -- User Id Field — Displays the value from the extracted data to use for host-user lookup - -## SAML Connector Type - -The following fields apply to the SAML Connector Type: - -- Configuration Wizard button — Opens the Configuration Wizard for the selected type of connector. - See the [SAML Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/samlconfiguration.md) topic for additional - information. -- Show / Hide Data link — Click the link to view or hide additional details -- Login URI — Displays the SAML provider issuer URI -- Name ID Policy — Displays the name of the ID Policy -- Login Format — Indicates which Active Directory user ID property is used for the user login name: - sAMAccountName, User Principal Name, Email, or SID -- User Claim — Displays the name of the user attribute to use -- Check Certificate checkbox — Select to check if a safe certificate is needed -- Certificate — Provide your certificate file -- Logout URI — Displays the simple logout address (not a SAML SLO endpoint), which takes a parameter - for the post logout redirection - -## Set Authentication as Default Login - -Once a third-party authentication connector is configured, it can be set as the default form of -authentication, or it can be set as the exclusive form of authentication. Hover over the -authentication connector to display the configuration options. - -![Authentication Connector Options](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationoptions.webp) - -There are two options that can be configured for the authentication connector, Set as Default and -Set as Exclusive. - -| Description | Option | Login Screen | -| ----------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Set as Default — Sets the authentication connector as the default login option and includes the option to login with Active Directory credentials | ![Set authentication connector as Default](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetdefault.webp) | ![Set authentication connector as Default Login Screen](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetdefaultlogin.webp) | -| Set as Exclusive — Sets the authentication connector as the only option to login and the option to login with Active Directory credentials is removed | ![Set authentication connector as Exclusive](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetexclusive.webp) | ![Set authentication connector as Exclusive Login Screen](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetexclusivelogin.webp) | - -Once the authentication connector is set to Default or Exclusive, the login will be updated to -reflect the configuration selected. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/database.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/database.md deleted file mode 100644 index e084cc9897..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/database.md +++ /dev/null @@ -1,29 +0,0 @@ -# Database Page - -The Database page is accessible from the Navigation pane under Configuration > System Settings. It -shows all database settings for either PostgreSQL or SQL server, depending on what was initially -configured during installation. - -## PostgreSQL Database Settings - -![Configuration system settings Database Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/databasepage.webp) - -The Database Settings page displays the following settings for PostgreSQL: - -- Host — The resource the database is using -- Port — Port number of the server proxy -- Database — The database the resource is using -- Service Status — Displays the current status of the database service -- Name — Identifier for the database setting -- Value — Value of the setting - -## SQL Server Database Settings - -![SQL Server Database Settings Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/sqldatabasepage.webp) - -The Database Settings page displays the following settings for SQL Server: - -- Host — The resource the database is using -- Port — Port number of the server proxy -- Database — The database the resource is using -- Service Status — Displays the current status of the database service diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettings.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettings.md deleted file mode 100644 index ca9c2ecada..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettings.md +++ /dev/null @@ -1,25 +0,0 @@ -# Global Settings Page - -The Global Settings page is accessible from the Navigation pane under **Configuration** > **System -Settings**. It shows all global RDP session settings. - -![globalsettingspage](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettingspage.webp) - -The right of the page shows details of the RDP file settings and has the following features: - -- Edit — Click any field to edit the selected settings -- Name — Name of the selected settings -- Allowed Resolutions — Check the boxes to enable those resolutions for the RDP session -- Default Resolution — The resolution the RDP session will use when first connected -- Certificate Thumbprint — The hexadecimal certificate (or thumbprint) value. See the - [Sign RDP Files to Prevent Publisher Warning](/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md#sign-rdpfiles-to-prevent-publisher-warning) - topic for additional information. -- WinRM HTTP Setting– This setting governs the HTTP encryption settings that will be used for WinRM - connections. The following options are available: - - Use HTTP - - Use HTTPS if available - - Use HTTPS only -- UI Idle Timeout Options — Users with the Administrator role can configure the idle timeout for the - Privilege Secure Console. The default idle timeout is 10 minutes. -- Save button (only visible when editing) — Saves changes -- Cancel button (only visible when editing) — Discards changes diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtasks.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtasks.md deleted file mode 100644 index 37133629da..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtasks.md +++ /dev/null @@ -1,20 +0,0 @@ -# Scheduled Tasks Page - -On the Scheduled Tasks page, view scheduled tasks run by the console. - -![Scheduled Tasks Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtaskspage.webp) - -The Scheduled Tasks page has the following features: - -- Search — Searches the Task Name column to match the search string. When matches are found, the - table is filtered to the matching results. -- Column headers can be sorted by ascending or descending order: - - - Task Name — Name of the scheduled task - - Last Run Time — Last run timestamp - - Next Run Time — Indicates the next time the task is scheduled to run - - Recurrence — Scheduled recurrence - - Last Status — Status of scheduled task - -- View Logs button — Click to view logs for the selected task -- Refresh – Reload the information displayed diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md deleted file mode 100644 index 759a986912..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md +++ /dev/null @@ -1,75 +0,0 @@ -# Service Accounts Page - -The Service Accounts page is accessible from the Navigation pane under Configuration. It shows the -configured service accounts required by Privilege Secure services. - -![serviceaccountpage](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccountpage.webp) - -The pane on the left side of the page displays a list of the configured service accounts. This pane -has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Green + button — Create a new service account. See the - [Add Service Account](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/serviceaccount.md) topic for additional information. -- Trashcan icon — Deletes the service account. Icon appears when activity is hovered over. A - confirmation window will display. - -The selected service account details display at the top of the main pane: - -- Name — Displays the name of the account -- Description — Description of the policy -- Platform — Displays the type of platform, which defines the resource -- Domain — Displays the domain name for the account. This field does not apply to Microsoft Entra - ID platforms. -- Address — Displays the CyberArk address. This field only applies to CyberArk vault connectors. -- Username — Displays the name of the credential. This field does not apply to Microsoft Entra - ID platforms. -- App ID — Displays the globally unique identifier for the targeted app registered in the Active - Directory tenant. This field only applies to Microsoft Entra ID platforms. See the - [Microsoft Entra ID App Registration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/entraidappregistration.md) for - additional information. -- Elevation Command — Displays the elevation mechanism for the host, such as: sudo, pbrun, pmrun, - dzdo, etc.. This field only applies to Linux platforms. -- Vault Connector — Displays the name of the assigned vault connector. See the - [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationbyov.md) topic for additional - information. -- Authentication: - - - Enable Password — Temporarily elevates the Service Account to `Privileged EXEC` mode, allowing - the account to manage the users and privileges required by Privilege Secure workflows on Cisco - resources. The Enable Password can be used with any existing user account on the Cisco device - (privilege level 1 - 15). This field only applies to Cisco platforms. - - Authentication Method — Displays the method by which a service account is authenticated. This - field only applies to Linux platforms. - - - Password — Use a password to use for authentication - - SSH Certificate — Use an SSH certificate to use for authentication - - SSH Certificate and Password — Use both a password and an SSH certificate to use for - authentication - - - Password — Contains the service account password. The Eye icon can be used to view the - password. This field does not apply to Microsoft Entra ID platforms. - - Private Key — Displays a private key to use in conjunction with a passphrase. This field only - applies to Linux platforms with SSH Certificate or SSH Certificate and Password authentication - methods are selected. - - SSH Passphrase — Displays an SSH passphrase to use for authentication. This field only applies - to Linux platforms with SSH Certificate or SSH Certificate and Password authentication methods - are selected. - - App Secret — Displays the security token for the targeted app registered in the tenant. This - field only applies to Microsoft Entra ID platforms. See the - [Microsoft Entra ID App Registration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/entraidappregistration.md) for - additional information. - - Safe — Displays the CyberArk safe where the login account is stored. This field only applies - to CyberArk vault connectors. - - Folder — Displays the CyberArk folder where the login account is stored. This field only - applies to CyberArk vault connectors. - - Library — Displays the library where the login account is stored. This field only applies to - HashiCorp vault connectors. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -Th "Service Account is Managed by Privilege Secure when the account has been configured to be -managed by the application. See the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md) topic for -additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/services.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/services.md deleted file mode 100644 index a276c666e3..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/services.md +++ /dev/null @@ -1,26 +0,0 @@ -# Services Page - -The Services page is accessible from the Navigation pane under Configuration > System Settings. -Configure and register services on the Web Service host. - -After a website certificate is installed in IIS, it is necessary to update the Netwrix Privilege -Secure web services to ensure they are calling the correct URL. If the Web Services are set to the -wrong address, the services will show offline in the Services Node area. - -![Service Settings page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/servicessettingspage.webp) - -**NOTE:** Make sure that the web certificate is updated in IIS prior to setting a new value in -Netwrix Privilege Secure. It is important to ensure the Binding Hostname in IIS, the certificate -Subject, and the NPS Rest URL value in the Services page exactly match. - -**NOTE:** - -The Services Settings page has the following features: - -- NPS Rest URL — The full qualified domain name (FQDN) of the new IIS web certificate -- Ignore HTTPS Certificate Errors — When checked, the console will ignore any HTTPS certificate - errors (not recommended for production environments) -- Register Services — Applies the new URL value to the Netwrix Privilege Secure web services and - re-registers them -- Save button (only visible when editing) — Saves changes -- Cancel button (only visible when editing) — Discards changes diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md deleted file mode 100644 index 7c7199c993..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md +++ /dev/null @@ -1,51 +0,0 @@ -# Scheduler Service - -On the Scheduler Service page, view information for scheduled services. - -![Scheduler service Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/page.webp) - -The Scheduler Service page shows details of the selected service and has the following features: - -- Statistics Tab -- Action Queues Tab - -## Statistics Tab - -The Statistics tab shows an overview of the actions for the past 24 hours. - -![statisticstab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/statisticstab.webp) - -The Statistics tab shows the total number of actions for each of the following statuses: - -- Unknown -- Pending -- Queued -- Running -- Complete -- Failed -- Canceled -- Completed With Errors -- Completed Not Run - -## Action Queues Tab - -The Action Queues tab shows all scheduled services. - -![actionqueuestab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/actionqueuestab.webp) - -The Action Queues table has the following features: - -- Search – Searches the columns to match the search string. When matches are found, the table is - filtered to the matching results. -- Refresh button – Reload the information displayed -- Column headers can be sorted by ascending or descending order: - - - Start Time – Indications when the action started - - End Time – Indications when the action completed - - Job Name – Name of the scheduled action - - AQ Status – Status of the service - - AQ Status Description – Describes the status type - - Activity Status – Shows status information for the action: - - - Complete – Action completed successfully - - Failed – Action failed diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/_category_.json new file mode 100644 index 0000000000..165a877747 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dashboard Interface", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.md deleted file mode 100644 index 38e6222cac..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.md +++ /dev/null @@ -1,87 +0,0 @@ -# Active Dashboard - -The Active sessions dashboard shows all currently active sessions. Create an Activity Session to -grant temporary privileges and gain access to the resources defined by a previously created Access -Policy. See the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for additional -information. - -![Active Dashboard page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.webp) - -The dashboard has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: - - - All Active tab — Shows all sessions for all users - - Mine tab — Shows sessions for the logged in user - - Recording data — Filter by keystroke data and, when enabled, RDP Windows event activity. See - the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md) - topic for additional information. - -- Create Session — Open the Activity Request window. See the - [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md) topic for additional - information. -- End Session — Cancel the selected session(s) -- View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. -- Lock Activity — Opens the Lock Session window to prevent the user from interacting with the host - but keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional - information. -- Unlock Activity — Unlocks a session to allow the user to interact with the host -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Expand icon — Click the expand () icon to show additional information for the session: - - - The live session viewer allows an admin to watch a remote session that is in progress for - another user. See the [Live Session Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/liveviewer.md) topic for additional - information. - - If the user has logged into the remote session more than once, multiple session recordings - will display. If a recording of the session is available, the replay viewer allows an admin to - watch a replay of the remote session. See the [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md) - topic for additional information. - -- Status — Shows status information for the session: - - - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to - the login account - - Waiting for Approval — The session requires approval to begin. See the Approvals Dashboard - topic for additional information. - - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the Start Activity Session topic for additional information. - - Failed — Pre-Session stage of the Activity has encountered an error - - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. - Direct log-in is detected by polling the Resource at regular intervals and may not update - immediately. - - Canceling — The session is either expired or was canceled manually by the user or an Privilege - Secure administrator. - - Locked — The session has been locked by an Privilege Secure administrator. See the - [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. - -- Requested — Date and time of when the session was created -- Requested By — User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic - for additional information. -- Host — Resource that the user will run the activity on. Click the link to view additional - details.The details vary based on the type of resource. See the following topics for additional - information: - - - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md) - - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) - - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md) - - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md) - - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md) - - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md) - -- Login Account — Displays the account used to log onto the resource -- Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. -- Start — Indicates when the activity started. This refers to when the activity’s actions were - executed and not when the user was logged on to the resource. -- End — Indicates when the session is scheduled to end the activity, which is determined by the - start time plus the maximum session duration set by the access policy Connection Profile - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/_category_.json new file mode 100644 index 0000000000..6268b523eb --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Dashboard", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "active" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/active.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/active.md new file mode 100644 index 0000000000..26fd505421 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/active.md @@ -0,0 +1,93 @@ +--- +title: "Active Dashboard" +description: "Active Dashboard" +sidebar_position: 10 +--- + +# Active Dashboard + +The Active sessions dashboard shows all currently active sessions. Create an Activity Session to +grant temporary privileges and gain access to the resources defined by a previously created Access +Policy. See the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional +information. + +![Active Dashboard page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.webp) + +The dashboard has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: + + - All Active tab — Shows all sessions for all users + - Mine tab — Shows sessions for the logged in user + - Recording data — Filter by keystroke data and, when enabled, RDP Windows event activity. See + the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md) + topic for additional information. + +- Create Session — Open the Activity Request window. See the + [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md) topic for additional + information. +- End Session — Cancel the selected session(s) +- View Logs — Opens the Session Logs window to view the action log for the selected session. See the + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. +- Lock Activity — Opens the Lock Session window to prevent the user from interacting with the host + but keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional + information. +- Unlock Activity — Unlocks a session to allow the user to interact with the host +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Expand icon — Click the expand () icon to show additional information for the session: + + - The live session viewer allows an admin to watch a remote session that is in progress for + another user. See the [Live Session Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/liveviewer.md) topic for additional + information. + - If the user has logged into the remote session more than once, multiple session recordings + will display. If a recording of the session is available, the replay viewer allows an admin to + watch a replay of the remote session. See the [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md) + topic for additional information. + +- Status — Shows status information for the session: + + - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to + the login account + - Waiting for Approval — The session requires approval to begin. See the Approvals Dashboard + topic for additional information. + - Available — The activity session is ready. Click the icon to begin the session, or log in + through a client. See the Start Activity Session topic for additional information. + - Failed — Pre-Session stage of the Activity has encountered an error + - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. + Direct log-in is detected by polling the Resource at regular intervals and may not update + immediately. + - Canceling — The session is either expired or was canceled manually by the user or an Privilege + Secure administrator. + - Locked — The session has been locked by an Privilege Secure administrator. See the + [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. + +- Requested — Date and time of when the session was created +- Requested By — User who requested the session. Click the link to view additional details. See the + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic + for additional information. +- Host — Resource that the user will run the activity on. Click the link to view additional + details.The details vary based on the type of resource. See the following topics for additional + information: + + - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md) + - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) + - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md) + - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md) + - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md) + - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md) + +- Login Account — Displays the account used to log onto the resource +- Activity — Displays the name of the activity. Click the link to view additional details. See the + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. +- Start — Indicates when the activity started. This refers to when the activity’s actions were + executed and not when the user was logged on to the resource. +- End — Indicates when the session is scheduled to end the activity, which is determined by the + start time plus the maximum session duration set by the access policy Connection Profile + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/createsession.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/createsession.md new file mode 100644 index 0000000000..c7f1936096 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/createsession.md @@ -0,0 +1,62 @@ +--- +title: "Create Activity Session" +description: "Create Activity Session" +sidebar_position: 10 +--- + +# Create Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Navigate to the Dashboard > Active page. + +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: + +- Select Activity – Search for and select an activity from the drop-down list + +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: + +- Select the resource(s) from the table +- (Optional) Click View Selections to view all selected resources + +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: + +- Notes for this session +- Ticket number for this session + +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: + +- Select Now or enter a desired date and time to begin the session + +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. + +**Step 12 –** Click Finish to create the session. + +The new session is created and is shown in the applicable dashboard in the Dashboard interface. If +approval is required, the status Waiting for Approval is shown. The requester cannot log in to the +session until the request is approved and the status changes to Available. + +When the status Available is shown, the remote session is ready. Click the Connection icon to begin +the session, or log in through a client. + +See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/startsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/liveviewer.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/liveviewer.md similarity index 89% rename from docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/liveviewer.md rename to docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/liveviewer.md index 3ac9f12335..89fbcc4684 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/liveviewer.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/liveviewer.md @@ -1,3 +1,9 @@ +--- +title: "Live Session Viewer Window" +description: "Live Session Viewer Window" +sidebar_position: 30 +--- + # Live Session Viewer Window The Live Session Viewer window allows a user with the Administrator role to watch a live activity @@ -5,13 +11,13 @@ session. Activity sessions are monitored when the Record Proxy Sessions checkbox connection profile assigned to the access policy. All SSH and RDP keystrokes and local commands are recorded using a granular metadata search that works across both live and recorded sessions. -Click the expand icon for an active session on the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.md). +Click the expand icon for an active session on the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/active.md). ![Active Session expanded](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/activesessionexpand.webp) If the user has logged into the activity session more than once, multiple session recordings will display. Only the current session can be viewed live. See the -[Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md) topic for additional information on recorded sessions. +[Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md) topic for additional information on recorded sessions. There are two types of Live Session Viewer windows: @@ -31,10 +37,10 @@ The Live Session Viewer for RDP Sessions window has the following features: Action options - Terminate Session icon – Click the icon to disconnect the user and end the session. A confirmation - window will appear. See the [Terminate Proxy Session Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/terminateproxysession.md) topic for + window will appear. See the [Terminate Proxy Session Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/terminateproxysession.md) topic for additional information. - Lock icon – Opens the Lock Session window to prevent the user from interacting with the host but - keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. Session Details @@ -55,7 +61,7 @@ Activity Details **NOTE:** If RDP Session Monitoring is enabled, then it will also include Windows metadata activity in the time line. This monitoring requires the Netwrix Privilege Secure Remote Desktop Monitor service to be installed on the target host. See the - [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md) + [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md) topic for additional information. ## Live Session Viewer for SSH Sessions @@ -69,10 +75,10 @@ The Live Session Viewer for SSH Sessions window has the following features: Action options - Terminate Session icon – Click the icon to disconnect the user and end the session. A confirmation - window will appear. See the [Terminate Proxy Session Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/terminateproxysession.md) topic for + window will appear. See the [Terminate Proxy Session Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/terminateproxysession.md) topic for additional information. - Lock icon – Opens the Lock Session window to prevent the user from interacting with the host but - keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. Session Details @@ -108,10 +114,10 @@ The Live Session Viewer for Recording Sessions window has the following features Action options - Terminate Session icon – Click the icon to disconnect the user and end the session. A confirmation - window will appear. See the [Terminate Proxy Session Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/terminateproxysession.md) topic for + window will appear. See the [Terminate Proxy Session Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/terminateproxysession.md) topic for additional information. - Lock icon – Opens the Lock Session window to prevent the user from interacting with the host but - keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + keeps the session active. See the [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. Recording Details diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md rename to docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md index 157451240b..fdcc362157 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md @@ -1,8 +1,14 @@ +--- +title: "Lock Session" +description: "Lock Session" +sidebar_position: 50 +--- + # Lock Session It is possible to lock out the user in the event that suspicious or unauthorized activity is -observed, either from the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.md), or the -[Live Session Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/liveviewer.md). +observed, either from the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/active.md), or the +[Live Session Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/liveviewer.md). Follow the steps to lock a session. @@ -39,5 +45,5 @@ or SSH clients. To unlock an active session, either: - From the Live Session Viewer, click the **Unlock** icon. To unlock an account, see the -[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic +[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/startsession.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/startsession.md new file mode 100644 index 0000000000..4bff0c5532 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/startsession.md @@ -0,0 +1,76 @@ +--- +title: "Start Activity Session" +description: "Start Activity Session" +sidebar_position: 20 +--- + +# Start Activity Session + +On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. +To begin the activity session, click the Connection icon in the Status column for the applicable +session to be automatically connected to the resource. + +![Connecto to remote session](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/startsession.webp) + +Also note the icons to view and copy the password for the session as plain text, if the option is +enabled in the access policy Connection Profiles. + +- Copy to Clipboard icon — Click to copy the password for the session as plain text. For + resource–based activities for end users, this is only available if enabled in the activity's + Access Policy. The password can always be viewed for credential–based activities. +- View Password icon — Click to view the password for the session as plain text. For resource–based + activities for end users, this is only available if enabled in the activity's Access Policy. The + password can always be viewed for credential–based activities. To view a password, select the Eye + icon. Users will have 20 seconds to view the password or copy it. +- Connection icon — Click the icon to begin the activity session. + +Alternatively, configure any RDP / SSH Manager for remote login, including: + +- PuTTY +- MobaXterm +- MS Remote Desktop Connection Manager +- MS Terminal Services Client (Remote Desktop) + +## Session Extension + +Each session will remain active for a pre-configured amount of time based on the Connection Profile +being used with the Access Policy. Session extension options can be configured in the connection +profile that allow a session to be extended by the user, in increments. + +If Session Extension is enabled, the session extension option appears for users when the remaining +time is 5 minutes or less. + +**NOTE:** For NPS users with the Administrator role, session extension is always enabled. + +![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) + +For RDP, a pop-up message is displayed in the session window. + +![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) + +For SSH the user can extend by typing **Ctrl+X** when prompted. + +## SSH for Legacy Cisco Device + +If the Cisco device is running with insecure ciphers when the user attempts to connect to an +SSH session, the following error message is displayed: + +ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: +[curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 +diffie-hellman-group14-sha1], server offered: [diffie-hellman-group1-sha1] + +Ideally the Cisco device should be upgraded to support secure ciphers. If this is not possible, it +is necessary to add additional ciphers to machines with older (insecure) ciphers that need to be +managed with SSH. You can “opt-in” by configuring the cipher suites used by the Proxy Service. + +See the [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md) topic for additional information. + +## DirectConnect Inline Password Prompt + +RDP DirectConnect now supports the prompting of users for password, removing the old requirement to +modify group/local policy to force RDP password prompts. + +![Direct Connect password prompt](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/directconnect.webp) + +If a password is entered outside of the RDP session, this will be automatically be used and the +inline password prompt will not display, unless there is an authentication error. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/terminateproxysession.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/terminateproxysession.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/terminateproxysession.md rename to docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/terminateproxysession.md index 8b177a7412..5291916fa0 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/terminateproxysession.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/terminateproxysession.md @@ -1,3 +1,9 @@ +--- +title: "Terminate Proxy Session Window" +description: "Terminate Proxy Session Window" +sidebar_position: 40 +--- + # Terminate Proxy Session Window When viewing a session with the live session viewer, it is possible to disconnect the session in the @@ -18,7 +24,7 @@ Follow the steps to a lock the session. **Step 4 –** To prevent the user from creating a new session, navigate to the **Users & Groups Details** page for that user and click **Lock Account**. See the -[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic +[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. The session is terminated. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/approvals.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/approvals.md index 12acf8fc3c..c90c9531b9 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/approvals.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/approvals.md @@ -1,9 +1,15 @@ +--- +title: "Approvals Dashboard" +description: "Approvals Dashboard" +sidebar_position: 30 +--- + # Approvals Dashboard The Approvals Dashboard displays requested sessions that require approval. Users and group members designated as approvers will see the pending sessions queued here. The session must be approved before the requestor can log in to the session. See the -[Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) topic for additional information on +[Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) topic for additional information on Approval Workflows. ![Dashboard Approvals Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/approvals.webp) @@ -30,7 +36,7 @@ The table has the following columns: - Host — Resource that the user will run the activity on - Login Account — Displays the account used to log onto the resource - Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Start — Indicates when the activity starts. This refers to when the activity’s actions will be executed and not when the user logs on to the resource. - End — Indicates when the session is scheduled to end the activity, which is determined by the diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/createsession.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/createsession.md deleted file mode 100644 index db12a73c4b..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/createsession.md +++ /dev/null @@ -1,56 +0,0 @@ -# Create Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Navigate to the Dashboard > Active page. - -**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. - -![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) - -**Step 3 –** On the Request Type page, enter the following information: - -- Select Activity – Search for and select an activity from the drop-down list - -**Step 4 –** Click Next to go to the Resource Selection page. - -![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) - -**Step 5 –** On the Resource Selection page, enter the following information: - -- Select the resource(s) from the table -- (Optional) Click View Selections to view all selected resources - -**Step 6 –** Click **Next** to go to the Notes page. - -![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) - -**Step 7 –** On the Notes page, enter the following information: - -- Notes for this session -- Ticket number for this session - -**Step 8 –** Click Next to go to the Scheduling page. - -![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) - -**Step 9 –** On the Scheduling page, enter the following information: - -- Select Now or enter a desired date and time to begin the session - -**Step 10 –** Click Next to go to the Review page. - -![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) - -**Step 11 –** On the Review page, review the summary of the new session. - -**Step 12 –** Click Finish to create the session. - -The new session is created and is shown in the applicable dashboard in the Dashboard interface. If -approval is required, the status Waiting for Approval is shown. The requester cannot log in to the -session until the request is approved and the status changes to Available. - -When the status Available is shown, the remote session is ready. Click the Connection icon to begin -the session, or log in through a client. - -See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/startsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md index 42c4a758a4..9b92c05493 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md @@ -1,10 +1,16 @@ +--- +title: "Credentials Dashboard" +description: "Credentials Dashboard" +sidebar_position: 70 +--- + # Credentials Dashboard The Credentials dashboard shows all accounts discovered within your environment. It is specifically focused on managing service account password rotation. A managed account is any host local account, domain account, or Privilege Secure application local account that has its credentials managed by the application. This includes managed user accounts created by activity sessions. The Credentials -dashboard displays the same information as the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md). +dashboard displays the same information as the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md). ![Credentials Dashboard Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.webp) @@ -25,20 +31,20 @@ The dashboard has the following features: - Manage — Set the selected account to be managed by Privilege Secure. This button is only available when the account Managed Type is Standard or Internal. For an Internal account, a pop up window will display. See the - [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) + [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) section for additional information. - Unmanage — Remove the account from being managed by Privilege Secure - Rotate Service Account — Opens the Account Dependencies window. This button is only available when the Managed Type is Service. See the - [Account Dependencies Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/accountdependencies.md) topic for + [Account Dependencies Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/accountdependencies.md) topic for additional information. - Schedule Rotation — Add the credential rotation task to the queue. This button is only available when the Method is Automatic managed. See the - [Scheduled Tasks Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtasks.md) topic for additional information. + [Scheduled Tasks Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/scheduledtasks.md) topic for additional information. - Verify — Checks that the credentials for the selected account match the credentials set by Privilege Secure - View History — Opens the Password History window to displays the password history for the account. - See the [Password History Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/passwordhistory.md) topic for + See the [Password History Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/passwordhistory.md) topic for additional information. - Refresh — Reload the information displayed @@ -49,12 +55,12 @@ The table has the following columns: - Set Password icon — Opens the Set Password for Credential window to set a new password for the selected account.See the - [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) + [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) topic for more information. - Clipboard icon — Copies the password for the selected account - Information icon — Opens the View Password window to view the password and copy it to the clipboard. The window stays open for 20 seconds. See the - [View Password Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/viewpassword.md) topic for additional + [View Password Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/viewpassword.md) topic for additional information. - Resource — Name of the resource that the account is on. Click the link to view additional details. @@ -63,23 +69,23 @@ The table has the following columns: - Method — Indicates how the account is managed: - Automatic — Credential rotation is managed by Privilege Secure according to the change policy - for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic + for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information. - Manual — Credential rotation must be initiated manually with the Rotate Service Account button, or the credential must be manually updated on both the resource and in Privilege - Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) section for + Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) section for information on updating credentials for Internal service accounts. - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been stored - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/policy/credentialrotationmethod.md) topic for additional + **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialrotationmethod.md) topic for additional information. - Managed Type — Type of managed account: - Standard — Local or domain user account, including managed users created by activity sessions - Internal — Internal service account used by Privilege Secure with no dependencies. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Service — Local or domain service account with one or more dependencies. Includes Internal service accounts with one or more dependencies. @@ -89,7 +95,7 @@ The table has the following columns: - Age — Number of days since the last credential rotation or from when the password was first created - Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a verification schedule. - Unspecified — Verification check has not run diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical.md deleted file mode 100644 index 8e9733a44e..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical.md +++ /dev/null @@ -1,90 +0,0 @@ -# Historical Dashboard - -The Historical sessions dashboard shows all created sessions and their status. Only users with the -Administrator role can view recordings of historical sessions. - -![historical](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical.webp) - -The dashboard has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. See the Searches topic for additional - information. -- Filter — Provides options to filter results based on a chosen criterion: - - - All Historical tab — Shows all sessions for all users - - Mine tab — Shows sessions for the logged in user - - Resource Name – Filter by Host value - - User Name — Filter by Session User - - User Type — Filter by type of user: All, User, Application, or Local User - - Recording data — Filter by keystroke data and, when enabled, RDP Windows event activity. See - the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md) - topic for additional information. - - Requested date — Filter by session start and/or end dates - -- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's - default download folder. The file name indicates what table was exported. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Actions — Contains icons for available actions: - - - Expand icon — Click the expand () icon to show additional information for the session: - - - If a recording of the session is available, the replay viewer allows an admin to watch a - replay of the remote session. See the [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md) topic - for additional information. - - - Rocket icon — Launches the same session (same activity on the same resource with the same - connection profile) for any historical session that is not a Credential-based session - - View logs icon — Opens the Session Logs window to view the action log for the selected - session. See the [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional - information. - -- Requested — Date and time of when the session was created -- Status — Shows status information for the session: - - - Canceled — Activity was manually canceled before its scheduled end time by an Privilege Secure - administrator - - Failed — Pre-Session stage of the Activity has encountered an error - - Completed — Activity either reached the end of its scheduled end time or was canceled early by - the requestor - -- Session User— User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic - for additional information. -- Host — Resource that the user will run the activity on. Click the link to view additional details. - The details vary based on the type of resource. See the following topics for additional - information: - - - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md) - - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) - - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md) - - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md) - - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md) - - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md) - -- Login Account — Displays the account used to log onto the resource -- Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. -- Start — Indicates when the activity started. This refers to when the activity’s actions were - executed and not when the user was logged on to the resource. -- Duration — Indicates how long the Activity ran for until it either reached its scheduled end time - or was manually canceled by the user or an Privilege Secure administrator -- Notes — Any notes that were entered when the session was created -- Ticket Number — Any ticket numbers that were entered when the session was created - -The table columns can be resized and sorted in ascending or descending order. - -## Searches - -Searches can be performed across both live and previously recorded sessions. Sessions can be -filtered by resource name, requesting user, user type (standard, application, or local), recording -metadata (keystrokes, screen output and executed commands in Windows session), and date range. -Within the filtered list, any column metadata can be searched including login account (account used -to log onto target), Activity name, user session notes and ticket number. All search and filtering -supports partial string matching. - -When metadata is searched and a recorded session is opened, we jump to the point of the recording -where the metadata first appears. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/_category_.json new file mode 100644 index 0000000000..6b7a75896b --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Historical Dashboard", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "historical" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/historical.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/historical.md new file mode 100644 index 0000000000..fee8ff4ac8 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/historical.md @@ -0,0 +1,96 @@ +--- +title: "Historical Dashboard" +description: "Historical Dashboard" +sidebar_position: 40 +--- + +# Historical Dashboard + +The Historical sessions dashboard shows all created sessions and their status. Only users with the +Administrator role can view recordings of historical sessions. + +![historical](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical.webp) + +The dashboard has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. See the Searches topic for additional + information. +- Filter — Provides options to filter results based on a chosen criterion: + + - All Historical tab — Shows all sessions for all users + - Mine tab — Shows sessions for the logged in user + - Resource Name – Filter by Host value + - User Name — Filter by Session User + - User Type — Filter by type of user: All, User, Application, or Local User + - Recording data — Filter by keystroke data and, when enabled, RDP Windows event activity. See + the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md) + topic for additional information. + - Requested date — Filter by session start and/or end dates + +- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's + default download folder. The file name indicates what table was exported. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Actions — Contains icons for available actions: + + - Expand icon — Click the expand () icon to show additional information for the session: + + - If a recording of the session is available, the replay viewer allows an admin to watch a + replay of the remote session. See the [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md) topic + for additional information. + + - Rocket icon — Launches the same session (same activity on the same resource with the same + connection profile) for any historical session that is not a Credential-based session + - View logs icon — Opens the Session Logs window to view the action log for the selected + session. See the [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional + information. + +- Requested — Date and time of when the session was created +- Status — Shows status information for the session: + + - Canceled — Activity was manually canceled before its scheduled end time by an Privilege Secure + administrator + - Failed — Pre-Session stage of the Activity has encountered an error + - Completed — Activity either reached the end of its scheduled end time or was canceled early by + the requestor + +- Session User— User who requested the session. Click the link to view additional details. See the + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic + for additional information. +- Host — Resource that the user will run the activity on. Click the link to view additional details. + The details vary based on the type of resource. See the following topics for additional + information: + + - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md) + - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) + - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md) + - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md) + - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md) + - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md) + +- Login Account — Displays the account used to log onto the resource +- Activity — Displays the name of the activity. Click the link to view additional details. See the + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. +- Start — Indicates when the activity started. This refers to when the activity’s actions were + executed and not when the user was logged on to the resource. +- Duration — Indicates how long the Activity ran for until it either reached its scheduled end time + or was manually canceled by the user or an Privilege Secure administrator +- Notes — Any notes that were entered when the session was created +- Ticket Number — Any ticket numbers that were entered when the session was created + +The table columns can be resized and sorted in ascending or descending order. + +## Searches + +Searches can be performed across both live and previously recorded sessions. Sessions can be +filtered by resource name, requesting user, user type (standard, application, or local), recording +metadata (keystrokes, screen output and executed commands in Windows session), and date range. +Within the filtered list, any column metadata can be searched including login account (account used +to log onto target), Activity name, user session notes and ticket number. All search and filtering +supports partial string matching. + +When metadata is searched and a recorded session is opened, we jump to the point of the recording +where the metadata first appears. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md similarity index 96% rename from docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md rename to docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md index 36a4355040..12cc2bbd95 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md @@ -1,3 +1,9 @@ +--- +title: "Replay Viewer Window" +description: "Replay Viewer Window" +sidebar_position: 10 +--- + # Replay Viewer Window The Replay Viewer window allows a user with the Administrator role to watch a recorded activity @@ -6,7 +12,7 @@ connection profile assigned to the access policy. All SSH and RDP keystrokes and recorded using a granular metadata search that works across both live and recorded sessions. When recordings are available for a historical session, the expand icon is enabled on the -[Historical Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical.md). +[Historical Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/historical.md). ![Historical dashboard showing available recordings](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/recordingavailable.webp) @@ -53,7 +59,7 @@ Activity Details: **NOTE:** If RDP Session Monitoring is enabled, then it will also include Windows metadata activity in the time line. This monitoring requires the Netwrix Privilege Secure Remote Desktop Monitor service to be installed on the target host. See the - [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md) + [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md) topic for additional information. ## Replay Viewer for SSH Sessions diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md new file mode 100644 index 0000000000..40a240dfa6 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md @@ -0,0 +1,41 @@ +--- +title: "Session Logs Window" +description: "Session Logs Window" +sidebar_position: 20 +--- + +# Session Logs Window + +The Session Logs window displays the log details for the selected session. Select a session from the +Active dashboard and click the View Logs button to open the Session Logs window. + +![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) + +The window has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: + + - Log Level — Filter by the message Status level: Debug, Info, Warn, or Error + - Requested date — Filter by session start and/or end dates + +- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's + default download folder. The file name indicates what table was exported. +- Action Service Version — Indicates the version of the Privilege Secure action service that ran the + activity +- Refresh — Reload the information displayed +- Okay — Click to close the window, which can also be closed with the X in the upper-right corner + +The table has the following columns: + +- Line — Indicates the order of the messages within the log +- DateTime — Date timestamp for when the message was recorded +- Status — Provides two details: + + - Icon — Indicates whether the action associated with the message was successful + - Log Level — Indicates message log level: Debug, Info, Warn, or Error + +- Message — Displays the logged details of the message + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md index 0f5d467073..6efd4e7521 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md @@ -1,3 +1,9 @@ +--- +title: "Dashboard Interface" +description: "Dashboard Interface" +sidebar_position: 40 +--- + # Dashboard Interface The Dashboard interface displays an overview of activity sessions, users, resources and related @@ -13,7 +19,7 @@ The overview section shows information for the following: additional information. - Approvals Dashboard – Shows sessions waiting for approval. See the Approvals Dashboard topic for additional information. -- Historical Dashboard – Shows previous sessions. See the [Historical Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical.md) +- Historical Dashboard – Shows previous sessions. See the [Historical Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/historical.md) topic for additional information. - Users Dashboard – Shows the users added to Privilege Secure. See the [Users Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/users.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md index ebcb767c49..b5886e16e1 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md @@ -1,9 +1,15 @@ +--- +title: "Resources Dashboard" +description: "Resources Dashboard" +sidebar_position: 60 +--- + # Resources Dashboard The Resources dashboard shows information for onboarded resources, such as active and scheduled sessions, policies, and service accounts for the host resources and domain resources that have been added to the console. The Resources dashboard displays the same information as the -[Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). +[Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). ![Resources Dashboard Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.webp) @@ -12,30 +18,30 @@ The Resources table has the following features: - Add — Opens a list of available resources to add. The Add list contains the following options: - New Server — Opens the Add Resources window to onboard new servers. See the - [Add Resources Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcesonboard.md) topic for additional + [Add Resources Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md) topic for additional information. - New Domain — Opens the Domain Details page for a new domain. See the - [Add New Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/domain.md) topic for additional information. + [Add New Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/domain.md) topic for additional information. - New Website — Opens the Website Details page for a new website. See the - [Add New Website](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/website.md) topic for additional information. + [Add New Website](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/website.md) topic for additional information. - New Microsoft Entra ID Tenant — Opens the Microsoft Entra ID Tenant Details page for a new - tenant. See the [Add New Microsoft Entra ID Tenant](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/entraidtenant.md) topic for + tenant. See the [Add New Microsoft Entra ID Tenant](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/entraidtenant.md) topic for additional information. - New Secret Vault — Opens the Secret Vault Details page for a new vault. See the - [Add Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/secretvault.md) topic for additional information. + [Add Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvault.md) topic for additional information. - New Database — Opens the Databse Details page for a new database. See the - [Add New Database](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/database.md)topic for additional information. + [Add New Database](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/database.md)topic for additional information. - Remove — Removes the selected resource from being managed by the application. A confirmation window will display. See the - [Remove Resource Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/removeresource.md) topic for additional + [Remove Resource Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/removeresource.md) topic for additional information. - Change Platform — Opens the Change Platform window to modify the type of platform for the selected - host resource. See the [Change Platform Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.md) + host resource. See the [Change Platform Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeplatform.md) topic for additional information. - Change Service Account — Opens the Change Service Account window to modify the service account associated with the selected host resource. See the - [Change Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeserviceaccount.md) topic for + [Change Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeserviceaccount.md) topic for additional information. - Scan Resource — Scans a host resource for local users, groups, windows services, and scheduled tasks. A confirmation window will display. @@ -55,12 +61,12 @@ The table has the following columns: - Resource — Displays the name of the resource. Click the link to view additional details. The details vary based on the type of resource. - - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md) - - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) - - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md) - - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md) - - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md) - - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md) + - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md) + - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) + - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md) + - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md) + - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md) + - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md) - Operating System — Displays the operating system of the resource - Active — Displays the number of active sessions on the resource @@ -70,12 +76,12 @@ The table has the following columns: - DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource - IP Address — Displays the IP address for the resource - Domain — Displays the domain name for the resource. Click the link to view additional details. See - the [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) topic for additional information. + the [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) topic for additional information. - Service Account — Displays the service account associated with the resource. Click the link to - view additional details. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) + view additional details. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Platform — Displays the type of platform, which defines the resource. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information. + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information. - Last Scanned — Date timestamp for the last time the resource was scanned The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/scheduled.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/scheduled.md index be3a8eeee7..a93b7aa59c 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/scheduled.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/scheduled.md @@ -1,3 +1,9 @@ +--- +title: "Scheduled Dashboard" +description: "Scheduled Dashboard" +sidebar_position: 20 +--- + # Scheduled Dashboard The Scheduled sessions dashboard shows all scheduled sessions. @@ -9,7 +15,7 @@ The Scheduled Sessions table has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Create Session — Open the Activity Request window. See the - [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md) topic for additional + [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md) topic for additional information. - End Session — Cancel the selected session(s) - Refresh — Reload the information displayed @@ -33,14 +39,14 @@ The table has the following columns: - Canceling — The session is either expired or was canceled manually by the user or an Privilege Secure administrator. - Locked — The session has been locked by an Privilege Secure administrator. See the - [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. - Requested — Date and time of when the session was created - Requested By — User who requested the session - Host — Resource that the user will run the activity on - Login Account — Displays the account used to log onto the resource - Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Start — Indicates when the activity starts. This refers to when the activity’s actions will be executed and not when the user logs on to the resource. - End — Indicates when the session is scheduled to end the activity, which is determined by the diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/startsession.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/startsession.md deleted file mode 100644 index 8b6a34d153..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/startsession.md +++ /dev/null @@ -1,70 +0,0 @@ -# Start Activity Session - -On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. -To begin the activity session, click the Connection icon in the Status column for the applicable -session to be automatically connected to the resource. - -![Connecto to remote session](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/startsession.webp) - -Also note the icons to view and copy the password for the session as plain text, if the option is -enabled in the access policy Connection Profiles. - -- Copy to Clipboard icon — Click to copy the password for the session as plain text. For - resource–based activities for end users, this is only available if enabled in the activity's - Access Policy. The password can always be viewed for credential–based activities. -- View Password icon — Click to view the password for the session as plain text. For resource–based - activities for end users, this is only available if enabled in the activity's Access Policy. The - password can always be viewed for credential–based activities. To view a password, select the Eye - icon. Users will have 20 seconds to view the password or copy it. -- Connection icon — Click the icon to begin the activity session. - -Alternatively, configure any RDP / SSH Manager for remote login, including: - -- PuTTY -- MobaXterm -- MS Remote Desktop Connection Manager -- MS Terminal Services Client (Remote Desktop) - -## Session Extension - -Each session will remain active for a pre-configured amount of time based on the Connection Profile -being used with the Access Policy. Session extension options can be configured in the connection -profile that allow a session to be extended by the user, in increments. - -If Session Extension is enabled, the session extension option appears for users when the remaining -time is 5 minutes or less. - -**NOTE:** For NPS users with the Administrator role, session extension is always enabled. - -![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) - -For RDP, a pop-up message is displayed in the session window. - -![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) - -For SSH the user can extend by typing **Ctrl+X** when prompted. - -## SSH for Legacy Cisco Device - -If the Cisco device is running with insecure ciphers when the user attempts to connect to an -SSH session, the following error message is displayed: - -ssh: handshake failed: ssh: no common algorithm for key exchange; client offered: -[curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 -diffie-hellman-group14-sha1], server offered: [diffie-hellman-group1-sha1] - -Ideally the Cisco device should be upgraded to support secure ciphers. If this is not possible, it -is necessary to add additional ciphers to machines with older (insecure) ciphers that need to be -managed with SSH. You can “opt-in” by configuring the cipher suites used by the Proxy Service. - -See the [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md) topic for additional information. - -## DirectConnect Inline Password Prompt - -RDP DirectConnect now supports the prompting of users for password, removing the old requirement to -modify group/local policy to force RDP password prompts. - -![Direct Connect password prompt](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/directconnect.webp) - -If a password is entered outside of the RDP session, this will be automatically be used and the -inline password prompt will not display, unless there is an authentication error. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/users.md index c655d075b4..0509323c6e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/users.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/users.md @@ -1,8 +1,14 @@ +--- +title: "Users Dashboard" +description: "Users Dashboard" +sidebar_position: 50 +--- + # Users Dashboard The Users dashboard shows session information for onboarded users and groups. Onboarded users and can log into the application to manage policies or run sessions. The Users dashboard displays the -same information as the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md). +same information as the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md). ![Users Dashboard Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/usersdashboard.webp) @@ -12,10 +18,10 @@ The Users table has the following features: table or list is filtered to the matching results. - Filter — Provides options to filter results based on a chosen criterion: User or Groups - Add User — Opens the Add Users and Groups window. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional information. - Add Application — Opens the Add Application page. See the - [Add Application](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/application.md) topic for additional information. + [Add Application](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/application.md) topic for additional information. - Remove — Removes console access from the selected account - Refresh — Reload the information displayed @@ -24,7 +30,7 @@ The table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object - Name — Displays the name of the account. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Name — Displays the sAMAccountName for the account - User Principal Name — Displays the UPN value for the account diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md deleted file mode 100644 index 81e4c4102b..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md +++ /dev/null @@ -1,35 +0,0 @@ -# Session Logs Window - -The Session Logs window displays the log details for the selected session. Select a session from the -Active dashboard and click the View Logs button to open the Session Logs window. - -![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) - -The window has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: - - - Log Level — Filter by the message Status level: Debug, Info, Warn, or Error - - Requested date — Filter by session start and/or end dates - -- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's - default download folder. The file name indicates what table was exported. -- Action Service Version — Indicates the version of the Privilege Secure action service that ran the - activity -- Refresh — Reload the information displayed -- Okay — Click to close the window, which can also be closed with the X in the upper-right corner - -The table has the following columns: - -- Line — Indicates the order of the messages within the log -- DateTime — Date timestamp for when the message was recorded -- Status — Provides two details: - - - Icon — Indicates whether the action associated with the message was successful - - Log Level — Indicates message log level: Debug, Info, Warn, or Error - -- Message — Displays the logged details of the message - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/_category_.json new file mode 100644 index 0000000000..e058ae6cc7 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Policy Interface", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "interface" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/_category_.json new file mode 100644 index 0000000000..067f166dde --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Access Certification Page", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "accesscertification" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertification.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertification.md index 5be9310364..3de6ca4a3e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertification.md @@ -1,3 +1,9 @@ +--- +title: "Access Certification Page" +description: "Access Certification Page" +sidebar_position: 10 +--- + # Access Certification Page On the Access Certification page, create or review access certification tasks to audit and remediate @@ -13,7 +19,7 @@ tasks and has the following features: - Search – Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Add Access Cert. Task icon – Add an access certification task to the list. See the - [Add Access Certification Task](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/add/accesscertificationtask.md) topic for additional + [Add Access Certification Task](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertificationtask.md) topic for additional information. - List of access certification tasks – Select a task from the list to view and edit settings: @@ -36,10 +42,10 @@ features: - Description – (Optional)Description of the policy. - Reviewer – The reviewer that the access certification task is assigned to. Only users with the Reviewer role can be assigned as a reviewer. See the - [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md) topic for additional information + [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md) topic for additional information - Status – Shows status information for the task - Date Started (only visible once review is started) – Date the reviewer begins to review the access entitlements - Date Completed – Date the reviewer finished reviewing the access elements -- [Users Tab for Access Certification](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md) -- [Entitlements Tab for Access Certification](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/entitlements.md) +- [Users Tab for Access Certification](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/users.md) +- [Entitlements Tab for Access Certification](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/entitlements.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/add/accesscertificationtask.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertificationtask.md similarity index 78% rename from docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/add/accesscertificationtask.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertificationtask.md index e9feec8e6c..af9554a244 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/add/accesscertificationtask.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertificationtask.md @@ -1,3 +1,9 @@ +--- +title: "Add Access Certification Task" +description: "Add Access Certification Task" +sidebar_position: 10 +--- + # Add Access Certification Task Only user(s) and group(s) with the Admin Role can create access certification tasks. Follow the @@ -14,7 +20,7 @@ steps to add an access certification task. - New Cert. Task – Displays the name of the task. - Description – (Optional) Description of the policy. - Reviewer – Select a reviewer from the drop-down menu. Only users with the Reviewer role can be - assigned as reviewer. See the [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md) topic + assigned as reviewer. See the [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md) topic for additional information. **Step 4 –** Click Save to create the new access certification task. @@ -22,6 +28,6 @@ steps to add an access certification task. **Step 5 –** With the new access certification task selected, configure the following settings: - Users – Add users or groups to the access certification task. See the - [Add Users to Review](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md#add-users-to-review) section for more information. + [Add Users to Review](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/users.md#add-users-to-review) section for more information. The new task is added to the Access Certification Task list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/entitlements.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/entitlements.md similarity index 97% rename from docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/entitlements.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/entitlements.md index 0201fcff87..1680b4a48a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/entitlements.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/entitlements.md @@ -1,3 +1,9 @@ +--- +title: "Entitlements Tab for Access Certification" +description: "Entitlements Tab for Access Certification" +sidebar_position: 20 +--- + # Entitlements Tab for Access Certification The Entitlements tab shows the activities associated with the users in the selected access diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/users.md new file mode 100644 index 0000000000..1a504ad13d --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/users.md @@ -0,0 +1,80 @@ +--- +title: "Users Tab for Access Certification" +description: "Users Tab for Access Certification" +sidebar_position: 30 +--- + +# Users Tab for Access Certification + +The Users tab shows the users and groups in the selected access certification task for which the +reviewer must certify access entitlement. + +![userstab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/userstab.webp) + +The Users table has the following features: + +- Search – Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Column headers can be resized and sorted by ascending or descending order: + + - Name – Click to open the Users and Groups Details page. See the + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) + topic for additional information. + - User Name – Displays the name of the account + - Email – Displays the associated email address, if available + - Type – User or Group + +- Add button (Only visible when adding a new task) – Opens the Add Users and Groups window. See the + Add Users to Review topic for additional information. + +## Add Users to Review + +Follow the steps to add users and groups to the access certification task. + +**NOTE:** It is not possible to add or remove users after they have been added. + +**Step 1 –** Navigate to the Audit and Reporting > Access Certification page. + +**Step 2 –** In the Access Certification Task list, select the name of the task and select the Users +tab + +**Step 3 –** Click Add to open the Add Users and Groups window. + +![addusers](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/addusers.webp) + +The Add Users and Groups window has the following features: + +- Filter by users or groups +- Search – Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Available Users/Groups – Shows all users and groups added to the console +- Users & Groups to Add – Shows the users to be added to the access certification task +- Column headers can be sorted in ascending or descending order: + + - Name – Displays the name of the account + - User Name – SAM Account Name for the user or group + - User Principal Name – User Principal Name (UPN) of the user or group + - Email – Displays the associated email address, if available + +**Step 4 –** Filter by Users or Groups, or use the Search feature. + +**Step 5 –** To add a user or group to the access certification task, click a row in the Available +Users/Groups table and it is immediately moved to the Users & Groups to Add table. + +**Step 6 –** (Optional) Click a row in the Users & Groups to Add table to move it back to the +Available Users/Groups table. + +**CAUTION:** It is not possible to add or remove users after they have been added to the access +certification task. + +**Step 7 –** Click Add to add the user(s) and group(s) to the access certification task. + +The new user(s) and group(s) are added to the certification task and are shown on the Users Tab for +Access Certification. + +**NOTE:** Only the assigned reviewer can interact with the entitlements once the access +certification task is created. + +The reviewer can now log in to see the access certification task(s) assigned to them and begin the +review process. See the [Entitlements Tab for Access Certification](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/entitlements.md) topic for +additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/_category_.json new file mode 100644 index 0000000000..ad23e6d23d --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Access Policy Page", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "accesspolicy" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md new file mode 100644 index 0000000000..2f6669ba24 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md @@ -0,0 +1,54 @@ +--- +title: "Access Policy Page" +description: "Access Policy Page" +sidebar_position: 10 +--- + +# Access Policy Page + +The Access Policies page is accessible from the Navigation pane underPolicyPolicies. It shows the +configured access policies, which are used to control which users can complete which activities on +which resources. + +![Access Policy Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page.webp) + +The pane on the left side of the page displays a list of the configured access policies. This pane +has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Green + button — Create a new access policy. See the [Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy_1.md) + topic for additional information. +- Trashcan icon — Deletes the access policy. Icon appears when policy is hovered over. A + confirmation window will display. + +The selected access policy details display at the top of the main pane: + +- Name — Displays the name of the policy +- Description — Description of the policy +- Type — Icon indicates the type of object: Resource Based or Credential Based +- Connection Profile — Displays the name of the connection profile associated to the access policy. + The green arrow will open the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) to add or edit + connection profiles. +- User icon — Shows extra group of users who can manage this access policy. The icon appears only if + a custom role has been assigned to a policy. See the + [Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md) for additional information. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +The tabs at the bottom of the main pane are for associating Users, Activities, Resources, and +Credentials to the access policy. The content within the tabs change based on the type of policy. +See the following topics for additional information: + +- Resource Based Policy: + + - Users Tab for Resource Based Access Policies + - [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md) + - [Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md) + +- Credential Based Policy: + + - [Users Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/users.md) + - [Activities Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/activities.md) + - [Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy_1.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy_1.md new file mode 100644 index 0000000000..33319871e6 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy_1.md @@ -0,0 +1,47 @@ +--- +title: "Add Access Policy" +description: "Add Access Policy" +sidebar_position: 10 +--- + +# Add Access Policy + +Follow the steps to add access policies to the console. + +_Remember,_ a connection profile is required to create an access policy. You can create one ahead of +time on the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) page or use the arrow button +to create one during these steps. + +**Step 1 –** Navigate to the Policy > Access Policies page. + +**Step 2 –** In the Access Policy list, click the Plus icon. + +![Add Access Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addaccesspolicy.webp) + +**Step 3 –** Enter the following information: + +- Name – Displays the name of the policy +- Description – (Optional) Description of the policy +- Type – Classification of the access policy. The Type drop-down contains the following options: + + - Resource Based + - Credential Based + +- Connection Profile – Displays the name of the connection profile associated to the access policy + +**Step 4 –** Click Save to create the new access policy. + +The new access policy has been created. The next step is to associate Users, Activities, and +Resources/Credentials to the policy. See the following topics for additional information: + +- Resource Based Policy + + - [Users Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/users.md) + - [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md) + - [Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md) + +- Credential Based Policy + + - [Users Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/users.md) + - [Activities Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/activities.md) + - [Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/_category_.json new file mode 100644 index 0000000000..e1d08bdf25 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Activity Token Complexity Page", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "activitytokencomplexity" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity.md new file mode 100644 index 0000000000..8ec2b524c4 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity.md @@ -0,0 +1,54 @@ +--- +title: "Activity Token Complexity Page" +description: "Activity Token Complexity Page" +sidebar_position: 50 +--- + +# Activity Token Complexity Page + +The Activity Token Complexity Policy page is accessible from the Navigation pane +underPolicyPolicies>Activity Token ComplexityAccess Policies. It shows the configuration options for +managing the complexity of activity tokens for connection profiles. + +![Activity Token Complexity Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_1.webp) + +The pane on the left side of the page displays a list of the configured activity token complexity +policies. This pane has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Green + button — Create a new activity token complexity policy. See the + [Add Activity Token Complexity Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md) topic for additional + information. +- Trashcan icon — Deletes the activity token complexity policy. Icon appears when profile is hovered + over. A confirmation window will display. + +The selected activity token complexity policy details display in the main pane: + +- Name — Name of the activity token complexity policy +- Description — Description of the policy +- Must Start With / Must End With — Lists cases the activity token complexity policy will enforce. + This list contains the following options: + + - None + - Lowercase + - Uppercase + - Numeric + +- Length — The maximum number of characters the activity token complexity policy will enforce +- Max Consecutive Chars — The maximum number of consecutively occurring characters that the activity + token complexity policy will allow +- Characters to Exclude — Custom characters the activity token complexity policy will exclude. + Characters entered in this field will be excluded in addition to the characters listed beneath the + Additional characters excluded section. +- Additional characters excluded — Default characters the activity token complexity policy will + exclude +- Included Characters — Check boxes containing additional inclusive parameters for the activity + token complexity policy: + + - Lowercase — At least one lowercase character in the password + - Uppercase — At least one uppercase character in the password + - Numbers — At least one number in the password + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md new file mode 100644 index 0000000000..3d8e971981 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity_1.md @@ -0,0 +1,33 @@ +--- +title: "Add Activity Token Complexity Policy" +description: "Add Activity Token Complexity Policy" +sidebar_position: 10 +--- + +# Add Activity Token Complexity Policy + +Follow the steps below to add an Activity Token Complexity policy to the console. See the Activity +Token Complexity section for detailed descriptions of the fields. + +**Step 1 –** Navigate to the **Policy** > **Access Policies** > **Activity Token Complexity Policy** +page. + +**Step 2 –** In the Activity Token Complexity list, click the **Plus** icon. + +![Add Activity Token](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/add.webp) + +**Step 3 –** Enter the desired information to determine the complexity of the connection profile. + +- Provide a unique name for the policy +- Provide an optional description to state the purpose of the policy +- Configure the complexity parameters (Must Start With, Must End With, and Length), as desired + + _Remember,_ The maximum account name length value is 19 characters. + +- Specify the maximum number of consecutive characters and select characters to exclude, if needed +- You can specify additional characters to exclude from the account name and configure granular + rules for the characters to include (uppercase, lowercase, or numbers) + +**Step 4 –** Click Save to create the new connection profile. + +The new activity token complexity policy is added to the Activity Token Complexity Policy list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/_category_.json new file mode 100644 index 0000000000..af0f428444 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Connection Profiles Page", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "connectionprofiles" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md index 97a91c8b30..7c8b64c033 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md @@ -1,7 +1,13 @@ +--- +title: "Add Connection Profile" +description: "Add Connection Profile" +sidebar_position: 10 +--- + # Add Connection Profile Follow the steps to add a connection profile to the console. See the -[Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) topic for detailed descriptions of the +[Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) topic for detailed descriptions of the fields. **Step 1 –** Navigate to the Policy > **Access Policies** > Connection Profiles page. @@ -36,6 +42,6 @@ fields. **Step 4 –** Click Save to create the new connection profile. **Step 5 –** The new connection profile is created. To add an Approval Workflow, see the -[Add Approval Workflow](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofileapproval.md) topic for additional information. +[Add Approval Workflow](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md) topic for additional information. The new connection profile is added to the Connection Profiles list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofileapproval.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md similarity index 98% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofileapproval.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md index 1bbd2c3e50..6ee559b74f 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofileapproval.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md @@ -1,3 +1,9 @@ +--- +title: "Add Approval Workflow" +description: "Add Approval Workflow" +sidebar_position: 20 +--- + # Add Approval Workflow An approval workflow requires that the session must be approved before the requestor of the session diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md index 7418528c0d..47ab1b5c09 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md @@ -1,3 +1,9 @@ +--- +title: "Connection Profiles Page" +description: "Connection Profiles Page" +sidebar_position: 40 +--- + # Connection Profiles Page The Connection Profiles page is accessible from the Navigation pane under **Policy** > **Access @@ -13,7 +19,7 @@ pane has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Blue + button — Create a new connection profile. See the - [Add Connection Profile](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md) topic for additional information. + [Add Connection Profile](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofile.md) topic for additional information. - Trashcan icon — Deletes the connection profile. Icon appears when profile is hovered over. A confirmation window will display. @@ -31,10 +37,10 @@ The selected profile details display in the main pane: used. - Allow Proxy Auto Connects — If disabled, the requester will be prompted for secondary authentication (password and MFA) when executing proxy connects from the - [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.md). + [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/active.md). - Record Proxy Sessions — Specify if the proxy will record the session. This will allow a user with the admin role to watch a remote session live, or review it later. See the - [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md) topic for additional + [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md) topic for additional information. - Session Control settings: @@ -45,13 +51,13 @@ The selected profile details display in the main pane: the requester will be notified within their RDP or SSH clients. This option will work whether the requestor logs on directly to the Resource, or connects via the proxy. - Enable Session Extension — Check to allow user to extend their current session. See the - [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md) topic for additional + [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md) topic for additional information. - Extend By — The additional number of minutes that the session will be extended. See the - [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md) topic for additional + [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md) topic for additional information. - Session Extension Limit — The number of times the user will be able to extend their session. - See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md) topic for + See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md) topic for additional information. - Monitor for Logon — Monitor user logon to the resource - Monitor Interval (minutes) — Indicates how often Privilege Secure will poll a resource to @@ -81,7 +87,7 @@ The selected profile details display in the main pane: Number field when creating a session - Activity Token Complexity Policy — Establishes how complex an activity token must be. Users can choose custom polices created on the - [Activity Token Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md). Left blank, the Console will use + [Activity Token Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity.md). Left blank, the Console will use the default activity token complexity policy. ![Connection Profiles Page Extended](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/pageextended.webp) @@ -89,7 +95,7 @@ The selected profile details display in the main pane: - Credential Management settings: - Allow User to Access Password — When checked, the user will be able to view or copy the - password from the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active.md) for the managed account that + password from the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/active.md) for the managed account that is used for the activity. The password that the user sees is valid only while the session is active. This option is enabled by default. - Enable credential auto-fill in browser extension — When checked, the Console will allow @@ -122,7 +128,7 @@ The selected profile details display in the main pane: - Automatic – No approval is required for the session - Tiered – Approval is required for the session. See the - [Add Approval Workflow](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofileapproval.md) topic for additional information. + [Add Approval Workflow](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofileapproval.md) topic for additional information. If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/_category_.json new file mode 100644 index 0000000000..1b318f2207 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Credential Based Policy Tabs", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/activities.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/activities.md new file mode 100644 index 0000000000..947fecb49e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/activities.md @@ -0,0 +1,32 @@ +--- +title: "Activities Tab for Credential Based Access Policies" +description: "Activities Tab for Credential Based Access Policies" +sidebar_position: 20 +--- + +# Activities Tab for Credential Based Access Policies + +The Activities tab shows the activities associated with the selected access policy. Only the +Credential Release activity is associated with a Credential Based Access Policy. + +![Credential based resource Activities tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/activitiestabcredentials.webp) + +The Activities tab has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Type— Provides options to filter results based on a chosen criterion: + + - All — Displays all activity for users and groups + - Activity — Displays user activity + - Activity Group — Displays group activity + +- Refresh — Reload the information displayed + +The table has the following columns: + +- Name — Displays the name of the activity +- Type — Classification of the activity +- Description — Description of the policy + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/_category_.json new file mode 100644 index 0000000000..a453d8f4fe --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Credentials Tab for Credential Based Access Policies", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "credentials" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md new file mode 100644 index 0000000000..587698b25f --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md @@ -0,0 +1,69 @@ +--- +title: "Add Credentials Window" +description: "Add Credentials Window" +sidebar_position: 10 +--- + +# Add Credentials Window + +The Add Credentials window provides a list of Credentials that have been onboarded. Credentials are +onboarded in the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md). + +![Add credentials window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.webp) + +The window has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: All, Credential or + Credential Group +- Available Credentials and Groups — Shows all available credentials and credential groups +- Credentials And Groups to Add — Shows selected credentials and credential groups +- Add — Adds modifications and closes window +- Cancel — Discards modifications and closes the window + +Both tables have the following columns: + +- Checkbox — Check to select one or more items +- Name — Displays the name of the credential +- Type — Icon indicates the type of object +- Resource — Displays the name of the resource +- Operating System — Displays the operating system of the resource +- Active Session Count — Displays the number of active sessions + +## Add Credentials to an Access Policy + +Follow the steps to add credentials to the selected access policy. + +**Step 1 –** Navigate to the Policy > Access Policies page. + +**Step 2 –** In the Access Policy list, select the name of the access policy and select the +Credentials tab. + +**Step 3 –** Click Add to open the Add Credentials window. + +The Add Credentials window has the following features: + +- Search – Searches the Name and Operating System columns to match the search string. When matches + are found, both tables are filtered to the matching results. +- Available Credentials and Groups– Shows all Credentials and Groups that have been added to the + console +- Credentials and Groups to Add – Shows the Credentials and Groups to be added to the protection + policy +- Column headers can be sorted in ascending or descending order + + - Name – The name of the credential + - Type – The type of credential, individual or group + - Resource – Name of the domain + - Operating System – Operating System of resource + - Active Session Count – Number of active sessions + +**Step 4 –** \_(Optional)\_Toggle between Credentials or Credential Groups. + +**Step 5 –** To add a credential to the access policy, click a row in the Available Credentials +table and it is immediately moved to the Credentials to Add table. + +**Step 6 –** Click Add to add the credential(s) to the access policy. + +The new credential(s) are added to the access policy and are shown in the +[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md new file mode 100644 index 0000000000..aa6006d65b --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md @@ -0,0 +1,38 @@ +--- +title: "Credentials Tab for Credential Based Access Policies" +description: "Credentials Tab for Credential Based Access Policies" +sidebar_position: 30 +--- + +# Credentials Tab for Credential Based Access Policies + +The Credentials tab shows credentials associated with the selected Credential Based access policy. + +![Credential based policy credential tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/accesspolicycredentialstab.webp) + +The Credentials table has the following features: + +- Add — Opens the Add Credentials window. See the + [Add Credentials Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/addcredentials.md) topic for additional + information. +- Remove — Removes the selected item from being associated with the policy +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Type— Provides options to filter results based on a chosen criterion: + + - All — Displays all credentials for users and groups + - Credential — Displays user credentials + - Credential Group — Displays group credentials + +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Name — Name of the account or credential group +- Type — Icon indicates the type of object +- Resource — Name of the resource that the account is on +- Operating System — Displays the operating system of the resource +- Active Session Count — Displays the number of active sessions on the resource + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/users.md new file mode 100644 index 0000000000..76db675809 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/users.md @@ -0,0 +1,51 @@ +--- +title: "Users Tab for Credential Based Access Policies" +description: "Users Tab for Credential Based Access Policies" +sidebar_position: 10 +--- + +# Users Tab for Credential Based Access Policies + +The Users tab shows the users and groups associated with the selected access policy. + +![Credential based policy users tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/userstabcredentials.webp) + +The Users tab has the following features: + +- Add — Opens the Add Users and Groups window. See the + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional + information. +- Remove — Removes the selected item from being associated with the policy +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Type — Provides options to filter results based on a chosen criterion: + + - All — Displays all individual and group types + - User — Displays user types + - Group — Displays group types + - Application — Displays application types + - Collection — Displays collection types + - Local User — Displays local user types + +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Expand — Click the expand () icon to show additional information about the activities and + resources authorized for the selected user or group +- Name — Displays the name of the account. Click the link to view additional details.See the + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for + additional information. +- Email — Displays the associated email address, if available +- User Name — Displays the sAMAccountName for the account +- Type — Icon indicates the type of object +- Certified — Indicates the access entitlement for the user or group. See the + [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertification.md) topic for + additional information. + + - Approved — Access entitlements have been approved + - Denied — Access entitlements have been revoked + - Incomplete — No access entitlement review has been completed + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/_category_.json new file mode 100644 index 0000000000..906a89bc69 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Resource Based Policy Tabs", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/_category_.json new file mode 100644 index 0000000000..fc35dd4360 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Activities Tab for Resource Based Access Policies", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "activities" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md new file mode 100644 index 0000000000..c8b0942f23 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md @@ -0,0 +1,37 @@ +--- +title: "Activities Tab for Resource Based Access Policies" +description: "Activities Tab for Resource Based Access Policies" +sidebar_position: 20 +--- + +# Activities Tab for Resource Based Access Policies + +The Activities tab shows the activities associated with the selected access policy. + +![Activities Tab for Resource based Policies](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activitiestab.webp) + +The Activities tab has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Type— Provides options to filter results based on a chosen criterion: + + - All — Displays all activity for users and groups + - Activity — Displays user activity + - Activity Group — Displays group activity + +- Add — Opens the Add Activities and Activity Groups window. See the + [Add Activities and Activity Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md) + topic for additional information. +- Remove — Removes the selected item from being associated with the policy +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Name — Displays the name of the activity . Click the link to view additional details. See the + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. +- Type — Classification of the activity. Click the link to view additional details. +- Description — Description of the policy + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addactivitiesandactivitygroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md similarity index 89% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addactivitiesandactivitygroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md index 8baa2dfc08..73c4fb0e78 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addactivitiesandactivitygroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/addactivitiesandactivitygroups.md @@ -1,7 +1,13 @@ +--- +title: "Add Activities and Activity Groups Window" +description: "Add Activities and Activity Groups Window" +sidebar_position: 10 +--- + # Add Activities and Activity Groups Window The Add Activities and Activity Groups window provides a list of Activities that have been created. -Activities are created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md). +Activities are created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md). ![Add Activities and Activity Groups Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) @@ -56,4 +62,4 @@ Available Activities list. **Step 6 –** Click Add to add the activities and activity groups to the access policy. The new activities and activity groups are added to the access policy and are shown in the -[Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md). +[Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/_category_.json new file mode 100644 index 0000000000..e8ac505096 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Resources Tab for Resource Based Access Policies", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "resources" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addresourcesandresourcegroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md similarity index 90% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addresourcesandresourcegroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md index 7dac2c6f5e..94629e1f4b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addresourcesandresourcegroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md @@ -1,7 +1,13 @@ +--- +title: "Add Resources and Resource Groups Window" +description: "Add Resources and Resource Groups Window" +sidebar_position: 10 +--- + # Add Resources and Resource Groups Window The Add Resources and Resource Groups window provides a list of resources that have been onboarded. -Resources are onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). +Resources are onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). ![Add resources and resource groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandresourcegroups.webp) @@ -56,4 +62,4 @@ back to the Available Resources / Resource Groups table. **Step 7 –** Click Add to add the resource(s) and resource group(s) to the access policy. The new resource(s) and resource group(s) are added to the access policy and are shown in the -[Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resources.md). +[Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md new file mode 100644 index 0000000000..3192c7d012 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md @@ -0,0 +1,40 @@ +--- +title: "Resources Tab for Resource Based Access Policies" +description: "Resources Tab for Resource Based Access Policies" +sidebar_position: 30 +--- + +# Resources Tab for Resource Based Access Policies + +The Resources tab shows the resources associated with the selected access policy. + +![Resource based policy resources tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resourcestab.webp) + +The Resources table has the following features: + +- Add — Opens the Add Resources and Resource Groups window. See the + [Add Resources and Resource Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/addresourcesandresourcegroups.md) + topic for additional information. +- Remove — Removes the selected item from being associated with the policy +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: + + - All — Displays all individual and group types + - Resource — Displays individual types + - Resource Group — Displays group types + +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Name — Displays the name of the resource. Click the link to view additional details. The details + vary based on the type of resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) topic for + additional information. +- Type — Icon indicates the type of object +- DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource +- Operating System — Displays the operating system of the resource +- Active Session Count — Displays the number of active sessions on the resource + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/users.md new file mode 100644 index 0000000000..b01f3e84e7 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/users.md @@ -0,0 +1,51 @@ +--- +title: "Users Tab for Resource Based Access Policies" +description: "Users Tab for Resource Based Access Policies" +sidebar_position: 10 +--- + +# Users Tab for Resource Based Access Policies + +The Users tab shows the users and groups associated with the selected access policy. + +![Resource based policy users tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/userstab.webp) + +The Users tab has the following features: + +- Add — Opens the Add Users and Groups window. See the + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional + information. +- Remove — Removes the selected item from being associated with the policy +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Type — Provides options to filter results based on a chosen criterion: + + - All — Displays all individual and group types + - User — Displays user types + - Group — Displays group types + - Application — Displays application types + - Collection — Displays collection types + - Local User — Displays local user types + +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Expand — Click the expand () icon to show additional information about the activities and + resources authorized for the selected user or group +- Name — Displays the name of the account. See the + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for + additional information. +- Email — Displays the associated email address, if available +- User Name — Displays the sAMAccountName for the account +- Type — Icon indicates the type of object +- Certified — Indicates the access entitlement for the user or group. See the + [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertification.md) topic for + additional information. + + - Approved — Access entitlements have been approved + - Denied — Access entitlements have been revoked + - Incomplete — No access entitlement review has been completed + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/_category_.json new file mode 100644 index 0000000000..89859a8a4e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Activities Page", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "activities" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md new file mode 100644 index 0000000000..7fbac45a99 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md @@ -0,0 +1,133 @@ +--- +title: "Activities Page" +description: "Activities Page" +sidebar_position: 70 +--- + +# Activities Page + +The Activities page is accessible from the Navigation pane under Activities. It shows the configured +activities, which contain the actions that will run during the session such as granting admin +privileges. + +Activities are for singular activities based on a specific platform whereas Activity Groups can be +used for cross platform activities such as granting local administrator access. See the +[Activity Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroups.md) topic for additional information. + +It is also possible to configure an activity to automatically run any Protection Policy associated +with the resource when the session completes, instead of waiting for the scheduled sync. See the +[Add Action Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/addaction.md) topic for additional information. + +![Activities Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitiespage.webp) + +The pane on the left side of the page displays a list of the configured activity. This pane has the +following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Green + button — Create a new activity. See the [Add Activity](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activity.md) topic for + additional information. +- Copy icon — Clones the activity and adds a new entry to the Activities list. Icon appears when + activity is hovered over. +- Trashcan icon — Deletes the activity. Icon appears when activity is hovered over. A confirmation + window will display. + +The selected activity details display at the top of the main pane: + +- Name — Displays the name of the activity +- Description — Description of the policy +- Platform — Displays the type of platform, which defines the resource: Active Directory, Microsoft + Entra ID, Cisco, Linux, Microsoft SQL Server, Oracle, Website, and Windows +- Login Account — Controls the type of account used to log into the resource: Requester, Managed, + Activity Token, Resource, and Vault. See the Login Account Types topic for additional information. +- Activity Type — Controls the type of actions for the activity: + + - Interactive — Activity expects the requester to log on to a host desktop or CLI interface + either directly or via the proxy + - Interactive App Launch — Activity will launch an application on the requested resource + - Task Automation — Activity will run an automated script requiring no user interaction + +- Requester Login Format — Indicates the format that will be used to prefill the Username field for + logging into the resource. It must exactly match the username defined on the resource. This option + is only visible when the Login Account is set to Requester. The format options + include: Domain\SamAccountName, SamAccountName, UPN (User Principal Name), Email, and Custom +- Login Account Template — Template determines the format of the account created for Managed, + Activity Token, Resource, and Vault Login Accounts. The template is also used if the Requester + login format is set to Custom. See the + [Login Account Templates](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activityloginaccounttemplates.md) topic for additional information. +- Create Account checkbox — Indicates whether an account is created at the beginning of the activity + if it does not already exist. When the Activity starts, a check is made to determine if an account + exists. If the account exists, the user is connected to the account on the resource. If the + account does not exist, the account is created and a password is set. The user is then connected + to the account on the resource. This option is only visible when the Login Account is set to + Activity Token or Managed. It cannot be disabled for Activity Token. +- Delete After Use checkbox — Indicates whether the account will be deleted at the end of the + activity. If an account was created to perform the activity, check this option to remove the + account after the activity is complete. Otherwise, the account will be disabled at the end of the + activity session. This option is only visible when the Login Account is set to Activity Token or + Managed. It cannot be disabled for Activity Token. + + **NOTE:** A built-in administrator account cannot be deleted or disabled at the end of a + session. + +- Valut Connector — Displays the name of the assigned vault connector. This option is only visible + when the Login Account is set to Vault. Additional fields may appear based on the selected vault. + + **NOTE:** To view the password fetched from the vault, the Allow User to View Password checkbox + must be selected in the connection profile associated with the access policy that gives the + requester rights to the activity. See the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) + topic for additional information. + +- Application to Launch — Indicates the application that will be launched on the RDS server that the + user is connected to by Privilege Secure. This option is only visible when the Activity Type is + set to Interactive App Launch. + + - The following variables can be supplied within the Application to Launch field: + + - %loginaccount% — The Login Account Name determined by the Login Account Template + - %sessionid% — The NPS session ID for the activity session + - %token% — The NPS one time use token generated by the Proxy Service + +- Preferred RDS Host — Displays the name of the RDS server that will launch the application + specified in the Application to Launch field. This option is only visible when the Platform is set + to Active Directory. +- Connect Account — Provides a list of service accounts that will be used by the Proxy Service for + impersonation for Interactive App Launch activities. If no account is selected, the account + specified by the Login Account Template will be used and no impersonation will occur. This option + is only visible when the Platform is set to Active Directory. +- Logon URL — Displays the primary logon page. When this field has a value, it will override the + Logon URL defined on the Website resource. This option is only visible when the Platform is set to + Microsoft Entra ID or Website. See the [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md) and + [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md) topics for additional information. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +Below the activity details in the main pane are the session details, the actions that will occur +before, during, and after the session: + +- Pre-Session (Grant) — List of actions that will run before the session begins. These actions may + be paired with a corresponding Post-Session action. +- Session (Connect) — List of actions that will run during the session +- Post-Session (Remove) — List of actions that will run after the session completes. These actions + may be paired with a corresponding Pre-Session action. + +A Link icon shows actions that are linked. Deleting a linked action will delete the corresponding +action it is paired with. See the [Add Action Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/addaction.md) topic for +additional information. + +**NOTE:** It is not possible to edit the Action Type. Delete the existing action and then create a +new action to get a new Action Type. + +## Login Account Types + +Privilege Secure supports the use of various login account types that perform different functions in +the environment. See each account type for a description. + +| Account Type | Description | +| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Requester | The Requester login account type will use the user's own account to run the activity. The user will either log onto the resource directly or be connected to the resource via the proxy. In both cases the user will have to enter their user name and password. This login account should be used to avoid having a separately managed account. The user needs to have a matching account on the endpoint and needs to know the password to login. | +| Managed | The Managed login account type will used an account managed by Privilege Secure to run the activity. Once created, a Managed account will persist to the endpoint. When a session ends or is canceled, the password is automatically rotated. The account will not be removed afterward, but it will be disabled when at rest. The primary use case is for instances where the user desktop experience should persist across sessions. A Managed account can be a specific account name or based on any variable added to the Login Account Template. The password for a managed account is available to the user via the UI during an active session. | +| Activity Token | The Activity Token login account will use a unique time-limited ephemeral account created when the Activity is started and removed when it is completed. The account name is automatically generated from the user’s sAMAccountName and Session ID, filled out to as many characters as configured for the activity token. See the [Activity Token Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity.md) topic for additional information. The account name can be entirely random or based on variables or text added to the Login Account Template. The primary use case is where the user profile should be destroyed after each session and have the user log-in to a clean desktop every time they connect; a common use case for remote vendors and contractors. | +| Resource | The Resource login account is only available when the Platform is set to Website. It allows manually managed user accounts on website resources to be used to log into activities. The user name is defined in the Requester Login Format field and must exactly match the username defined on the website resource. | +| Vault | The Vault login account will use an account that is checked out of the specified vault to run the activity. The password provided by the vault is available to the user via the UI during an active session. When a session ends or is canceled, the password is checked into the vault. | diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/_category_.json new file mode 100644 index 0000000000..85718371da --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Add Activity", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "activity" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activity.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activity.md similarity index 93% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activity.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activity.md index ac078e107e..c254f1eedc 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activity.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activity.md @@ -1,3 +1,9 @@ +--- +title: "Add Activity" +description: "Add Activity" +sidebar_position: 10 +--- + # Add Activity Follow the steps to add activities to the console. @@ -39,7 +45,7 @@ options include: **Step 5 –** Click Save to create the new activity. **Step 6 –** With the new activity selected, configure the following settings. See the -[Add Action Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md) topic for additional information: +[Add Action Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/addaction.md) topic for additional information: - Pre-Session (Grant) — List of actions that will run before the session begins. These actions may be paired with a corresponding Post-Session action. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityloginaccounttemplates.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activityloginaccounttemplates.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/activityloginaccounttemplates.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activityloginaccounttemplates.md index 7ae682ea08..614d7ba8cb 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityloginaccounttemplates.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activityloginaccounttemplates.md @@ -1,3 +1,9 @@ +--- +title: "Login Account Templates" +description: "Login Account Templates" +sidebar_position: 10 +--- + # Login Account Templates There are three options for Login Account Templates in an Activity: @@ -30,8 +36,8 @@ There are three options for Login Account Templates in an Activity: “sblab\jsmith” will be connected to a local account named “sblab_jsmith” **NOTE:** The value of each mask can be customized on the -[Properties Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/properties.md) of the Application details page. See the -[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for additional +[Properties Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/properties.md) of the Application details page. See the +[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. ## Functions for Login Account Templates diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/_category_.json new file mode 100644 index 0000000000..28c7dfbefe --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Activity Groups Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "activitygroups" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitygroup.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroup.md similarity index 81% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitygroup.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroup.md index 2f9b7da024..03c4cb36c4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitygroup.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroup.md @@ -1,3 +1,9 @@ +--- +title: "Add Activity Groups" +description: "Add Activity Groups" +sidebar_position: 10 +--- + # Add Activity Groups Follow the steps to add activity groups to the console. @@ -18,6 +24,6 @@ Follow the steps to add activity groups to the console. **Step 5 –** With the new activity group selected, configure the following settings: - Add activities to the activity group. See the - [Add Activities Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addactivities.md) topic for additional information. + [Add Activities Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/addactivities.md) topic for additional information. The new activity group is added to the console and is shown in the Activity Groups list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitygroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroups.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitygroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroups.md index b53e7fe382..a2fbc2dc2b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitygroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroups.md @@ -1,3 +1,9 @@ +--- +title: "Activity Groups Page" +description: "Activity Groups Page" +sidebar_position: 30 +--- + # Activity Groups Page The Activity Groups page is accessible from the Navigation pane under Activities. It shows the @@ -5,7 +11,7 @@ configured activities groups. Activities are for singular activities based on a specific platform whereas Activity Groups can be used for cross platform activities such as granting local administrator access. See the -[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. +[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. ![addactivitygroup](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/addactivitygroup.webp) @@ -15,7 +21,7 @@ has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Green + button — Create a new activity group. See the - [Add Activity Groups](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitygroup.md) topic for additional information. + [Add Activity Groups](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroup.md) topic for additional information. - Trashcan icon — Deletes the activity group. Icon appears when activity is hovered over. A confirmation window will display. @@ -40,7 +46,7 @@ The table has the following columns: - Checkbox — Check to select one or more items - Name — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional details. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional details. - Created — Date timestamp when the item was created The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addactivities.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/addactivities.md similarity index 93% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addactivities.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/addactivities.md index 27f06f9b61..7f1a5277c4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addactivities.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/addactivities.md @@ -1,7 +1,13 @@ +--- +title: "Add Activities Window" +description: "Add Activities Window" +sidebar_position: 20 +--- + # Add Activities Window The Add Activities window provides a list of Activities that have been created. Activities are -created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md). +created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md). ![Add activities and activity groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/_category_.json new file mode 100644 index 0000000000..ad1f167278 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Add Action Window", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "addaction" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityactiontypes.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/activityactiontypes.md similarity index 99% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/activityactiontypes.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/activityactiontypes.md index 97dffa7f33..924bc18fec 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityactiontypes.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/activityactiontypes.md @@ -1,3 +1,9 @@ +--- +title: "Action Types" +description: "Action Types" +sidebar_position: 10 +--- + # Action Types The following tables list all available actions that can be added to an activity. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/addaction.md similarity index 90% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/addaction.md index 09e3956049..d80310bec6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/addaction.md @@ -1,3 +1,9 @@ +--- +title: "Add Action Window" +description: "Add Action Window" +sidebar_position: 20 +--- + # Add Action Window The Add Action window varies slightly based on the Action Type selected and the associated session @@ -32,7 +38,7 @@ These actions may be paired with a corresponding Pre-Session action. - Action Name - Action Name — (Optional) Edit the name of the action. - Paired Actions Name - Paired Action's Name — (Optional) Edit the name of the paired action -See the [Action Types](/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityactiontypes.md) section for detailed descriptions of the +See the [Action Types](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/addaction/activityactiontypes.md) section for detailed descriptions of the fields. **NOTE:** The fields will change depending on the selected Action Type. @@ -47,7 +53,7 @@ existing action and then create a new action to get a new Action Type. **Step 7 –** If desired, it is possible to automatically run any Protection Policies associated with the resource when the session completes. Simply add the _Invoke Protection Policies_ action to the -Post-Session group. See the [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md) topic for +Post-Session group. See the [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md) topic for additional information. **NOTE:** It is not necessary to select a protection policy. All protection policies that apply to diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/activitylog.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activitylog.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/activitylog.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/activitylog.md index a1c945550e..1483ef5768 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/activitylog.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/activitylog.md @@ -1,3 +1,9 @@ +--- +title: "Activity Log Page" +description: "Activity Log Page" +sidebar_position: 20 +--- + # Activity Log Page The Activity Log page shows the activity logs for users and resources. From here, search and @@ -38,7 +44,7 @@ The Top 5 Users for the Date Range table lists the users with the most sessions: - Column headers can be resized and sorted in ascending or descending order: - User — The user logged in to the session. Click to open the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md). + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md). - Sessions — Number of sessions per user - Total Duration — Total duration of all sessions per user - Average — The average duration of a session per user @@ -50,15 +56,15 @@ The Sessions by All Users table lists all user sessions: - Column headers can be resized and sorted in ascending or descending order: - Session User — The user logged in to the session. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Host — The resource the session is using. The details vary based on the type of resource. See - the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) topic for additional information. + the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) topic for additional information. - Login Account — Account user is logged in with - Policy — Policy associated with the session. See the - [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for additional information. + [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional information. - Activity — Activity associated with the session. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Start — Start time of the session - Duration — Duration of the session - End — End time of the session diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/_category_.json new file mode 100644 index 0000000000..2ab329a09f --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Authentication Page", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "authentication" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md new file mode 100644 index 0000000000..305d4c742d --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md @@ -0,0 +1,125 @@ +--- +title: "Authentication Page" +description: "Authentication Page" +sidebar_position: 40 +--- + +# Authentication Page + +The Authentication page is accessible from the Navigation pane under Configuration. It shows the +configured multi-factor authentication (MFA) or other third-party authentication connectors such as +OpenID Connect and SAML. + +Once configured, an authentication method may be assigned to any users who will use the method for +accessing the application. See the +[Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md) topic for +additional information. + +![Authentication Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationpage.webp) + +The pane on the left side of the page displays a list of the configured authentication connectors. +This pane has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- - button — Create a new connector. See the + [Add Authentication Connector](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authenticationconnector.md) topic for additional + information. +- Default icon — Indicates if connector is set as default. Icon appears when activity is hovered + over. Click the icon to change or clear the default. +- Exclusive icon — Indicates if connector is set as exclusive. Icon appears when activity is hovered + over. Click the icon to change or clear the default. +- Trashcan icon — Deletes the connector. Icon appears when activity is hovered over. A confirmation + window will display. + +The selected connector details display at the top of the main pane: + +- Name — Displays the name of the authentication connector +- Description — Description of the policy +- Connector Type — Indicates the type of authentication: MFA, OpenID Connect, and SAML. Remaining + fields vary based on the Connector Type selected. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +## MFA Connector Type + +The following fields apply to the MFA Connector Type: + +- Server FQDN / IP — Address of the RADIUS server proxy +- Remote Port — Port of the RADIUS server proxy +- Auth Type — Security protocol used for communications between the Privilege Secure server and the + RADIUS proxy +- Shared Secret — Shared secret for the RADIUS proxy +- Max Retries — Indicates how many times the Privilege Secure server will attempt to communicate + with the RADIUS proxy +- Timeout (Seconds) — Indicates how long before Privilege Secure determines that the communication + with the RADIUS proxy has failed +- Title for MFA Auth Dialog — Title that will appear at the top of the authentication dialog +- Text for MFA Auth Dialog — Text that will be displayed to the user prompting for action +- Send NAS Identifier checkbox — Indicates if the NAS identifiers are transmitted to the RADIUS + proxy. This is required for certain RADIUS proxy implementations that require it. The NAS IP + Address value is the IP address of the Privilege Secure server; the NAS Identifier is “SbPAM”. +- Send Initial Text checkbox — Indicates if the value in the Initial Auto Response Text is + automatically sent to the RADIUS proxy without user action +- Initial Auto Response Text — This value is sent to the RADIUS server automatically if the Send + Initial Text option is enabled. For example, this might be “push” to immediately have the user’s + phone app prompt for authorization. +- Prefix for Response Text — Displays the value that is added to the beginning of the responses. The + value will vary according to server. +- Format for Username (Allows Custom Entries) — Displays the Username value that is sent to the + RADIUS server (default: SAMAccountname@NetBiosDomain). This format will be used by the + authenticator at log in. If configured to use "Email" or "UPN" (optional attributes) the + authenticator will use that format at log in, but send the default value to the RADIUS server. + +## OpenID Connect Connector Type + +The following fields apply to the OpenID Connect Connector Type: + +- Configuration Wizard button — Opens the Configuration Wizard for the selected type of connector. + See the [OpenID Connect Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectconfiguration.md) topic for + additional information. +- Show / Hide Data link — Click the link to view or hide additional details +- Issuer — Displays the OpenID Connect provider issuer URI +- Client Id — Displays the OpenID Connect provider application Id for Privilege Secure +- Login Format — Indicates which Active Directory user ID property is used for the user login name: + sAMAccountName, User Principal Name, Email, or SID +- User Id Source — Displays the source from which the User Id data is extracted +- User Id Field — Displays the value from the extracted data to use for host-user lookup + +## SAML Connector Type + +The following fields apply to the SAML Connector Type: + +- Configuration Wizard button — Opens the Configuration Wizard for the selected type of connector. + See the [SAML Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/samlconfiguration.md) topic for additional + information. +- Show / Hide Data link — Click the link to view or hide additional details +- Login URI — Displays the SAML provider issuer URI +- Name ID Policy — Displays the name of the ID Policy +- Login Format — Indicates which Active Directory user ID property is used for the user login name: + sAMAccountName, User Principal Name, Email, or SID +- User Claim — Displays the name of the user attribute to use +- Check Certificate checkbox — Select to check if a safe certificate is needed +- Certificate — Provide your certificate file +- Logout URI — Displays the simple logout address (not a SAML SLO endpoint), which takes a parameter + for the post logout redirection + +## Set Authentication as Default Login + +Once a third-party authentication connector is configured, it can be set as the default form of +authentication, or it can be set as the exclusive form of authentication. Hover over the +authentication connector to display the configuration options. + +![Authentication Connector Options](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationoptions.webp) + +There are two options that can be configured for the authentication connector, Set as Default and +Set as Exclusive. + +| Description | Option | Login Screen | +| ----------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Set as Default — Sets the authentication connector as the default login option and includes the option to login with Active Directory credentials | ![Set authentication connector as Default](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetdefault.webp) | ![Set authentication connector as Default Login Screen](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetdefaultlogin.webp) | +| Set as Exclusive — Sets the authentication connector as the only option to login and the option to login with Active Directory credentials is removed | ![Set authentication connector as Exclusive](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetexclusive.webp) | ![Set authentication connector as Exclusive Login Screen](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authenticationsetexclusivelogin.webp) | + +Once the authentication connector is set to Default or Exclusive, the login will be updated to +reflect the configuration selected. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authenticationconnector.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authenticationconnector.md new file mode 100644 index 0000000000..74ce902e83 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authenticationconnector.md @@ -0,0 +1,38 @@ +--- +title: "Add Authentication Connector" +description: "Add Authentication Connector" +sidebar_position: 10 +--- + +# Add Authentication Connector + +Follow the steps to add an authentication connector to the console. + +**Step 1 –** Navigate to the **Configuration** > **Authentication** page. + +**Step 2 –** In the Connectors list, click the **Plus** icon. + +![addauthentication](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addauthentication.webp) + +**Step 3 –** Enter the following information: + +- Authentication Connector Name – Displays the name of the authentication connector +- Connector Description (Optional) – Enter a brief description to identify the service account +- Connection Type – Indicates the type of authentication + +**NOTE:** Once the Connection Type is selected, additional fields become available. The available +fields will change depending on the selection. + +**Step 4 –** Enter the information from the applicable authentication connector provider. See the +[Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md) section for detailed descriptions of the fields. + +- For OpenID Connect, open the + [OpenID Connect Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectconfiguration.md) +- For SAML, open the [SAML Configuration Wizard](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/samlconfiguration.md) + +See the [OpenID Connect Authentication](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectauthentication.md) +appendices for additional information on how to configure third party Authentication Connectors. + +**Step 5 –** Click **Save** to create the new authentication connector. + +The new authentication connector is added to the Connectors list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/_category_.json new file mode 100644 index 0000000000..bfa8392158 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "OpenID Connect Configuration Wizard", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "openidconnectconfiguration" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/openidconnectauthentication.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectauthentication.md similarity index 96% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/openidconnectauthentication.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectauthentication.md index 5359051c7a..1daf98bca4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/openidconnectauthentication.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectauthentication.md @@ -1,3 +1,9 @@ +--- +title: "OpenID Connect Authentication" +description: "OpenID Connect Authentication" +sidebar_position: 10 +--- + # OpenID Connect Authentication ## Okta diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/openidconnectconfiguration.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectconfiguration.md similarity index 97% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/openidconnectconfiguration.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectconfiguration.md index e7bf4d8906..20f3012bf5 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/openidconnectconfiguration.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/openidconnectconfigu/openidconnectconfiguration.md @@ -1,7 +1,13 @@ +--- +title: "OpenID Connect Configuration Wizard" +description: "OpenID Connect Configuration Wizard" +sidebar_position: 20 +--- + # OpenID Connect Configuration Wizard The OpenID Connect Configuration wizard is opened with the **Configuration Wizard** button in the -Configuration > [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md) for an OpenID Connect +Configuration > [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md) for an OpenID Connect Authentication Connector Type. ![configureclient](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/configureclient.webp) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/samlconfiguration.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/samlconfiguration.md similarity index 97% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/samlconfiguration.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/samlconfiguration.md index a1c271732d..5e3187d548 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/samlconfiguration.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/samlconfiguration.md @@ -1,7 +1,13 @@ +--- +title: "SAML Configuration Wizard" +description: "SAML Configuration Wizard" +sidebar_position: 30 +--- + # SAML Configuration Wizard The SAML Configuration wizard is opened with the **Configuration Wizard** button in the -Configuration > [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md) for an SAML Authentication +Configuration > [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md) for an SAML Authentication Connector Type. ![configureclient](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/wizard/configureclient.webp) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/_category_.json new file mode 100644 index 0000000000..60e217ed9c --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Credentials Page", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "credentials" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/accountdependencies.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/accountdependencies.md similarity index 94% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/accountdependencies.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/accountdependencies.md index 8ce4886f7a..d6e0a6a18d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/accountdependencies.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/accountdependencies.md @@ -1,3 +1,9 @@ +--- +title: "Account Dependencies Window" +description: "Account Dependencies Window" +sidebar_position: 30 +--- + # Account Dependencies Window The Account Dependencies window shows all of the dependent services and scheduled tasks for the @@ -14,7 +20,7 @@ The window has the following details displayed at the top: - Age — Number of days since the last credential rotation or from when the password was first created - Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a verification schedule. - Unspecified — Verification check has not run @@ -56,7 +62,7 @@ The window has the following columns: - Last Scan — Date timestamp for the last time the resource was scanned - Last Change — Date timestamp for the last time the password was changed - Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a verification schedule. - Unspecified — Verification check has not run diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/_category_.json new file mode 100644 index 0000000000..1e450f3d75 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Credential Groups Page", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "credentialgroups" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/addcredentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/addcredentials.md new file mode 100644 index 0000000000..1de013ede9 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/addcredentials.md @@ -0,0 +1,119 @@ +--- +title: "Add Credentials Window" +description: "Add Credentials Window" +sidebar_position: 20 +--- + +# Add Credentials Window + +The Add Credentials window provides a list of Credentials that have been onboarded and are not +already present in the collection. Credentials are onboarded in the +[Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md). + +![Add Credentials Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentials.webp) + +The window has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: Internal, Standard, and + Service +- Available Credentials — Shows all accounts available for credential management +- Credentials to Add — Shows selected credentials +- Add button — Closes the window + +Both tables have the following columns: + +- Checkbox — Check to select one or more items +- Account — Name of the account +- Resource — Name of the resource that the account is on +- Platform — Displays the type of platform, which defines the resource +- Method — Indicates how the account is managed: + + - Automatic — Credential rotation is managed by Privilege Secure according to the change policy + for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for + additional information. + - Manual — Credential rotation must be initiated manually with the Rotate Service Account + button, or the credential must be manually updated on both the resource and in Privilege + Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) + section for information on updating credentials for Internal service accounts. + - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been + stored + + **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialrotationmethod.md) topic for additional + information. + +- Managed Type — Type of managed account: + + - Standard — Local or domain user account, including managed users created by activity sessions + - Internal — Internal service account used by Privilege Secure with no dependencies. See the + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. + - Service — Local or domain service account with one or more dependencies. Includes Internal + service accounts with one or more dependencies. + +- Dependents — Number of scheduled tasks or Windows services using this account +- Password Changed — Date timestamp for the last time the password was rotated +- Age — Number of days since the last credential rotation or from when the password was first + created +- Status — Indicates if the account credentials have been verified by Privilege Secure. See the + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring + a verification schedule. + + - Unspecified — Verification check has not run + - Verified — Confirmed the credentials match the value stored in Privilege Secure + - Mismatch — Credentials do not match the value stored in Privilege Secure. This status only + appears when the Reset on Mismatch option is not enabled. + - Changed — Credentials were successfully updated to match the value stored in Privilege Secure. + This status only appears when the Reset on Mismatch option is enabled. + - Failed — Attempt to update the credentials to match the value stored in Privilege Secure was + unsuccessful. This status only appears when the Reset on Mismatch option is enabled. + +- Last Checked — Date timestamp of the last verification check +- Next Change — Date timestamp for the next credential password rotation + +## Add Credentials to a Credential Group + +Follow the steps to add credentials to a credential group. + +**Step 1 –** Navigate to the **Policy** > **Credentials** > Credential Groups page. + +**Step 2 –** In the Credential Groups list, select the name of the credential group. + +**Step 3 –** In the Credential Groups table, click Add Credentials. + +**Step 4 –** Filter by **Internal**, **Standard**, or **Service**, and use the Search feature. + +**Step 5 –** To add a credential to the group, click the checkbox in the Available Credentials +table. + +**Step 6 –** (Optional) Click the checkbox in the Credentials to Add table to move it back to the +Available Credentials table. + +**Step 7 –** Click Add to add the credential(s) to the group. + +The new credentials are added to the applicable group. + +## Add Credentials to a Policy Override + +Follow the steps to add credentials to a Credential Policy Override. In order for an account to be +added to add credentials window, a credential must be managed with a method of **Automatic**. Only +one account can be added to a Credential Policy Override at a time. See the +[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) topic for additional +information. + +**Step 1 –** Navigate to the **Policy** > **Credentials** > Credential Groups page. + +**Step 2 –** In the Credential Groups list, select the name of the credential policy override. + +**Step 3 –** In the Credential Policy Override table, click Add Credentials. + +**Step 4 –** To add a credential to the policy override, click the checkbox in the Available +Credentials table. + +**Step 5 –** (Optional) Click the checkbox in the Credentials to Add table to move it back to the +Available Credentials table. + +**Step 6 –** Click Add to add the credential(s) to the policy override. + +The new credentials are added to the applicable Credential Policy Override. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialgroup.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroup.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialgroup.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroup.md index 17ed33c9b6..288888333e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialgroup.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroup.md @@ -1,3 +1,9 @@ +--- +title: "Add Credential Groups" +description: "Add Credential Groups" +sidebar_position: 10 +--- + # Add Credential Groups Follow the steps to add credential groups to the Privilege Secure Console. @@ -24,7 +30,7 @@ the Add Credentials window. **Step 6 –** Select the checkbox for the credential and click **Add** to save the credential to the Credential Group. See the -[Add Credentials to a Credential Group](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/addcredentials.md#add-credentials-to-a-credential-group) +[Add Credentials to a Credential Group](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/addcredentials.md#add-credentials-to-a-credential-group) topic for additional information. The new credential group is added to the console and is shown in the Credential Groups list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialgroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroups.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialgroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroups.md index fe741acd5c..0e288e6cb5 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialgroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroups.md @@ -1,9 +1,15 @@ +--- +title: "Credential Groups Page" +description: "Credential Groups Page" +sidebar_position: 60 +--- + # Credential Groups Page The Credential Groups page is accessible from the Navigation pane under Credentials. It shows the configured credential groups, which are used to control account assignments in Credential Based access policies. See the -[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md) +[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) topic for additional information. ![Administrative Credential Group Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialgroupspage.webp) @@ -14,7 +20,7 @@ has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Blue + button — Create a new credential group. See the - [Add Credential Groups](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialgroup.md) topic for additional information. + [Add Credential Groups](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroup.md) topic for additional information. - Trashcan icon — Deletes the access policy. Icon appears when policy is hovered over. A confirmation window will display. @@ -33,7 +39,7 @@ The table has the following features: - Type — Provides options to filter results based on a chosen criterion: Internal, Standard, and Service - Add Credentials — Opens the Add Credentials window. See the - [Add Credentials to a Credential Group](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/addcredentials.md#add-credentials-to-a-credential-group) + [Add Credentials to a Credential Group](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/addcredentials.md#add-credentials-to-a-credential-group) topic for additional information. - Remove — Removes the selected item - Refresh — Reload the information displayed @@ -52,23 +58,23 @@ The table has the following columns: - Method — Indicates how the account is managed: - Automatic — Credential rotation is managed by Privilege Secure according to the change policy - for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional + for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information. - Manual — Credential rotation must be initiated manually with the Rotate Service Account button, or the credential must be manually updated on both the resource and in Privilege - Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for + Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for information on updating credentials for Internal service accounts. - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been stored - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/policy/credentialrotationmethod.md) topic for additional + **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialrotationmethod.md) topic for additional information. - Managed Type — Type of managed account: - Standard — Local or domain user account, including managed users created by activity sessions - Internal — Internal service account used by Privilege Secure with no dependencies. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Service — Local or domain service account with one or more dependencies. Includes Internal service accounts with one or more dependencies. @@ -78,7 +84,7 @@ The table has the following columns: - Age — Number of days since the last credential rotation or from when the password was first created - Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring a + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a verification schedule. - Unspecified — Verification check has not run diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/_category_.json new file mode 100644 index 0000000000..fbf0bf0d89 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Credential Policy Overrides Page", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "credentialpolicyoverrides" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides.md new file mode 100644 index 0000000000..3fd5714252 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides.md @@ -0,0 +1,75 @@ +--- +title: "Credential Policy Overrides Page" +description: "Credential Policy Overrides Page" +sidebar_position: 70 +--- + +# Credential Policy Overrides Page + +The Credential Policy Overrides page is accessible from the Policy Navigation pane under Credentials +and displays the configured Credential Policy Overrides. If a credential is added to a Credential +Policy Override, that credential's scheduled change policy and verification schedule will be +inherited from the Credential Policy Override, rather than being inherited from the credential's +platform. + +![Credential Policy Overrides Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialpolicyoverridepage.webp) + +The pane on the left side of the page displays a list of the configured Credential Policy Overrides. +This pane has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Blue + button — Create a new credential group. See the + [Add Credential Policy Override](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md) topic for additional + information. +- Trashcan icon — Deletes the policy. Icon appears when policy is hovered over. A confirmation + window will display. + +The selected access policy details display at the top of the main pane: + +- Name — Displays the name of the policy +- Description — Description of the policy + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +The table has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Add Credentials — Opens the Add Credentials window. See the + [Add Credentials Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/addcredentials.md) topic for additional + information. +- Remove — Removes the selected item +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Account — Name of the account. The following icons may also appear in this column: + + - Clipboard icon — Copies the password for the selected account + - Information icon — Opens the View Password window to view the password and copy it to the + clipboard. The window stays open for 20 seconds. + +- Resource — Name of the resource that the account is on +- Password Changed — Date timestamp for the last time the password was rotated +- Age — Number of days since the last credential rotation or from when the password was first + created +- Status — Indicates if the account credentials have been verified by Privilege Secure. See the + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a + verification schedule. + + - Unspecified — Verification check has not run + - Verified — Confirmed the credentials match the value stored in Privilege Secure + - Mismatch — Credentials do not match the value stored in Privilege Secure. This status only + appears when the Reset on Mismatch option is not enabled. + - Changed — Credentials were successfully updated to match the value stored in Privilege Secure. + This status only appears when the Reset on Mismatch option is enabled. + - Failed — Attempt to update the credentials to match the value stored in Privilege Secure was + unsuccessful. This status only appears when the Reset on Mismatch option is enabled. + +- Last Checked — Date timestamp of the last verification check +- Next Change — Date timestamp for the next credential password rotation + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md new file mode 100644 index 0000000000..cd1a57b819 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides_1.md @@ -0,0 +1,49 @@ +--- +title: "Add Credential Policy Override" +description: "Add Credential Policy Override" +sidebar_position: 10 +--- + +# Add Credential Policy Override + +Follow the steps to add Credential Policy Override to the Privilege Secure Console. + +**Step 1 –** Navigate to the Policy > Credentials > Credential Policy Overrides page. + +**Step 2 –** In the Credential Policy Overrides list, click the Plus icon. + +![Adding a credential policy override](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentialpolicyoverride.webp) + +**Step 3 –** Enter or select the following information: + +- Name — Displays the name of the credential +- Description — Description of the policy +- Scheduled Change Policy — Select a previously added schedule policy from the drop-down list. How + often the credentials for a managed account are changed (credential rotation). See the + [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. +- Verification Schedule — How often to verify the credentials for managed accounts on the resources + defined by the selected platform. See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) + topic for additional information on managed accounts. + +**Step 4 –** Click Save to create the new credential policy override. + +![cpopageaddcredentials](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/cpopageaddcredentials.webp) + +**Step 5 –** With the new Credential Policy Override selected, click the **Add Credentials** button +to open the Add Credentials window. See the +[Add Credentials to a Policy Override](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/addcredentials.md#add-credentials-to-a-policy-override) +topic for additional information. + +![Add credential to Credential Policy Override Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentialtocpowindow.webp) + +**Step 6 –** Select the checkbox for the credential and click **Add** to save the credential to the +Credential Policy Override. + +**NOTE:** In order for an account to be added to add credentials window, a credential must be +managed with a method of **Automatic**. Only one account can be added to a Credential Policy +Override at a time. See the +[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) topic for +additional information. + +The account is added to the console and is shown in the Credential Policy Overrides list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/credentialrotationmethod.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialrotationmethod.md similarity index 98% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/credentialrotationmethod.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialrotationmethod.md index 6a89d47ece..1349e3dd6c 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/credentialrotationmethod.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialrotationmethod.md @@ -1,3 +1,9 @@ +--- +title: "Rotation Methods" +description: "Rotation Methods" +sidebar_position: 10 +--- + # Rotation Methods The following table summarizes the methods of credential rotation for each type of account. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md new file mode 100644 index 0000000000..e49b6866ca --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md @@ -0,0 +1,115 @@ +--- +title: "Credentials Page" +description: "Credentials Page" +sidebar_position: 60 +--- + +# Credentials Page + +The Credentials page shows all accounts discovered within your environment. It is specifically +focused on managing service account password rotation. A managed account is any host local account, +domain account, or Privilege Secure application local account that has its credentials managed by +the application. This includes managed user accounts created by activity sessions. The Credentials +page displays the same information as the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md). + +![Credentials page](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) + +The page has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. You can search for a specific host or account. +- Filter — Provides options to filter results based on a chosen criterion: + + - Method — Filter by whether the account is managed by the application: All, Managed, and + Unmanaged. Managed accounts include both Automatic managed and Manual managed. + - Managed Type — Filter by account type: All, Internal, Standard, and Service. An Internal + account is a Privilege Secure application local account. + - Privilege Type — Filter by type of privilege the account has: Not Set, Administrator, Power + User, Guest, User, Sudoer, Linux User, Cisco Privilege 0, Cisco Privilege 1, and Cisco + Privilege 15 + +- Manage — Set the selected account to be managed by Privilege Secure. This button is only available + when the account Managed Type is Standard or Internal. For an Internal account, a pop up window + will display. See the + [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) section + for additional information. +- Unmanage — Remove the account from being managed by Privilege Secure +- Rotate Service Account — Opens the Account Dependencies window. This button is only available when + the Managed Type is Service. See the + [Account Dependencies Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/accountdependencies.md) topic for additional + information. +- Schedule Rotation — Add the credential rotation task to the queue. This button is only available + when the Method is Automatic managed. See the + [Scheduled Tasks Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/scheduledtasks.md) topic for additional + information. +- Verify — Checks that the credentials for the selected account match the credentials set by + Privilege Secure +- View History — Opens the Password History window to displays the password history for the account. + See the [Password History Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/passwordhistory.md) topic for additional + information. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Account — Name of the account. The following icons may also appear in this column: + + - Set Password icon — Opens the Set Password for Credential window to set a new password for the + selected account. See the + [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) + topic for more information. + - Clipboard icon — Copies the password for the selected account + - Information icon — Opens the View Password window to view the password and copy it to the + clipboard. The window stays open for 20 seconds. See the + [View Password Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/viewpassword.md) topic for additional + information. + +- Resource — Name of the resource that the account is on. Click the link to view additional details. +- Privilege — Level of privilege the account has on the resource +- Platform — Displays the type of platform, which defines the resource +- Method — Indicates how the account is managed: + + - Automatic — Credential rotation is managed by Privilege Secure according to the change policy + for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional + information. + - Manual — Credential rotation must be initiated manually with the Rotate Service Account + button, or the credential must be manually updated on both the resource and in Privilege + Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) section + for information on updating credentials for Internal service accounts. + - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been + stored + + **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialrotationmethod.md) topic for additional + information. + +- Managed Type — Type of managed account: + + - Standard — Local or domain user account, including managed users created by activity sessions + - Internal — Internal service account used by Privilege Secure with no dependencies. See the + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. + - Service — Local or domain service account with one or more dependencies. Includes Internal + service accounts with one or more dependencies. + +- Dependents — Number of scheduled tasks or Windows services using this account +- Password Changed — Date timestamp for the last time the password was rotated +- Age — Number of days since the last credential rotation or from when the password was first + created +- Status — Indicates if the account credentials have been verified by Privilege Secure. See the + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a + verification schedule. + + - Unspecified — Verification check has not run + - Verified — Confirmed the credentials match the value stored in Privilege Secure + - Mismatch — Credentials do not match the value stored in Privilege Secure. This status only + appears when the Reset on Mismatch option is not enabled. + - Changed — Credentials were successfully updated to match the value stored in Privilege Secure. + This status only appears when the Reset on Mismatch option is enabled. + - Failed — Attempt to update the credentials to match the value stored in Privilege Secure was + unsuccessful. This status only appears when the Reset on Mismatch option is enabled. + +- Last Checked — Date timestamp of the last verification check +- Next Change — Date timestamp for the next credential password rotation +- Last Logon — Date timestamp for the last time the account authenticated + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md index aa01ffdd84..50ce1c0c06 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md @@ -1,3 +1,9 @@ +--- +title: "Manage Internal Service Accounts" +description: "Manage Internal Service Accounts" +sidebar_position: 20 +--- + # Manage Internal Service Accounts An internal service account is a type of service account used by Privilege Secure with no @@ -21,11 +27,11 @@ user in Active Directory. Try the following possible solutions to resolve: - Perform an AD Sync to collect the latest AD data from the domain. See the - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) topic for additional information. + [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) topic for additional information. - Check the user is added to the Privilege Secure console. See the - [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md) topic for additional information. + [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md) topic for additional information. - Check the spelling of the Username associated with the service account. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Make sure the user is in Active Directory in the expected domain @@ -46,5 +52,5 @@ The selected account will now display the following options. selected account. - Clipboard icon — Copies the password for the selected account - Information icon — Opens the View Password window to view the password and copy it to the - clipboard. The window stays open for 20 seconds. See the [View Password Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/viewpassword.md) + clipboard. The window stays open for 20 seconds. See the [View Password Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/viewpassword.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/passwordhistory.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/passwordhistory.md similarity index 89% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/passwordhistory.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/passwordhistory.md index f1d36b196e..4143881761 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/passwordhistory.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/passwordhistory.md @@ -1,3 +1,9 @@ +--- +title: "Password History Window" +description: "Password History Window" +sidebar_position: 40 +--- + # Password History Window The Password History window shows all historical passwords for the selected managed account. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/viewpassword.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/viewpassword.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/viewpassword.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/viewpassword.md index b3725bc2ff..022f19ad2f 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/viewpassword.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/viewpassword.md @@ -1,3 +1,9 @@ +--- +title: "View Password Window" +description: "View Password Window" +sidebar_position: 50 +--- + # View Password Window The View Password window shows the current passwords for the selected managed account. This window diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/dbchangehistory.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/dbchangehistory.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/dbchangehistory.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/dbchangehistory.md index b92ecf1f64..07bf3968da 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/dbchangehistory.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/dbchangehistory.md @@ -1,3 +1,9 @@ +--- +title: "DB Change History Page" +description: "DB Change History Page" +sidebar_position: 30 +--- + # DB Change History Page The DB Change History page shows the database entries (Additions, Updates, Deletes). From here, diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/events.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/events.md new file mode 100644 index 0000000000..156b3780ac --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/events.md @@ -0,0 +1,28 @@ +--- +title: "Events Page" +description: "Events Page" +sidebar_position: 40 +--- + +# Events Page + +The Events page shows event logs for the Privilege Secure Console. + +![Audit and Reporting Events Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/eventspage.webp) + +The Events page has the following features: + +- Search – Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Column headers can be sorted in ascending or descending order: + + - Status – Shows status information for the session + + - Information + - Error + + - Time – Timestamp of the event + - User – User associated with the event + - Access Policy – Name of the Access Policy + - Event Message – Description of the event + - Session ID – Unique identifier for the session diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/_category_.json new file mode 100644 index 0000000000..1e4cfc30ea --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integration Connectors Page", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "integrationconnectors" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/_category_.json new file mode 100644 index 0000000000..6d82b6b5b8 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Bring Your Own Vault (BYOV) Integration", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "integrationbyov" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/byovconnectorconfig.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/byovconnectorconfig.md similarity index 93% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/byovconnectorconfig.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/byovconnectorconfig.md index 8d376524b8..b18525d8b9 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/byovconnectorconfig.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/byovconnectorconfig.md @@ -1,3 +1,9 @@ +--- +title: "Bring Your Own Vault (BYOV) Connector Configuration" +description: "Bring Your Own Vault (BYOV) Connector Configuration" +sidebar_position: 10 +--- + # Bring Your Own Vault (BYOV) Connector Configuration This topic walks through the steps necessary to configure Netwrix Privilege Secure as a BYOV @@ -164,7 +170,7 @@ else { **Step 5 –** Click **Save** to create the BYOV connector. -See the [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationbyov.md) topic for additional +See the [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/integrationbyov.md) topic for additional information on configuring a BYOV connector. ### Create a User @@ -213,7 +219,7 @@ account. Password feature is not available. See the -[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) +[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) topic for additional information on manually managing an account. ### Create an Activity @@ -249,7 +255,7 @@ the password must be rotated once prior to use with an activity. **NOTE:** Ensure the Login Account Template uses the format DOMAIN\samAccountName (e.g., NWXTECH\dgrayson). -See the [Add Activity](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activity.md) topic for additional information on creating an +See the [Add Activity](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activity.md) topic for additional information on creating an Activity. ### Configure a New Policy @@ -263,7 +269,7 @@ Follow the steps to create a Policy. ![Create a new policy for the BYOV Connector](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/byovconnectorpolicy.webp) **Step 2 –** Click the **Plus** icon and create a new Policy. See the -[Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/accesspolicy.md) topic for additional information. +[Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy_1.md) topic for additional information. - Set the Type as **Resource Based** and select a Connection Profile, with **Default** being sufficient for most setups. @@ -273,16 +279,16 @@ Follow the steps to create a Policy. **Step 4 –** Once the Access Policy is created, add the following: - Users to the Policy. See the - [Users Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md) topic for + [Users Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/users.md) topic for additional information. - Activity created for the BYOV Connector. See the - [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md) + [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md) topic for additional information. - Associated resources intended for this Activity. See the - [Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resources.md) + [Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/resources/resources.md) topic for additional information. -See the [Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/accesspolicy.md) topic for additional information on +See the [Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy_1.md) topic for additional information on creating an Access Policy. After completing these steps, you can use the specified manually-managed user on the resources diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationbyov.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/integrationbyov.md similarity index 92% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationbyov.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/integrationbyov.md index 331cfbdcfd..547b29eb9f 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationbyov.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/integrationbyov.md @@ -1,3 +1,9 @@ +--- +title: "Bring Your Own Vault (BYOV) Integration" +description: "Bring Your Own Vault (BYOV) Integration" +sidebar_position: 10 +--- + # Bring Your Own Vault (BYOV) Integration Privilege Secure contains a built-in vault for credential management, but can integrate with vaults diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/integrationconnectors.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationconnectors.md similarity index 78% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/integrationconnectors.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationconnectors.md index c40211e795..7bdb981206 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/integrationconnectors.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationconnectors.md @@ -1,3 +1,9 @@ +--- +title: "Integration Connectors Page" +description: "Integration Connectors Page" +sidebar_position: 50 +--- + # Integration Connectors Page The Integration Connectors page is accessible from the Navigation pane under Configuration. It shows @@ -21,13 +27,13 @@ The selected connector details display at the top of the main pane: - Connector Type — Indicates the type of integration: - BYOV — Configure integration with any vault, or Bring Your Own Vault. See the - [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationbyov.md) topic for additional + [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/integrationbyov.md) topic for additional information. - CyberArk — Configure integration with CyberArk. See the - [CyberArk Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationcyberark.md) topic for additional information. + [CyberArk Integration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/integrationcyberark.md) topic for additional information. - HashiCorp — Configure integration with HashiCorp. See the - [HashiCorp Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationhashicorp.md) topic for additional information. - - LAPS — Configure integration with LAPS. See the [LAPS Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationlaps.md) + [HashiCorp Integration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationhashicorp.md) topic for additional information. + - LAPS — Configure integration with LAPS. See the [LAPS Integration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationlaps.md) topic for additional information. - StealthAUDIT — Configure integration with Netwrix Access Analyzer (formerly Enterprise Auditor). See the [Enterprise Auditor Integration](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationaccessanalyzer.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/_category_.json new file mode 100644 index 0000000000..563713d986 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "CyberArk Integration", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "integrationcyberark" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/cyberark.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/cyberark.md similarity index 99% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/cyberark.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/cyberark.md index 861584d37e..e0efbdf8d4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/cyberark.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/cyberark.md @@ -1,3 +1,9 @@ +--- +title: "Advanced CyberArk Settings" +description: "Advanced CyberArk Settings" +sidebar_position: 10 +--- + # Advanced CyberArk Settings Use the Advanced CyberArk Settings to override the default behavior of the CyberArk connector. This diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationcyberark.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/integrationcyberark.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationcyberark.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/integrationcyberark.md index fa2a13798b..677790d761 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationcyberark.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationcyberark/integrationcyberark.md @@ -1,3 +1,9 @@ +--- +title: "CyberArk Integration" +description: "CyberArk Integration" +sidebar_position: 20 +--- + # CyberArk Integration Privilege Secure contains a built-in vault for credential management, but can uniquely map to a diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationhashicorp.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationhashicorp.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationhashicorp.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationhashicorp.md index 86ee16ee86..8297d21c18 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationhashicorp.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationhashicorp.md @@ -1,3 +1,9 @@ +--- +title: "HashiCorp Integration" +description: "HashiCorp Integration" +sidebar_position: 30 +--- + # HashiCorp Integration Privilege Secure contains a built-in vault for credential management, but can uniquely map to a diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationlaps.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationlaps.md similarity index 96% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationlaps.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationlaps.md index 46c02632d6..4f056c0ba1 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/integrationlaps.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationlaps.md @@ -1,3 +1,9 @@ +--- +title: "LAPS Integration" +description: "LAPS Integration" +sidebar_position: 40 +--- + # LAPS Integration Privilege Secure contains a built-in vault for credential management, but can uniquely map to a LAPS diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface.md new file mode 100644 index 0000000000..eb84ce481c --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface.md @@ -0,0 +1,47 @@ +--- +title: "Policy Interface" +description: "Policy Interface" +sidebar_position: 50 +--- + +# Policy Interface + +The Policy interface provides users with options for creating access policies, investigating +activity sessions, onboarding and managing users, groups, resources, and credentials. This topic +explains the interface features and how to use them. + +![Admin Policy Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.webp) + +Select the Policy interface for related pages: + +- [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) — Add or modify user and group access to resources + + - [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) — Add or modify connection profiles + - [Activity Token Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/activitytokencomplex/activitytokencomplexity.md) — Add or modify the + complexity of activity tokens + +- [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) — Add or modify the platforms used + + - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) — Configure the password complexity + rules for the platform resources + - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) — Add or modify schedules for tasks and + policies + +- [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md) — Add or modify protection policies +- [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md) — Add or modify users, groups, and applications + + - [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md) — Add or modify roles for users and groups + - [User and Group Collections Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupcollections.md) — Add or modify user and group + collections + +- [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) — Add or modify resources + + - [Resource Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroups.md) — Add or modify resource groups + +- [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md) — Add or modify credentials + + - [Credential Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialgroups/credentialgroups.md) — Add or modify credential groups + +- [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) — Add or modify activities + + - [Activity Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activitygroups/activitygroups.md) — Add or modify activity groups diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_1.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_1.md new file mode 100644 index 0000000000..000a1fde79 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_1.md @@ -0,0 +1,40 @@ +--- +title: "Configuration Interface" +description: "Configuration Interface" +sidebar_position: 60 +--- + +# Configuration Interface + +The Configuration interface provides information and management options for advanced configuration +settings. + +![Configuration Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.webp) + +Expand the Configuration menu in the Navigation pane for related pages: + +- [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) — Add or modify service accounts +- Service Nodes: + + - [Service Nodes Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/servicenodes.md) — View the status and details of Privilege Secure + Services + - [Scheduled Tasks Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/scheduledtasks.md) — View or modify recurring tasks + +- System Settings — Modify the system settings: + + - [Action Service Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/actionservicesettings.md) + - [Database Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/database.md) + - [Email Configuration Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/emailconfiguration.md) + - [Global Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/globalsettings.md) + - [Local Account Password Options Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/localaccountpasswordoptions.md) + - [Password History Options Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/passwordhistoryoptions.md) + - [Local Account Password Options Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/localaccountpasswordoptions.md) + - [Services Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/services.md) + +- [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md) — Add or modify multi-factor authentication (MFA) +- [Integration Connectors Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationconnectors.md) — Configure settings for integration + with other applications +- SIEM: + + - [SIEM Server Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemserver.md) — Add or modify SIEM servers + - [SIEM Templates Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemtemplates.md) — Add or modify SIEM templates diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_2.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_2.md new file mode 100644 index 0000000000..15fb800871 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_2.md @@ -0,0 +1,23 @@ +--- +title: "Audit & Reporting Interface" +description: "Audit & Reporting Interface" +sidebar_position: 70 +--- + +# Audit & Reporting Interface + +The Audit and Reporting interface provides auditing and reporting tools to interrogate all logged +activity data in the Privilege Secure Console. This chapter explains the interface features and how +to use them. + +![interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.webp) + +Click Audit and Reporting to expand the menu. Settings can be configured for: + +- [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertification.md) — Audit and remediate user access +- [Activity Log Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activitylog.md) — View activity logs for users and resources +- [DB Change History Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/dbchangehistory.md) — View records of database additions, updates, + and deletions +- [Events Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/events.md) — View the console event log +- [Log Files Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfiles.md) — View the log files from within the console +- [Reporting](/docs/privilegesecure/4.2/accessmanagement/admin/interface/reporting.md) – View reports on activity diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/_category_.json new file mode 100644 index 0000000000..bd57ec0302 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Log Files Page", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "logfiles" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfileoptions.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfileoptions.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfileoptions.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfileoptions.md index 8832f4ce9d..f97d44f09c 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfileoptions.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfileoptions.md @@ -1,3 +1,9 @@ +--- +title: "Log File Options Pages" +description: "Log File Options Pages" +sidebar_position: 10 +--- + # Log File Options Pages The log level can be customized for each service. The left of the page lists the configurable @@ -42,4 +48,4 @@ The right of the page shows details of the selected service and has the followin - Save button (only visible when editing) – Saves changes - Cancel button (only visible when editing) – Discards changes -See the [Log Files Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfiles.md) topic for additional information. +See the [Log Files Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfiles.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfiles.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfiles.md new file mode 100644 index 0000000000..5af5c03967 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/logfiles/logfiles.md @@ -0,0 +1,31 @@ +--- +title: "Log Files Page" +description: "Log Files Page" +sidebar_position: 50 +--- + +# Log Files Page + +The Logs page shows the log files. From here, search and investigate the records. + +![Audit and Reporting Log Files Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/logfilespage.webp) + +On the left of the page, the Log list shows the log files: + +- Search – Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- List of Log files – Select a log file from the list to view it contents + +The right of the page shows the contents of the selected log file and has the following features: + +- Search – Search the contents of the log file +- Oldest/Newest Are At The Top button – Click to toggle the list by ascending or descending order +- Go To Top button – Return to the top of the list +- List of log entries – Itemized lines from log entry file + +The log files are saved in the default location: + +C:\ProgramData\Stealthbits\PAM\Log + +The log files are saved with a naming format of: `PAM-[Service][yyyymmdd]`. For example: +`PAM-ActionService20191002.log` diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/_category_.json new file mode 100644 index 0000000000..15abcd33bc --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Platforms Page", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md new file mode 100644 index 0000000000..7c8a8f6600 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md @@ -0,0 +1,48 @@ +--- +title: "Platforms Page" +description: "Platforms Page" +sidebar_position: 20 +--- + +# Platforms Page + +The Platforms page is accessible from the Navigation pane under Policies. The menu on the left +displays all the supported platform types and previously configured platforms. This allows +administrators to apply default configurations across all resources defined by that platform type. + +![Platforms Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.webp) + +The pane on the left side of the page displays a list of the configured platforms. The pane has the +following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Copy icon — Create a new platform based on the current selection. Icon appears when platform is + hovered over. This is intended to cover use cases where the built-in account differs from the + norm. +- Trashcan icon — Deletes the platform. Icon appears when policy is hovered over and is only + available for duplicated platforms. A confirmation window will display. + +Default platforms include: + +- Active Directory — See the [Active Directory Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/activedirectory.md) + topic for additional information on configuration options +- Microsoft Entra ID (formerly Azure AD) — See the + [Microsoft Entra ID Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/entraid.md) topic for additional information on + configuration options +- Cisco — See the [Cisco Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/cisco.md) topic for additional information + on configuration options +- Linux — See the [Linux Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/linux.md) topic for additional information + on configuration options +- Microsoft SQL Server — See the [Microsoft SQL Server Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/mssql.md) + topic for additional information on configuration options +- Oracle — See the [Oracle Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/oracle.md) topic for additional + information on configuration options +- Secret Vault — See the [Secret Vault Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/secretvault.md) topic for + additional information on configuration options +- Website — See the [Web Site Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/website.md) topic for additional + information on configuration options +- Windows — See the [Windows Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/windows.md) topic for additional + information on configuration options + +See the Configure a Platform Policy topic for additional information on adding a Platform Policy. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/_category_.json new file mode 100644 index 0000000000..1531d6d107 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Password Complexity Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "passwordcomplexity" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md new file mode 100644 index 0000000000..d66b992bb1 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md @@ -0,0 +1,65 @@ +--- +title: "Password Complexity Page" +description: "Password Complexity Page" +sidebar_position: 30 +--- + +# Password Complexity Page + +The Password Complexity page is accessible from the Navigation pane under Policy > Platforms. It +shows configured password complexity policies that can be applied to platforms. + +When Privilege Secure creates a managed account on a local system or domain it also sets the user +password. The password that is generated will follow the complexity rules configured in the related +password policy associated with that platform. The Default policy is used if a password policy +cannot be determined. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional +information. + +Password complexity requirements must adhere to any domain or local password policy applied to the +target resource. If there is a conflict between the password policy on the target resource and the +password policy set in Privilege Secure, the managed account cannot be created and the session will +fail. + +Create password policies and configure the password complexity requirements on this page. The +password policy only applies to managed accounts created by Privilege Secure. + +![Password Complexity Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_5.webp) + +The pane on the left side of the page displays a list of the configured password complexity +policies. This pane has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Blue + button — Create a new password complexity policy. See the + [Add Password Complexity Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity_1.md) topic for additional information. +- Copy icon — Create a new password complexity policy based on the current selection. Icon appears + when policy is hovered over. +- Trashcan icon — Deletes the password complexity policy. Icon appears when policy is hovered over. + A confirmation window will display. + +**NOTE:** The default password policy cannot be deleted. + +The selected password complexity policy details display in the main pane: + +- Name — Displays the name of the policy +- Description — Description of the policy +- Must Start With / Must End With — Lists cases the password complexity policy will enforce. This + list contains the following options: + + - None + - Lowercase + - Uppercase + - Numeric + +- Length — The maximum number of characters the password complexity policy will enforce +- Max Consecutive Chars — The maximum number of consecutively occurring characters that the password + complexity policy will allow +- Characters to Exclude — Custom characters the password complexity policy will exclude. +- Included Characters — Check boxes containing additional inclusive parameters for the policy: + + - Lowercase — At least one lowercase character in the password + - Uppercase — At least one uppercase character in the password + - Numbers — At least one number in the password + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity_1.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity_1.md new file mode 100644 index 0000000000..355053724f --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity_1.md @@ -0,0 +1,39 @@ +--- +title: "Add Password Complexity Policy" +description: "Add Password Complexity Policy" +sidebar_position: 10 +--- + +# Add Password Complexity Policy + +Follow the steps to add a password policy to the console. + +**Step 1 –** Navigate to the **Policy** > **Platforms** > **Password Complexity** page. + +**Step 2 –** In the Password Policy list, click the **Plus** icon. + +![Add Password Complexity](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/add.webp) + +**Step 3 –** Complete the following fields: + +- Name – This is a snippet +- Description – Description of the policy +- Must start with – Enter the symbol type from which the password must start with (uppercase, + symbol, etc.) +- Must end with – Enter the symbol type from which the password must end with (uppercase, symbol, + etc.) +- Length – Provide the desired password length +- Max consecutive chars – Select maximum number of consecutive characters +- Characters to exclude – select characters to exclude from the password body +- Include characters – select characters type to be excluded from the password body. Possible values + are: + + - Lowercase – Includes lower case letters + - Uppercase – Includes upper case letters + - Symbols – Includes the following characters: !#$%&\*@\ + - Spaces – Includes spaces + - Numbers – Includes numbers + +**Step 4 –** Click **Save** to create the new password policy. + +The new password policy is added to the Password Policy list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/_category_.json new file mode 100644 index 0000000000..1532b6aba9 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Platforms", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/activedirectory.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/activedirectory.md new file mode 100644 index 0000000000..bd0b0d264d --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/activedirectory.md @@ -0,0 +1,41 @@ +--- +title: "Active Directory Platform Policy Configuration" +description: "Active Directory Platform Policy Configuration" +sidebar_position: 10 +--- + +# Active Directory Platform Policy Configuration + +The Active Directory menu displays the configuration options for Active Directory platforms. + +![Active Directory Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.webp) + +Details for the selected platform are displayed on the right side of the page. Below are the +configuration options for an Active Directory Platform. + +- Name — Displays the name of the policy +- Description — Description of the policy +- Built-in Account — The built-in administrator account for the resources on the selected platform. + If multiple built-in administrator accounts are required, create a copy of the platform. For + Windows platforms, the built-in account is defined via the well-known SID (S-1-5-21\*-500). This + feature informs Netwrix Privilege Secure which account(s) to discover and onboard for a given + platform during its discovery process. +- Password Complexity Policy — The password complexity rules for managed accounts created on the + resources defined by the selected platform. See the + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. +- Password Length — The number of characters required by the selected password policy +- Arrow icon — Show or Hide password policy details. Click the icon to display the password + complexity requirements of the selected password policy. +- Scheduled Change Policy — How often the credentials for a managed account are changed (credential + rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. +- Verification Schedule — How often to verify the credentials for managed accounts on the resources + defined by the selected platform. See the + [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on + managed accounts. +- Reset on Mismatch — When selected, this option will force a password rotation if the password + verification step finds that the existing password for an account does not match what Privilege + Secure expects. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/cisco.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/cisco.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/cisco.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/cisco.md index 68bb481f18..f7ae4980b0 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/cisco.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/cisco.md @@ -1,3 +1,9 @@ +--- +title: "Cisco Platform Policy Configuration" +description: "Cisco Platform Policy Configuration" +sidebar_position: 30 +--- + # Cisco Platform Policy Configuration The Cisco menu displays the configuration options for Cisco platforms. @@ -16,16 +22,16 @@ configuration options for a Cisco Platform. platform during its discovery process. - Password Complexity Policy — The password complexity rules for managed accounts created on the resources defined by the selected platform. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. - Password Length — The number of characters required by the selected password policy - Arrow icon — Show or Hide password policy details. Click the icon to display the password complexity requirements of the selected password policy. - Scheduled Change Policy — How often the credentials for a managed account are changed (credential rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. - Scan Schedule — How often to perform a host scan on the resources defined by the selected platform (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from - the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). + the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). - Verification Schedule — How often to verify the credentials for managed accounts on the resources defined by the selected platform. See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/entraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/entraid.md new file mode 100644 index 0000000000..d546b5aff8 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/entraid.md @@ -0,0 +1,45 @@ +--- +title: "Microsoft Entra ID Platform Policy Configuration" +description: "Microsoft Entra ID Platform Policy Configuration" +sidebar_position: 20 +--- + +# Microsoft Entra ID Platform Policy Configuration + +The Microsoft Entra ID (formerly Azure AD) menu displays the configuration options for Microsoft +Entra ID platforms. + +![Azure AD Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/azuread.webp) + +Details for the selected platform are displayed on the right side of the page. Below are the +configuration options for an Microsoft Entra ID Platform. + +- Name — Displays the name of the policy +- Description — Description of the policy +- Built-in Account — The built-in administrator account for the resources on the selected platform. + If multiple built-in administrator accounts are required, create a copy of the platform. For + Windows platforms, the built-in account is defined via the well-known SID (S-1-5-21\*-500). This + feature informs Netwrix Privilege Secure which account(s) to discover and onboard for a given + platform during its discovery process. +- Password Complexity Policy — The password complexity rules for managed accounts created on the + resources defined by the selected platform. See the + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. +- Password Length — The number of characters required by the selected password policy +- Arrow icon — Show or Hide password policy details. Click the icon to display the password + complexity requirements of the selected password policy. +- Scheduled Change Policy — How often the credentials for a managed account are changed (credential + rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. +- Scan Schedule — How often to perform a host scan on the resources defined by the selected platform + (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from + the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). +- Verification Schedule — How often to verify the credentials for managed accounts on the resources + defined by the selected platform. See the + [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on + managed accounts. +- Reset on Mismatch — When selected, this option will force a password rotation if the password + verification step finds that the existing password for an account does not match what Privilege + Secure expects. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/linux.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/linux.md new file mode 100644 index 0000000000..50de85255f --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/linux.md @@ -0,0 +1,46 @@ +--- +title: "Linux Platform Policy Configuration" +description: "Linux Platform Policy Configuration" +sidebar_position: 40 +--- + +# Linux Platform Policy Configuration + +The Linux menu displays the configuration options for Linux platforms. + +![Linux Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.webp) + +Details for the selected platform are displayed on the right side of the page. Below are the +configuration options for a Linux Platform. + +- Name — Displays the name of the policy +- Description — Description of the policy +- Built-in Account — The built-in administrator account for the resources on the selected platform. + If multiple built-in administrator accounts are required, create a copy of the platform. For + Windows platforms, the built-in account is defined via the well-known SID (S-1-5-21\*-500). This + feature informs Netwrix Privilege Secure which account(s) to discover and onboard for a given + platform during its discovery process. +- Password Complexity Policy — The password complexity rules for managed accounts created on the + resources defined by the selected platform. See the + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. +- Password Length — The number of characters required by the selected password policy +- Arrow icon — Show or Hide password policy details. Click the icon to display the password + complexity requirements of the selected password policy. +- Protection Policy Schedule — How often the Protection Policy is run. See the + [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md) topic for additional information. +- Scheduled Change Policy — How often the credentials for a managed account are changed (credential + rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. +- Scan Schedule — How often to perform a host scan on the resources defined by the selected platform + (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from + the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). +- Verification Schedule — How often to verify the credentials for managed accounts on the resources + defined by the selected platform. See the + [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on + managed accounts. +- Reset on Mismatch — When selected, this option will force a password rotation if the password + verification step finds that the existing password for an account does not match what Privilege + Secure expects. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/mssql.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/mssql.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/mssql.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/mssql.md index 5ae0a5a995..40dddb9352 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/mssql.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/mssql.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft SQL Server Platform Policy Configuration" +description: "Microsoft SQL Server Platform Policy Configuration" +sidebar_position: 50 +--- + # Microsoft SQL Server Platform Policy Configuration The Microsoft SQL Server menu displays the configuration options for Microsoft SQL Server platforms. @@ -16,13 +22,13 @@ configuration options for a Microsoft SQL Server Platform. platform during its discovery process. - Password Complexity Policy — The password complexity rules for managed accounts created on the resources defined by the selected platform. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. - Scheduled Change Policy — How often the credentials for a managed account are changed (credential rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. - Scan Schedule — How often to perform a host scan on the resources defined by the selected platform (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from - the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). + the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). - Verification Schedule — How often to verify the credentials for managed accounts on the resources defined by the selected platform. See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/oracle.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/oracle.md index c7faab6b7a..6c2dcce314 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/oracle.md @@ -1,3 +1,9 @@ +--- +title: "Oracle Platform Policy Configuration" +description: "Oracle Platform Policy Configuration" +sidebar_position: 60 +--- + # Oracle Platform Policy Configuration The Oracle menu displays the configuration options for Oracle platforms. @@ -16,13 +22,13 @@ configuration options for an Oracle Platform. platform during its discovery process. - Password Complexity Policy — The password complexity rules for managed accounts created on the resources defined by the selected platform. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. - Scheduled Change Policy — How often the credentials for a managed account are changed (credential rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. - Scan Schedule — How often to perform a host scan on the resources defined by the selected platform (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from - the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). + the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). - Verification Schedule — How often to verify the credentials for managed accounts on the resources defined by the selected platform. See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/secretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/secretvault.md new file mode 100644 index 0000000000..7367efc223 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/secretvault.md @@ -0,0 +1,20 @@ +--- +title: "Secret Vault Platform Policy Configuration" +description: "Secret Vault Platform Policy Configuration" +sidebar_position: 70 +--- + +# Secret Vault Platform Policy Configuration + +The Secrete Vault menu displays the configuration options for Windows platforms. + +![Secret Vault Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/secretvault.webp) + +Details for the selected platform are displayed on the right side of the page. Below are the +configuration options for a Secret Vault Platform. + +- Name — Displays the name of the policy +- Description — Description of the policy + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/website.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/website.md new file mode 100644 index 0000000000..0cd0fdf5dd --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/website.md @@ -0,0 +1,20 @@ +--- +title: "Web Site Platform Policy Configuration" +description: "Web Site Platform Policy Configuration" +sidebar_position: 80 +--- + +# Web Site Platform Policy Configuration + +The Web Site menu displays the configuration options for Web Site platforms. + +![Website Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/website.webp) + +Details for the selected platform are displayed on the right side of the page. Below are the +configuration options for a Website Platform. + +- Name — Displays the name of the policy +- Description — Description of the policy + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/windows.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/windows.md new file mode 100644 index 0000000000..8d171ecbff --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/platforms/windows.md @@ -0,0 +1,46 @@ +--- +title: "Windows Platform Policy Configuration" +description: "Windows Platform Policy Configuration" +sidebar_position: 90 +--- + +# Windows Platform Policy Configuration + +The Windows menu displays the configuration options for Windows platforms. + +![Windows Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.webp) + +Details for the selected platform are displayed on the right side of the page. Below are the +configuration options for a Windows Platform. + +- Name — Displays the name of the policy +- Description — Description of the policy +- Built-in Account (Allows custom entries) — The built-in administrator account for the resources on + the selected platform. If multiple built-in administrator accounts are required, create a copy of + the platform. For Windows platforms, the built-in account is defined via the well-known SID + (S-1-5-21\*-500). This feature informs Netwrix Privilege Secure which account(s) to discover and + onboard for a given platform during its discovery process. +- Password Complexity Policy — The password complexity rules for managed accounts created on the + resources defined by the selected platform. See the + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. +- Password Length — The number of characters required by the selected password policy +- Arrow icon — Show or Hide password policy details. Click the icon to display the password + complexity requirements of the selected password policy. +- Protection Policy Schedule — How often the Protection Policy is run. See the + [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md) topic for additional information. +- Scheduled Change Policy — How often the credentials for a managed account are changed (credential + rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. +- Scan Schedule — How often to perform a host scan on the resources defined by the selected platform + (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from + the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). +- Verification Schedule — How often to verify the credentials for managed accounts on the resources + defined by the selected platform. See the + [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on + managed accounts. +- Reset on Mismatch — When selected, this option will force a password rotation if the password + verification step finds that the existing password for an account does not match what Privilege + Secure expects. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/protectionpolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/protectionpolicy.md new file mode 100644 index 0000000000..3d558de968 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/protectionpolicy.md @@ -0,0 +1,29 @@ +--- +title: "Add Protection Policy" +description: "Add Protection Policy" +sidebar_position: 10 +--- + +# Add Protection Policy + +Follow the steps to add a Protection policy to the console. + +**Step 1 –** Navigate to the Policy > Protection Policies page. + +**Step 2 –** In the Protection Policy list, click the Plus icon. + +![Add Protection Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addprotectionpolicy.webp) + +**Step 3 –** Enter the following information: + +- Name – Name of the protection policy +- Description – (Optional) Brief description to identify the protection policy + +**Step 4 –** Click Save to create the new protection policy. + +The new protection policy has been created. The next step is to associate Resources, Users, and +Schedule to the policy. See the following topics for additional information: + +- [Resources Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/resources.md) +- [Allowed Members Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/allowedmembers.md) +- [Schedule Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/schedule.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/_category_.json new file mode 100644 index 0000000000..3b654c85d5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Schedule Policies Page", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "schedulepolicies" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md similarity index 79% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md index bcfefdf492..908fc42ab7 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md @@ -1,3 +1,9 @@ +--- +title: "Schedule Policies Page" +description: "Schedule Policies Page" +sidebar_position: 40 +--- + # Schedule Policies Page The Schedule Policies page is accessible from the Navigation pane under Policies > Platforms. It @@ -6,8 +12,8 @@ shows configured schedule policies. Schedules can be applied: - Platforms — Configure schedules used by resources on a given platform type. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information. -- Protection Policy — See the [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md) topic for additional + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information. +- Protection Policy — See the [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md) topic for additional information. - Change Policy (credential rotation) — How often the password of a managed account is changed. See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on @@ -24,7 +30,7 @@ has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Green + button — Create a new schedule policy. See the - [Add Schedule Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/schedulepolicy.md) topic for additional information. + [Add Schedule Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy.md) topic for additional information. - Trashcan icon — Deletes the schedule policy. Icon appears when profile is hovered over. A confirmation window will display. @@ -34,4 +40,4 @@ The selected schedule policy details display in the main pane: - Name — Displays the schedule recurrence information - Edit icon — Click the icon to edit the selected schedule policy. See the - [Edit Schedule Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicy.md) topic for additional information. + [Edit Schedule Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy.md new file mode 100644 index 0000000000..23ab3a9029 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy.md @@ -0,0 +1,30 @@ +--- +title: "Add Schedule Policy" +description: "Add Schedule Policy" +sidebar_position: 10 +--- + +# Add Schedule Policy + +Follow the steps to add a schedule policy to the console. + +**Step 1 –** Navigate to the Policy > **Platforms** > **Schedule Policies** page. + +**Step 2 –** In the Schedule Polices list, click the **Plus** icon. + +![Schedule Policy Editor Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) + +**Step 3 –** Enter the following information: + +**NOTE:** The fields will change depending on the selected frequency. + +- Select the desired frequency: + + - Every X Hours – Enter the number of hours between executions + - Every X Days – Enter the number of days between executions and the time of day + - Weekly – Select the day of the week from the drop-down menu and enter the time of day + - Monthly – Enter a number representing the day of the month and the time of day + +**Step 4 –** Click **Save** to create the new schedule. + +The new schedule is added to the Schedule Policy list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md new file mode 100644 index 0000000000..4c7007d449 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicy_1.md @@ -0,0 +1,29 @@ +--- +title: "Edit Schedule Policy" +description: "Edit Schedule Policy" +sidebar_position: 20 +--- + +# Edit Schedule Policy + +Follow the steps to edit the scheduled tasks. + +**Step 1 –** Navigate to the Policy > **Platforms** > **Schedule Policies** page. + +**Step 2 –** Click the Edit icon to open the Schedule Policy Editor window. + +![schedulepolicyeditor](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) + +**Step 3 –** From the Frequency radio buttons, set the frequency of how often the scheduled task is +run: + +**NOTE:** The fields will change depending on the selected frequency. + +- Every X Hours — Enter the number of hours between executions +- Every X Days— Enter the time of day +- Weekly — Select the day of the week from the drop-down menu and enter the time of day +- Monthly — Enter a number representing the day of the month and then enter the time of day + +**Step 4 –** Click Save to accept the changes. + +The task will run at the new scheduled frequency. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/_category_.json new file mode 100644 index 0000000000..7a1586911b --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Protection Policies Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "protectionpolicies" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/allowedmembers.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/allowedmembers.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/allowedmembers.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/allowedmembers.md index f49dded7f0..0fa5beb7f8 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/allowedmembers.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/allowedmembers.md @@ -1,3 +1,9 @@ +--- +title: "Allowed Members Tab for Protection Policies" +description: "Allowed Members Tab for Protection Policies" +sidebar_position: 30 +--- + # Allowed Members Tab for Protection Policies The Allowed Members tab shows the configuration options for managing the groups governed by the diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md index 80d1ae1330..ec52846a60 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md @@ -1,16 +1,22 @@ +--- +title: "Protection Policies Page" +description: "Protection Policies Page" +sidebar_position: 30 +--- + # Protection Policies Page The Protection Policies page is accessible from the Navigation pane under Policy. It shows the configured protection policies, which are used to monitor local groups on a resource for changes. Only users or groups added to the protection policy are permitted. When the resource is scanned, any local group members that are not listed on the -[Allowed Members Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/allowedmembers.md) are removed +[Allowed Members Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/allowedmembers.md) are removed from the resource. It is also possible to add the action _Invoke Protection Policy_ to the Post Session group of an activity. This will proactively run all protection policies that apply to the target resource when the session completes, instead of waiting for the scheduled sync. See the -[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. +[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. ![Protection policies page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_4.webp) @@ -37,6 +43,6 @@ commit the modifications. Click **Cancel** to discard the modifications. The tabs at the bottom of the main pane are for associating Resource, Members, and Schedule to the protection policy. See the following topics for additional information: -- [Resources Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md) -- [Allowed Members Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/allowedmembers.md) -- [Schedule Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md) +- [Resources Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/resources.md) +- [Allowed Members Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/allowedmembers.md) +- [Schedule Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/schedule.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/_category_.json new file mode 100644 index 0000000000..6032bb1ead --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Resources Tab for Protection Policies", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "resources" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/protectionpolicies/addresources.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/addresources.md similarity index 89% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/protectionpolicies/addresources.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/addresources.md index f288bf7e79..49bbc0d565 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/protectionpolicies/addresources.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/addresources.md @@ -1,7 +1,13 @@ +--- +title: "Add Resources Window for Protected Policy" +description: "Add Resources Window for Protected Policy" +sidebar_position: 10 +--- + # Add Resources Window for Protected Policy The Add Resources window provides a list of resources that have been onboarded. Resources are -onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). +onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). ![Protection policy add resource window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresources.webp) @@ -20,7 +26,7 @@ Both tables have the following columns: - Checkbox — Check to select one or more items - Type — Classification of the activity - Name — Displays the name of the resource. Click the link to view additional details. See the - [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) topic for addition information. + [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) topic for addition information. - DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource - Operating System— Displays the operating system of the resource @@ -57,4 +63,4 @@ Resources table. **Step 6 –** Click Add to add the resources to the protection policy. The new resource(s) are added to the protection policy and are shown on the -[Resources Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md). +[Resources Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/resources.md). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/resources.md new file mode 100644 index 0000000000..4c6d8d6e47 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/resources.md @@ -0,0 +1,29 @@ +--- +title: "Resources Tab for Protection Policies" +description: "Resources Tab for Protection Policies" +sidebar_position: 20 +--- + +# Resources Tab for Protection Policies + +The Resources tab shows the resources associated with the selected protection policy. + +![Protection policy resources tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.webp) + +The Resources table has the following features: + +- Add — Opens the Add Resources window. See the + [Add Resources Window for Protected Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/resources/addresources.md) topic + for additional information. +- Remove — Removes the selected item from being associated with the policy + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Name — Displays the name of the resource. Click the link to view additional details. The details + vary based on the type of resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) topic for + additional information. +- DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource +- Operating System — Displays the operating system of the resource + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/schedule.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/schedule.md index b6542963a6..e5a04b91d1 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/schedule.md @@ -1,8 +1,14 @@ +--- +title: "Schedule Tab for Protection Policies" +description: "Schedule Tab for Protection Policies" +sidebar_position: 40 +--- + # Schedule Tab for Protection Policies The Schedule tab shows the schedule tasks for the resources in the selected protection policy. The protection policy schedule is run based on the platform type configuration on the -[Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). +[Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md). ![schedule](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.webp) @@ -16,7 +22,7 @@ The Schedule tab has the following features: The table has the following columns: - Task Name — Displays the name of the scheduled task. See the - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. + [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. - Last Run Time — Date timestamp of the previous scheduled task - Next Run Time — Date timestamp of the next scheduled task - Recurrence — Indicates the scheduled recurrence diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/reporting.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/reporting.md new file mode 100644 index 0000000000..02bf9c4c2e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/reporting.md @@ -0,0 +1,192 @@ +--- +title: "Reporting" +description: "Reporting" +sidebar_position: 60 +--- + +# Reporting + +Reports can be viewed and configured on the Reporting page. Predefined reports are available, as +well as platform-based reports based on the same data sources as the predefined reports. +Additionally, custom reports can be generated based on the predefined reports. All reports can be +downloaded as a PDF or CSV file or subscribed to via email. + +## Reports Tree + +The reports on the Reporting page are organized into folders in a tree menu. Reports can be added to +the Favorites folder or removed from the Favorites folder by clicking the star icon next to the +report name. Each report has a Filters tab (which allows the report to be run, downloaded, or +configured) and a Subscriptions tab (which allows the Privilege Secure user to Subscribe to the +report via email). + +![Reports Tree](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/reportstree.webp) + +The Search Reports box will search all report names, both predefined and custom, for the specified +report name. The report tree will then be filtered down to the matching reports. + +## Report Folders + +The Reports tree contains the following folders. + +Favorites Folder + +This folder in the report tree contains reports that have been marked with a star for easy access. +Clicking the star on a favorite report will remove it from the Favorites folder. + +Predefined Reports + +This folder contains predefined reports covering common reporting uses cases. Included are: + +- Account Password Age +- All Activity Sessions +- Password Rotations + +Predefined Platform-Based Reports + +This folder contains predefined reports that are filtered to specific platforms. Included are: + +- All Active Directory Sessions +- All Entra ID Sessions +- All Cisco Sessions +- All Linux Sessions +- All Microsoft SQL Server Sessions +- All Oracle Sessions +- All Website Sessions +- All Windows Sessions + +My Reports + +This folder contains all reports created using the “+” icon next to the Search Reports field or +created by modifying and saving an existing predefined or platform based report. + +## Add a New Report + +Click the + icon next to the Search Reports field to open a new custom report. Enter a name for the +new report in the Enter Report Name box. + +### Filters Tab + +The Filters tab provides customization options for the new report. + +![Reporting Filters Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/filterstab.webp) + +The Filters tab has the following configuration options: + +- Save – Saves the report and add it to the My Reports folder in the report tree +- Cancel – Cancels the creation of the report and clear all edits that have been made to the new + report +- Source Drop-down List – Contains data sources that allow the report to look at different data sets + related to Privilege Secure administration. See the Data Sources topic for additional information. +- Timeframe Drop-down List – Contains a number of predefined timeframes, ranging from “Last Hour” to + “Last 30 Days”. Additionally, “Custom” can be selected, which makes visible a “Start date” date + picker and an “End date” date picker. +- Attribute Drop-down List – Contains attributes from the given Source that can be paired with an + operator and a value +- Operator – Contains operators that can be used to filter an attribute +- Value – This field allows manual entry of a value against which the operator will be applied. The + field also offers a drop-down menu which is populated with values from the backend database. + +### Data Sources + +The Source drop-down list contains the following data sources for reports. + +Activity Sessions + +This data source contains activity session information, and allows the report to be filtered on the +following attributes for a given activity session: + +- Domain +- Platform +- Activity +- Target User +- Target Host +- User + +Resource Sync + +This data source contains resource sync information, and allows the report to be filtered on the +following attributes for a given synced resource: + +- Version +- Name +- IP Address +- Operating System + +Password Rotation + +This data source contains password rotation information, and allows the report to be filtered on the +following attributes for a given password rotation event: + +- Target Rotation +- Results +- Change Reason +- User + +Password Age + +This data source contains password age information, and allows the report to be filtered on the +following attributes for a given user account: + +- Account Name +- Computer +- Password Age +- Name +- Privilege + +**NOTE:** The Subscriptions tab will not be enabled until saving the report. See the Subscriptions +Tab topic for additional information. + +## Customize an Existing Report + +Any predefined report, platform-based report, or custom report under My Reports functions +identically. + +### Filters Tab + +Customize the desired configuration settings in the Filters tab. + +![Reporting Filters Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/filterstab.webp) + +The Filters tab has the following configuration options: + +- Run Query – Runs the query for the given report, and returns any data matching the configured + query +- Download Report – Generates and downloads the report, either as PDF or as CSV. The file name of + the downloaded report will indicate the name of the report and the time of download. For example, + "All Linux Sessions-24-05-07-164307". +- Save – Saves any modifications to the report. If this is a predefined or platform based report, it + will save as a new report under My Reports +- Delete **(available for custom reports only)** – Deletes the custom report +- Source Drop-down List – Contains data sources that allow the report to look at different data sets + related to Privilege Secure administration. See the Data Sources topic for additional information. +- Timeframe Drop-down List – Contains several predefined timeframes, ranging from “Last Hour” to + “Last 30 Days”. Additionally, “Custom” can be selected, which makes visible a “Start date” date + picker and an “End date” date picker. +- Attribute Drop-down List – Contains attributes from the given Source that can be paired with an + operator and a value. +- Operator – Contains operators that can be used to filter an attribute. +- Value – Allows manual entry of a value against which the operator will be applied. The field also + offers a drop-down menu which is populated with values from the backend database. + +### Subscriptions Tab + +The Subscriptions tab allows the Privilege Secure user to Subscribe to the report via email. + +![Reporting Subscriptions Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/subscriptionstab.webp) + +The report will be emailed to the Email value for the user, which is populated based on Active +Directory attributes and can be confirmed for a given user by checking the Users and Groups page. If +a new custom schedule is needed for a Subscription, one can be created under the **Policy** > +**Platforms** > **Schedule Policies** menu. All Schedule Policies will show up in the list when you +Subscribe to a report. See the [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic +for additional information. + +The Subscriptions tab has the following configuration options: + +- Search – Allows the subscriptions for this report to be searched based on the username of the + subscribed Privilege Secure user +- Subscribe/Unsubscribe button – Subscribe or unsubscribe the logged in user to the report according + to a specified schedule from the drop-down menu +- CSV checkbox – If checked, a CSV of the report will be emailed to the subscribed user +- PDF checkbox – If checked, a PDF of the report will be emailed to the subscribed user +- Subscriptions table – Shows the subscribed users for the report, and their subscription schedule diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/_category_.json new file mode 100644 index 0000000000..42866f2968 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Resources Page", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "resources" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/_category_.json new file mode 100644 index 0000000000..c503839afa --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Add And Change", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addnewserviceaccount.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addnewserviceaccount.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addnewserviceaccount.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addnewserviceaccount.md index e4cacab032..206a9638bc 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addnewserviceaccount.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addnewserviceaccount.md @@ -1,3 +1,9 @@ +--- +title: "Add New Service Account Window" +description: "Add New Service Account Window" +sidebar_position: 80 +--- + # Add New Service Account Window Follow the steps to add a new Service Account to a host resource: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/_category_.json new file mode 100644 index 0000000000..b5d3d8e72f --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Add Resources Window", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "addresourcesonboard" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcesonboard.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md similarity index 94% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcesonboard.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md index eb5676e642..9ad275eff7 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcesonboard.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md @@ -1,3 +1,9 @@ +--- +title: "Add Resources Window" +description: "Add Resources Window" +sidebar_position: 10 +--- + # Add Resources Window The Add Resources window is for onboarding resources. The features within the window change based on @@ -21,7 +27,7 @@ The window has the following features: - Available Resources — Shows all available resources - Resources And Groups to Add — Shows selected resources - Service Account — Provides a list of available Service Accounts. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Add — Onboards resources and closes the window - Cancel — Discards modifications and closes the window @@ -66,11 +72,11 @@ The window has the following features: - Import CSV — Opens Window Explore to select the file - Download CSV Template — Downloads the `nps-resource-import-template.csv` file with required - columns. See the [Create Resource Import CSV File](/docs/privilegesecure/4.2/accessmanagement/admin/policy/resourceimportcsv.md) topic for + columns. See the [Create Resource Import CSV File](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md) topic for additional information. - Remove — Removes the selected item - Service Account — Provides a list of available Service Accounts. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Add — Onboards resources and closes the window - Cancel — Discards modifications and closes the window @@ -136,7 +142,7 @@ The window has the following features: - Add — Adds the resource in the textbox to the table - Remove — Removes the selected item - Service Account — Provides a list of available Service Accounts. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Add — Onboards resources and closes the window - Cancel — Discards modifications and closes the window diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/resourceimportcsv.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md similarity index 89% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/resourceimportcsv.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md index 405763a3b1..6260cb04c6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/resourceimportcsv.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/resourceimportcsv.md @@ -1,3 +1,9 @@ +--- +title: "Create Resource Import CSV File" +description: "Create Resource Import CSV File" +sidebar_position: 10 +--- + # Create Resource Import CSV File Resources can be onboarded via a CSV import process. Create a CSV file with the following values: @@ -7,10 +13,10 @@ Resources can be onboarded via a CSV import process. Create a CSV file with the - IP Address — Displays the IP address for the resource - Platform — Displays the type of platform, which defines the resource. This is an optional value, but it must be an exact match to known platforms on the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md). - Credential — Displays the service account associated with the resource. This is an optional value, but it must be an exact match to known service accounts on the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md). + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md). The CSV file must contain one resource per row. Each resource must be identified by either a DNS Host Name or an IP Address. All other values are optional. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeplatform.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeplatform.md index 14a9506814..7d89f67da5 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeplatform.md @@ -1,3 +1,9 @@ +--- +title: "Change Platform Window" +description: "Change Platform Window" +sidebar_position: 70 +--- + # Change Platform Window Follow the steps to change the platform type for a host resource. @@ -11,7 +17,7 @@ Follow the steps to change the platform type for a host resource. ![Change Resource Platform Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.webp) **Step 4 –** In the Platform drop-down menu, select a previously added platform. See the -[Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information. +[Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information. **Step 5 –** When a platform is entered, the Okay button is enabled. Click **Okay** to update the platform type for the selected resource(s). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeserviceaccount.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeserviceaccount.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeserviceaccount.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeserviceaccount.md index a60f2da294..e6865413a7 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeserviceaccount.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeserviceaccount.md @@ -1,3 +1,9 @@ +--- +title: "Change Service Account Window" +description: "Change Service Account Window" +sidebar_position: 90 +--- + # Change Service Account Window Follow the steps to change the service account for a host resource. @@ -14,7 +20,7 @@ Follow the steps to change the service account for a host resource. credentials for the resource. - To add a service account, see the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. **Step 5 –** When a service account is entered, the Okay button is enabled. Click **Okay** to use diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/database.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/database.md new file mode 100644 index 0000000000..e69bb961a4 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/database.md @@ -0,0 +1,53 @@ +--- +title: "Add New Database" +description: "Add New Database" +sidebar_position: 60 +--- + +# Add New Database + +Follow the steps to add a database to the Privilege SecureConsole. Supported database platforms +include: + +- Microsoft SQL +- Oracle + +**Step 1 –** Navigate to the Resources page. + +**Step 2 –** Click **Add** > **New Database**. + +**Step 3 –** In the Enter Database Name box, enter a unique name to identify the database. + +![Add Database](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/adddatabase.webp) + +**Step 4 –** Select **Microsoft SQL Server** or **Oracle** from the Platform drop-down list. + +**Step 5 –** Enter the instance name for the server. + +**Step 6 –** Enter the IP address for the server. + +**Step 7 –** Enter the port for the server. The default ports for each database platform are: + +- Microsoft SQL: 1433 +- Oracle: 1521 + +**Step 8 –** Enter the fully qualified domain name (FDQN) for the server. + +**NOTE:** The domain is used as the default domain for database activities. + +**Step 9 –** From the drop-down menu, select a previously added service account with credentials for +the database. + +- See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. + + - Visit icon – Go to the Service Account page to view details of the selected service account. + - Add New Service Account icon – Open the Add New Service Account window. The fields are + identical to those on the Service Accounts page. + +**Step 10 –** Click **Save** to save the configuration options and enable the Scan Now button. + +**Step 11 –** Click **Scan Now** to begin scanning the database. + +The new database is now added. See the [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md) for +additional details. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/domain.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/domain.md new file mode 100644 index 0000000000..952fd01a3f --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/domain.md @@ -0,0 +1,37 @@ +--- +title: "Add New Domain" +description: "Add New Domain" +sidebar_position: 20 +--- + +# Add New Domain + +Follow the steps to add a domain to the console. + +**Step 1 –** Navigate to the Policy > Resources page. + +**Step 2 –** Click the Plus icon and select Domain from the drop-down list. + +![Add Domian Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/adddomain.webp) + +**Step 3 –** Enter the following information: + +- Domain Name – Displays the fully qualified domain name (FQDN) +- Service account – From the drop-down menu, select a previously added service account with + credentials for the domain. See the + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. + + - Add New Service Account – Open the Add New Service Account window. The fields are identical to + those on the Service Accounts page. + +- Use TLS – Check to enable a secure connection to the domain +- Enter the desired frequency for the domain sync. + +**Step 4 –** Click Test to verify the connection to the domain. + +**Step 5 –** When the connection is verified, the Save button is enabled. Click Save to add the +domain to the console. + +The new domain has been on-boarded. See the [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) topic +for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/entraidtenant.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/entraidtenant.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/entraidtenant.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/entraidtenant.md index c7680a0871..c5a2c34df6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/entraidtenant.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/entraidtenant.md @@ -1,3 +1,9 @@ +--- +title: "Add New Microsoft Entra ID Tenant" +description: "Add New Microsoft Entra ID Tenant" +sidebar_position: 40 +--- + # Add New Microsoft Entra ID Tenant Follow the steps to add Microsoft Entra ID (formerly Azure AD) resource to the Privilege Secure @@ -24,7 +30,7 @@ Console. group membership information. This is unchecked by default. - Synchronize Now button — Scans the domain for users, groups, members, and computers. The Cancel button, which is only visible when scanning can be used to stop the resource scan. This scan can - also be scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). + also be scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md). - Service Account — Displays the service account associated with the resource - - Visit icon — Go to the Service Account page to view details of the selected service account. - Add New Service Account icon — Open the Add New Service Account window. The fields are @@ -33,4 +39,4 @@ Console. **Step 4 –** Click **Save** to add the Microsoft Entra ID Tenant to the console. The new Microsoft Entra ID tenant has been on-boarded. See the -[Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md) topic for additional information. +[Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/_category_.json new file mode 100644 index 0000000000..bb2cce96f8 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Add Secret Vault", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "secretvault" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvault.md new file mode 100644 index 0000000000..4c01ef16df --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvault.md @@ -0,0 +1,31 @@ +--- +title: "Add Secret Vault" +description: "Add Secret Vault" +sidebar_position: 50 +--- + +# Add Secret Vault + +Follow the steps below to add a new secret vault to the console. + +**Step 1 –** Navigate to the Policy > Resources page. + +**Step 2 –** Click the Plus icon and select New Secret Vault from the drop-down list. + +![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addsecretvault.webp) + +**Step 3 –** Enter the following information: + +- New Secret Vault Name — Name of the new secret vault +- Platform — Displays the type of platform, which defines the resource. +- Description _(optional)_ —Description of the policy + +**Step 4 –** Click **Save**. + +A secret vault has been onboarded. See the +[Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md) topic for additional information. + +**CAUTION:** Next, you will have to manually enter and update credentials for each applicable user. +Credentials are assigned through the Credential-based Access Policy for password release. See the +[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) +topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/secretvaultconfig.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvaultconfig.md similarity index 83% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/secretvaultconfig.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvaultconfig.md index bc1a282797..4d668b87f8 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/secretvaultconfig.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvaultconfig.md @@ -1,3 +1,9 @@ +--- +title: "Secret Vault Configuration" +description: "Secret Vault Configuration" +sidebar_position: 10 +--- + # Secret Vault Configuration This topic walks through the steps necessary to configure a Netwrix Privilege Secure Secret Vault. @@ -34,13 +40,13 @@ Follow the steps below to add a new Secret Vault. **Step 8 –** Click **Okay** to add the account to the Secret Vault. A secret vault has been created, and a secret added to the vault. See the -[Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md) topic for additional +[Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md) topic for additional information. **NOTE:** Vaulted credentials must be manually entered and updated. See the -[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md) +[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) topic for additional information. ## Create an Access Policy @@ -48,7 +54,7 @@ topic for additional information. Follow these steps to add a credential-based access policy to Privilege Secure. _Remember,_ a connection profile is required to create an access policy. You can create one ahead of -time on the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) page or use the +time on the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) page or use the arrow button to create one during these steps. **Step 1 –** Navigate to the Policy > Access Policies page. @@ -69,14 +75,14 @@ arrow button to create one during these steps. **Step 5 –** On the new access policy, select the **Users** tab. **Step 6 –** Click the **Add** button to add users to the access policy. See the -[Users Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/users.md) for +[Users Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/users.md) for additional information. **Step 7 –** Once the users have been added, select the **Credentials** tab. **Step 8 –** Click the **Add** button to add the necessary credentials to access the Secrete Vault. See the -[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md) +[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) for additional information. The new Secret Vault access policy has been created. Users added to the policy will now have a diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/website.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/website.md new file mode 100644 index 0000000000..5837b8ff33 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/website.md @@ -0,0 +1,41 @@ +--- +title: "Add New Website" +description: "Add New Website" +sidebar_position: 30 +--- + +# Add New Website + +Follow the steps to add a Website Resource to the Privilege Secure Console. + +**Step 1 –** Navigate to the **Policy** > **Resources** page. + +**Step 2 –** Click the Plus icon and select New Website from the drop-down list. + +![Add New Website Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addnewwebsite.webp) + +**Step 3 –** Enter the following information: + +- Website Name – Displays the name to be displayed in the Resource list for the website +- Platform – Website (This field cannot be changed.) +- Logon URL – Enter the primary logon page for the website. This is only used if no URL is specified + when defining a website Activity. +- Associated Resource – _(optional)_ If the website is hosted on a server that is also managed by + Privilege Secure, select the resource from the drop-down list to ensure that AD account operations + are performed on the domain controller the website resource is bound to +- Associated Domain Controller – _(optional)_ A specific domain controller may be selected to ensure + that AD account operations are performed on a domain controller the website will reference for + authentication +- Service Account – _(optional)_ The service account used when activity _actions_ require a + provisioned account to interact with the resource, e.g. custom PowerShell. From the drop-down + menu, select a previously added service account. See the + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. + + - Add New Service Account — Open the Add New Service Account window. The fields are identical to + those on the Service Accounts page + +**Step 4 –** Click **Save** to add the website to the console. + +The new website has been onboarded. See the [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md) topic +for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/configuresecurewinrmconnection.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/configuresecurewinrmconnection.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/configuresecurewinrmconnection.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/configuresecurewinrmconnection.md index 485ef17f52..add98a48b3 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/configuresecurewinrmconnection.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/configuresecurewinrmconnection.md @@ -1,3 +1,9 @@ +--- +title: "Configure Secure WinRM Connection Window" +description: "Configure Secure WinRM Connection Window" +sidebar_position: 30 +--- + # Configure Secure WinRM Connection Window Follow the steps to configure secure WinRM connection for the selected host: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/_category_.json new file mode 100644 index 0000000000..048b6625b9 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Details Pages", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/_category_.json new file mode 100644 index 0000000000..432347ad3d --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Database Details Page", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "databases" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md new file mode 100644 index 0000000000..55c86bbc5b --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md @@ -0,0 +1,48 @@ +--- +title: "Database Details Page" +description: "Database Details Page" +sidebar_position: 60 +--- + +# Database Details Page + +The Database Details page displays information for the selected database resource. This page is +opened from any linked resource within the various interfaces. + +![Database Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databasedetailspage.webp) + +The Database Details page shows the following information: + +- Name — Displays the name of the resource +- Trashcan icon — Removes the selected resource from being managed by the application. A + confirmation window will display. +- Platform — Displays the type of platform, which defines the resource +- Server — The instance name for the server +- IP Address — Displays the IP address for the resource +- Port — The port for the server +- Domain — Displays the fully qualified domain name (FQDN) + + **NOTE:** The domain is used as the default domain for database activities. + +- Service Account — Displays the service account associated with the resource. See the + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. +- Scan Now button — Scans the domain for users, groups, members, and computers. The Cancel button, + which is only visible when scanning can be used to stop the resource scan. This scan can also be + scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md). + + - Status — During synchronization, the button displays as spinning + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + + The database details page has the following tabs: + +- Users – Displays database login accounts that are not domain users or local computer users +- Groups – Displays login accounts that are domain users or local computer accounts +- Databases – Displays a list of discovered databases See the + [Databases Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases_1.md) topic for additional information. +- Roles – Displays roles and who has those roles on the database and at the server level +- Sessions – Displays previous sessions that have used this resource as a target +- Access Policies – Displays a list of access policies that this resource belongs to +- History – Displays previous sessions with events that are related to this resource diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases_1.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases_1.md new file mode 100644 index 0000000000..febf4a5c42 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases_1.md @@ -0,0 +1,24 @@ +--- +title: "Databases Tab" +description: "Databases Tab" +sidebar_position: 10 +--- + +# Databases Tab + +The Databases tab shows information about the server database on the selected resource. + +![Database Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databasedetailspage.webp) + +The Databases tab has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. + +The table has the following columns: + +- Database Name — Displays the name of the database +- Members — List of accounts with group membership +- Status — Shows status information for the database + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/_category_.json new file mode 100644 index 0000000000..7220600283 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Domain Details Page", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "domain" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/_category_.json new file mode 100644 index 0000000000..34c5334874 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Computers Tab for Domain", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "computersdomain" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/computersdomain.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/computersdomain.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/computersdomain.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/computersdomain.md index 4d7ad33f20..6b16d68fba 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/computersdomain.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/computersdomain.md @@ -1,3 +1,9 @@ +--- +title: "Computers Tab for Domain" +description: "Computers Tab for Domain" +sidebar_position: 30 +--- + # Computers Tab for Domain The Computers tab shows information about the domain computer objects on the selected resource. @@ -11,7 +17,7 @@ The Computers tab has the following features: - Type — Provides options to filter results based on a chosen criterion: Resource and Not On-boarded - Add as NPS Managed Resource — Opens the Enroll Hosts in Management window to onboards the selected resource. See - [Enroll Hosts in Management Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/enrollhostsinmanagement.md) for + [Enroll Hosts in Management Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/enrollhostsinmanagement.md) for additional information. - Remove as NPS Managed Resource — Removes the selected resource from being managed by the application. A confirmation window will display. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/enrollhostsinmanagement.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/enrollhostsinmanagement.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/enrollhostsinmanagement.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/enrollhostsinmanagement.md index 99206084b1..aa6059f1a5 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/enrollhostsinmanagement.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/enrollhostsinmanagement.md @@ -1,3 +1,9 @@ +--- +title: "Enroll Hosts in Management Window" +description: "Enroll Hosts in Management Window" +sidebar_position: 10 +--- + # Enroll Hosts in Management Window Follow these steps to add a computer as NPS Managed Resource: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md new file mode 100644 index 0000000000..bf267d3f7f --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md @@ -0,0 +1,56 @@ +--- +title: "Domain Details Page" +description: "Domain Details Page" +sidebar_position: 20 +--- + +# Domain Details Page + +The Domain Details page shows additional information for the selected domain resource. This page is +opened from any linked resource within the various interfaces. + +![Domain Details Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domaindetailspage.webp) + +The details page shows the following information: + +- Name — Displays the name of the resource +- Trashcan icon — Removes the selected resource from being managed by the application. A + confirmation window will display. +- Users — Number of user objects in the domain +- Groups — Number of group objects in the domain +- Members — Number of users that are members of groups +- Computers — Number of computer objects in the domain +- Last Synchronized — Date timestamp for the last time the domain was synchronized +- Status — Shows status information for the synchronization: + + - Complete — Synchronization completed successfully + - Processing — Synchronization is actively occurring + - Failed — Synchronization failed to complete + - Cancelled — Synchronization was cancelled by an Administrator + +- Synchronize Now button — Scans the domain for users, groups, members, and computers. The Cancel + button, which is only visible when scanning can be used to stop the resource scan. This scan can + also be scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md). +- Platform — Displays the type of platform, which defines the resource +- Service Account — Displays the service account associated with the resource +- Use TLS checkbox — Enables a secure connection to the domain +- Frequency — Indicates how often the synchronization task will run: Never, Hourly, Daily, or + Weekly. Options open additional fields: + + - Hourly — Opens the Every field for selecting specific hour ranges + - Daily— Opens the At field for indicating the start time of the daily synchronization + - Weekly— Opens the On and At fields for indicating the day of the week and start time of the + weekly synchronization + +- Test button — Tests the settings by attempting to connect + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +The details page has the following tabs: + +- [Users Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/usersdomain.md) +- [Groups Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/groupsdomain.md) +- [Computers Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/computersdomain/computersdomain.md) +- [History Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/historydomain.md) +- [Sync Errors Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/syncerrorsdomain.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsdomain.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/groupsdomain.md similarity index 92% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsdomain.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/groupsdomain.md index f57c3ab725..4f9123ac9b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsdomain.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/groupsdomain.md @@ -1,3 +1,9 @@ +--- +title: "Groups Tab for Domain" +description: "Groups Tab for Domain" +sidebar_position: 20 +--- + # Groups Tab for Domain The Groups tab shows information about the domain groups on the selected resource. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historydomain.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/historydomain.md similarity index 94% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historydomain.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/historydomain.md index 2a2fcc7d39..78eaeb99ec 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historydomain.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/historydomain.md @@ -1,3 +1,9 @@ +--- +title: "History Tab for Domain" +description: "History Tab for Domain" +sidebar_position: 40 +--- + # History Tab for Domain The History tab shows information about the synchronization history of the selected resource. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/syncerrorsdomain.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/syncerrorsdomain.md similarity index 81% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/syncerrorsdomain.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/syncerrorsdomain.md index c72edb8681..47eb7ff75a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/syncerrorsdomain.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/syncerrorsdomain.md @@ -1,3 +1,9 @@ +--- +title: "Sync Errors Tab for Domain" +description: "Sync Errors Tab for Domain" +sidebar_position: 50 +--- + # Sync Errors Tab for Domain The Sync Errors tab displays the synchronization error log for the selected resource. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersdomain.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/usersdomain.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersdomain.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/usersdomain.md index f88cdb758b..987c1529fc 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersdomain.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/usersdomain.md @@ -1,3 +1,9 @@ +--- +title: "Users Tab for Domain" +description: "Users Tab for Domain" +sidebar_position: 10 +--- + # Users Tab for Domain The Users tab shows information about the domain users on the selected resource. @@ -23,7 +29,7 @@ The Users tab has the following features: - View History — Opens the Password History window to displays the password history for the account - Password Reset Options — Customize password rotation options. This option is only available for managed accounts. See - [Password Reset Options Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/passwordresetoptions.md) for additional + [Password Reset Options Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/passwordresetoptions.md) for additional information. - Refresh — Reload the information displayed @@ -39,12 +45,12 @@ The table has the following columns: created - NPS Role — Indicates the assigned Privilege Secure role - Managed — Indicates if the account is managed by Privilege Secure. See the - [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md) topic for additional information. + [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md) topic for additional information. - Rotate Start | End — Indicates if the account will have a password rotation on session start, end, both, or neither - Dependents — Number of scheduled tasks or Windows services using this account. - Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a verification schedule. - Unspecified — Verification check has not run @@ -59,9 +65,9 @@ The table has the following columns: - Last Checked — Date timestamp of the last verification check - Next Change — Date timestamp for the next credential password rotation - Schedule — Shows the schedule policy used to change the password of a manged account, the - credential rotation. See the [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for + credential rotation. See the [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. - Complexity — Indicates the password complexity policy used for the account. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/_category_.json new file mode 100644 index 0000000000..4e892cccb4 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Microsoft Entra ID Details Page", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "entraid" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspoliciesentraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/accesspoliciesentraid.md similarity index 77% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspoliciesentraid.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/accesspoliciesentraid.md index d89b58e43e..fa3e917749 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspoliciesentraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/accesspoliciesentraid.md @@ -1,3 +1,9 @@ +--- +title: "Access Policies Tab for Microsoft Entra ID" +description: "Access Policies Tab for Microsoft Entra ID" +sidebar_position: 50 +--- + # Access Policies Tab for Microsoft Entra ID The Access Policies tab Sessions Tab for Microsoft Entra ID shows information about the policies @@ -13,7 +19,7 @@ The Access Policies tab has the following features: The table has the following columns: -- Name — Displays the name of the policy. See the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) +- Name — Displays the name of the policy. See the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional information. - Description — Description of the policy diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/applicationsentraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/applicationsentraid.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/applicationsentraid.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/applicationsentraid.md index 1420287dac..cec066602a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/applicationsentraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/applicationsentraid.md @@ -1,3 +1,9 @@ +--- +title: "Applications Tab for Microsoft Entra ID" +description: "Applications Tab for Microsoft Entra ID" +sidebar_position: 70 +--- + # Applications Tab for Microsoft Entra ID The Applications tab for Microsoft Entra ID (formerly Azure AD) shows information about the diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md new file mode 100644 index 0000000000..dd5b233bce --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md @@ -0,0 +1,46 @@ +--- +title: "Microsoft Entra ID Details Page" +description: "Microsoft Entra ID Details Page" +sidebar_position: 40 +--- + +# Microsoft Entra ID Details Page + +The Microsoft Entra ID (formerly Azure AD) Details page shows additional information for the +selected Microsoft Entra ID Tenant resource. This page is opened from any linked resource within the +various interfaces. + +![Azure AD Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/azureaddetailspage.webp) + +The details page shows the following information: + +- Name — Displays the name of the resource +- Trashcan icon — Removes the selected resource from being managed by the application. A + confirmation window will display. +- Platform — Displays the type of platform, which defines the resource +- Tenant ID — Displays the globally unique identifier for the targeted tenant implementation as + found in Entra ID +- Logon URL — Displays the primary logon page +- Email Domain — Displays the domain part of the user principal name used by the Tenant as found in + Entra ID on the Users page, under “Identity Issuer” +- Associated Domain — For hybrid Entra ID environments, assign the on-premises Active Directory + domain that is synchronized with the tenant, otherwise leave set to **None** +- Process Group Memberships — Select this checkbox to enable Netwrix Privilege Secure to collect + group membership information. This is unchecked by default. +- Synchronize Now button — Scans the domain for users, groups, members, and computers. The Cancel + button, which is only visible when scanning can be used to stop the resource scan. This scan can + also be scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md). +- Service Account — Displays the service account associated with the resource + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +The details page has the following tabs: + +- [URLs Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/urlsentraid.md) +- [Users Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/usersentraid.md) +- [Groups Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/groupsentraid.md) +- [Sessions Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/sessionsentraid.md) +- [Access Policies Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/accesspoliciesentraid.md) +- [History Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/historyentraid.md) +- [Applications Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/applicationsentraid.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsentraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/groupsentraid.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsentraid.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/groupsentraid.md index 408f13135f..219ee91a6d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsentraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/groupsentraid.md @@ -1,3 +1,9 @@ +--- +title: "Groups Tab for Microsoft Entra ID" +description: "Groups Tab for Microsoft Entra ID" +sidebar_position: 30 +--- + # Groups Tab for Microsoft Entra ID The Groups tab for Microsoft Entra ID (formerly Azure AD) shows information about the groups on the diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyentraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/historyentraid.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyentraid.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/historyentraid.md index 7021e62d59..72f10acd72 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyentraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/historyentraid.md @@ -1,3 +1,9 @@ +--- +title: "History Tab for Microsoft Entra ID" +description: "History Tab for Microsoft Entra ID" +sidebar_position: 60 +--- + # History Tab for Microsoft Entra ID The History tab Access Policies tab for Microsoft Entra ID (formerly Azure AD) shows information @@ -10,7 +16,7 @@ The History tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: @@ -23,7 +29,7 @@ The table has the following columns: - Time — Date timestamp for when the event occurred - User — User who requested the session. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Access Policy — Displays the name of the policy - Event Message — Description of the event diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionsentraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/sessionsentraid.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionsentraid.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/sessionsentraid.md index 64ee3cdeb1..5751f99611 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionsentraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/sessionsentraid.md @@ -1,3 +1,9 @@ +--- +title: "Sessions Tab for Microsoft Entra ID" +description: "Sessions Tab for Microsoft Entra ID" +sidebar_position: 40 +--- + # Sessions Tab for Microsoft Entra ID The Sessions tab for Microsoft Entra ID (formerly Azure AD) shows information about the sessions of @@ -10,17 +16,17 @@ The Sessions tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: - Requested — Date and time of when the session was created - Requested By — User who requested the session. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Login Account — Displays the account used to log onto the resource -- Activity — Displays the name of the activity. See the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) +- Activity — Displays the name of the activity. See the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Start — Indicates when the activity started. This refers to when the activity’s actions were executed and not when the user was logged on to the resource. @@ -42,6 +48,6 @@ The table has the following columns: Secure administrator. - Failed — Pre-Session stage of the Activity has encountered an error - Locked — The session has been locked by an Privilege Secure administrator. See the - [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlsentraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/urlsentraid.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlsentraid.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/urlsentraid.md index 996e786dee..bb38a70c49 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlsentraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/urlsentraid.md @@ -1,3 +1,9 @@ +--- +title: "URLs Tab for Microsoft Entra ID" +description: "URLs Tab for Microsoft Entra ID" +sidebar_position: 10 +--- + # URLs Tab for Microsoft Entra ID The URLs tab for Microsoft Entra ID (formerly Azure AD) shows information about the URLs associated @@ -10,7 +16,7 @@ login. The URLs tab has the following features: - Add — Opens the Add Website URL window. See the - [Add Website URL Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addwebsiteurl.md) topic for additional + [Add Website URL Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md) topic for additional information. - Edit — Opens the Edit Website URL window. See Edit Website URL for additional information. - Remove — Removes the selected item diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersentraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/usersentraid.md similarity index 90% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersentraid.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/usersentraid.md index 41c93576ac..bdb074370e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersentraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/usersentraid.md @@ -1,3 +1,9 @@ +--- +title: "Users Tab for Microsoft Entra ID" +description: "Users Tab for Microsoft Entra ID" +sidebar_position: 20 +--- + # Users Tab for Microsoft Entra ID The Users tab for Microsoft Entra ID (formerly Azure AD) shows information about the users on the @@ -22,7 +28,7 @@ The Users tab has the following features: - View History — Opens the Password History window to displays the password history for the account - Password Reset Options — Customize password rotation options. This option is only available for managed accounts. See the - [Password Reset Options Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/passwordresetoptions.md) topic for + [Password Reset Options Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/passwordresetoptions.md) topic for additional information. - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. @@ -38,11 +44,11 @@ The table has the following columns: - Age — Number of days since the last credential rotation or from when the password was first created - Managed — Indicates if the account is managed by Privilege Secure. See the - [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md) topic for additional information. + [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md) topic for additional information. - Rotate Start | End — Indicates if the account will have a password rotation on session start, end, both, or neither - Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a verification schedule. - Unspecified — Verification check has not run diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/_category_.json new file mode 100644 index 0000000000..8a84ea9535 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Host Details Page", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "host" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieshost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/accesspolicieshost.md similarity index 81% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieshost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/accesspolicieshost.md index 56fa9a8829..ba0d4a44f3 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieshost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/accesspolicieshost.md @@ -1,3 +1,9 @@ +--- +title: "Access Policies Tab for Host" +description: "Access Policies Tab for Host" +sidebar_position: 20 +--- + # Access Policies Tab for Host The Access Policies tab shows information about the policies associated with the selected resource. @@ -13,7 +19,7 @@ The Access Policies tab has the following features: The table has the following columns: - Name — Displays the name of the policy. Click the link to view additional details. See the - [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for additional information. + [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional information. - Description — Description of the policy The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupshost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/groupshost.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupshost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/groupshost.md index f4083349a8..77ac3ae934 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupshost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/groupshost.md @@ -1,3 +1,9 @@ +--- +title: "Groups Tab for Host" +description: "Groups Tab for Host" +sidebar_position: 50 +--- + # Groups Tab for Host The Groups tab shows information about the local groups on the selected resource. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyhost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/historyhost.md similarity index 80% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyhost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/historyhost.md index 2c16126da7..1f6dbac1a8 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyhost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/historyhost.md @@ -1,3 +1,9 @@ +--- +title: "History Tab for Host" +description: "History Tab for Host" +sidebar_position: 80 +--- + # History Tab for Host The History tab shows information about the session history of the selected resource. @@ -9,7 +15,7 @@ The History tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: @@ -22,10 +28,10 @@ The table has the following columns: - Time — Date timestamp for when the event occurred - User — User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Access Policy — Displays the name of the policy. Click the link to view additional details. See - the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for additional information. + the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional information. - Event Message — Description of the event - Session ID — Unique identifier for the session diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md similarity index 78% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md index 12b4d32e61..4809c99f1a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md @@ -1,3 +1,9 @@ +--- +title: "Host Details Page" +description: "Host Details Page" +sidebar_position: 10 +--- + # Host Details Page The Host Details page shows additional information for the selected host resource. This page is @@ -13,22 +19,22 @@ The details page displays the following information: - Active — Displays the number of active sessions on the resource - Scheduled — Displays the number of sessions scheduled for the resource - Test button — Opens the Test Resource Connectivity window. See the - [Test Resource Connectivity Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/testresourceconnectivity.md) topic + [Test Resource Connectivity Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/testresourceconnectivity.md) topic for additional information. - Scan Now button — Scans a host resource for local users, groups, windows services, and scheduled tasks. A confirmation window will display.. The Cancel button, which is only visible when scanning can be used to stop the resource scan. This scan can also be scheduled from the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md). - WinRM Config button — Opens the Configure Secure WinRM Connection window. See the - [Configure Secure WinRM Connection Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/configuresecurewinrmconnection.md) + [Configure Secure WinRM Connection Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/configuresecurewinrmconnection.md) topic for additional information. - Platform — Displays the type of platform, which defines the resource - Service Account — Displays the service account associated with the resource - Blue arrow button — Opens the Service Account details page. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. - Green plus button — Opens the Add New Service Account window. See the - [Add New Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addnewserviceaccount.md) topic for + [Add New Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addnewserviceaccount.md) topic for additional information. - IP Address — Displays the IP address for the resource - SSH Port — Displays the SSH port number @@ -55,12 +61,12 @@ commit the modifications. Click **Cancel** to discard the modifications. The details page has the following tabs: -- [Sessions Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionshost.md) -- [Access Policies Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieshost.md) -- [Protection Policies Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/protectionpolicieshost.md) -- [Users Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usershost.md) -- [Groups Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupshost.md) -- [Services Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/serviceshost.md) -- [Scheduled Tasks Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/scheduledtaskshost.md) -- [History Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyhost.md) -- [Installed Software Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/installedsoftwarehost.md) +- [Sessions Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/sessionshost.md) +- [Access Policies Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/accesspolicieshost.md) +- [Protection Policies Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/protectionpolicieshost.md) +- [Users Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/usershost.md) +- [Groups Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/groupshost.md) +- [Services Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/serviceshost.md) +- [Scheduled Tasks Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/scheduledtaskshost.md) +- [History Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/historyhost.md) +- [Installed Software Tab for Host](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/installedsoftwarehost.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/installedsoftwarehost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/installedsoftwarehost.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/installedsoftwarehost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/installedsoftwarehost.md index a41ec10915..696f2a1b08 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/installedsoftwarehost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/installedsoftwarehost.md @@ -1,3 +1,9 @@ +--- +title: "Installed Software Tab for Host" +description: "Installed Software Tab for Host" +sidebar_position: 90 +--- + # Installed Software Tab for Host The Installed Software tab shows information about the software installed on the selected host diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/protectionpolicieshost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/protectionpolicieshost.md similarity index 79% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/protectionpolicieshost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/protectionpolicieshost.md index cc74584a2c..558a272bc3 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/protectionpolicieshost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/protectionpolicieshost.md @@ -1,3 +1,9 @@ +--- +title: "Protection Policies Tab for Host" +description: "Protection Policies Tab for Host" +sidebar_position: 30 +--- + # Protection Policies Tab for Host The Protection Policies tab shows information about the protection policies associated with the @@ -13,7 +19,7 @@ The Protection Policies tab has the following feature: The table has the following columns: - Name — Displays the name of the policy. Click the link to view additional details. See the - [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md) topic for additional information. + [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/protectionpolicies/protectionpolicies.md) topic for additional information. - Description — Description of the policy The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/scheduledtaskshost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/scheduledtaskshost.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/scheduledtaskshost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/scheduledtaskshost.md index 191e8e4a14..14f7322e4b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/scheduledtaskshost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/scheduledtaskshost.md @@ -1,3 +1,9 @@ +--- +title: "Scheduled Tasks Tab for Host" +description: "Scheduled Tasks Tab for Host" +sidebar_position: 70 +--- + # Scheduled Tasks Tab for Host The Scheduled Tasks tab shows information about the tasks that are scheduled to run on the selected @@ -17,7 +23,7 @@ The table has the following columns: - Task Name — Displays the name of the task - Run As Account — Account used to run the task - Managed — Indicates if the account is managed by Privilege Secure. See the - [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md) topic for additional information. + [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md) topic for additional information. - Description — Description of the policy The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/serviceshost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/serviceshost.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/serviceshost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/serviceshost.md index 75e0588ec6..1ed9dbc806 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/serviceshost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/serviceshost.md @@ -1,3 +1,9 @@ +--- +title: "Services Tab for Host" +description: "Services Tab for Host" +sidebar_position: 60 +--- + # Services Tab for Host The Services tab shows information about the services running on the selected resource. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionshost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/sessionshost.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionshost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/sessionshost.md index 0333b755e6..b107711789 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionshost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/sessionshost.md @@ -1,3 +1,9 @@ +--- +title: "Sessions Tab for Host" +description: "Sessions Tab for Host" +sidebar_position: 10 +--- + # Sessions Tab for Host The Sessions tab shows information about the sessions of the selected resource. @@ -9,18 +15,18 @@ The Sessions tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: - Requested — Date and time of when the session was created - Requested By — User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Login Account — Displays the account used to log onto the resource - Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Start — Indicates when the activity started. This refers to when the activity’s actions were executed and not when the user was logged on to the resource. - End — Indicates when the session is scheduled to end the activity, which is determined by the @@ -41,6 +47,6 @@ The table has the following columns: Secure administrator. - Failed — Pre-Session stage of the Activity has encountered an error - Locked — The session has been locked by an Privilege Secure administrator. See the - [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usershost.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/usershost.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usershost.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/usershost.md index 3db34e9d70..d5f6291763 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usershost.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/usershost.md @@ -1,3 +1,9 @@ +--- +title: "Users Tab for Host" +description: "Users Tab for Host" +sidebar_position: 40 +--- + # Users Tab for Host The Users tab shows information about the local users on the selected resource. @@ -20,7 +26,7 @@ The Users tab has the following features: - View History — Opens the Password History window to displays the password history for the account - Password Reset Options — Customize password rotation options. This option is only available for managed accounts. See - [Password Reset Options Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/passwordresetoptions.md) topic for + [Password Reset Options Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/passwordresetoptions.md) topic for additional information. - Refresh — Reload the information displayed @@ -35,12 +41,12 @@ The table has the following columns: - Age — Number of days since the last credential rotation or from when the password was first created - Managed — Indicates if the account is managed by Privilege Secure. See the - [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md) topic for additional information. + [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md) topic for additional information. - Rotate Start | End — Indicates if the account will have a password rotation on session start, end, both, or neither - Dependents — Number of scheduled tasks or Windows services using this account. - Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information on configuring a verification schedule. - Unspecified — Verification check has not run @@ -55,9 +61,9 @@ The table has the following columns: - Last Checked — Date timestamp of the last verification check - Next Change — Date timestamp for the next credential password rotation - Schedule — Shows the schedule policy used to change the password of a manged account, the - credential rotation. See the [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for + credential rotation. See the [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/schedulepolicies/schedulepolicies.md) topic for additional information. - Complexity — Indicates the password complexity policy used for the account. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. + [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/passwordcomplexity/passwordcomplexity.md) topic for additional information. The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/_category_.json new file mode 100644 index 0000000000..d64e8e2f6b --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Secret Vault Details Page", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "secretvault" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/_category_.json new file mode 100644 index 0000000000..1386340f5e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Accounts Tab for Secret Vault", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "accountssecretvault" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accountssecretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/accountssecretvault.md similarity index 77% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accountssecretvault.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/accountssecretvault.md index c8d9e7e7db..d03dd14b1b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accountssecretvault.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/accountssecretvault.md @@ -1,3 +1,9 @@ +--- +title: "Accounts Tab for Secret Vault" +description: "Accounts Tab for Secret Vault" +sidebar_position: 10 +--- + # Accounts Tab for Secret Vault The Accounts tab shows information about the accounts associated to the selected resource. @@ -9,10 +15,10 @@ The Accounts tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Add — Opens the Add a Managed Account window. See the - [Add a Managed Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanagedaccount.md) topic for additional + [Add a Managed Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/addamanagedaccount.md) topic for additional information. - Edit — Opens the Edit a Managed Account window. See the - [Edit a Managed Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/editamanagedaccount.md) topic for + [Edit a Managed Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/editamanagedaccount.md) topic for additional information. - Delete — Removes the selected item. A confirmation window will appear. - Refresh — Reload the information displayed diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanagedaccount.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/addamanagedaccount.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanagedaccount.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/addamanagedaccount.md index bb591d07a5..13dcf4852c 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanagedaccount.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/addamanagedaccount.md @@ -1,3 +1,9 @@ +--- +title: "Add a Managed Account Window" +description: "Add a Managed Account Window" +sidebar_position: 10 +--- + # Add a Managed Account Window Follow the steps below to add a managed account to the secret vault. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/editamanagedaccount.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/editamanagedaccount.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/editamanagedaccount.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/editamanagedaccount.md index 142291f8e1..f362d45ae2 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/editamanagedaccount.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/editamanagedaccount.md @@ -1,3 +1,9 @@ +--- +title: "Edit a Managed Account Window" +description: "Edit a Managed Account Window" +sidebar_position: 20 +--- + # Edit a Managed Account Window Follow the steps below to edit a managed account in a secret vault. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historysecretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/historysecretvault.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historysecretvault.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/historysecretvault.md index bb47439eb9..b86caf69a0 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historysecretvault.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/historysecretvault.md @@ -1,3 +1,9 @@ +--- +title: "History Tab for Secret Vault" +description: "History Tab for Secret Vault" +sidebar_position: 30 +--- + # History Tab for Secret Vault The History tab shows information about the session history of the selected resource. @@ -9,7 +15,7 @@ The History tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: @@ -21,7 +27,7 @@ The table has the following columns: - Time — Date timestamp for when the event occurred - User — User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Access Policy — Displays the name of the policy - Event Message — Description of the event diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md new file mode 100644 index 0000000000..c06143671e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md @@ -0,0 +1,34 @@ +--- +title: "Secret Vault Details Page" +description: "Secret Vault Details Page" +sidebar_position: 50 +--- + +# Secret Vault Details Page + +The Secret Vault Details page shows additional information for the selected Secret Vault resource. +This page is opened from any linked resource within the various interfaces. + +Secret Vaults are used to store any manually-managed resource, username, or password combination. +Credentials are assigned via Credential Based access policies for password release. See the +[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/credentialbasedpolic/credentials/credentials.md) +topic for additional information. + +![Secrete Vault Details Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/seretvaultdetailspage.webp) + +The details page shows the following information: + +- Name — Displays the name of the resource +- Trashcan icon — Removes the selected resource from being managed by the application. A + confirmation window will display. +- Platform — Displays the type of platform, which defines the resource +- Description — Description of the policy + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +The details page has the following tabs: + +- [Accounts Tab for Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/accountssecretvault/accountssecretvault.md) +- [Sessions Tab for Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/sessionssecretvault.md) +- [History Tab for Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/historysecretvault.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionssecretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/sessionssecretvault.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionssecretvault.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/sessionssecretvault.md index 199d9feb48..9ea91fd42d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionssecretvault.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/sessionssecretvault.md @@ -1,3 +1,9 @@ +--- +title: "Sessions Tab for Secret Vault" +description: "Sessions Tab for Secret Vault" +sidebar_position: 20 +--- + # Sessions Tab for Secret Vault The Sessions tab shows information about the sessions of the selected resource. @@ -9,18 +15,18 @@ The Sessions tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: - Requested — Date and time of when the session was created - Requested By — User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Login Account — Displays the account used to log onto the resource - Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Start — Indicates when the activity started. This refers to when the activity’s actions were executed and not when the user was logged on to the resource. - End — Indicates when the session is scheduled to end the activity, which is determined by the @@ -41,6 +47,6 @@ The table has the following columns: Secure administrator. - Failed — Pre-Session stage of the Activity has encountered an error - Locked — The session has been locked by an Privilege Secure administrator. See the - [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/_category_.json new file mode 100644 index 0000000000..d5c1848b29 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Website Details Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "website" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieswebsite.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/accesspolicieswebsite.md similarity index 81% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieswebsite.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/accesspolicieswebsite.md index c2d455bbf1..ec1ad28ae3 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieswebsite.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/accesspolicieswebsite.md @@ -1,3 +1,9 @@ +--- +title: "Access Policies Tab for Website" +description: "Access Policies Tab for Website" +sidebar_position: 40 +--- + # Access Policies Tab for Website The Access Policies tab shows information about the policies associated with the selected resource. @@ -13,7 +19,7 @@ The Access Policies tab has the following features: The table has the following columns: - Name — Displays the name of the policy. Click the link to view additional details. See the - [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for additional information. + [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional information. - Description — Description of the policy The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historywebsite.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/historywebsite.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historywebsite.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/historywebsite.md index 57a3ce86cb..e32af5a765 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historywebsite.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/historywebsite.md @@ -1,3 +1,9 @@ +--- +title: "History Tab for Website" +description: "History Tab for Website" +sidebar_position: 50 +--- + # History Tab for Website The History tab shows information about the session history of the selected resource. @@ -9,7 +15,7 @@ The History tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: @@ -21,7 +27,7 @@ The table has the following columns: - Time — Date timestamp for when the event occurred - User — User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Access Policy — Displays the name of the policy - Event Message — Description of the event diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionswebsite.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/sessionswebsite.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionswebsite.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/sessionswebsite.md index 714775a684..4490e3dc01 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionswebsite.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/sessionswebsite.md @@ -1,3 +1,9 @@ +--- +title: "Sessions Tab for Website" +description: "Sessions Tab for Website" +sidebar_position: 30 +--- + # Sessions Tab for Website The Sessions tab shows information about the sessions of the selected resource. @@ -9,18 +15,18 @@ The Sessions tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. - Refresh — Reload the information displayed The table has the following columns: - Requested — Date and time of when the session was created - Requested By — User who requested the session. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - Login Account — Displays the account used to log onto the resource - Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Start — Indicates when the activity started. This refers to when the activity’s actions were executed and not when the user was logged on to the resource. - End — Indicates when the session is scheduled to end the activity, which is determined by the @@ -41,6 +47,6 @@ The table has the following columns: Secure administrator. - Failed — Pre-Session stage of the Activity has encountered an error - Locked — The session has been locked by an Privilege Secure administrator. See the - [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. + [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/_category_.json new file mode 100644 index 0000000000..4ba1e0a896 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "URLs Tab for Website", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "urlswebsite" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addwebsiteurl.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addwebsiteurl.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md index 3f0429e71f..678e637bc3 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addwebsiteurl.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md @@ -1,3 +1,9 @@ +--- +title: "Add Website URL Window" +description: "Add Website URL Window" +sidebar_position: 10 +--- + # Add Website URL Window Follow the steps to add or edit a Website URL used by a resource. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlswebsite.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/urlswebsite.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlswebsite.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/urlswebsite.md index fc917511d2..9107f33d68 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlswebsite.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/urlswebsite.md @@ -1,3 +1,9 @@ +--- +title: "URLs Tab for Website" +description: "URLs Tab for Website" +sidebar_position: 10 +--- + # URLs Tab for Website The URLs tab shows information about the URLs associated to the selected resource. For example: @@ -11,7 +17,7 @@ The URLs tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Add — Opens the Add Website URL window. See the - [Add Website URL Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addwebsiteurl.md) topic for additional + [Add Website URL Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/addwebsiteurl.md) topic for additional information. - Edit — Opens the Edit Website URL window. See Edit Website URL for additional information. - Remove — Removes the selected item diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/_category_.json new file mode 100644 index 0000000000..75ee29d716 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Users Tab for Website", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "userswebsite" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanageduser.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanageduser.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md index 01ea478637..3525b4bbd0 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanageduser.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md @@ -1,8 +1,14 @@ +--- +title: "Add a Managed User Window" +description: "Add a Managed User Window" +sidebar_position: 10 +--- + # Add a Managed User Window Manually managed user accounts may be added to the website resource. These accounts can be used for activities on the resource by specifying the username value in the “Login Account Template” field of -the Activity. See the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. +the Activity. See the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. Follow the steps to add or edit a managed user account for the resource. @@ -26,7 +32,7 @@ website. Enter the following information: - Display Name – The friendly name for the account - Username – The account in the exact format specified in the “Login Account Template” field of the Activity, e.g. `domain\user` or `user@domain.com`. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Password – Contains the service account password. The Eye icon can be used to view the password. **Step 5 –** Click **Okay** to accept changes. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/userswebsite.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/userswebsite.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/userswebsite.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/userswebsite.md index 78e71d2acf..28d28c8bd6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/userswebsite.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/userswebsite.md @@ -1,3 +1,9 @@ +--- +title: "Users Tab for Website" +description: "Users Tab for Website" +sidebar_position: 20 +--- + # Users Tab for Website The Users tab shows information about the users on the selected resource. @@ -5,7 +11,7 @@ The Users tab shows information about the users on the selected resource. Manually managed user accounts can be added to the website resource. These accounts are used for activities on the resource. The format in the Username field must be identical to the username format specified in the “Login Account Template” field of the activity. See the -[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. +[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. ![Users Tab for Website Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/websitedetailsuserstab.webp) @@ -14,7 +20,7 @@ The Users tab has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Add — Opens the Add a Managed User window. See the - [Add a Managed User Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addamanageduser.md) topic for additional + [Add a Managed User Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/addamanageduser.md) topic for additional information. - Edit — Opens the Edit a Managed User window. See Edit a Managed User for additional information. - Delete — Removes the selected item from the resource. A confirmation window will display. @@ -26,7 +32,7 @@ The table has the following columns: - Name — Displays the name of the account - User Name — Displays the account name in the exact format specified in the “Login Account Template” field of the Activity, e.g. `domain\user` or `user@domain.com`. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. - Created — Date timestamp when the account was created The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md new file mode 100644 index 0000000000..5c1f653872 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md @@ -0,0 +1,45 @@ +--- +title: "Website Details Page" +description: "Website Details Page" +sidebar_position: 30 +--- + +# Website Details Page + +The Website Details page shows additional information for the selected website resource. This page +is opened from any linked resource within the various interfaces. + +![Website Resource details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/websitedetails.webp) + +The details page shows the following information: + +- Name — Displays the name of the resource +- Trashcan icon — Removes the selected resource from being managed by the application. A + confirmation window will display. +- Platform — Displays the type of platform, which defines the resource +- Logon URL — Displays the primary logon page. This is only used if no URL is specified when + defining a website activity. +- Associated Resource — If the website is hosted on a server that is also managed by Privilege + Secure, it may be associated to the website management. This ensures that AD account operations + are performed on the domain controller the website resource is bound to. +- Associated Domain Controller — A specific domain controller may be associated to the website + management. This ensures that AD account operations are performed on a domain controller the + website will reference for authentication. +- Service Account — Displays the service account associated with the resource +- Blue arrow button — Opens the Service Account details page. See the + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. +- Green plus button — Opens the Add New Service Account window. See the + [Add New Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addnewserviceaccount.md) topic for + additional information. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +The details page has the following tabs: + +- [URLs Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/urlswebsite/urlswebsite.md) +- [Users Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/userswebsite/userswebsite.md) +- [Sessions Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/sessionswebsite.md) +- [Access Policies Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/accesspolicieswebsite.md) +- [History Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/historywebsite.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/passwordresetoptions.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/passwordresetoptions.md similarity index 81% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/passwordresetoptions.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/passwordresetoptions.md index 7b9e092ed4..537a546acc 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/passwordresetoptions.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/passwordresetoptions.md @@ -1,3 +1,9 @@ +--- +title: "Password Reset Options Window" +description: "Password Reset Options Window" +sidebar_position: 40 +--- + # Password Reset Options Window The Password Reset option control password resets for the selected account. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/removeresource.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/removeresource.md similarity index 93% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/removeresource.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/removeresource.md index 7526ab7d9f..6d0d64443e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/removeresource.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/removeresource.md @@ -1,3 +1,9 @@ +--- +title: "Remove Resource Window" +description: "Remove Resource Window" +sidebar_position: 50 +--- + # Remove Resource Window Use the Remove Resources window to remove a selected resource from the database. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/_category_.json new file mode 100644 index 0000000000..04b1483bf6 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Resource Groups Page", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "resourcegroups" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcestogroup.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/addresourcestogroup.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcestogroup.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/addresourcestogroup.md index 204097d8a2..686e350632 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcestogroup.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/addresourcestogroup.md @@ -1,3 +1,9 @@ +--- +title: "Add Resources Window for Resource Group" +description: "Add Resources Window for Resource Group" +sidebar_position: 20 +--- + # Add Resources Window for Resource Group Follow the steps to add resources to a resource group. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/resourcegroup.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroup.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/resourcegroup.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroup.md index 0a529d7714..bb0c0bea4d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/resourcegroup.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroup.md @@ -1,3 +1,9 @@ +--- +title: "Add a Resource Group" +description: "Add a Resource Group" +sidebar_position: 10 +--- + # Add a Resource Group Follow the steps to add resource groups to the console. @@ -39,7 +45,7 @@ Follow the steps to add resource groups to the console. **Step 5 –** With the new resource group selected, configure the following settings: - Add resources to the resource group. See the - [Add Resources Window for Resource Group](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcestogroup.md) topic for + [Add Resources Window for Resource Group](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/addresourcestogroup.md) topic for additional information. The new resource group is added to the console and is shown in the Resource Groups list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resourcegroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroups.md similarity index 90% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resourcegroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroups.md index 8bf9f0ceb2..99019fc5d8 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resourcegroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroups.md @@ -1,3 +1,9 @@ +--- +title: "Resource Groups Page" +description: "Resource Groups Page" +sidebar_position: 70 +--- + # Resource Groups Page The Resources Groups page is accessible from the Navigation pane under Resources. It shows the @@ -11,7 +17,7 @@ has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. -- Blue + button — Create a resource group. See the [Add a Resource Group](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/resourcegroup.md) +- Blue + button — Create a resource group. See the [Add a Resource Group](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/resourcegroup.md) topic for additional information. - Copy icon — Duplicates the resource group. Icon appears when group is hovered over. - Trashcan icon — Deletes the resource group. Icon appears when group is hovered over. A @@ -37,7 +43,7 @@ based on the type of resource group: - Manage Local Administrator Accounts — Indicates whether or not local Administrator accounts on resources in this group should be automatically managed when the resource is on-boarded. The account to be managed will correspond with the Built-in Account field on the resource's platform. - See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information. + See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information. - Off (Do Not Manage Accounts) — Do not manage any Local Administrator accounts on the resources in the selected group @@ -54,7 +60,7 @@ The table has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Add — Opens the Add Resources window. See the - [Add Resources Window for Resource Group](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcestogroup.md) topic for + [Add Resources Window for Resource Group](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resourcegroups/addresourcestogroup.md) topic for additional information. - Remove — Removes the selected item from the group - Manage — Set the selected account to be managed by Privilege Secure. This button is only available @@ -62,11 +68,11 @@ The table has the following features: will display.. Password rotation can be set to automatic or manual for managed accounts. - Unmanage — Remove the account from being managed by Privilege Secure - Change Platform — Opens the Change Platform window to modify the type of platform for the selected - host resource. See the [Change Platform Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.md) topic for + host resource. See the [Change Platform Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeplatform.md) topic for additional information. - Change Service Account — Opens the Change Service Account window to modify the service account associated with the selected host resource. See the - [Change Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeserviceaccount.md) topic for additional + [Change Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeserviceaccount.md) topic for additional information. - Schedule Rotation — Add the credential rotation task to the queue. This button is only available when the Method is Automatic managed. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md new file mode 100644 index 0000000000..d23cc42b08 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md @@ -0,0 +1,88 @@ +--- +title: "Resources Page" +description: "Resources Page" +sidebar_position: 50 +--- + +# Resources Page + +The Resources page shows information for onboarded resources, such as active and scheduled sessions, +policies, and service accounts for the host resources and domain resources that have been added to +the console. The Resources page displays the same information as the +[Resources Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md). + +![Resources page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resourcespage.webp) + +The Resources table has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: + + - Type— Filter by the type of resource: All, Host, Domain, Website, Azure AD, Secret Vault, or + Database. The drop-down menu the definition for each Type icon used in the table. + +- Add — Opens a list of available resources to add. The Add list contains the following options: + + - New Server — Opens the Add Resources window to onboard new servers. See the + [Add Resources Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md) topic for additional + information. + - New Domain — Opens the Domain Details page for a new domain. See the + [Add New Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/domain.md) topic for additional information. + - New Website — Opens the Website Details page for a new website. See the + [Add New Website](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/website.md) topic for additional information. + - New Microsoft Entra ID (formerly Azure AD) Tenant — Opens the Microsoft Entra ID Tenant + Details page for a new tenant. See the + [Add New Microsoft Entra ID Tenant](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/entraidtenant.md) topic for additional information. + - New Secret Vault — Opens the Secret Vault Details page for a new vault. See the + [Add Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/secretvault/secretvault.md) topic for additional information. + - New Database — Opens the Databse Details page for a new database. See the + [Add New Database](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/database.md)topic for additional information. + +- Remove — Removes the selected resource from being managed by the application. A confirmation + window will display. See the [Remove Resource Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/removeresource.md) topic + for additional information. +- Change Platform — Opens the Change Platform window to modify the type of platform for the selected + host resource. See the [Change Platform Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeplatform.md) topic for + additional information. +- Change Service Account — Opens the Change Service Account window to modify the service account + associated with the selected host resource. See the + [Change Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/changeserviceaccount.md) topic for additional + information. +- Scan Resource — Scans a host resource for local users, groups, windows services, and scheduled + tasks. A confirmation window will display.. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic + for additional information. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Type — Icon indicates the type of object +- Resource — Displays the name of the resource. Click the link to view additional details. The + details vary based on the type of resource. + + - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md) + - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) + - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/website/website.md) + - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/entraid/entraid.md) + - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/secretvault/secretvault.md) + - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/databases/databases.md) + +- Operating System — Displays the operating system of the resource +- Active — Displays the number of active sessions on the resource +- Scheduled — Displays the number of sessions scheduled for the resource +- Access Policies — Displays the number of access policies associated with the resource +- Protection Policies — Displays the number of protection policies associated with the resource +- DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource +- IP Address — Displays the IP address for the resource +- Domain — Displays the domain name for the resource. Click the link to view additional details. See + the [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) topic for additional information. +- Service Account — Displays the service account associated with the resource. Click the link to + view additional details. See the + [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional + information. +- Platform — Displays the type of platform, which defines the resource. See the + [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/platforms/overview.md) topic for additional information. +- Last Scanned — Date timestamp for the last time the resource was scanned + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/testresourceconnectivity.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/testresourceconnectivity.md similarity index 80% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/testresourceconnectivity.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/testresourceconnectivity.md index 775cdf868b..4678d702da 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/testresourceconnectivity.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/testresourceconnectivity.md @@ -1,3 +1,9 @@ +--- +title: "Test Resource Connectivity Window" +description: "Test Resource Connectivity Window" +sidebar_position: 20 +--- + # Test Resource Connectivity Window Follow the steps to test the host resource connectivity: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/_category_.json new file mode 100644 index 0000000000..a95f677d60 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Service Accounts Page", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "serviceaccounts" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/entraidappregistration.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/entraidappregistration.md similarity index 92% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/entraidappregistration.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/entraidappregistration.md index ffbb858998..56d05e4826 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/integrationdetails/entraidappregistration.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/entraidappregistration.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Entra ID App Registration" +description: "Microsoft Entra ID App Registration" +sidebar_position: 20 +--- + # Microsoft Entra ID App Registration To create a Microsoft Entra ID (formerly Azure AD) service account and add an Microsoft Entra ID @@ -78,11 +84,11 @@ registration instead of User Administrator. clicking **Assign**. The service account can now be added to Privilege Secure, using the Application (Client) ID and -Client Secret. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional +Client Secret. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) topic for additional information. Add the Microsoft Entra ID Tenant resource to Privilege Secure using the Tenant ID. See the -[Add New Microsoft Entra ID Tenant](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/entraidtenant.md) topic for additional +[Add New Microsoft Entra ID Tenant](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/entraidtenant.md) topic for additional information. ## Rotate a Microsoft Entra ID Account Password in a Hybrid Tenant diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccount.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccount.md new file mode 100644 index 0000000000..da08f69e12 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccount.md @@ -0,0 +1,26 @@ +--- +title: "Add Service Account" +description: "Add Service Account" +sidebar_position: 10 +--- + +# Add Service Account + +Follow the steps to add a service account to the console. + +**Step 1 –** Navigate to the Configuration > Service Accounts page. + +**Step 2 –** In the Service Account list, click the Plus icon. + +![Add Service Account](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addserviceaccount.webp) + +**Step 3 –** Enter the applicable information. See the +[Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) section for detailed descriptions of the fields. + +- For service accounts checked out through a vault connector, select a previously added vault + connector from the drop-down list. See the + [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/integrationbyov.md) topic for additional information. + +**Step 4 –** Click Save to create the new service account. + +The new service account is added to the Service Accounts list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md new file mode 100644 index 0000000000..0cffaae4fc --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md @@ -0,0 +1,81 @@ +--- +title: "Service Accounts Page" +description: "Service Accounts Page" +sidebar_position: 10 +--- + +# Service Accounts Page + +The Service Accounts page is accessible from the Navigation pane under Configuration. It shows the +configured service accounts required by Privilege Secure services. + +![serviceaccountpage](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccountpage.webp) + +The pane on the left side of the page displays a list of the configured service accounts. This pane +has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Green + button — Create a new service account. See the + [Add Service Account](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccount.md) topic for additional information. +- Trashcan icon — Deletes the service account. Icon appears when activity is hovered over. A + confirmation window will display. + +The selected service account details display at the top of the main pane: + +- Name — Displays the name of the account +- Description — Description of the policy +- Platform — Displays the type of platform, which defines the resource +- Domain — Displays the domain name for the account. This field does not apply to Microsoft Entra + ID platforms. +- Address — Displays the CyberArk address. This field only applies to CyberArk vault connectors. +- Username — Displays the name of the credential. This field does not apply to Microsoft Entra + ID platforms. +- App ID — Displays the globally unique identifier for the targeted app registered in the Active + Directory tenant. This field only applies to Microsoft Entra ID platforms. See the + [Microsoft Entra ID App Registration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/entraidappregistration.md) for + additional information. +- Elevation Command — Displays the elevation mechanism for the host, such as: sudo, pbrun, pmrun, + dzdo, etc.. This field only applies to Linux platforms. +- Vault Connector — Displays the name of the assigned vault connector. See the + [Bring Your Own Vault (BYOV) Integration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/integrationconnector/integrationbyov/integrationbyov.md) topic for additional + information. +- Authentication: + + - Enable Password — Temporarily elevates the Service Account to `Privileged EXEC` mode, allowing + the account to manage the users and privileges required by Privilege Secure workflows on Cisco + resources. The Enable Password can be used with any existing user account on the Cisco device + (privilege level 1 - 15). This field only applies to Cisco platforms. + - Authentication Method — Displays the method by which a service account is authenticated. This + field only applies to Linux platforms. + + - Password — Use a password to use for authentication + - SSH Certificate — Use an SSH certificate to use for authentication + - SSH Certificate and Password — Use both a password and an SSH certificate to use for + authentication + + - Password — Contains the service account password. The Eye icon can be used to view the + password. This field does not apply to Microsoft Entra ID platforms. + - Private Key — Displays a private key to use in conjunction with a passphrase. This field only + applies to Linux platforms with SSH Certificate or SSH Certificate and Password authentication + methods are selected. + - SSH Passphrase — Displays an SSH passphrase to use for authentication. This field only applies + to Linux platforms with SSH Certificate or SSH Certificate and Password authentication methods + are selected. + - App Secret — Displays the security token for the targeted app registered in the tenant. This + field only applies to Microsoft Entra ID platforms. See the + [Microsoft Entra ID App Registration](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/entraidappregistration.md) for + additional information. + - Safe — Displays the CyberArk safe where the login account is stored. This field only applies + to CyberArk vault connectors. + - Folder — Displays the CyberArk folder where the login account is stored. This field only + applies to CyberArk vault connectors. + - Library — Displays the library where the login account is stored. This field only applies to + HashiCorp vault connectors. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. + +Th "Service Account is Managed by Privilege Secure when the account has been configured to be +managed by the application. See the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentials.md) topic for +additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/_category_.json new file mode 100644 index 0000000000..b82ffee88b --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Service Nodes", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/scheduledtasks.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/scheduledtasks.md new file mode 100644 index 0000000000..b9a1d74318 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/scheduledtasks.md @@ -0,0 +1,26 @@ +--- +title: "Scheduled Tasks Page" +description: "Scheduled Tasks Page" +sidebar_position: 20 +--- + +# Scheduled Tasks Page + +On the Scheduled Tasks page, view scheduled tasks run by the console. + +![Scheduled Tasks Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtaskspage.webp) + +The Scheduled Tasks page has the following features: + +- Search — Searches the Task Name column to match the search string. When matches are found, the + table is filtered to the matching results. +- Column headers can be sorted by ascending or descending order: + + - Task Name — Name of the scheduled task + - Last Run Time — Last run timestamp + - Next Run Time — Indicates the next time the task is scheduled to run + - Recurrence — Scheduled recurrence + - Last Status — Status of scheduled task + +- View Logs button — Click to view logs for the selected task +- Refresh – Reload the information displayed diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/_category_.json new file mode 100644 index 0000000000..1a09410a2d --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Service Nodes Page", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "servicenodes" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/action.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/action.md similarity index 97% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/action.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/action.md index 92c4339552..aaf3722aec 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/action.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/action.md @@ -1,3 +1,9 @@ +--- +title: "Action Service" +description: "Action Service" +sidebar_position: 10 +--- + # Action Service On the Action Services page, view or modify action services. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/email.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/email.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/email.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/email.md index c78998bae9..24c7c96276 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/email.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/email.md @@ -1,3 +1,9 @@ +--- +title: "Email Service" +description: "Email Service" +sidebar_position: 20 +--- + # Email Service On the Email Services page, add and configure the settings used for email notifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/proxy.md similarity index 80% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/proxy.md index 547d2e30a4..be050489ea 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/proxy.md @@ -1,3 +1,9 @@ +--- +title: "Proxy Service" +description: "Proxy Service" +sidebar_position: 30 +--- + # Proxy Service The Proxy Service page shows the details of the selected service on the host. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/scheduler.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/scheduler.md new file mode 100644 index 0000000000..250c95a426 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/scheduler.md @@ -0,0 +1,57 @@ +--- +title: "Scheduler Service" +description: "Scheduler Service" +sidebar_position: 40 +--- + +# Scheduler Service + +On the Scheduler Service page, view information for scheduled services. + +![Scheduler service Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/page.webp) + +The Scheduler Service page shows details of the selected service and has the following features: + +- Statistics Tab +- Action Queues Tab + +## Statistics Tab + +The Statistics tab shows an overview of the actions for the past 24 hours. + +![statisticstab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/statisticstab.webp) + +The Statistics tab shows the total number of actions for each of the following statuses: + +- Unknown +- Pending +- Queued +- Running +- Complete +- Failed +- Canceled +- Completed With Errors +- Completed Not Run + +## Action Queues Tab + +The Action Queues tab shows all scheduled services. + +![actionqueuestab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/actionqueuestab.webp) + +The Action Queues table has the following features: + +- Search – Searches the columns to match the search string. When matches are found, the table is + filtered to the matching results. +- Refresh button – Reload the information displayed +- Column headers can be sorted by ascending or descending order: + + - Start Time – Indications when the action started + - End Time – Indications when the action completed + - Job Name – Name of the scheduled action + - AQ Status – Status of the service + - AQ Status Description – Describes the status type + - Activity Status – Shows status information for the action: + + - Complete – Action completed successfully + - Failed – Action failed diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/servicenodes.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/servicenodes.md similarity index 77% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/servicenodes.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/servicenodes.md index 47495bb959..387ae2cacf 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/servicenodes.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/servicenodes.md @@ -1,3 +1,9 @@ +--- +title: "Service Nodes Page" +description: "Service Nodes Page" +sidebar_position: 10 +--- + # Service Nodes Page On the Service Nodes page, configure the services for each installed service node. @@ -19,8 +25,8 @@ The left of the page lists the Service Nodes and the services running on them: The right of the page shows details of the selected service: -- [Action Service](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/action.md) -- [Email Service](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/email.md) -- [Proxy Service](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md) -- [Scheduler Service](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md) -- [SIEM Service](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/siem.md) +- [Action Service](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/action.md) +- [Email Service](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/email.md) +- [Proxy Service](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/proxy.md) +- [Scheduler Service](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/scheduler.md) +- [SIEM Service](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/siem.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/siem.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/siem.md similarity index 94% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/siem.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/siem.md index 200c00d919..8b7cd58db3 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/siem.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/siem.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Service" +description: "SIEM Service" +sidebar_position: 50 +--- + # SIEM Service The SIEM Service shows the SIEM-specific details for the selected service. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/_category_.json new file mode 100644 index 0000000000..4fb76016a9 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "SIEM Pages", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemserver.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemserver.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemserver.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemserver.md index 649e8da618..aa2f6e9d58 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemserver.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemserver.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Server Page" +description: "SIEM Server Page" +sidebar_position: 10 +--- + # SIEM Server Page The SIEM Server page is accessible from the Navigation pane under Configuration > SIEM. Privilege diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemtemplates.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemtemplates.md index 9a909f642a..c2d808fe31 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/siempages/siemtemplates.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Templates Page" +description: "SIEM Templates Page" +sidebar_position: 20 +--- + # SIEM Templates Page The SIEM Templates page is accessible from the Navigation pane under Configuration > SIEM. Privilege diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/_category_.json new file mode 100644 index 0000000000..42863f9bd5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "System Settings Pages", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/actionservicesettings.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/actionservicesettings.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/actionservicesettings.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/actionservicesettings.md index 818854304d..67a2450498 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/actionservicesettings.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/actionservicesettings.md @@ -1,3 +1,9 @@ +--- +title: "Action Service Settings Page" +description: "Action Service Settings Page" +sidebar_position: 10 +--- + # Action Service Settings Page The Action Service Settings page is accessible from the Navigation pane under Configuration > System diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/database.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/database.md new file mode 100644 index 0000000000..9a8f5fae09 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/database.md @@ -0,0 +1,35 @@ +--- +title: "Database Page" +description: "Database Page" +sidebar_position: 20 +--- + +# Database Page + +The Database page is accessible from the Navigation pane under Configuration > System Settings. It +shows all database settings for either PostgreSQL or SQL server, depending on what was initially +configured during installation. + +## PostgreSQL Database Settings + +![Configuration system settings Database Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/databasepage.webp) + +The Database Settings page displays the following settings for PostgreSQL: + +- Host — The resource the database is using +- Port — Port number of the server proxy +- Database — The database the resource is using +- Service Status — Displays the current status of the database service +- Name — Identifier for the database setting +- Value — Value of the setting + +## SQL Server Database Settings + +![SQL Server Database Settings Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/sqldatabasepage.webp) + +The Database Settings page displays the following settings for SQL Server: + +- Host — The resource the database is using +- Port — Port number of the server proxy +- Database — The database the resource is using +- Service Status — Displays the current status of the database service diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/emailconfiguration.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/emailconfiguration.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/emailconfiguration.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/emailconfiguration.md index cbc3565e51..f5142ae895 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/emailconfiguration.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/emailconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Email Configuration Page" +description: "Email Configuration Page" +sidebar_position: 30 +--- + # Email Configuration Page The Email Configuration page is accessible from the Navigation pane under Configuration > System diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/globalsettings.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/globalsettings.md new file mode 100644 index 0000000000..9c747f77a3 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/globalsettings.md @@ -0,0 +1,31 @@ +--- +title: "Global Settings Page" +description: "Global Settings Page" +sidebar_position: 40 +--- + +# Global Settings Page + +The Global Settings page is accessible from the Navigation pane under **Configuration** > **System +Settings**. It shows all global RDP session settings. + +![globalsettingspage](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettingspage.webp) + +The right of the page shows details of the RDP file settings and has the following features: + +- Edit — Click any field to edit the selected settings +- Name — Name of the selected settings +- Allowed Resolutions — Check the boxes to enable those resolutions for the RDP session +- Default Resolution — The resolution the RDP session will use when first connected +- Certificate Thumbprint — The hexadecimal certificate (or thumbprint) value. See the + [Sign RDP Files to Prevent Publisher Warning](/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md#sign-rdpfiles-to-prevent-publisher-warning) + topic for additional information. +- WinRM HTTP Setting– This setting governs the HTTP encryption settings that will be used for WinRM + connections. The following options are available: + - Use HTTP + - Use HTTPS if available + - Use HTTPS only +- UI Idle Timeout Options — Users with the Administrator role can configure the idle timeout for the + Privilege Secure Console. The default idle timeout is 10 minutes. +- Save button (only visible when editing) — Saves changes +- Cancel button (only visible when editing) — Discards changes diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/localaccountpasswordoptions.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/localaccountpasswordoptions.md similarity index 86% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/localaccountpasswordoptions.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/localaccountpasswordoptions.md index 217abca627..200c7979ad 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/localaccountpasswordoptions.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/localaccountpasswordoptions.md @@ -1,3 +1,9 @@ +--- +title: "Local Account Password Options Page" +description: "Local Account Password Options Page" +sidebar_position: 50 +--- + # Local Account Password Options Page The Local Account Password Options page is accessible from the Navigation pane under Configuration > diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/passwordhistoryoptions.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/passwordhistoryoptions.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/passwordhistoryoptions.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/passwordhistoryoptions.md index 2904e0163f..c02822416e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/passwordhistoryoptions.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/passwordhistoryoptions.md @@ -1,3 +1,9 @@ +--- +title: "Password History Options Page" +description: "Password History Options Page" +sidebar_position: 60 +--- + # Password History Options Page The Password History Options page is accessible from the Navigation pane under Configuration > diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/services.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/services.md new file mode 100644 index 0000000000..83e537c245 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/services.md @@ -0,0 +1,32 @@ +--- +title: "Services Page" +description: "Services Page" +sidebar_position: 70 +--- + +# Services Page + +The Services page is accessible from the Navigation pane under Configuration > System Settings. +Configure and register services on the Web Service host. + +After a website certificate is installed in IIS, it is necessary to update the Netwrix Privilege +Secure web services to ensure they are calling the correct URL. If the Web Services are set to the +wrong address, the services will show offline in the Services Node area. + +![Service Settings page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/servicessettingspage.webp) + +**NOTE:** Make sure that the web certificate is updated in IIS prior to setting a new value in +Netwrix Privilege Secure. It is important to ensure the Binding Hostname in IIS, the certificate +Subject, and the NPS Rest URL value in the Services page exactly match. + +**NOTE:** + +The Services Settings page has the following features: + +- NPS Rest URL — The full qualified domain name (FQDN) of the new IIS web certificate +- Ignore HTTPS Certificate Errors — When checked, the console will ignore any HTTPS certificate + errors (not recommended for production environments) +- Register Services — Applies the new URL value to the Netwrix Privilege Secure web services and + re-registers them +- Save button (only visible when editing) — Saves changes +- Cancel button (only visible when editing) — Discards changes diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/_category_.json new file mode 100644 index 0000000000..3ee2032941 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Users & Groups Page", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "usersgroups" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/_category_.json new file mode 100644 index 0000000000..79b29138bb --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Add", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md similarity index 92% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md index 90c1a6ac21..4dbd46877e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md @@ -1,7 +1,13 @@ +--- +title: "Add Users & Groups Window" +description: "Add Users & Groups Window" +sidebar_position: 10 +--- + # Add Users & Groups Window The Add Users & Groups window allows you to select users. From the -[Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md), this window is used to onboard users. From other +[Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md), this window is used to onboard users. From other interfaces, this window is used to select onboarded users. ![Add Users and Groups to the console](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersgroupstoconsole.webp) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/application.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/application.md new file mode 100644 index 0000000000..5c6478c5cf --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/application.md @@ -0,0 +1,35 @@ +--- +title: "Add Application" +description: "Add Application" +sidebar_position: 20 +--- + +# Add Application + +Applications are a special type of user that allow external entities to interact with Privilege +Secure via the REST API interface. Capabilities within the product are identical to standard users +with the exception that Applications are not able to log on through the product UI. Each Application +has a unique name that is used to identify the application calling the API; authentication is via a +combination of certificate serial number and API key. + +![addapplication](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addapplication.webp) + +Follow the steps to add an Application to an Access Policy. + +**Step 1 –** Navigate to the Users & Groups page. + +**Step 2 –** Click Add Application. + +**Step 3 –** Enter a new Application Name in the provided field. This will be displayed to represent +the application. + +**Step 4 –** Enter a Certificate Serial Number in the provided field. This is the serial number of +the client certificate used to authenticate the application. The certificate should be signed by a +Certificate Authority (CA). Ensure the certificate is trusted by IIS by adding the CA trusted root +certificate to the Trusted Root Certification Authorities on the Privilege Secure server. + +**Step 5 –** Enter the API Key. This is the unique key used as part of Application authentication. + +**Step 6 –** Click the Save button when finished. + +The new Applicationhas been added to the the Users & Groups page. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/localuser.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/localuser.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/localuser.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/localuser.md index fbc2bd731b..a3278abf60 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/localuser.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/localuser.md @@ -1,3 +1,9 @@ +--- +title: "Add Local User" +description: "Add Local User" +sidebar_position: 30 +--- + # Add Local User Privilege Secure allows for the provisioning of local users. Local users exist locally in the @@ -23,4 +29,4 @@ maintain the password entered in step 4. **Step 6 –** Click the Save button when finished. -Once saved, users can view the new Local User on the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md). +Once saved, users can view the new Local User on the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/_category_.json new file mode 100644 index 0000000000..de183ac875 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Role Management Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "rolemanagement" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/customrole.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/customrole.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/add/customrole.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/customrole.md index 561b519db2..05229e58d7 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/customrole.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/customrole.md @@ -1,3 +1,9 @@ +--- +title: "Add Custom Role" +description: "Add Custom Role" +sidebar_position: 10 +--- + # Add Custom Role The Add Role window allows users to add a role to Privilege Secure's Users & Groups Role Management @@ -25,5 +31,5 @@ Follow the steps below to add a role to the Users & Groups Role Management modu **Step 5 –** Click the Save button. Once saved, the next step is to assign Permissions and users to this role. See the -[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md) topic for additional +[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md new file mode 100644 index 0000000000..a2ef0fce78 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md @@ -0,0 +1,31 @@ +--- +title: "Role Management Page" +description: "Role Management Page" +sidebar_position: 30 +--- + +# Role Management Page + +The Role Management page is accessible from the Navigation pane under Users & Group. It provides +details on all available roles for Privilege Secure users. There are default roles, and custom roles +can be created. + +![rolemanagementpage](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagementpage.webp) + +The pane on the left side of the page displays a list of the configured roles. This pane has the +following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Blue + button — Create a new role. See the [Add Custom Role](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/customrole.md) for additional + information. +- Copy icon — Clones a role and adds a new entry to the Role list +- Trashcan icon — Deletes the access policy. Icon appears when policy is hovered over. A + confirmation window will display. + +**NOTE:** The default Administrator, User, and Reviewer roles cannot be copied, deleted, or +modified. Only custom roles can be copied, deleted, or modified. + +The details that display the main pane vary based on the type of role selected. See the +[Default Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/rolemanagementdefault.md) and the +[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md) topics for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/_category_.json new file mode 100644 index 0000000000..29608f6b97 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Custom Role Details Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "rolemanagementcustom" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandgroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandgroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md index dd8a425860..a8a14038c1 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandgroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md @@ -1,7 +1,13 @@ +--- +title: "Add Activities and Groups Window" +description: "Add Activities and Groups Window" +sidebar_position: 30 +--- + # Add Activities and Groups Window The Add Activities and Groups window provides a list of Activities that have been created. -Activities are created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md). +Activities are created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md). ![Add activities and activity groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) @@ -53,4 +59,4 @@ Available Activities list. **Step 6 –** Click Add to add the activities and activity groups to the access policy. The new activities and activity groups are added to the access policy and are shown in the -[Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md). +[Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/resourcebasedpolicyt/activities/activities.md). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addpolicies.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addpolicies.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md index ed1a5f1b10..98b2d9d73a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addpolicies.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md @@ -1,7 +1,13 @@ +--- +title: "Add Policies Window" +description: "Add Policies Window" +sidebar_position: 20 +--- + # Add Policies Window The Add Policies window provides a list of Policies that have been created. Policies are created in -the [ Policy Interface](/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md). +the [ Policy Interface](/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface.md). ![Add Policies to a Custom Role Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addaccounttopolicies.webp) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandgroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandgroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md index a01aa1ed7c..fd8dcd9274 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandgroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md @@ -1,7 +1,13 @@ +--- +title: "Add Resources and Groups Window" +description: "Add Resources and Groups Window" +sidebar_position: 40 +--- + # Add Resources and Groups Window The Add Resources And Groups window provides a list of resources that have been onboarded. Resources -are onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). +are onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md). ![Add resources and rescource groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandresourcegroups.webp) @@ -22,7 +28,7 @@ Both tables have the following columns: - Checkbox — Check to select one or more items - Type — Classification of the activity - Name — Displays the name of the resource. Click the link to view additional details. See the - [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) topic for addition information. + [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) topic for addition information. - Operating System— Displays the operating system of the resource ## Add Resources diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addroleusers.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addroleusers.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md index 12d0313169..9cfe15031e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addroleusers.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md @@ -1,7 +1,13 @@ +--- +title: "Add Role Users Window" +description: "Add Role Users Window" +sidebar_position: 50 +--- + # Add Role Users Window The Add Role Users window provides a list of users that have been onboarded. Users are onboarded in -the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md). It allows users to be added to a custom role. +the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md). It allows users to be added to a custom role. ![Add Role Users Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addroleusers.webp) @@ -34,7 +40,7 @@ Follow the steps below to add a role user to a custom role. **Step 1 –** Navigate to the **Users & Groups** > **Role Management** page. **Step 2 –** In the Role list, click the name of the desired custom role to open the -[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md). +[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md). **Step 3 –** Click the **Add Role Users** button. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/changepermissions.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md similarity index 79% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/changepermissions.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md index 39800cfd44..928031125b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/changepermissions.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md @@ -1,3 +1,9 @@ +--- +title: "Change Permission Assignment" +description: "Change Permission Assignment" +sidebar_position: 10 +--- + # Change Permission Assignment Follow the steps to add or remove permission assignments from a custom role. @@ -15,5 +21,5 @@ custom role. Click the add selections Green Arrow. remove from this custom role. Click the remove selections Red Arrow. Selected permissions have been added or removed from the custom role. See the -[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md) topic for additional +[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md similarity index 87% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md index 0082ad461e..7c01c2230d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/rolemanagementcustom.md @@ -1,3 +1,9 @@ +--- +title: "Custom Role Details Page" +description: "Custom Role Details Page" +sidebar_position: 30 +--- + # Custom Role Details Page The Role Management page is accessible from the Navigation pane under Users & Group. It provides @@ -19,7 +25,7 @@ the following features: - Filter — Provides options to filter results based on a chosen criterion: User, Group, Application, Collection, and Local User - Add Role User — Opens Add Role Users window. See the - [Add Role Users Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addroleusers.md) topic for additional + [Add Role Users Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addroleusers.md) topic for additional information. - Remove — Removes console access from the selected account. This button is specific to the table in the Users role assignment section at the bottom. @@ -31,7 +37,7 @@ The Users role assignment section table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object - Name — Displays the name of the account. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for additional + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Name — Displays the sAMAccountName for the account - User Principal Name — Displays the UPN value for the account @@ -60,7 +66,7 @@ Available permissions include: the Resources tab to scope the permission to specific Resources. All custom roles, no matter what permissions are granted, can be scoped to specific policies. See -the [Change Permission Assignment](/docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/changepermissions.md) topic for additional +the [Change Permission Assignment](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/changepermissions.md) topic for additional information. ## Policy Tab @@ -73,7 +79,7 @@ The Policy tab for a custom role has the following features: table or list is filtered to the matching results. This search is specific to the table in the Policies tab. - Add Policies — Opens the Add Policies window. See the - [Add Policies Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addpolicies.md) topic for additional information. + [Add Policies Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addpolicies.md) topic for additional information. - Remove — Removes console access from the selected account.This button is specific to the table in the Policies tab. - Refresh — Reload the information displayed. This button is specific to the table in the Policies @@ -83,7 +89,7 @@ The Policies tab table has the following columns: - Checkbox — Check to select one or more items - Name — Displays the name of the policy. Click the link to view additional details. See the - [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for additional information. + [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional information. - Description — Description of the policy ## Users Tab @@ -98,7 +104,7 @@ The Users tab for a custom role has the following features: - Type — Provides options to filter results based on a chosen criterion: User, Group, Application, Collection, and Local User - Add Users— Opens the Add Users and Groups window. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for additional + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional information. - Remove — Removes console access from the selected account.This button is specific to the table in the Policies tab. @@ -110,7 +116,7 @@ The Users tab table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object - Name — Displays the name of the account. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for additional + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Name — Displays the sAMAccountName for the account - User Principal Name — Displays the UPN value for the account @@ -128,7 +134,7 @@ The Activities tab for a custom role has the following features: Activities tab. - Type — Provides options to filter results based on a chosen criterion: Activity or Activity Group - Add Activities — Opens the Add Activities and Activity Groups window. See the - [Add Activities and Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandgroups.md) topic for + [Add Activities and Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addactivitiesandgroups.md) topic for additional information. - Remove — Removes console access from the selected account.This button is specific to the table in the Policies tab. @@ -140,7 +146,7 @@ The Activities tab table has the following columns: - Checkbox — Check to select one or more items - Type — Classification of the activity - Name — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. ## Resources Tab @@ -153,7 +159,7 @@ The Resources tab for a custom role has the following features: Resources tab. - Type — Provides options to filter results based on a chosen criterion: Resource or Resource Group - Add Resources — Opens the Add Resources and Groups window. See the - [Add Resources and Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandgroups.md) topic for + [Add Resources and Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementcustom/addresourcesandgroups.md) topic for additional information. - Remove — Removes console access from the selected account.This button is specific to the table in the Policies tab. @@ -164,7 +170,7 @@ The Resources tab table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object -- Name — Displays the name of the resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) topic for +- Name — Displays the name of the resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) topic for additional information. - Operating System — Displays the operating system of the resource @@ -183,7 +189,7 @@ The Role Users has the following features: - Type — Provides options to filter results based on a chosen criterion: User, Group, Application, Collection, and Local User - Add Role Users— Opens the Add Users and Groups window. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for additional + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional information. - Remove — Removes console access from the selected account. This button is specific to the table in the Policies tab. @@ -195,7 +201,7 @@ The Role Users table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object - Name — Displays the name of the account. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for additional + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Name — Displays the sAMAccountName for the account - User Principal Name — Displays the UPN value for the account diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/_category_.json new file mode 100644 index 0000000000..d0f5bf588e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Default Role Details Page", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "rolemanagementdefault" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addadministrators.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addadministrators.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md index a94775e407..97b0243e1d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addadministrators.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md @@ -1,7 +1,13 @@ +--- +title: "Add Administrators Window" +description: "Add Administrators Window" +sidebar_position: 10 +--- + # Add Administrators Window The Add Administrators window provides a list of users that have been onboarded. Users are onboarded -in the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md). +in the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md). ![Add Administrators Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addadministrators.webp) @@ -29,7 +35,7 @@ The tables in both sections have the following columns: ## Select Users Follow the steps to grant users the Administrator role. See the -[Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md) section for a list of roles and their +[Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md) section for a list of roles and their functions. **Step 1 –** Navigate to the **Users & Groups** > Role Management page. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addreviewers.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md similarity index 88% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addreviewers.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md index 13d49d820f..1d8c0c2ae0 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addreviewers.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md @@ -1,7 +1,13 @@ +--- +title: "Add Reviewers Window" +description: "Add Reviewers Window" +sidebar_position: 20 +--- + # Add Reviewers Window The Add Reviewers window provides a list of users that have been onboarded. Users are onboarded in -the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md). +the [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md). ![Add Reviews Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addreviewers.webp) @@ -29,7 +35,7 @@ The tables in both sections have the following columns: ## Select Users Follow the steps to grant users the Reviewer role. See the -[Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md) section for a list of roles and their +[Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md) section for a list of roles and their functions. **Step 1 –** Navigate to the **Users & Groups** > Role Management page. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementdefault.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/rolemanagementdefault.md similarity index 79% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementdefault.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/rolemanagementdefault.md index 7ee66c1f69..fc99b33b65 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementdefault.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/rolemanagementdefault.md @@ -1,3 +1,9 @@ +--- +title: "Default Role Details Page" +description: "Default Role Details Page" +sidebar_position: 20 +--- + # Default Role Details Page The Role Management page is accessible from the Navigation pane under Users & Group. It provides @@ -17,20 +23,20 @@ display at the top of the main pane with the following features: - Add User — The Add options change based on the selected role: - Administrator — Opens the Add Administrators window. See the - [Add Administrators Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addadministrators.md) topic for + [Add Administrators Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addadministrators.md) topic for additional information. - Users — Opens a list of available user types to add - New Domain Users — Opens the Add Users and Groups window. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional information. - New Application User — Opens the Add Application page. See the - [Add Application](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/application.md) for additional information. + [Add Application](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/application.md) for additional information. - New Local User — Opens the Add Local User page. See - [Add Local User](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/localuser.md) topic for additional information. + [Add Local User](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/localuser.md) topic for additional information. - Reviewers — Opens the Add Reviewers window. See the - [Add Reviewers Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addreviewers.md) topic for additional + [Add Reviewers Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagementdefaul/addreviewers.md) topic for additional information. - Remove — Removes console access from the selected account @@ -41,7 +47,7 @@ The table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object - Name — Displays the name of the account. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for additional + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Name — Displays the sAMAccountName for the account - Email — Displays the associated email address, if available @@ -57,5 +63,5 @@ The default roles provide users with the following permissions: - Users — Creates sessions based on assigned access policy. This role is automatically assigned when a user is onboarded. - Reviewers — Grants ability to review access entitlement. See the - [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md) topic for + [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesscertification/accesscertification.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/_category_.json new file mode 100644 index 0000000000..befafeb774 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User, Group, & Application Details Page", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "usergroupapplication" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authentication.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authentication.md new file mode 100644 index 0000000000..b7d3ef9b0a --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authentication.md @@ -0,0 +1,27 @@ +--- +title: "Authentication Tab" +description: "Authentication Tab" +sidebar_position: 100 +--- + +# Authentication Tab + +The Authentication tab for applications shows authentication information about the application. + +![Authentication Tab for Application User](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/applicationauthenticationtab.webp) + +The tab displays the following information: + +- Certificate Serial Number — The serial number of the client certificate used to authenticate the + application. The certificate should be signed by a Certificate Authority (CA). Ensure the + certificate is trusted by IIS by adding the CA trusted root certificate to the Trusted Root + Certification Authorities on the Privilege Secure server. +- API Key — The unique key used as part of Application authentication. The API key has the following + icons: + + - Copy — Copies the value to the clipboard. Only available when the API Key is visible. + - Reveal / Hide — Shows or hides value + - Regenerate — Generates a new API key. Only the current API key is valid. + +If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to +commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md new file mode 100644 index 0000000000..6bdde00c27 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md @@ -0,0 +1,42 @@ +--- +title: "Authentication Connector Tab" +description: "Authentication Connector Tab" +sidebar_position: 70 +--- + +# Authentication Connector Tab + +The Authentication Connector tab for a user or group shows the type of multi-factor authentication +(MFA) being used for the selected user or group. The settings on this tab determine the options +displayed on the login page for the user. + +The list is populated from the previously configured authentication connectors on the +Authentications page. See the [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md) +topic for additional information. + +![Users Authentication Connector Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userauthenticationtab.webp) + +Select the method of authentication for the user or group: + +- Internal MFA — User will be prompted using the internal MFA when signing into the Privilege Secure + console +- Duo (and other RADIUS profile values) — RADIUS profile that will be used for MFA when the user + signs into the Privilege Secure console +- Duo SAML — SAML profile that will be used for MFA when the user signs into the Privilege Secure + console +- Not Required — No multi-factor authentication is required for the user. Login only requires a user + name and password. Intended for users who access Privilege Secure over a VPN where MFA has already + been leveraged. + + **CAUTION:** Disabling multi-factor authentication can create a significant security + vulnerability. + +The following information determines which MFA method has priority: + +- If the user is a member of an Active Directory group that has a different RADIUS profile, the + group assignment will take precedence over the Internal MFA setting on the user. +- If the user MFA setting is for a RADIUS profile, the User assignment will take precedence over any + group RADIUS profile setting. +- If the user is a member of multiple Active Directory groups, each having different RADIUS + profiles, the user assignment will be determined by the alphabetical order of the RADIUS profile + name. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/grouproles.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/grouproles.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/grouproles.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/grouproles.md index 8fb2fc36ad..291f767f38 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/grouproles.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/grouproles.md @@ -1,3 +1,9 @@ +--- +title: "Group Roles Tab" +description: "Group Roles Tab" +sidebar_position: 90 +--- + # Group Roles Tab The Group Roles tab shows whether the current group has been assigned an application role. @@ -15,7 +21,7 @@ The Group Roles tab has the following features: The table has the following columns: - Checkbox — Check to select one or more items -- Role — List of available roles. See the [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md) topic +- Role — List of available roles. See the [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md) topic for additional details. - Assigned — Indicates whether the role has been assigned diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/history.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/history.md new file mode 100644 index 0000000000..77982b7467 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/history.md @@ -0,0 +1,37 @@ +--- +title: "History Tab" +description: "History Tab" +sidebar_position: 60 +--- + +# History Tab + +The History tab shows information about the session history of the selected user, group, or +application. + +![History Tab for Application User](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userhistorytab.webp) + +The History tab has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- View Logs — Opens the Session Logs window to view the action log for the selected session. See the + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Status — Shows status information for the session: + + - Information — Session was successful and row contains details + - Error — Session had an error and row contains details + +- Time — Date timestamp for when the event occurred +- User— Displays the name of the account. Click the link to view additional details. See the + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for + additional information. +- Access Policy — Displays the number of access policies associated +- Event Message — Description of the event +- Session ID — Unique identifier for the session + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/localrights.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/localrights.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/localrights.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/localrights.md index c1ff455b5f..6c32e31118 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/localrights.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/localrights.md @@ -1,3 +1,9 @@ +--- +title: "Local Rights Tab" +description: "Local Rights Tab" +sidebar_position: 50 +--- + # Local Rights Tab The Local Rights tab shows information about the local rights granted for the selected user. @@ -13,6 +19,6 @@ The table has the following columns: - Name — Displays the name of the group the user is a member of - Host — Resource where the local group resides. Click the link to view - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md). + [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/host/host.md). The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/members.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/members.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/members.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/members.md index ba4a6161bd..68a36d8e31 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/members.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/members.md @@ -1,3 +1,9 @@ +--- +title: "Members Tab" +description: "Members Tab" +sidebar_position: 30 +--- + # Members Tab The Members tab shows information about the members for the selected group. @@ -14,7 +20,7 @@ The table has the following columns: - Type — Icon indicates the type of object - Name — Displays the name of the account. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Principal Name — Displays the UPN value for the account - SID — Security identifier for the user or group diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/_category_.json new file mode 100644 index 0000000000..38b969c6a7 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Policies Tab", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "policies" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addaccounttopolicies.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md similarity index 91% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addaccounttopolicies.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md index 60117382bb..94390672f6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addaccounttopolicies.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md @@ -1,7 +1,13 @@ +--- +title: "Add Account to Policies Window" +description: "Add Account to Policies Window" +sidebar_position: 10 +--- + # Add Account to Policies Window The Add Account to Policies window provides a list of Policies that have been created. Policies are -created in the [ Policy Interface](/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md). +created in the [ Policy Interface](/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface.md). ![usersgroupsaddaccounttopoliciespage](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/usersgroupsaddaccounttopoliciespage.webp) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/policies.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/policies.md new file mode 100644 index 0000000000..fbbbd73748 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/policies.md @@ -0,0 +1,34 @@ +--- +title: "Policies Tab" +description: "Policies Tab" +sidebar_position: 40 +--- + +# Policies Tab + +The Policies tab shows information about the session policies for the selected user, group, or +application. + +![Policies Tab for Application Users](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userpoliciestab.webp) + +The Policies tab has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Add — Opens the Add Account to Policies window. See + [Add Account to Policies Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/addaccounttopolicies.md) topic for + additional information. +- Remove — Removes the selected item from being associated with the user group, or application +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Name — Displays the name of the policy. Click the link to view additional details. See the + [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for additional information. +- Activity — Displays the name of the activity. Click the link to view additional details. See the + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. +- Last Session — Date and timestamp for the last time the user used that activity and policy. This + column is only on the User Details page. + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/properties.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/properties.md new file mode 100644 index 0000000000..4a72b16c97 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/properties.md @@ -0,0 +1,20 @@ +--- +title: "Properties Tab" +description: "Properties Tab" +sidebar_position: 110 +--- + +# Properties Tab + +The Properties Tab enables Privilege Secure administrators to provide additional metadata for the +application according to the use case. + +![Properties Tab for Application User](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/applicationpropertiestab.webp) + +The Properties tab has the following fields: + +- Display Name — Displays the name of the application +- Department — Displays the associated department, if available +- Email — Displays the associated email address, if available +- SamAccountName — Displays the sAMAccountName for the account +- User Principal Name — Displays the UPN value for the account diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/resetmfa.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/resetmfa.md similarity index 85% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/resetmfa.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/resetmfa.md index f630693e2b..566f1525ba 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/resetmfa.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/resetmfa.md @@ -1,9 +1,15 @@ +--- +title: "Reset User MFA" +description: "Reset User MFA" +sidebar_position: 10 +--- + # Reset User MFA Privilege Secure allows administrators to reset a user MFA directly from the Users page. Resetting the user's MFA will generate a TOTP secret for the user and force them to register an authenticator. This option is only available when the Internal MFA option is enabled on the User Details page. See -[Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authenticationconnector.md) for additional +[Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md) for additional information. Follow the steps below to reset a user's MFA. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/sessions.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/sessions.md new file mode 100644 index 0000000000..f9764018fb --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/sessions.md @@ -0,0 +1,55 @@ +--- +title: "Sessions Tab" +description: "Sessions Tab" +sidebar_position: 20 +--- + +# Sessions Tab + +The Sessions tab shows information about the sessions of the selected user, group, or application. + +![Sessions Tab for Application Users](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/usersessionstab.webp) + +The Sessions tab has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- End Session — Cancel the selected session(s) +- View Logs — Opens the Session Logs window to view the action log for the selected session. See the + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/sessionlogs.md) topic for additional information. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Requested — Date and time of when the session was created +- User — Displays the account used to log onto the resource +- Host — Resource that the user will run the activity on. The details vary based on the type of + resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) topic for additional information. +- Start — Indicates when the activity started. This refers to when the activity’s actions were + executed and not when the user was logged on to the resource. +- End — Indicates when the session is scheduled to end the activity, which is determined by the + start time plus the maximum session duration set by the access policy Connection Profile +- Status — Shows status information for the session: + + - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to + the login account + - Complete — Activity either reached the end of its scheduled end time or was canceled early by + the requestor + - Waiting for Approval — The session requires approval to begin. See the Approvals Dashboard + topic for additional information. + - Available — The activity session is ready. Click the icon to begin the session, or log in + through a client. See the Start Activity Session topic for additional information. + - Failed — Pre-Session stage of the Activity has encountered an error + - Approval Failed — Approval request has encountered an error + - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. + Direct log-in is detected by polling the Resource at regular intervals and may not update + immediately. + - Canceling — The session is either expired or was canceled manually by the user or an Privilege + Secure administrator. + - Locked — The session has been locked by an Privilege Secure administrator. See the + [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/locksession.md) topic for additional information. + +- Activity — Displays the name of the activity. Click the link to view additional details. See the + [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md new file mode 100644 index 0000000000..6ddee2f385 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md @@ -0,0 +1,59 @@ +--- +title: "User, Group, & Application Details Page" +description: "User, Group, & Application Details Page" +sidebar_position: 20 +--- + +# User, Group, & Application Details Page + +The User, Group, & Application Details page shows additional information on the selected user or +group. This page is opened from the link in the user or group column within the various interfaces. + +![Users and Groups Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usersgroupsdetailspage.webp) + +The page has the following features: + +- Name — Name of the selected user or group +- User Name — Displays the sAMAccountName for the account +- Active Sessions — Displays the number of active sessions for the user or group +- Scheduled Sessions — Displays the number of scheduled sessions for the user or group +- Lock Account — Indicates if the account is not locked. Click the button to lock the account. + Accounts can also be locked from the Active Dashboard. An account can also become locked if there + are five incorrect login attempts from the user. +- Unlock Account — Indicates if the account is locked. When the account is locked, the user will not + be able to create a session. Click the button to unlock the account. +- Reset MFA — Click the button to force the user to reset MFA for Privilege Secure login. Resetting + the user's MFA will generate a new TOTP secret for the user to register an authenticator. See + [Reset User MFA](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/resetmfa.md) topic for additional information. + + **NOTE:** This button will not be visible if the present user has their Authentication Connector + set to Not Required + +The content within the tabs change based on the type of object. See the following topics for +additional information: + +- User Details: + + - [Sessions Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/sessions.md) + - [Policies Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/policies.md) + - [Local Rights Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/localrights.md) + - [History Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/history.md) + - [Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md) + - [User Roles Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/userroles.md) + +- Group Details: + + - [Sessions Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/sessions.md) + - [Members Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/members.md) + - [Policies Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/policies.md) + - [History Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/history.md) + - [Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authenticationconnector.md) + - [Group Roles Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/grouproles.md) + +- Application Details: + + - [Sessions Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/sessions.md) + - [Policies Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/policies/policies.md) + - [History Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/history.md) + - [Authentication Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/authentication.md) + - [Properties Tab](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/properties.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userroles.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/userroles.md similarity index 82% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userroles.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/userroles.md index 9a10cf45b6..44c54f9910 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userroles.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/userroles.md @@ -1,3 +1,9 @@ +--- +title: "User Roles Tab" +description: "User Roles Tab" +sidebar_position: 80 +--- + # User Roles Tab The User Roles tab shows whether the current user has been assigned an application role. @@ -15,7 +21,7 @@ The User Roles tab has the following features: The table has the following columns: - Checkbox — Check to select one or more items -- Role — List of available roles. See the [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md) topic +- Role — List of available roles. See the [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/rolemanagement/rolemanagement.md) topic for additional details. - Assigned — Indicates whether the role has been assigned diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usergroupcollections.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupcollections.md similarity index 89% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usergroupcollections.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupcollections.md index 967af4a6f1..f6fd6e880c 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usergroupcollections.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupcollections.md @@ -1,8 +1,14 @@ +--- +title: "User and Group Collections Page" +description: "User and Group Collections Page" +sidebar_position: 40 +--- + # User and Group Collections Page The User and Group Collection page is accessible from the Navigation pane under Users & Group. It shows session information for user and group collections. To gain access to the Privilege Secure -console, users or groups have to be added in the top level [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md). +console, users or groups have to be added in the top level [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md). Collections are conglomerated users and groups (that have already been granted rights in the console) that will gain the same rights collectively. Like users and groups individually, @@ -18,7 +24,7 @@ the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Blue + button — Create a new collection. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for additional + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional information. - Trashcan icon — Deletes the access policy. Icon appears when policy is hovered over. A confirmation window will display. @@ -40,7 +46,7 @@ The table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object - Name — Displays the name of the account. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for additional + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Name — Displays the sAMAccountName for the account - User Principal Name — Displays the UPN value for the account diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md similarity index 84% rename from docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md rename to docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md index eb499af684..efcbbfa07a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md @@ -1,3 +1,9 @@ +--- +title: "Users & Groups Page" +description: "Users & Groups Page" +sidebar_position: 40 +--- + # Users & Groups Page The Users & Groups page shows session information for onboarded users and groups. Onboarded users @@ -13,11 +19,11 @@ The Users table has the following features: - Filter — Provides options to filter results based on a chosen criterion: User, Group, Application, and Local User - Add User — Opens the Add Users and Groups window. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for additional + [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/addusersandgroups.md) topic for additional information. -- Add Application — Opens the Add Application page. See the [Add Application](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/application.md) +- Add Application — Opens the Add Application page. See the [Add Application](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/application.md) for additional information. -- Add Local User — Opens the Add Local User page. See [Add Local User](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/localuser.md) topic +- Add Local User — Opens the Add Local User page. See [Add Local User](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/add/localuser.md) topic for additional information. - Remove — Removes console access from the selected account - Refresh — Reload the information displayed @@ -27,7 +33,7 @@ The table has the following columns: - Checkbox — Check to select one or more items - Type — Icon indicates the type of object - Name — Displays the name of the account. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for additional + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. - User Name — Displays the sAMAccountName for the account - User Principal Name — Displays the UPN value for the account diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/login.md b/docs/privilegesecure/4.2/accessmanagement/admin/login.md deleted file mode 100644 index 07a376f146..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/login.md +++ /dev/null @@ -1,68 +0,0 @@ -# Log Into the Privilege Secure Console - -Once installation is complete, Privilege Secure is accessible locally on the default port: - -https://localhost:6500 - -Since Privilege Secure is a browser-based application, it is possible to access the web interface -remotely. In most environments, enter the URL for the host on which Privilege Secure is installed -into a supported browser address bar. For example, if Privilege Secure is installed on server -`ExampleServer01`, then the address is: - -https://ExampleServer01:6500 - -**NOTE:** This is the default port. If a custom port is configured, the address to the Privilege -Secure Console is: - -`https://ExampleServer01:[PortNumber]` - -Depending on the organization’s network environment, use the NetBIOS name, fully qualified domain -name (FQDN), or IP Address of the server in the browser. Also, access can be restricted through -firewalls. - -Users can still log in with an expired license. If a license is expired, and the login attempt does -not exceed the license count, users will still be able to log in. If a license is expired, and the -login attempt does exceed the license count, Privilege Secure will prevent the login. - -**CAUTION:** If your license is expired, and you can still log in, you will not be able to create -activity sessions or new users. - -Follow the steps to log in to the Privilege Secure Console. - -**Step 1 –** Open Privilege Secure in a browser window. The Login screen will show the -Authentication Connector that is set as the default. - -**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, -DUO, Symantec VIP, etc) for all user accounts unless otherwise configured in the Initial Set Up -Wizard. If required, first time users must register with an MFA to use with their login credentials. - -![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) - -**Step 2 –** Either click the default authentication connector button, or click **Log In with a -Different Account** to display all of the authentication connectors that are registered with -Privilege Secure. - -![Alternate Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/alternatelogin.webp) - -**Step 3 –** Login to the Privilege Secure Console with a configured authentication connector, or -enter the user credentials. - -**Step 4 –** Click Login to proceed. - -**Step 5 –** Enter the code provided by the registered multi-factor authenticator (MFA). - -![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/mfalogin.webp) - -**Step 6 –** Click MFA Login. The Privilege Secure Console opens on the Dashboard Interface. - -![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) - -**NOTE:** After five incorrect login attempts, the user will be locked out of the account for five -minutes. Additional incorrect login attempts will extend this time by five minutes for each failed -login. See the -[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for -additional information on how to unlock an account. - -The Privilege Secure Console is ready to use. Note that the option to view the recovery codes is no -longer available after the initial login. From here, create Sessions and Access Policies, manage -Users and Resources, and review usage data. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/_category_.json new file mode 100644 index 0000000000..ede09b552c --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Access > My Activities Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "myactivities" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/createsession.md b/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/createsession.md new file mode 100644 index 0000000000..5d380d9dc5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/createsession.md @@ -0,0 +1,55 @@ +--- +title: "Create My Activity Session" +description: "Create My Activity Session" +sidebar_position: 10 +--- + +# Create My Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. + +- If an Activity is assigned to a single resource, the Activity card will display the name of the + resource; selecting **Create Session** from the session ribbon will immediately start the + Activity. +- If the Activity is assigned to more than one resource, the Activity card will display the number + of resources; selecting **Create Session** from the session ribbon will open the Configure Session + window. +- **CAUTION:** If your license is expired and you can still log in, you will not be able to create + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: + +- If the Activity is a member of more than one Access Policy, the Access Policy field will change to + a drop-down selection. Based the resources assigned to the selected access policy, the list of + resources will change in the table. +- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should + be optional or mandatory for the session in the related Connection Profile) +- Select the resources required for the Activity session. Use the **Search** field to filter the + resource list. +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +icon. Click **Available** to launch the session. + +- The contextual menu (…) to the top right of the active session card contains options to stop an + active session and to copy/view the login account password, if enabled in the related Connection + Profile. +- All sessions may be managed via the Dashboard interface, and the My Activities interface + interchangeably. + +Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/myactivities.md new file mode 100644 index 0000000000..298d0bfc8a --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/myactivities.md @@ -0,0 +1,27 @@ +--- +title: "Access > My Activities Page" +description: "Access > My Activities Page" +sidebar_position: 30 +--- + +# Access > My Activities Page + +The Access > My Activities page displays activities mapped to the user as individual cards, +organized alphabetically or by Access Policy. + +![My Activities Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.webp) + +To access the My Activities page, open the Access interface. If there is only a single activity card +present on this page that activity will open automatically. + +Activities may be sorted in alphabetical order (the default) or organized into groups according to +Access Policy. Duplicate activities will be automatically grouped into a single card on this +interface. In the modal for provisioning the session, the user can still select from the multiple +Access Policies that are duplicating their access to the activity. + +An Activity may appear in more than one Access Policy group if the Activity is a member of more than +one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by +the resource list of the Access Policy. + +To create an Activity Session, click the **plus** button to begin. See the +[Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/createsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/navigation.md b/docs/privilegesecure/4.2/accessmanagement/admin/navigation.md deleted file mode 100644 index aeb56e8bbc..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/navigation.md +++ /dev/null @@ -1,111 +0,0 @@ -# Navigation - -At the top of the Privilege Secure Console lists available in interfaces and provides access to the -Help link and the User Menu: - -![topbar](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/topbar.webp) - -- Interfaces: - - - Access — Grants access to the My Activities page. Activities are be displayed as individual - cards, organized alphabetically or by Access Policy. See the - [Access > My Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md) topic for additional. information. - - Dashboard — View summaries of recent activity logs and user sessions. See the - [Dashboard Interface](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md) topic for additional information. - - Policy — Contains several pages to create and configure policies to enable access, to onboard - and manage users, groups, resources, and credentials, and to create and configure activities. - See the [ Policy Interface](/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md) topic for additional information. - - Configuration — Contains several pages to configure and manage authentication, integration - connectors, service accounts, services, and other settings. See the - [Configuration Interface](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md) topic for additional information. - - Audit & Reporting Interface — Audit user access entitlement (Access Certification) and view - activity statistics and reports. See the - [Audit & Reporting Interface](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md) topic for additional information. - -- Help — Opens the Netwrix Privilege Secure documentation in the in another browser tab -- User Menu — Click to open the drop-down menu: - - - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview - of Dark Mode. - - Product Tour — Re-starts walk-through of Privilege Secure features. See the - [Product Tour](/docs/privilegesecure/4.2/accessmanagement/admin/producttour.md) topic for additional information. - - Settings — Opens the settings page to allow the user to register services - - Logout — Signs the user out of the current session and opens the Login screen - - About — Shows version and license information for the console. See the - [Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/importlicense.md) topic for additional information. - -On the left side of the console is a Navigation pane where the pages for the selected interface -display. Use the Menu button to the left of the logo to collapse / expand the Navigation pane. - -## Console Icons - -The Privilege Secure Console makes it easy to gather detailed information at a glance. The following -tables show the main icons: - -Interface Icons - -| Icon | Interface | -| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | -| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | -| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | -| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | -| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | -| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | -| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | -| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | -| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | -| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | - -Dashboard Icons - -| Icon | Session Data | -| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | -| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | -| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | -| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | -| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | -| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | -| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | - -Active Directory Icons - -| Icon | Object | -| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | -| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | -| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | -| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | -| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | -| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | -| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | -| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | -| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | -| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | -| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | -| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | - -Action Icons - -| Icon | Action | -| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ | -| ![chapter_1_stealthbits_privileged_16](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_16.webp) | Add | -| ![chapter_1_stealthbits_privileged_17](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_17.webp) | Edit | -| ![chapter_1_stealthbits_privileged_18](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_18.webp) | Delete | -| ![chapter_1_stealthbits_privileged_19](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_19.webp) | Save | -| ![chapter_1_stealthbits_privileged_20](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_20.webp) | Cancel | -| ![chapter_1_stealthbits_privileged_21](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_21.webp) | Copy | -| ![chapter_1_stealthbits_privileged_22](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_22.webp) | Search | - -Information Icons - -| Icon | Information | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | -| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | -| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | -| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | -| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | - -Hover over an icon anywhere within the console for its description. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/navigation/_category_.json b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/_category_.json new file mode 100644 index 0000000000..d5e9c7d277 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigation" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/aboutpage.md b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/aboutpage.md similarity index 93% rename from docs/privilegesecure/4.2/accessmanagement/admin/aboutpage.md rename to docs/privilegesecure/4.2/accessmanagement/admin/navigation/aboutpage.md index 43dc627a96..90b25e0453 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/aboutpage.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/aboutpage.md @@ -1,3 +1,9 @@ +--- +title: "About Page" +description: "About Page" +sidebar_position: 20 +--- + # About Page The About page is accessed by selecting About from the User Options menu (icon beside the logged in @@ -7,7 +13,7 @@ user name). It displays your license information and details about the third party components used by the application. It also allows you to upload a new license file. See the -[Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/importlicense.md) topic for additional information. +[Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/importlicense.md) topic for additional information. ## License Information diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/importlicense.md b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/importlicense.md similarity index 89% rename from docs/privilegesecure/4.2/accessmanagement/admin/importlicense.md rename to docs/privilegesecure/4.2/accessmanagement/admin/navigation/importlicense.md index a73c83f2b2..6e979ad918 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/importlicense.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/importlicense.md @@ -1,3 +1,9 @@ +--- +title: "Import the License File" +description: "Import the License File" +sidebar_position: 30 +--- + # Import the License File Netwrix Privilege Secure comes with a temporary 30-day trial license. a banner at the top indicates @@ -36,4 +42,4 @@ Options menu. A message indicates the license file uploaded successfully. The license information displays at the top of the page, and the expiration banner disappears from the top. See the -[About Page](/docs/privilegesecure/4.2/accessmanagement/admin/aboutpage.md) topic for additional details available on this page. +[About Page](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/aboutpage.md) topic for additional details available on this page. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/navigation/navigation.md b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/navigation.md new file mode 100644 index 0000000000..6a2b2b3de6 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/navigation.md @@ -0,0 +1,117 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 20 +--- + +# Navigation + +At the top of the Privilege Secure Console lists available in interfaces and provides access to the +Help link and the User Menu: + +![topbar](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/topbar.webp) + +- Interfaces: + + - Access — Grants access to the My Activities page. Activities are be displayed as individual + cards, organized alphabetically or by Access Policy. See the + [Access > My Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/myactivities/myactivities.md) topic for additional. information. + - Dashboard — View summaries of recent activity logs and user sessions. See the + [Dashboard Interface](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md) topic for additional information. + - Policy — Contains several pages to create and configure policies to enable access, to onboard + and manage users, groups, resources, and credentials, and to create and configure activities. + See the [ Policy Interface](/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface.md) topic for additional information. + - Configuration — Contains several pages to configure and manage authentication, integration + connectors, service accounts, services, and other settings. See the + [Configuration Interface](/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_1.md) topic for additional information. + - Audit & Reporting Interface — Audit user access entitlement (Access Certification) and view + activity statistics and reports. See the + [Audit & Reporting Interface](/docs/privilegesecure/4.2/accessmanagement/admin/interface/interface_2.md) topic for additional information. + +- Help — Opens the Netwrix Privilege Secure documentation in the in another browser tab +- User Menu — Click to open the drop-down menu: + + - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview + of Dark Mode. + - Product Tour — Re-starts walk-through of Privilege Secure features. See the + [Product Tour](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/producttour.md) topic for additional information. + - Settings — Opens the settings page to allow the user to register services + - Logout — Signs the user out of the current session and opens the Login screen + - About — Shows version and license information for the console. See the + [Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/importlicense.md) topic for additional information. + +On the left side of the console is a Navigation pane where the pages for the selected interface +display. Use the Menu button to the left of the logo to collapse / expand the Navigation pane. + +## Console Icons + +The Privilege Secure Console makes it easy to gather detailed information at a glance. The following +tables show the main icons: + +Interface Icons + +| Icon | Interface | +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Dashboard Icons + +| Icon | Session Data | +| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Active Directory Icons + +| Icon | Object | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Action Icons + +| Icon | Action | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ | +| ![chapter_1_stealthbits_privileged_16](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_16.webp) | Add | +| ![chapter_1_stealthbits_privileged_17](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_17.webp) | Edit | +| ![chapter_1_stealthbits_privileged_18](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_18.webp) | Delete | +| ![chapter_1_stealthbits_privileged_19](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_19.webp) | Save | +| ![chapter_1_stealthbits_privileged_20](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_20.webp) | Cancel | +| ![chapter_1_stealthbits_privileged_21](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_21.webp) | Copy | +| ![chapter_1_stealthbits_privileged_22](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/chapter_1_stealthbits_privileged_22.webp) | Search | + +Information Icons + +| Icon | Information | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Hover over an icon anywhere within the console for its description. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/navigation/producttour.md b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/producttour.md new file mode 100644 index 0000000000..a3f5765c37 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/admin/navigation/producttour.md @@ -0,0 +1,22 @@ +--- +title: "Product Tour" +description: "Product Tour" +sidebar_position: 10 +--- + +# Product Tour + +New users now experience a product tour on first login. Standard users and users with the Privilege +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +default, the tour will not display on next login unless the **Do not display again** checkbox is +unchecked. + +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) + +See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/overview.md b/docs/privilegesecure/4.2/accessmanagement/admin/overview.md index 630ae5a2c8..e50f4d4717 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/overview.md @@ -1,3 +1,9 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 40 +--- + # Administration Netwrix Privilege Secure enables administrators and helpdesk professionals to perform their diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/accesspolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/accesspolicy.md deleted file mode 100644 index e3655baf80..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/accesspolicy.md +++ /dev/null @@ -1,41 +0,0 @@ -# Add Access Policy - -Follow the steps to add access policies to the console. - -_Remember,_ a connection profile is required to create an access policy. You can create one ahead of -time on the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) page or use the arrow button -to create one during these steps. - -**Step 1 –** Navigate to the Policy > Access Policies page. - -**Step 2 –** In the Access Policy list, click the Plus icon. - -![Add Access Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addaccesspolicy.webp) - -**Step 3 –** Enter the following information: - -- Name – Displays the name of the policy -- Description – (Optional) Description of the policy -- Type – Classification of the access policy. The Type drop-down contains the following options: - - - Resource Based - - Credential Based - -- Connection Profile – Displays the name of the connection profile associated to the access policy - -**Step 4 –** Click Save to create the new access policy. - -The new access policy has been created. The next step is to associate Users, Activities, and -Resources/Credentials to the policy. See the following topics for additional information: - -- Resource Based Policy - - - [Users Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md) - - [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md) - - [Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resources.md) - -- Credential Based Policy - - - [Users Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/users.md) - - [Activities Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/activities.md) - - [Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitytokencomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitytokencomplexity.md deleted file mode 100644 index 25b62fadb2..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitytokencomplexity.md +++ /dev/null @@ -1,27 +0,0 @@ -# Add Activity Token Complexity Policy - -Follow the steps below to add an Activity Token Complexity policy to the console. See the Activity -Token Complexity section for detailed descriptions of the fields. - -**Step 1 –** Navigate to the **Policy** > **Access Policies** > **Activity Token Complexity Policy** -page. - -**Step 2 –** In the Activity Token Complexity list, click the **Plus** icon. - -![Add Activity Token](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/add.webp) - -**Step 3 –** Enter the desired information to determine the complexity of the connection profile. - -- Provide a unique name for the policy -- Provide an optional description to state the purpose of the policy -- Configure the complexity parameters (Must Start With, Must End With, and Length), as desired - - _Remember,_ The maximum account name length value is 19 characters. - -- Specify the maximum number of consecutive characters and select characters to exclude, if needed -- You can specify additional characters to exclude from the account name and configure granular - rules for the characters to include (uppercase, lowercase, or numbers) - -**Step 4 –** Click Save to create the new connection profile. - -The new activity token complexity policy is added to the Activity Token Complexity Policy list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/application.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/application.md deleted file mode 100644 index e43cd1b50d..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/application.md +++ /dev/null @@ -1,29 +0,0 @@ -# Add Application - -Applications are a special type of user that allow external entities to interact with Privilege -Secure via the REST API interface. Capabilities within the product are identical to standard users -with the exception that Applications are not able to log on through the product UI. Each Application -has a unique name that is used to identify the application calling the API; authentication is via a -combination of certificate serial number and API key. - -![addapplication](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addapplication.webp) - -Follow the steps to add an Application to an Access Policy. - -**Step 1 –** Navigate to the Users & Groups page. - -**Step 2 –** Click Add Application. - -**Step 3 –** Enter a new Application Name in the provided field. This will be displayed to represent -the application. - -**Step 4 –** Enter a Certificate Serial Number in the provided field. This is the serial number of -the client certificate used to authenticate the application. The certificate should be signed by a -Certificate Authority (CA). Ensure the certificate is trusted by IIS by adding the CA trusted root -certificate to the Trusted Root Certification Authorities on the Privilege Secure server. - -**Step 5 –** Enter the API Key. This is the unique key used as part of Application authentication. - -**Step 6 –** Click the Save button when finished. - -The new Applicationhas been added to the the Users & Groups page. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialpolicyoverrides.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialpolicyoverrides.md deleted file mode 100644 index 8017a111d3..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialpolicyoverrides.md +++ /dev/null @@ -1,43 +0,0 @@ -# Add Credential Policy Override - -Follow the steps to add Credential Policy Override to the Privilege Secure Console. - -**Step 1 –** Navigate to the Policy > Credentials > Credential Policy Overrides page. - -**Step 2 –** In the Credential Policy Overrides list, click the Plus icon. - -![Adding a credential policy override](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentialpolicyoverride.webp) - -**Step 3 –** Enter or select the following information: - -- Name — Displays the name of the credential -- Description — Description of the policy -- Scheduled Change Policy — Select a previously added schedule policy from the drop-down list. How - often the credentials for a managed account are changed (credential rotation). See the - [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. -- Verification Schedule — How often to verify the credentials for managed accounts on the resources - defined by the selected platform. See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) - topic for additional information on managed accounts. - -**Step 4 –** Click Save to create the new credential policy override. - -![cpopageaddcredentials](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/cpopageaddcredentials.webp) - -**Step 5 –** With the new Credential Policy Override selected, click the **Add Credentials** button -to open the Add Credentials window. See the -[Add Credentials to a Policy Override](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/addcredentials.md#add-credentials-to-a-policy-override) -topic for additional information. - -![Add credential to Credential Policy Override Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentialtocpowindow.webp) - -**Step 6 –** Select the checkbox for the credential and click **Add** to save the credential to the -Credential Policy Override. - -**NOTE:** In order for an account to be added to add credentials window, a credential must be -managed with a method of **Automatic**. Only one account can be added to a Credential Policy -Override at a time. See the -[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) topic for -additional information. - -The account is added to the console and is shown in the Credential Policy Overrides list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/database.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/database.md deleted file mode 100644 index d7c2d59fcf..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/database.md +++ /dev/null @@ -1,47 +0,0 @@ -# Add New Database - -Follow the steps to add a database to the Privilege SecureConsole. Supported database platforms -include: - -- Microsoft SQL -- Oracle - -**Step 1 –** Navigate to the Resources page. - -**Step 2 –** Click **Add** > **New Database**. - -**Step 3 –** In the Enter Database Name box, enter a unique name to identify the database. - -![Add Database](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/adddatabase.webp) - -**Step 4 –** Select **Microsoft SQL Server** or **Oracle** from the Platform drop-down list. - -**Step 5 –** Enter the instance name for the server. - -**Step 6 –** Enter the IP address for the server. - -**Step 7 –** Enter the port for the server. The default ports for each database platform are: - -- Microsoft SQL: 1433 -- Oracle: 1521 - -**Step 8 –** Enter the fully qualified domain name (FDQN) for the server. - -**NOTE:** The domain is used as the default domain for database activities. - -**Step 9 –** From the drop-down menu, select a previously added service account with credentials for -the database. - -- See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. - - - Visit icon – Go to the Service Account page to view details of the selected service account. - - Add New Service Account icon – Open the Add New Service Account window. The fields are - identical to those on the Service Accounts page. - -**Step 10 –** Click **Save** to save the configuration options and enable the Scan Now button. - -**Step 11 –** Click **Scan Now** to begin scanning the database. - -The new database is now added. See the [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md) for -additional details. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/domain.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/domain.md deleted file mode 100644 index 1f86bc7f27..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/domain.md +++ /dev/null @@ -1,31 +0,0 @@ -# Add New Domain - -Follow the steps to add a domain to the console. - -**Step 1 –** Navigate to the Policy > Resources page. - -**Step 2 –** Click the Plus icon and select Domain from the drop-down list. - -![Add Domian Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/adddomain.webp) - -**Step 3 –** Enter the following information: - -- Domain Name – Displays the fully qualified domain name (FQDN) -- Service account – From the drop-down menu, select a previously added service account with - credentials for the domain. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. - - - Add New Service Account – Open the Add New Service Account window. The fields are identical to - those on the Service Accounts page. - -- Use TLS – Check to enable a secure connection to the domain -- Enter the desired frequency for the domain sync. - -**Step 4 –** Click Test to verify the connection to the domain. - -**Step 5 –** When the connection is verified, the Save button is enabled. Click Save to add the -domain to the console. - -The new domain has been on-boarded. See the [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) topic -for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/passwordcomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/passwordcomplexity.md deleted file mode 100644 index d7f7f4fb16..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/passwordcomplexity.md +++ /dev/null @@ -1,33 +0,0 @@ -# Add Password Complexity Policy - -Follow the steps to add a password policy to the console. - -**Step 1 –** Navigate to the **Policy** > **Platforms** > **Password Complexity** page. - -**Step 2 –** In the Password Policy list, click the **Plus** icon. - -![Add Password Complexity](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/add.webp) - -**Step 3 –** Complete the following fields: - -- Name – This is a snippet -- Description – Description of the policy -- Must start with – Enter the symbol type from which the password must start with (uppercase, - symbol, etc.) -- Must end with – Enter the symbol type from which the password must end with (uppercase, symbol, - etc.) -- Length – Provide the desired password length -- Max consecutive chars – Select maximum number of consecutive characters -- Characters to exclude – select characters to exclude from the password body -- Include characters – select characters type to be excluded from the password body. Possible values - are: - - - Lowercase – Includes lower case letters - - Uppercase – Includes upper case letters - - Symbols – Includes the following characters: !#$%&\*@\ - - Spaces – Includes spaces - - Numbers – Includes numbers - -**Step 4 –** Click **Save** to create the new password policy. - -The new password policy is added to the Password Policy list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/protectionpolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/protectionpolicy.md deleted file mode 100644 index ec8d4ef541..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/protectionpolicy.md +++ /dev/null @@ -1,23 +0,0 @@ -# Add Protection Policy - -Follow the steps to add a Protection policy to the console. - -**Step 1 –** Navigate to the Policy > Protection Policies page. - -**Step 2 –** In the Protection Policy list, click the Plus icon. - -![Add Protection Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addprotectionpolicy.webp) - -**Step 3 –** Enter the following information: - -- Name – Name of the protection policy -- Description – (Optional) Brief description to identify the protection policy - -**Step 4 –** Click Save to create the new protection policy. - -The new protection policy has been created. The next step is to associate Resources, Users, and -Schedule to the policy. See the following topics for additional information: - -- [Resources Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md) -- [Allowed Members Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/allowedmembers.md) -- [Schedule Tab for Protection Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/schedulepolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/schedulepolicy.md deleted file mode 100644 index c3238b8d07..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/schedulepolicy.md +++ /dev/null @@ -1,24 +0,0 @@ -# Add Schedule Policy - -Follow the steps to add a schedule policy to the console. - -**Step 1 –** Navigate to the Policy > **Platforms** > **Schedule Policies** page. - -**Step 2 –** In the Schedule Polices list, click the **Plus** icon. - -![Schedule Policy Editor Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) - -**Step 3 –** Enter the following information: - -**NOTE:** The fields will change depending on the selected frequency. - -- Select the desired frequency: - - - Every X Hours – Enter the number of hours between executions - - Every X Days – Enter the number of days between executions and the time of day - - Weekly – Select the day of the week from the drop-down menu and enter the time of day - - Monthly – Enter a number representing the day of the month and the time of day - -**Step 4 –** Click **Save** to create the new schedule. - -The new schedule is added to the Schedule Policy list. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/secretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/secretvault.md deleted file mode 100644 index 890c2fa72b..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/secretvault.md +++ /dev/null @@ -1,25 +0,0 @@ -# Add Secret Vault - -Follow the steps below to add a new secret vault to the console. - -**Step 1 –** Navigate to the Policy > Resources page. - -**Step 2 –** Click the Plus icon and select New Secret Vault from the drop-down list. - -![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addsecretvault.webp) - -**Step 3 –** Enter the following information: - -- New Secret Vault Name — Name of the new secret vault -- Platform — Displays the type of platform, which defines the resource. -- Description _(optional)_ —Description of the policy - -**Step 4 –** Click **Save**. - -A secret vault has been onboarded. See the -[Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md) topic for additional information. - -**CAUTION:** Next, you will have to manually enter and update credentials for each applicable user. -Credentials are assigned through the Credential-based Access Policy for password release. See the -[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md) -topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/website.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/website.md deleted file mode 100644 index dcf1a6867a..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/website.md +++ /dev/null @@ -1,35 +0,0 @@ -# Add New Website - -Follow the steps to add a Website Resource to the Privilege Secure Console. - -**Step 1 –** Navigate to the **Policy** > **Resources** page. - -**Step 2 –** Click the Plus icon and select New Website from the drop-down list. - -![Add New Website Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addnewwebsite.webp) - -**Step 3 –** Enter the following information: - -- Website Name – Displays the name to be displayed in the Resource list for the website -- Platform – Website (This field cannot be changed.) -- Logon URL – Enter the primary logon page for the website. This is only used if no URL is specified - when defining a website Activity. -- Associated Resource – _(optional)_ If the website is hosted on a server that is also managed by - Privilege Secure, select the resource from the drop-down list to ensure that AD account operations - are performed on the domain controller the website resource is bound to -- Associated Domain Controller – _(optional)_ A specific domain controller may be selected to ensure - that AD account operations are performed on a domain controller the website will reference for - authentication -- Service Account – _(optional)_ The service account used when activity _actions_ require a - provisioned account to interact with the resource, e.g. custom PowerShell. From the drop-down - menu, select a previously added service account. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. - - - Add New Service Account — Open the Add New Service Account window. The fields are identical to - those on the Service Accounts page - -**Step 4 –** Click **Save** to add the website to the console. - -The new website has been onboarded. See the [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md) topic -for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicy.md deleted file mode 100644 index ebff7bcaaf..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicy.md +++ /dev/null @@ -1,23 +0,0 @@ -# Edit Schedule Policy - -Follow the steps to edit the scheduled tasks. - -**Step 1 –** Navigate to the Policy > **Platforms** > **Schedule Policies** page. - -**Step 2 –** Click the Edit icon to open the Schedule Policy Editor window. - -![schedulepolicyeditor](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) - -**Step 3 –** From the Frequency radio buttons, set the frequency of how often the scheduled task is -run: - -**NOTE:** The fields will change depending on the selected frequency. - -- Every X Hours — Enter the number of hours between executions -- Every X Days— Enter the time of day -- Weekly — Select the day of the week from the drop-down menu and enter the time of day -- Monthly — Enter a number representing the day of the month and then enter the time of day - -**Step 4 –** Click Save to accept the changes. - -The task will run at the new scheduled frequency. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md deleted file mode 100644 index cc7e7a848e..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md +++ /dev/null @@ -1,41 +0,0 @@ -# Policy Interface - -The Policy interface provides users with options for creating access policies, investigating -activity sessions, onboarding and managing users, groups, resources, and credentials. This topic -explains the interface features and how to use them. - -![Admin Policy Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.webp) - -Select the Policy interface for related pages: - -- [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) — Add or modify user and group access to resources - - - [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) — Add or modify connection profiles - - [Activity Token Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md) — Add or modify the - complexity of activity tokens - -- [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) — Add or modify the platforms used - - - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) — Configure the password complexity - rules for the platform resources - - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) — Add or modify schedules for tasks and - policies - -- [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md) — Add or modify protection policies -- [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md) — Add or modify users, groups, and applications - - - [Role Management Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md) — Add or modify roles for users and groups - - [User and Group Collections Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usergroupcollections.md) — Add or modify user and group - collections - -- [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) — Add or modify resources - - - [Resource Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resourcegroups.md) — Add or modify resource groups - -- [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md) — Add or modify credentials - - - [Credential Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialgroups.md) — Add or modify credential groups - -- [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) — Add or modify activities - - - [Activity Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitygroups.md) — Add or modify activity groups diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md deleted file mode 100644 index 9ed4736d4a..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md +++ /dev/null @@ -1,48 +0,0 @@ -# Access Policy Page - -The Access Policies page is accessible from the Navigation pane underPolicyPolicies. It shows the -configured access policies, which are used to control which users can complete which activities on -which resources. - -![Access Policy Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page.webp) - -The pane on the left side of the page displays a list of the configured access policies. This pane -has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Green + button — Create a new access policy. See the [Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/accesspolicy.md) - topic for additional information. -- Trashcan icon — Deletes the access policy. Icon appears when policy is hovered over. A - confirmation window will display. - -The selected access policy details display at the top of the main pane: - -- Name — Displays the name of the policy -- Description — Description of the policy -- Type — Icon indicates the type of object: Resource Based or Credential Based -- Connection Profile — Displays the name of the connection profile associated to the access policy. - The green arrow will open the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) to add or edit - connection profiles. -- User icon — Shows extra group of users who can manage this access policy. The icon appears only if - a custom role has been assigned to a policy. See the - [Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md) for additional information. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -The tabs at the bottom of the main pane are for associating Users, Activities, Resources, and -Credentials to the access policy. The content within the tabs change based on the type of policy. -See the following topics for additional information: - -- Resource Based Policy: - - - Users Tab for Resource Based Access Policies - - [Activities Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md) - - [Resources Tab for Resource Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resources.md) - -- Credential Based Policy: - - - [Users Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/users.md) - - [Activities Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/activities.md) - - [Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md deleted file mode 100644 index 8bec049173..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md +++ /dev/null @@ -1,127 +0,0 @@ -# Activities Page - -The Activities page is accessible from the Navigation pane under Activities. It shows the configured -activities, which contain the actions that will run during the session such as granting admin -privileges. - -Activities are for singular activities based on a specific platform whereas Activity Groups can be -used for cross platform activities such as granting local administrator access. See the -[Activity Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitygroups.md) topic for additional information. - -It is also possible to configure an activity to automatically run any Protection Policy associated -with the resource when the session completes, instead of waiting for the scheduled sync. See the -[Add Action Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md) topic for additional information. - -![Activities Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitiespage.webp) - -The pane on the left side of the page displays a list of the configured activity. This pane has the -following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Green + button — Create a new activity. See the [Add Activity](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activity.md) topic for - additional information. -- Copy icon — Clones the activity and adds a new entry to the Activities list. Icon appears when - activity is hovered over. -- Trashcan icon — Deletes the activity. Icon appears when activity is hovered over. A confirmation - window will display. - -The selected activity details display at the top of the main pane: - -- Name — Displays the name of the activity -- Description — Description of the policy -- Platform — Displays the type of platform, which defines the resource: Active Directory, Microsoft - Entra ID, Cisco, Linux, Microsoft SQL Server, Oracle, Website, and Windows -- Login Account — Controls the type of account used to log into the resource: Requester, Managed, - Activity Token, Resource, and Vault. See the Login Account Types topic for additional information. -- Activity Type — Controls the type of actions for the activity: - - - Interactive — Activity expects the requester to log on to a host desktop or CLI interface - either directly or via the proxy - - Interactive App Launch — Activity will launch an application on the requested resource - - Task Automation — Activity will run an automated script requiring no user interaction - -- Requester Login Format — Indicates the format that will be used to prefill the Username field for - logging into the resource. It must exactly match the username defined on the resource. This option - is only visible when the Login Account is set to Requester. The format options - include: Domain\SamAccountName, SamAccountName, UPN (User Principal Name), Email, and Custom -- Login Account Template — Template determines the format of the account created for Managed, - Activity Token, Resource, and Vault Login Accounts. The template is also used if the Requester - login format is set to Custom. See the - [Login Account Templates](/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityloginaccounttemplates.md) topic for additional information. -- Create Account checkbox — Indicates whether an account is created at the beginning of the activity - if it does not already exist. When the Activity starts, a check is made to determine if an account - exists. If the account exists, the user is connected to the account on the resource. If the - account does not exist, the account is created and a password is set. The user is then connected - to the account on the resource. This option is only visible when the Login Account is set to - Activity Token or Managed. It cannot be disabled for Activity Token. -- Delete After Use checkbox — Indicates whether the account will be deleted at the end of the - activity. If an account was created to perform the activity, check this option to remove the - account after the activity is complete. Otherwise, the account will be disabled at the end of the - activity session. This option is only visible when the Login Account is set to Activity Token or - Managed. It cannot be disabled for Activity Token. - - **NOTE:** A built-in administrator account cannot be deleted or disabled at the end of a - session. - -- Valut Connector — Displays the name of the assigned vault connector. This option is only visible - when the Login Account is set to Vault. Additional fields may appear based on the selected vault. - - **NOTE:** To view the password fetched from the vault, the Allow User to View Password checkbox - must be selected in the connection profile associated with the access policy that gives the - requester rights to the activity. See the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) - topic for additional information. - -- Application to Launch — Indicates the application that will be launched on the RDS server that the - user is connected to by Privilege Secure. This option is only visible when the Activity Type is - set to Interactive App Launch. - - - The following variables can be supplied within the Application to Launch field: - - - %loginaccount% — The Login Account Name determined by the Login Account Template - - %sessionid% — The NPS session ID for the activity session - - %token% — The NPS one time use token generated by the Proxy Service - -- Preferred RDS Host — Displays the name of the RDS server that will launch the application - specified in the Application to Launch field. This option is only visible when the Platform is set - to Active Directory. -- Connect Account — Provides a list of service accounts that will be used by the Proxy Service for - impersonation for Interactive App Launch activities. If no account is selected, the account - specified by the Login Account Template will be used and no impersonation will occur. This option - is only visible when the Platform is set to Active Directory. -- Logon URL — Displays the primary logon page. When this field has a value, it will override the - Logon URL defined on the Website resource. This option is only visible when the Platform is set to - Microsoft Entra ID or Website. See the [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md) and - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md) topics for additional information. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -Below the activity details in the main pane are the session details, the actions that will occur -before, during, and after the session: - -- Pre-Session (Grant) — List of actions that will run before the session begins. These actions may - be paired with a corresponding Post-Session action. -- Session (Connect) — List of actions that will run during the session -- Post-Session (Remove) — List of actions that will run after the session completes. These actions - may be paired with a corresponding Pre-Session action. - -A Link icon shows actions that are linked. Deleting a linked action will delete the corresponding -action it is paired with. See the [Add Action Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md) topic for -additional information. - -**NOTE:** It is not possible to edit the Action Type. Delete the existing action and then create a -new action to get a new Action Type. - -## Login Account Types - -Privilege Secure supports the use of various login account types that perform different functions in -the environment. See each account type for a description. - -| Account Type | Description | -| -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Requester | The Requester login account type will use the user's own account to run the activity. The user will either log onto the resource directly or be connected to the resource via the proxy. In both cases the user will have to enter their user name and password. This login account should be used to avoid having a separately managed account. The user needs to have a matching account on the endpoint and needs to know the password to login. | -| Managed | The Managed login account type will used an account managed by Privilege Secure to run the activity. Once created, a Managed account will persist to the endpoint. When a session ends or is canceled, the password is automatically rotated. The account will not be removed afterward, but it will be disabled when at rest. The primary use case is for instances where the user desktop experience should persist across sessions. A Managed account can be a specific account name or based on any variable added to the Login Account Template. The password for a managed account is available to the user via the UI during an active session. | -| Activity Token | The Activity Token login account will use a unique time-limited ephemeral account created when the Activity is started and removed when it is completed. The account name is automatically generated from the user’s sAMAccountName and Session ID, filled out to as many characters as configured for the activity token. See the [Activity Token Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md) topic for additional information. The account name can be entirely random or based on variables or text added to the Login Account Template. The primary use case is where the user profile should be destroyed after each session and have the user log-in to a clean desktop every time they connect; a common use case for remote vendors and contractors. | -| Resource | The Resource login account is only available when the Platform is set to Website. It allows manually managed user accounts on website resources to be used to log into activities. The user name is defined in the Requester Login Format field and must exactly match the username defined on the website resource. | -| Vault | The Vault login account will use an account that is checked out of the specified vault to run the activity. The password provided by the vault is available to the user via the UI during an active session. When a session ends or is canceled, the password is checked into the vault. | diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md deleted file mode 100644 index c934b8f6bb..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md +++ /dev/null @@ -1,48 +0,0 @@ -# Activity Token Complexity Page - -The Activity Token Complexity Policy page is accessible from the Navigation pane -underPolicyPolicies>Activity Token ComplexityAccess Policies. It shows the configuration options for -managing the complexity of activity tokens for connection profiles. - -![Activity Token Complexity Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_1.webp) - -The pane on the left side of the page displays a list of the configured activity token complexity -policies. This pane has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Green + button — Create a new activity token complexity policy. See the - [Add Activity Token Complexity Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/activitytokencomplexity.md) topic for additional - information. -- Trashcan icon — Deletes the activity token complexity policy. Icon appears when profile is hovered - over. A confirmation window will display. - -The selected activity token complexity policy details display in the main pane: - -- Name — Name of the activity token complexity policy -- Description — Description of the policy -- Must Start With / Must End With — Lists cases the activity token complexity policy will enforce. - This list contains the following options: - - - None - - Lowercase - - Uppercase - - Numeric - -- Length — The maximum number of characters the activity token complexity policy will enforce -- Max Consecutive Chars — The maximum number of consecutively occurring characters that the activity - token complexity policy will allow -- Characters to Exclude — Custom characters the activity token complexity policy will exclude. - Characters entered in this field will be excluded in addition to the characters listed beneath the - Additional characters excluded section. -- Additional characters excluded — Default characters the activity token complexity policy will - exclude -- Included Characters — Check boxes containing additional inclusive parameters for the activity - token complexity policy: - - - Lowercase — At least one lowercase character in the password - - Uppercase — At least one uppercase character in the password - - Numbers — At least one number in the password - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialpolicyoverrides.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialpolicyoverrides.md deleted file mode 100644 index 9e271abfe2..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialpolicyoverrides.md +++ /dev/null @@ -1,69 +0,0 @@ -# Credential Policy Overrides Page - -The Credential Policy Overrides page is accessible from the Policy Navigation pane under Credentials -and displays the configured Credential Policy Overrides. If a credential is added to a Credential -Policy Override, that credential's scheduled change policy and verification schedule will be -inherited from the Credential Policy Override, rather than being inherited from the credential's -platform. - -![Credential Policy Overrides Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialpolicyoverridepage.webp) - -The pane on the left side of the page displays a list of the configured Credential Policy Overrides. -This pane has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Blue + button — Create a new credential group. See the - [Add Credential Policy Override](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/credentialpolicyoverrides.md) topic for additional - information. -- Trashcan icon — Deletes the policy. Icon appears when policy is hovered over. A confirmation - window will display. - -The selected access policy details display at the top of the main pane: - -- Name — Displays the name of the policy -- Description — Description of the policy - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -The table has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Add Credentials — Opens the Add Credentials window. See the - [Add Credentials Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/addcredentials.md) topic for additional - information. -- Remove — Removes the selected item -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Account — Name of the account. The following icons may also appear in this column: - - - Clipboard icon — Copies the password for the selected account - - Information icon — Opens the View Password window to view the password and copy it to the - clipboard. The window stays open for 20 seconds. - -- Resource — Name of the resource that the account is on -- Password Changed — Date timestamp for the last time the password was rotated -- Age — Number of days since the last credential rotation or from when the password was first - created -- Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring a - verification schedule. - - - Unspecified — Verification check has not run - - Verified — Confirmed the credentials match the value stored in Privilege Secure - - Mismatch — Credentials do not match the value stored in Privilege Secure. This status only - appears when the Reset on Mismatch option is not enabled. - - Changed — Credentials were successfully updated to match the value stored in Privilege Secure. - This status only appears when the Reset on Mismatch option is enabled. - - Failed — Attempt to update the credentials to match the value stored in Privilege Secure was - unsuccessful. This status only appears when the Reset on Mismatch option is enabled. - -- Last Checked — Date timestamp of the last verification check -- Next Change — Date timestamp for the next credential password rotation - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md deleted file mode 100644 index b494a0cd55..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md +++ /dev/null @@ -1,109 +0,0 @@ -# Credentials Page - -The Credentials page shows all accounts discovered within your environment. It is specifically -focused on managing service account password rotation. A managed account is any host local account, -domain account, or Privilege Secure application local account that has its credentials managed by -the application. This includes managed user accounts created by activity sessions. The Credentials -page displays the same information as the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md). - -![Credentials page](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) - -The page has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. You can search for a specific host or account. -- Filter — Provides options to filter results based on a chosen criterion: - - - Method — Filter by whether the account is managed by the application: All, Managed, and - Unmanaged. Managed accounts include both Automatic managed and Manual managed. - - Managed Type — Filter by account type: All, Internal, Standard, and Service. An Internal - account is a Privilege Secure application local account. - - Privilege Type — Filter by type of privilege the account has: Not Set, Administrator, Power - User, Guest, User, Sudoer, Linux User, Cisco Privilege 0, Cisco Privilege 1, and Cisco - Privilege 15 - -- Manage — Set the selected account to be managed by Privilege Secure. This button is only available - when the account Managed Type is Standard or Internal. For an Internal account, a pop up window - will display. See the - [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) section - for additional information. -- Unmanage — Remove the account from being managed by Privilege Secure -- Rotate Service Account — Opens the Account Dependencies window. This button is only available when - the Managed Type is Service. See the - [Account Dependencies Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/accountdependencies.md) topic for additional - information. -- Schedule Rotation — Add the credential rotation task to the queue. This button is only available - when the Method is Automatic managed. See the - [Scheduled Tasks Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/scheduledtasks.md) topic for additional - information. -- Verify — Checks that the credentials for the selected account match the credentials set by - Privilege Secure -- View History — Opens the Password History window to displays the password history for the account. - See the [Password History Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/passwordhistory.md) topic for additional - information. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Account — Name of the account. The following icons may also appear in this column: - - - Set Password icon — Opens the Set Password for Credential window to set a new password for the - selected account. See the - [Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) - topic for more information. - - Clipboard icon — Copies the password for the selected account - - Information icon — Opens the View Password window to view the password and copy it to the - clipboard. The window stays open for 20 seconds. See the - [View Password Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/viewpassword.md) topic for additional - information. - -- Resource — Name of the resource that the account is on. Click the link to view additional details. -- Privilege — Level of privilege the account has on the resource -- Platform — Displays the type of platform, which defines the resource -- Method — Indicates how the account is managed: - - - Automatic — Credential rotation is managed by Privilege Secure according to the change policy - for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional - information. - - Manual — Credential rotation must be initiated manually with the Rotate Service Account - button, or the credential must be manually updated on both the resource and in Privilege - Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) section - for information on updating credentials for Internal service accounts. - - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been - stored - - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/policy/credentialrotationmethod.md) topic for additional - information. - -- Managed Type — Type of managed account: - - - Standard — Local or domain user account, including managed users created by activity sessions - - Internal — Internal service account used by Privilege Secure with no dependencies. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. - - Service — Local or domain service account with one or more dependencies. Includes Internal - service accounts with one or more dependencies. - -- Dependents — Number of scheduled tasks or Windows services using this account -- Password Changed — Date timestamp for the last time the password was rotated -- Age — Number of days since the last credential rotation or from when the password was first - created -- Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring a - verification schedule. - - - Unspecified — Verification check has not run - - Verified — Confirmed the credentials match the value stored in Privilege Secure - - Mismatch — Credentials do not match the value stored in Privilege Secure. This status only - appears when the Reset on Mismatch option is not enabled. - - Changed — Credentials were successfully updated to match the value stored in Privilege Secure. - This status only appears when the Reset on Mismatch option is enabled. - - Failed — Attempt to update the credentials to match the value stored in Privilege Secure was - unsuccessful. This status only appears when the Reset on Mismatch option is enabled. - -- Last Checked — Date timestamp of the last verification check -- Next Change — Date timestamp for the next credential password rotation -- Last Logon — Date timestamp for the last time the account authenticated - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md deleted file mode 100644 index fce9c77542..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md +++ /dev/null @@ -1,42 +0,0 @@ -# Database Details Page - -The Database Details page displays information for the selected database resource. This page is -opened from any linked resource within the various interfaces. - -![Database Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databasedetailspage.webp) - -The Database Details page shows the following information: - -- Name — Displays the name of the resource -- Trashcan icon — Removes the selected resource from being managed by the application. A - confirmation window will display. -- Platform — Displays the type of platform, which defines the resource -- Server — The instance name for the server -- IP Address — Displays the IP address for the resource -- Port — The port for the server -- Domain — Displays the fully qualified domain name (FQDN) - - **NOTE:** The domain is used as the default domain for database activities. - -- Service Account — Displays the service account associated with the resource. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. -- Scan Now button — Scans the domain for users, groups, members, and computers. The Cancel button, - which is only visible when scanning can be used to stop the resource scan. This scan can also be - scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). - - - Status — During synchronization, the button displays as spinning - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - - The database details page has the following tabs: - -- Users – Displays database login accounts that are not domain users or local computer users -- Groups – Displays login accounts that are domain users or local computer accounts -- Databases – Displays a list of discovered databases See the - [Databases Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/databases.md) topic for additional information. -- Roles – Displays roles and who has those roles on the database and at the server level -- Sessions – Displays previous sessions that have used this resource as a target -- Access Policies – Displays a list of access policies that this resource belongs to -- History – Displays previous sessions with events that are related to this resource diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md deleted file mode 100644 index d033b9a855..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md +++ /dev/null @@ -1,50 +0,0 @@ -# Domain Details Page - -The Domain Details page shows additional information for the selected domain resource. This page is -opened from any linked resource within the various interfaces. - -![Domain Details Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domaindetailspage.webp) - -The details page shows the following information: - -- Name — Displays the name of the resource -- Trashcan icon — Removes the selected resource from being managed by the application. A - confirmation window will display. -- Users — Number of user objects in the domain -- Groups — Number of group objects in the domain -- Members — Number of users that are members of groups -- Computers — Number of computer objects in the domain -- Last Synchronized — Date timestamp for the last time the domain was synchronized -- Status — Shows status information for the synchronization: - - - Complete — Synchronization completed successfully - - Processing — Synchronization is actively occurring - - Failed — Synchronization failed to complete - - Cancelled — Synchronization was cancelled by an Administrator - -- Synchronize Now button — Scans the domain for users, groups, members, and computers. The Cancel - button, which is only visible when scanning can be used to stop the resource scan. This scan can - also be scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). -- Platform — Displays the type of platform, which defines the resource -- Service Account — Displays the service account associated with the resource -- Use TLS checkbox — Enables a secure connection to the domain -- Frequency — Indicates how often the synchronization task will run: Never, Hourly, Daily, or - Weekly. Options open additional fields: - - - Hourly — Opens the Every field for selecting specific hour ranges - - Daily— Opens the At field for indicating the start time of the daily synchronization - - Weekly— Opens the On and At fields for indicating the day of the week and start time of the - weekly synchronization - -- Test button — Tests the settings by attempting to connect - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -The details page has the following tabs: - -- [Users Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersdomain.md) -- [Groups Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsdomain.md) -- [Computers Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/computersdomain.md) -- [History Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historydomain.md) -- [Sync Errors Tab for Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/syncerrorsdomain.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md deleted file mode 100644 index 96a4025b18..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md +++ /dev/null @@ -1,40 +0,0 @@ -# Microsoft Entra ID Details Page - -The Microsoft Entra ID (formerly Azure AD) Details page shows additional information for the -selected Microsoft Entra ID Tenant resource. This page is opened from any linked resource within the -various interfaces. - -![Azure AD Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/azureaddetailspage.webp) - -The details page shows the following information: - -- Name — Displays the name of the resource -- Trashcan icon — Removes the selected resource from being managed by the application. A - confirmation window will display. -- Platform — Displays the type of platform, which defines the resource -- Tenant ID — Displays the globally unique identifier for the targeted tenant implementation as - found in Entra ID -- Logon URL — Displays the primary logon page -- Email Domain — Displays the domain part of the user principal name used by the Tenant as found in - Entra ID on the Users page, under “Identity Issuer” -- Associated Domain — For hybrid Entra ID environments, assign the on-premises Active Directory - domain that is synchronized with the tenant, otherwise leave set to **None** -- Process Group Memberships — Select this checkbox to enable Netwrix Privilege Secure to collect - group membership information. This is unchecked by default. -- Synchronize Now button — Scans the domain for users, groups, members, and computers. The Cancel - button, which is only visible when scanning can be used to stop the resource scan. This scan can - also be scheduled from the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). -- Service Account — Displays the service account associated with the resource - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -The details page has the following tabs: - -- [URLs Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlsentraid.md) -- [Users Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/usersentraid.md) -- [Groups Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/groupsentraid.md) -- [Sessions Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionsentraid.md) -- [Access Policies Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspoliciesentraid.md) -- [History Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historyentraid.md) -- [Applications Tab for Microsoft Entra ID](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/applicationsentraid.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md deleted file mode 100644 index 613f854d99..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md +++ /dev/null @@ -1,28 +0,0 @@ -# Secret Vault Details Page - -The Secret Vault Details page shows additional information for the selected Secret Vault resource. -This page is opened from any linked resource within the various interfaces. - -Secret Vaults are used to store any manually-managed resource, username, or password combination. -Credentials are assigned via Credential Based access policies for password release. See the -[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md) -topic for additional information. - -![Secrete Vault Details Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/seretvaultdetailspage.webp) - -The details page shows the following information: - -- Name — Displays the name of the resource -- Trashcan icon — Removes the selected resource from being managed by the application. A - confirmation window will display. -- Platform — Displays the type of platform, which defines the resource -- Description — Description of the policy - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -The details page has the following tabs: - -- [Accounts Tab for Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accountssecretvault.md) -- [Sessions Tab for Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionssecretvault.md) -- [History Tab for Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historysecretvault.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md deleted file mode 100644 index da9b7bd819..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md +++ /dev/null @@ -1,53 +0,0 @@ -# User, Group, & Application Details Page - -The User, Group, & Application Details page shows additional information on the selected user or -group. This page is opened from the link in the user or group column within the various interfaces. - -![Users and Groups Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usersgroupsdetailspage.webp) - -The page has the following features: - -- Name — Name of the selected user or group -- User Name — Displays the sAMAccountName for the account -- Active Sessions — Displays the number of active sessions for the user or group -- Scheduled Sessions — Displays the number of scheduled sessions for the user or group -- Lock Account — Indicates if the account is not locked. Click the button to lock the account. - Accounts can also be locked from the Active Dashboard. An account can also become locked if there - are five incorrect login attempts from the user. -- Unlock Account — Indicates if the account is locked. When the account is locked, the user will not - be able to create a session. Click the button to unlock the account. -- Reset MFA — Click the button to force the user to reset MFA for Privilege Secure login. Resetting - the user's MFA will generate a new TOTP secret for the user to register an authenticator. See - [Reset User MFA](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/resetmfa.md) topic for additional information. - - **NOTE:** This button will not be visible if the present user has their Authentication Connector - set to Not Required - -The content within the tabs change based on the type of object. See the following topics for -additional information: - -- User Details: - - - [Sessions Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/sessions.md) - - [Policies Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/policies.md) - - [Local Rights Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/localrights.md) - - [History Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/history.md) - - [Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authenticationconnector.md) - - [User Roles Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userroles.md) - -- Group Details: - - - [Sessions Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/sessions.md) - - [Members Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/members.md) - - [Policies Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/policies.md) - - [History Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/history.md) - - [Authentication Connector Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authenticationconnector.md) - - [Group Roles Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/grouproles.md) - -- Application Details: - - - [Sessions Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/sessions.md) - - [Policies Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/policies.md) - - [History Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/history.md) - - [Authentication Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authentication.md) - - [Properties Tab](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/properties.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md deleted file mode 100644 index 0fdc45637c..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md +++ /dev/null @@ -1,39 +0,0 @@ -# Website Details Page - -The Website Details page shows additional information for the selected website resource. This page -is opened from any linked resource within the various interfaces. - -![Website Resource details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/websitedetails.webp) - -The details page shows the following information: - -- Name — Displays the name of the resource -- Trashcan icon — Removes the selected resource from being managed by the application. A - confirmation window will display. -- Platform — Displays the type of platform, which defines the resource -- Logon URL — Displays the primary logon page. This is only used if no URL is specified when - defining a website activity. -- Associated Resource — If the website is hosted on a server that is also managed by Privilege - Secure, it may be associated to the website management. This ensures that AD account operations - are performed on the domain controller the website resource is bound to. -- Associated Domain Controller — A specific domain controller may be associated to the website - management. This ensures that AD account operations are performed on a domain controller the - website will reference for authentication. -- Service Account — Displays the service account associated with the resource -- Blue arrow button — Opens the Service Account details page. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. -- Green plus button — Opens the Add New Service Account window. See the - [Add New Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addnewserviceaccount.md) topic for - additional information. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. - -The details page has the following tabs: - -- [URLs Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/urlswebsite.md) -- [Users Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/userswebsite.md) -- [Sessions Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/sessionswebsite.md) -- [Access Policies Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/accesspolicieswebsite.md) -- [History Tab for Website](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/historywebsite.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md deleted file mode 100644 index 2cd14db2ac..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md +++ /dev/null @@ -1,59 +0,0 @@ -# Password Complexity Page - -The Password Complexity page is accessible from the Navigation pane under Policy > Platforms. It -shows configured password complexity policies that can be applied to platforms. - -When Privilege Secure creates a managed account on a local system or domain it also sets the user -password. The password that is generated will follow the complexity rules configured in the related -password policy associated with that platform. The Default policy is used if a password policy -cannot be determined. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional -information. - -Password complexity requirements must adhere to any domain or local password policy applied to the -target resource. If there is a conflict between the password policy on the target resource and the -password policy set in Privilege Secure, the managed account cannot be created and the session will -fail. - -Create password policies and configure the password complexity requirements on this page. The -password policy only applies to managed accounts created by Privilege Secure. - -![Password Complexity Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_5.webp) - -The pane on the left side of the page displays a list of the configured password complexity -policies. This pane has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Blue + button — Create a new password complexity policy. See the - [Add Password Complexity Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/passwordcomplexity.md) topic for additional information. -- Copy icon — Create a new password complexity policy based on the current selection. Icon appears - when policy is hovered over. -- Trashcan icon — Deletes the password complexity policy. Icon appears when policy is hovered over. - A confirmation window will display. - -**NOTE:** The default password policy cannot be deleted. - -The selected password complexity policy details display in the main pane: - -- Name — Displays the name of the policy -- Description — Description of the policy -- Must Start With / Must End With — Lists cases the password complexity policy will enforce. This - list contains the following options: - - - None - - Lowercase - - Uppercase - - Numeric - -- Length — The maximum number of characters the password complexity policy will enforce -- Max Consecutive Chars — The maximum number of consecutively occurring characters that the password - complexity policy will allow -- Characters to Exclude — Custom characters the password complexity policy will exclude. -- Included Characters — Check boxes containing additional inclusive parameters for the policy: - - - Lowercase — At least one lowercase character in the password - - Uppercase — At least one uppercase character in the password - - Numbers — At least one number in the password - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md deleted file mode 100644 index b529c873b7..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md +++ /dev/null @@ -1,35 +0,0 @@ -# Active Directory Platform Policy Configuration - -The Active Directory menu displays the configuration options for Active Directory platforms. - -![Active Directory Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.webp) - -Details for the selected platform are displayed on the right side of the page. Below are the -configuration options for an Active Directory Platform. - -- Name — Displays the name of the policy -- Description — Description of the policy -- Built-in Account — The built-in administrator account for the resources on the selected platform. - If multiple built-in administrator accounts are required, create a copy of the platform. For - Windows platforms, the built-in account is defined via the well-known SID (S-1-5-21\*-500). This - feature informs Netwrix Privilege Secure which account(s) to discover and onboard for a given - platform during its discovery process. -- Password Complexity Policy — The password complexity rules for managed accounts created on the - resources defined by the selected platform. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. -- Password Length — The number of characters required by the selected password policy -- Arrow icon — Show or Hide password policy details. Click the icon to display the password - complexity requirements of the selected password policy. -- Scheduled Change Policy — How often the credentials for a managed account are changed (credential - rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. -- Verification Schedule — How often to verify the credentials for managed accounts on the resources - defined by the selected platform. See the - [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on - managed accounts. -- Reset on Mismatch — When selected, this option will force a password rotation if the password - verification step finds that the existing password for an account does not match what Privilege - Secure expects. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md deleted file mode 100644 index f80d06f2c0..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md +++ /dev/null @@ -1,39 +0,0 @@ -# Microsoft Entra ID Platform Policy Configuration - -The Microsoft Entra ID (formerly Azure AD) menu displays the configuration options for Microsoft -Entra ID platforms. - -![Azure AD Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/azuread.webp) - -Details for the selected platform are displayed on the right side of the page. Below are the -configuration options for an Microsoft Entra ID Platform. - -- Name — Displays the name of the policy -- Description — Description of the policy -- Built-in Account — The built-in administrator account for the resources on the selected platform. - If multiple built-in administrator accounts are required, create a copy of the platform. For - Windows platforms, the built-in account is defined via the well-known SID (S-1-5-21\*-500). This - feature informs Netwrix Privilege Secure which account(s) to discover and onboard for a given - platform during its discovery process. -- Password Complexity Policy — The password complexity rules for managed accounts created on the - resources defined by the selected platform. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. -- Password Length — The number of characters required by the selected password policy -- Arrow icon — Show or Hide password policy details. Click the icon to display the password - complexity requirements of the selected password policy. -- Scheduled Change Policy — How often the credentials for a managed account are changed (credential - rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. -- Scan Schedule — How often to perform a host scan on the resources defined by the selected platform - (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from - the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). -- Verification Schedule — How often to verify the credentials for managed accounts on the resources - defined by the selected platform. See the - [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on - managed accounts. -- Reset on Mismatch — When selected, this option will force a password rotation if the password - verification step finds that the existing password for an account does not match what Privilege - Secure expects. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md deleted file mode 100644 index 02a2e50794..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md +++ /dev/null @@ -1,40 +0,0 @@ -# Linux Platform Policy Configuration - -The Linux menu displays the configuration options for Linux platforms. - -![Linux Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.webp) - -Details for the selected platform are displayed on the right side of the page. Below are the -configuration options for a Linux Platform. - -- Name — Displays the name of the policy -- Description — Description of the policy -- Built-in Account — The built-in administrator account for the resources on the selected platform. - If multiple built-in administrator accounts are required, create a copy of the platform. For - Windows platforms, the built-in account is defined via the well-known SID (S-1-5-21\*-500). This - feature informs Netwrix Privilege Secure which account(s) to discover and onboard for a given - platform during its discovery process. -- Password Complexity Policy — The password complexity rules for managed accounts created on the - resources defined by the selected platform. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. -- Password Length — The number of characters required by the selected password policy -- Arrow icon — Show or Hide password policy details. Click the icon to display the password - complexity requirements of the selected password policy. -- Protection Policy Schedule — How often the Protection Policy is run. See the - [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md) topic for additional information. -- Scheduled Change Policy — How often the credentials for a managed account are changed (credential - rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. -- Scan Schedule — How often to perform a host scan on the resources defined by the selected platform - (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from - the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). -- Verification Schedule — How often to verify the credentials for managed accounts on the resources - defined by the selected platform. See the - [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on - managed accounts. -- Reset on Mismatch — When selected, this option will force a password rotation if the password - verification step finds that the existing password for an account does not match what Privilege - Secure expects. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md deleted file mode 100644 index 69545e5811..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md +++ /dev/null @@ -1,42 +0,0 @@ -# Platforms Page - -The Platforms page is accessible from the Navigation pane under Policies. The menu on the left -displays all the supported platform types and previously configured platforms. This allows -administrators to apply default configurations across all resources defined by that platform type. - -![Platforms Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.webp) - -The pane on the left side of the page displays a list of the configured platforms. The pane has the -following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Copy icon — Create a new platform based on the current selection. Icon appears when platform is - hovered over. This is intended to cover use cases where the built-in account differs from the - norm. -- Trashcan icon — Deletes the platform. Icon appears when policy is hovered over and is only - available for duplicated platforms. A confirmation window will display. - -Default platforms include: - -- Active Directory — See the [Active Directory Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md) - topic for additional information on configuration options -- Microsoft Entra ID (formerly Azure AD) — See the - [Microsoft Entra ID Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md) topic for additional information on - configuration options -- Cisco — See the [Cisco Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/cisco.md) topic for additional information - on configuration options -- Linux — See the [Linux Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md) topic for additional information - on configuration options -- Microsoft SQL Server — See the [Microsoft SQL Server Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/mssql.md) - topic for additional information on configuration options -- Oracle — See the [Oracle Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md) topic for additional - information on configuration options -- Secret Vault — See the [Secret Vault Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/secretvault.md) topic for - additional information on configuration options -- Website — See the [Web Site Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/website.md) topic for additional - information on configuration options -- Windows — See the [Windows Platform Policy Configuration](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md) topic for additional - information on configuration options - -See the Configure a Platform Policy topic for additional information on adding a Platform Policy. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/secretvault.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/secretvault.md deleted file mode 100644 index 4b0911c54b..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/secretvault.md +++ /dev/null @@ -1,14 +0,0 @@ -# Secret Vault Platform Policy Configuration - -The Secrete Vault menu displays the configuration options for Windows platforms. - -![Secret Vault Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/secretvault.webp) - -Details for the selected platform are displayed on the right side of the page. Below are the -configuration options for a Secret Vault Platform. - -- Name — Displays the name of the policy -- Description — Description of the policy - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/website.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/website.md deleted file mode 100644 index 4d1243a080..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/website.md +++ /dev/null @@ -1,14 +0,0 @@ -# Web Site Platform Policy Configuration - -The Web Site menu displays the configuration options for Web Site platforms. - -![Website Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/website.webp) - -Details for the selected platform are displayed on the right side of the page. Below are the -configuration options for a Website Platform. - -- Name — Displays the name of the policy -- Description — Description of the policy - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md deleted file mode 100644 index fbb5f45bab..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md +++ /dev/null @@ -1,40 +0,0 @@ -# Windows Platform Policy Configuration - -The Windows menu displays the configuration options for Windows platforms. - -![Windows Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.webp) - -Details for the selected platform are displayed on the right side of the page. Below are the -configuration options for a Windows Platform. - -- Name — Displays the name of the policy -- Description — Description of the policy -- Built-in Account (Allows custom entries) — The built-in administrator account for the resources on - the selected platform. If multiple built-in administrator accounts are required, create a copy of - the platform. For Windows platforms, the built-in account is defined via the well-known SID - (S-1-5-21\*-500). This feature informs Netwrix Privilege Secure which account(s) to discover and - onboard for a given platform during its discovery process. -- Password Complexity Policy — The password complexity rules for managed accounts created on the - resources defined by the selected platform. See the - [Password Complexity Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md) topic for additional information. -- Password Length — The number of characters required by the selected password policy -- Arrow icon — Show or Hide password policy details. Click the icon to display the password - complexity requirements of the selected password policy. -- Protection Policy Schedule — How often the Protection Policy is run. See the - [Protection Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md) topic for additional information. -- Scheduled Change Policy — How often the credentials for a managed account are changed (credential - rotation). See the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) and - [Schedule Policies Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md) topic for additional information. -- Scan Schedule — How often to perform a host scan on the resources defined by the selected platform - (local users, groups, windows services and scheduled tasks). This scan can also be run ad-hoc from - the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). -- Verification Schedule — How often to verify the credentials for managed accounts on the resources - defined by the selected platform. See the - [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md) topic for additional information on - managed accounts. -- Reset on Mismatch — When selected, this option will force a password rotation if the password - verification step finds that the existing password for an account does not match what Privilege - Secure expects. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md deleted file mode 100644 index 1f45806fba..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md +++ /dev/null @@ -1,82 +0,0 @@ -# Resources Page - -The Resources page shows information for onboarded resources, such as active and scheduled sessions, -policies, and service accounts for the host resources and domain resources that have been added to -the console. The Resources page displays the same information as the -[Resources Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md). - -![Resources page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resourcespage.webp) - -The Resources table has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: - - - Type— Filter by the type of resource: All, Host, Domain, Website, Azure AD, Secret Vault, or - Database. The drop-down menu the definition for each Type icon used in the table. - -- Add — Opens a list of available resources to add. The Add list contains the following options: - - - New Server — Opens the Add Resources window to onboard new servers. See the - [Add Resources Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcesonboard.md) topic for additional - information. - - New Domain — Opens the Domain Details page for a new domain. See the - [Add New Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/domain.md) topic for additional information. - - New Website — Opens the Website Details page for a new website. See the - [Add New Website](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/website.md) topic for additional information. - - New Microsoft Entra ID (formerly Azure AD) Tenant — Opens the Microsoft Entra ID Tenant - Details page for a new tenant. See the - [Add New Microsoft Entra ID Tenant](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/entraidtenant.md) topic for additional information. - - New Secret Vault — Opens the Secret Vault Details page for a new vault. See the - [Add Secret Vault](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/secretvault.md) topic for additional information. - - New Database — Opens the Databse Details page for a new database. See the - [Add New Database](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/database.md)topic for additional information. - -- Remove — Removes the selected resource from being managed by the application. A confirmation - window will display. See the [Remove Resource Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/removeresource.md) topic - for additional information. -- Change Platform — Opens the Change Platform window to modify the type of platform for the selected - host resource. See the [Change Platform Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeplatform.md) topic for - additional information. -- Change Service Account — Opens the Change Service Account window to modify the service account - associated with the selected host resource. See the - [Change Service Account Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/changeserviceaccount.md) topic for additional - information. -- Scan Resource — Scans a host resource for local users, groups, windows services, and scheduled - tasks. A confirmation window will display.. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic - for additional information. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Type — Icon indicates the type of object -- Resource — Displays the name of the resource. Click the link to view additional details. The - details vary based on the type of resource. - - - [Host Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/host.md) - - [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) - - [Website Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/website.md) - - [Microsoft Entra ID Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/entraid.md) - - [Secret Vault Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/secretvault.md) - - [Database Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databases.md) - -- Operating System — Displays the operating system of the resource -- Active — Displays the number of active sessions on the resource -- Scheduled — Displays the number of sessions scheduled for the resource -- Access Policies — Displays the number of access policies associated with the resource -- Protection Policies — Displays the number of protection policies associated with the resource -- DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource -- IP Address — Displays the IP address for the resource -- Domain — Displays the domain name for the resource. Click the link to view additional details. See - the [Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) topic for additional information. -- Service Account — Displays the service account associated with the resource. Click the link to - view additional details. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. -- Platform — Displays the type of platform, which defines the resource. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information. -- Last Scanned — Date timestamp for the last time the resource was scanned - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md deleted file mode 100644 index 1ea66a8cc6..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagement.md +++ /dev/null @@ -1,25 +0,0 @@ -# Role Management Page - -The Role Management page is accessible from the Navigation pane under Users & Group. It provides -details on all available roles for Privilege Secure users. There are default roles, and custom roles -can be created. - -![rolemanagementpage](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/rolemanagementpage.webp) - -The pane on the left side of the page displays a list of the configured roles. This pane has the -following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Blue + button — Create a new role. See the [Add Custom Role](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/customrole.md) for additional - information. -- Copy icon — Clones a role and adds a new entry to the Role list -- Trashcan icon — Deletes the access policy. Icon appears when policy is hovered over. A - confirmation window will display. - -**NOTE:** The default Administrator, User, and Reviewer roles cannot be copied, deleted, or -modified. Only custom roles can be copied, deleted, or modified. - -The details that display the main pane vary based on the type of role selected. See the -[Default Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementdefault.md) and the -[Custom Role Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/rolemanagementcustom.md) topics for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/activities.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/activities.md deleted file mode 100644 index e05f9bbb7c..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/activities.md +++ /dev/null @@ -1,26 +0,0 @@ -# Activities Tab for Credential Based Access Policies - -The Activities tab shows the activities associated with the selected access policy. Only the -Credential Release activity is associated with a Credential Based Access Policy. - -![Credential based resource Activities tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/activitiestabcredentials.webp) - -The Activities tab has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Type— Provides options to filter results based on a chosen criterion: - - - All — Displays all activity for users and groups - - Activity — Displays user activity - - Activity Group — Displays group activity - -- Refresh — Reload the information displayed - -The table has the following columns: - -- Name — Displays the name of the activity -- Type — Classification of the activity -- Description — Description of the policy - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md deleted file mode 100644 index 1d6e6f56fb..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md +++ /dev/null @@ -1,32 +0,0 @@ -# Credentials Tab for Credential Based Access Policies - -The Credentials tab shows credentials associated with the selected Credential Based access policy. - -![Credential based policy credential tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/accesspolicycredentialstab.webp) - -The Credentials table has the following features: - -- Add — Opens the Add Credentials window. See the - [Add Credentials Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md) topic for additional - information. -- Remove — Removes the selected item from being associated with the policy -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Type— Provides options to filter results based on a chosen criterion: - - - All — Displays all credentials for users and groups - - Credential — Displays user credentials - - Credential Group — Displays group credentials - -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Name — Name of the account or credential group -- Type — Icon indicates the type of object -- Resource — Name of the resource that the account is on -- Operating System — Displays the operating system of the resource -- Active Session Count — Displays the number of active sessions on the resource - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/users.md deleted file mode 100644 index 2efe589e06..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/users.md +++ /dev/null @@ -1,45 +0,0 @@ -# Users Tab for Credential Based Access Policies - -The Users tab shows the users and groups associated with the selected access policy. - -![Credential based policy users tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/userstabcredentials.webp) - -The Users tab has the following features: - -- Add — Opens the Add Users and Groups window. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for additional - information. -- Remove — Removes the selected item from being associated with the policy -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Type — Provides options to filter results based on a chosen criterion: - - - All — Displays all individual and group types - - User — Displays user types - - Group — Displays group types - - Application — Displays application types - - Collection — Displays collection types - - Local User — Displays local user types - -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Expand — Click the expand () icon to show additional information about the activities and - resources authorized for the selected user or group -- Name — Displays the name of the account. Click the link to view additional details.See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for - additional information. -- Email — Displays the associated email address, if available -- User Name — Displays the sAMAccountName for the account -- Type — Icon indicates the type of object -- Certified — Indicates the access entitlement for the user or group. See the - [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md) topic for - additional information. - - - Approved — Access entitlements have been approved - - Denied — Access entitlements have been revoked - - Incomplete — No access entitlement review has been completed - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md deleted file mode 100644 index 6c67fb461f..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md +++ /dev/null @@ -1,23 +0,0 @@ -# Resources Tab for Protection Policies - -The Resources tab shows the resources associated with the selected protection policy. - -![Protection policy resources tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.webp) - -The Resources table has the following features: - -- Add — Opens the Add Resources window. See the - [Add Resources Window for Protected Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/protectionpolicies/addresources.md) topic - for additional information. -- Remove — Removes the selected item from being associated with the policy - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Name — Displays the name of the resource. Click the link to view additional details. The details - vary based on the type of resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) topic for - additional information. -- DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource -- Operating System — Displays the operating system of the resource - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md deleted file mode 100644 index ea313336f6..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activities.md +++ /dev/null @@ -1,31 +0,0 @@ -# Activities Tab for Resource Based Access Policies - -The Activities tab shows the activities associated with the selected access policy. - -![Activities Tab for Resource based Policies](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/activitiestab.webp) - -The Activities tab has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Type— Provides options to filter results based on a chosen criterion: - - - All — Displays all activity for users and groups - - Activity — Displays user activity - - Activity Group — Displays group activity - -- Add — Opens the Add Activities and Activity Groups window. See the - [Add Activities and Activity Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addactivitiesandactivitygroups.md) - topic for additional information. -- Remove — Removes the selected item from being associated with the policy -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Name — Displays the name of the activity . Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. -- Type — Classification of the activity. Click the link to view additional details. -- Description — Description of the policy - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resources.md deleted file mode 100644 index a0802fd46f..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resources.md +++ /dev/null @@ -1,34 +0,0 @@ -# Resources Tab for Resource Based Access Policies - -The Resources tab shows the resources associated with the selected access policy. - -![Resource based policy resources tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/resourcestab.webp) - -The Resources table has the following features: - -- Add — Opens the Add Resources and Resource Groups window. See the - [Add Resources and Resource Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addresourcesandresourcegroups.md) - topic for additional information. -- Remove — Removes the selected item from being associated with the policy -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: - - - All — Displays all individual and group types - - Resource — Displays individual types - - Resource Group — Displays group types - -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Name — Displays the name of the resource. Click the link to view additional details. The details - vary based on the type of resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) topic for - additional information. -- Type — Icon indicates the type of object -- DNS Host Name — Displays the DNS host name for a host resource or the FQDN for a domain resource -- Operating System — Displays the operating system of the resource -- Active Session Count — Displays the number of active sessions on the resource - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md deleted file mode 100644 index 7afb5df91a..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md +++ /dev/null @@ -1,45 +0,0 @@ -# Users Tab for Resource Based Access Policies - -The Users tab shows the users and groups associated with the selected access policy. - -![Resource based policy users tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/userstab.webp) - -The Users tab has the following features: - -- Add — Opens the Add Users and Groups window. See the - [Add Users & Groups Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addusersandgroups.md) topic for additional - information. -- Remove — Removes the selected item from being associated with the policy -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Type — Provides options to filter results based on a chosen criterion: - - - All — Displays all individual and group types - - User — Displays user types - - Group — Displays group types - - Application — Displays application types - - Collection — Displays collection types - - Local User — Displays local user types - -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Expand — Click the expand () icon to show additional information about the activities and - resources authorized for the selected user or group -- Name — Displays the name of the account. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for - additional information. -- Email — Displays the associated email address, if available -- User Name — Displays the sAMAccountName for the account -- Type — Icon indicates the type of object -- Certified — Indicates the access entitlement for the user or group. See the - [Access Certification Page](/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md) topic for - additional information. - - - Approved — Access entitlements have been approved - - Denied — Access entitlements have been revoked - - Incomplete — No access entitlement review has been completed - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/databases.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/databases.md deleted file mode 100644 index cd65e00c27..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/resources/databases.md +++ /dev/null @@ -1,18 +0,0 @@ -# Databases Tab - -The Databases tab shows information about the server database on the selected resource. - -![Database Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databasedetailspage.webp) - -The Databases tab has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. - -The table has the following columns: - -- Database Name — Displays the name of the database -- Members — List of accounts with group membership -- Status — Shows status information for the database - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authentication.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authentication.md deleted file mode 100644 index 93635d4208..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authentication.md +++ /dev/null @@ -1,21 +0,0 @@ -# Authentication Tab - -The Authentication tab for applications shows authentication information about the application. - -![Authentication Tab for Application User](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/applicationauthenticationtab.webp) - -The tab displays the following information: - -- Certificate Serial Number — The serial number of the client certificate used to authenticate the - application. The certificate should be signed by a Certificate Authority (CA). Ensure the - certificate is trusted by IIS by adding the CA trusted root certificate to the Trusted Root - Certification Authorities on the Privilege Secure server. -- API Key — The unique key used as part of Application authentication. The API key has the following - icons: - - - Copy — Copies the value to the clipboard. Only available when the API Key is visible. - - Reveal / Hide — Shows or hides value - - Regenerate — Generates a new API key. Only the current API key is valid. - -If any of these settings are modified, Save and Cancel buttons are displayed. Click **Save** to -commit the modifications. Click **Cancel** to discard the modifications. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authenticationconnector.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authenticationconnector.md deleted file mode 100644 index 8e065964ac..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/authenticationconnector.md +++ /dev/null @@ -1,36 +0,0 @@ -# Authentication Connector Tab - -The Authentication Connector tab for a user or group shows the type of multi-factor authentication -(MFA) being used for the selected user or group. The settings on this tab determine the options -displayed on the login page for the user. - -The list is populated from the previously configured authentication connectors on the -Authentications page. See the [Authentication Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/authentication.md) -topic for additional information. - -![Users Authentication Connector Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userauthenticationtab.webp) - -Select the method of authentication for the user or group: - -- Internal MFA — User will be prompted using the internal MFA when signing into the Privilege Secure - console -- Duo (and other RADIUS profile values) — RADIUS profile that will be used for MFA when the user - signs into the Privilege Secure console -- Duo SAML — SAML profile that will be used for MFA when the user signs into the Privilege Secure - console -- Not Required — No multi-factor authentication is required for the user. Login only requires a user - name and password. Intended for users who access Privilege Secure over a VPN where MFA has already - been leveraged. - - **CAUTION:** Disabling multi-factor authentication can create a significant security - vulnerability. - -The following information determines which MFA method has priority: - -- If the user is a member of an Active Directory group that has a different RADIUS profile, the - group assignment will take precedence over the Internal MFA setting on the user. -- If the user MFA setting is for a RADIUS profile, the User assignment will take precedence over any - group RADIUS profile setting. -- If the user is a member of multiple Active Directory groups, each having different RADIUS - profiles, the user assignment will be determined by the alphabetical order of the RADIUS profile - name. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/history.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/history.md deleted file mode 100644 index 8c1d5109fd..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/history.md +++ /dev/null @@ -1,31 +0,0 @@ -# History Tab - -The History tab shows information about the session history of the selected user, group, or -application. - -![History Tab for Application User](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userhistorytab.webp) - -The History tab has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Status — Shows status information for the session: - - - Information — Session was successful and row contains details - - Error — Session had an error and row contains details - -- Time — Date timestamp for when the event occurred -- User— Displays the name of the account. Click the link to view additional details. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) topic for - additional information. -- Access Policy — Displays the number of access policies associated -- Event Message — Description of the event -- Session ID — Unique identifier for the session - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/policies.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/policies.md deleted file mode 100644 index c4d871f79e..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/policies.md +++ /dev/null @@ -1,28 +0,0 @@ -# Policies Tab - -The Policies tab shows information about the session policies for the selected user, group, or -application. - -![Policies Tab for Application Users](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/userpoliciestab.webp) - -The Policies tab has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Add — Opens the Add Account to Policies window. See - [Add Account to Policies Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addaccounttopolicies.md) topic for - additional information. -- Remove — Removes the selected item from being associated with the user group, or application -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Name — Displays the name of the policy. Click the link to view additional details. See the - [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for additional information. -- Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. -- Last Session — Date and timestamp for the last time the user used that activity and policy. This - column is only on the User Details page. - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/properties.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/properties.md deleted file mode 100644 index 593875e810..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/properties.md +++ /dev/null @@ -1,14 +0,0 @@ -# Properties Tab - -The Properties Tab enables Privilege Secure administrators to provide additional metadata for the -application according to the use case. - -![Properties Tab for Application User](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/applicationpropertiestab.webp) - -The Properties tab has the following fields: - -- Display Name — Displays the name of the application -- Department — Displays the associated department, if available -- Email — Displays the associated email address, if available -- SamAccountName — Displays the sAMAccountName for the account -- User Principal Name — Displays the UPN value for the account diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/sessions.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/sessions.md deleted file mode 100644 index 20da3e8263..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/sessions.md +++ /dev/null @@ -1,49 +0,0 @@ -# Sessions Tab - -The Sessions tab shows information about the sessions of the selected user, group, or application. - -![Sessions Tab for Application Users](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/usersgroups/usersessionstab.webp) - -The Sessions tab has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- End Session — Cancel the selected session(s) -- View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/sessionlogs.md) topic for additional information. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Requested — Date and time of when the session was created -- User — Displays the account used to log onto the resource -- Host — Resource that the user will run the activity on. The details vary based on the type of - resource. See the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) topic for additional information. -- Start — Indicates when the activity started. This refers to when the activity’s actions were - executed and not when the user was logged on to the resource. -- End — Indicates when the session is scheduled to end the activity, which is determined by the - start time plus the maximum session duration set by the access policy Connection Profile -- Status — Shows status information for the session: - - - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to - the login account - - Complete — Activity either reached the end of its scheduled end time or was canceled early by - the requestor - - Waiting for Approval — The session requires approval to begin. See the Approvals Dashboard - topic for additional information. - - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the Start Activity Session topic for additional information. - - Failed — Pre-Session stage of the Activity has encountered an error - - Approval Failed — Approval request has encountered an error - - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. - Direct log-in is detected by polling the Resource at regular intervals and may not update - immediately. - - Canceling — The session is either expired or was canceled manually by the user or an Privilege - Secure administrator. - - Locked — The session has been locked by an Privilege Secure administrator. See the - [Lock Session](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/locksession.md) topic for additional information. - -- Activity — Displays the name of the activity. Click the link to view additional details. See the - [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md deleted file mode 100644 index 4923e80d40..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md +++ /dev/null @@ -1,63 +0,0 @@ -# Add Credentials Window - -The Add Credentials window provides a list of Credentials that have been onboarded. Credentials are -onboarded in the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md). - -![Add credentials window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.webp) - -The window has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: All, Credential or - Credential Group -- Available Credentials and Groups — Shows all available credentials and credential groups -- Credentials And Groups to Add — Shows selected credentials and credential groups -- Add — Adds modifications and closes window -- Cancel — Discards modifications and closes the window - -Both tables have the following columns: - -- Checkbox — Check to select one or more items -- Name — Displays the name of the credential -- Type — Icon indicates the type of object -- Resource — Displays the name of the resource -- Operating System — Displays the operating system of the resource -- Active Session Count — Displays the number of active sessions - -## Add Credentials to an Access Policy - -Follow the steps to add credentials to the selected access policy. - -**Step 1 –** Navigate to the Policy > Access Policies page. - -**Step 2 –** In the Access Policy list, select the name of the access policy and select the -Credentials tab. - -**Step 3 –** Click Add to open the Add Credentials window. - -The Add Credentials window has the following features: - -- Search – Searches the Name and Operating System columns to match the search string. When matches - are found, both tables are filtered to the matching results. -- Available Credentials and Groups– Shows all Credentials and Groups that have been added to the - console -- Credentials and Groups to Add – Shows the Credentials and Groups to be added to the protection - policy -- Column headers can be sorted in ascending or descending order - - - Name – The name of the credential - - Type – The type of credential, individual or group - - Resource – Name of the domain - - Operating System – Operating System of resource - - Active Session Count – Number of active sessions - -**Step 4 –** \_(Optional)\_Toggle between Credentials or Credential Groups. - -**Step 5 –** To add a credential to the access policy, click a row in the Available Credentials -table and it is immediately moved to the Credentials to Add table. - -**Step 6 –** Click Add to add the credential(s) to the access policy. - -The new credential(s) are added to the access policy and are shown in the -[Credentials Tab for Credential Based Access Policies](/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policycredentials/credentials.md). diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/addcredentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/addcredentials.md deleted file mode 100644 index 1e143568bb..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/addcredentials.md +++ /dev/null @@ -1,113 +0,0 @@ -# Add Credentials Window - -The Add Credentials window provides a list of Credentials that have been onboarded and are not -already present in the collection. Credentials are onboarded in the -[Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md). - -![Add Credentials Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentials.webp) - -The window has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: Internal, Standard, and - Service -- Available Credentials — Shows all accounts available for credential management -- Credentials to Add — Shows selected credentials -- Add button — Closes the window - -Both tables have the following columns: - -- Checkbox — Check to select one or more items -- Account — Name of the account -- Resource — Name of the resource that the account is on -- Platform — Displays the type of platform, which defines the resource -- Method — Indicates how the account is managed: - - - Automatic — Credential rotation is managed by Privilege Secure according to the change policy - for that platform type. See the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for - additional information. - - Manual — Credential rotation must be initiated manually with the Rotate Service Account - button, or the credential must be manually updated on both the resource and in Privilege - Secure. See the [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) - section for information on updating credentials for Internal service accounts. - - Not Managed — Not currently managed by Privilege Secure and no credentials have ever been - stored - - **NOTE:** See the [Rotation Methods](/docs/privilegesecure/4.2/accessmanagement/admin/policy/credentialrotationmethod.md) topic for additional - information. - -- Managed Type — Type of managed account: - - - Standard — Local or domain user account, including managed users created by activity sessions - - Internal — Internal service account used by Privilege Secure with no dependencies. See the - [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) topic for additional - information. - - Service — Local or domain service account with one or more dependencies. Includes Internal - service accounts with one or more dependencies. - -- Dependents — Number of scheduled tasks or Windows services using this account -- Password Changed — Date timestamp for the last time the password was rotated -- Age — Number of days since the last credential rotation or from when the password was first - created -- Status — Indicates if the account credentials have been verified by Privilege Secure. See the - [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md) topic for additional information on configuring - a verification schedule. - - - Unspecified — Verification check has not run - - Verified — Confirmed the credentials match the value stored in Privilege Secure - - Mismatch — Credentials do not match the value stored in Privilege Secure. This status only - appears when the Reset on Mismatch option is not enabled. - - Changed — Credentials were successfully updated to match the value stored in Privilege Secure. - This status only appears when the Reset on Mismatch option is enabled. - - Failed — Attempt to update the credentials to match the value stored in Privilege Secure was - unsuccessful. This status only appears when the Reset on Mismatch option is enabled. - -- Last Checked — Date timestamp of the last verification check -- Next Change — Date timestamp for the next credential password rotation - -## Add Credentials to a Credential Group - -Follow the steps to add credentials to a credential group. - -**Step 1 –** Navigate to the **Policy** > **Credentials** > Credential Groups page. - -**Step 2 –** In the Credential Groups list, select the name of the credential group. - -**Step 3 –** In the Credential Groups table, click Add Credentials. - -**Step 4 –** Filter by **Internal**, **Standard**, or **Service**, and use the Search feature. - -**Step 5 –** To add a credential to the group, click the checkbox in the Available Credentials -table. - -**Step 6 –** (Optional) Click the checkbox in the Credentials to Add table to move it back to the -Available Credentials table. - -**Step 7 –** Click Add to add the credential(s) to the group. - -The new credentials are added to the applicable group. - -## Add Credentials to a Policy Override - -Follow the steps to add credentials to a Credential Policy Override. In order for an account to be -added to add credentials window, a credential must be managed with a method of **Automatic**. Only -one account can be added to a Credential Policy Override at a time. See the -[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) topic for additional -information. - -**Step 1 –** Navigate to the **Policy** > **Credentials** > Credential Groups page. - -**Step 2 –** In the Credential Groups list, select the name of the credential policy override. - -**Step 3 –** In the Credential Policy Override table, click Add Credentials. - -**Step 4 –** To add a credential to the policy override, click the checkbox in the Available -Credentials table. - -**Step 5 –** (Optional) Click the checkbox in the Credentials to Add table to move it back to the -Available Credentials table. - -**Step 6 –** Click Add to add the credential(s) to the policy override. - -The new credentials are added to the applicable Credential Policy Override. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/producttour.md b/docs/privilegesecure/4.2/accessmanagement/admin/producttour.md deleted file mode 100644 index 4b5a36b0b8..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/admin/producttour.md +++ /dev/null @@ -1,16 +0,0 @@ -# Product Tour - -New users now experience a product tour on first login. Standard users and users with the Privilege -Secure administrator role are walked through features that are relevant to their role. - -![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) - -At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By -default, the tour will not display on next login unless the **Do not display again** checkbox is -unchecked. - -The product tour may be re-started at any time via the user menu. - -![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) - -See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/admin/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/sessiontimeout.md b/docs/privilegesecure/4.2/accessmanagement/admin/sessiontimeout.md index 7eb5e0639b..fc9b635a5b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/sessiontimeout.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/sessiontimeout.md @@ -1,8 +1,14 @@ +--- +title: "Session Timeout" +description: "Session Timeout" +sidebar_position: 10 +--- + # Session Timeout For security reasons, the Privilege Secure Console automatically logs out the user after 10 minutes of inactivity. A Session Timeout warning message displays after 5 minutes.![Session time out window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp)If the timeout message displays, click Stay Logged In to continue using the console.See the -[Global Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettings.md) topic for additional information on +[Global Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/globalsettings.md) topic for additional information on changing the UI idle timeout settings. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md b/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md index b548b638e1..c69daec0b8 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 80 +--- + # Troubleshooting The purpose of this section is to detail solutions to common problems when using the Netwrix @@ -9,7 +15,7 @@ The Enablement Toolkit is a utility that offers a GUI for common testing scenari troubleshooting the application. The Toolkit is available to download as a .zip file from the Privilege Secure installer's Extras -folder. See the [Install Components & Methods](/docs/privilegesecure/4.2/accessmanagement/install/components.md) topic for additional +folder. See the [Install Components & Methods](/docs/privilegesecure/4.2/accessmanagement/install/components/components.md) topic for additional information. ## Prerequisites @@ -141,7 +147,7 @@ Follow the steps below to obtain a certificate thumbprint. **Step 6 –** Navigate to **Configuration** > **System Settings** > **Global Settings**. **Step 7 –** Paste the thumbprint in the Certificate Thumbprint field of the Netwrix Privilege -Secure console. See the [Global Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettings.md) topic for +Secure console. See the [Global Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/systemsettingspages/globalsettings.md) topic for additional information. **Step 8 –** Click **Save**. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/_category_.json new file mode 100644 index 0000000000..f946957ded --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Privilege Secure End User Overview", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/access/createsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/access/createsession.md deleted file mode 100644 index a576c5cbb2..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/access/createsession.md +++ /dev/null @@ -1,49 +0,0 @@ -# Create My Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Select an **Activity** to expand the session ribbon. - -![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) - -**Step 2 –** Click **Create Session** to start a new activity session. - -- If an Activity is assigned to a single resource, the Activity card will display the name of the - resource; selecting **Create Session** from the session ribbon will immediately start the - Activity. -- If the Activity is assigned to more than one resource, the Activity card will display the number - of resources; selecting **Create Session** from the session ribbon will open the Configure Session - window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. - -![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) - -**Step 3 –** Enter the following information: - -- If the Activity is a member of more than one Access Policy, the Access Policy field will change to - a drop-down selection. Based the resources assigned to the selected access policy, the list of - resources will change in the table. -- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should - be optional or mandatory for the session in the related Connection Profile) -- Select the resources required for the Activity session. Use the **Search** field to filter the - resource list. -- Click **Start Session** to start the provisioning process. - -![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) - -**NOTE:** If an approval is required, the Waiting for approval message will display until it has -been granted. - -![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) - -**Step 4 –** When provisioned, an activity session will display an Available status with a green -icon. Click **Available** to launch the session. - -- The contextual menu (…) to the top right of the active session card contains options to stop an - active session and to copy/view the login account password, if enabled in the related Connection - Profile. -- All sessions may be managed via the Dashboard interface, and the My Activities interface - interchangeably. - -Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivities.md deleted file mode 100644 index 423b27e17f..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivities.md +++ /dev/null @@ -1,21 +0,0 @@ -# My Activities Page - -The Access > My Activities page displays activities mapped to the user as individual cards, -organized alphabetically or by Access Policy. - -![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) - -To access the My Activities page, open the Access interface. If there is only a single activity card -present on this page that activity will open automatically. - -Activities may be sorted in alphabetical order (the default) or organized into groups according to -Access Policy. Duplicate activities will be automatically grouped into a single card on this -interface. In the modal for provisioning the session, the user can still select from the multiple -Access Policies that are duplicating their access to the activity. - -An Activity may appear in more than one Access Policy group if the Activity is a member of more than -one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by -the resource list of the Access Policy. - -To create an Activity Session, click the **plus** button to begin. See the -[Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/_category_.json new file mode 100644 index 0000000000..62458164f7 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Browser Extension App", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "browserextension" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextension.md b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextension.md index a9f97f3a79..f124c0a5e8 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextension.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextension.md @@ -1,3 +1,9 @@ +--- +title: "Browser Extension App" +description: "Browser Extension App" +sidebar_position: 50 +--- + # Browser Extension App The browser extension allows users to use Privilege Secure to login and launch web sessions directly diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface.md b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface.md deleted file mode 100644 index 5a88678ce5..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface.md +++ /dev/null @@ -1,66 +0,0 @@ -# Browser Extension Interface - -The browser extension interface can be launched at any time with the Netwrix Privilege Secure icon -in the browser. See the [Log Into the Privilege Secure Console](/docs/privilegesecure/4.2/accessmanagement/admin/login.md) topic for -additional information. - -![browserextensioninterface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensioninterface.webp) - -The browser interface has 3 tabs: - -- Activities Tab for the Browser Extension -- Current Tab for Browser Extension -- Settings Tab for Browser Extension - -## Activities Tab for the Browser Extension - -The Activities tab displays all website activities mapped to the user via the Privilege Secure -Access Policies. See the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) topic for -additional information. - -![Browser extension Activities tab](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensionactivities.webp) - -The Activities tab has the following features: - -- - / - buttons (top right) — Expand or collapse all Resource Activities -- Resources list — Shows all resources mapped to the user via an access policy. Click a Resource to - expand it and show associated Activities. - - - Activities — Click an Activity to start an Activity Session. See the - [Start Web Session](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/startwebsession.md) topic for additional information. - - Favorite icon — Click the favorite icon to move the Activity to the top of the list. - - Settings icon — Click to open the browser extension settings - - Session icon — If a session is active, the following icons are shown (see the - [Start Web Session](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/startwebsession.md) topic for additional information): - - - Green icon – Select to launch the web session - - Red icon – Select to end the current web session - -## Current Tab for Browser Extension - -The Current tab displays any website activity matching the current URL in the browser. - -![Browser Extension Current tab](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensioncurrenttab.webp) - -The Current tab shows the resource that matches the current URL at the top, with all of the -activities available for that resource expanded. It has the following features: - -- Activities — Click an Activity to start an Activity Session. See the - [Start Web Session](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/startwebsession.md) topic for additional information. -- Favorite icon — Click the favorite icon to move the Activity to the top of the list. -- Settings icon — Click to open the browser extension settings - -## Settings Tab for Browser Extension - -Configure basic settings for the browser extension. For additional settings, log in to the Privilege -Secure Console. - -![Browser Extension Settings Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensionsettings.webp) - -The Settings tab has the following features: - -- End web sessions automatically — If selected, Activities will automatically close if there are no - active web sessions in any tab -- Delete RDP files after 1 day — If selected, temp files downloaded into the download folder as part - of Privilege Secure RDP sessions will be removed after 1 day -- Logout button — Logout of the browser extension diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/_category_.json new file mode 100644 index 0000000000..b8ae53d607 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Browser Extension Interface", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "interface" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/endwebsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/endwebsession.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/endwebsession.md rename to docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/endwebsession.md index b005230f77..ad3cb6350e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/endwebsession.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/endwebsession.md @@ -1,3 +1,9 @@ +--- +title: "End Web Session" +description: "End Web Session" +sidebar_position: 20 +--- + # End Web Session If the web session needs to be ended before the remaining time for the session has expired, clicking diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/interface.md b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/interface.md new file mode 100644 index 0000000000..7d9da5ffb6 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/interface.md @@ -0,0 +1,72 @@ +--- +title: "Browser Extension Interface" +description: "Browser Extension Interface" +sidebar_position: 10 +--- + +# Browser Extension Interface + +The browser extension interface can be launched at any time with the Netwrix Privilege Secure icon +in the browser. See the [Log Into the Privilege Secure Console](/docs/privilegesecure/4.2/accessmanagement/install/login.md) topic for +additional information. + +![browserextensioninterface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensioninterface.webp) + +The browser interface has 3 tabs: + +- Activities Tab for the Browser Extension +- Current Tab for Browser Extension +- Settings Tab for Browser Extension + +## Activities Tab for the Browser Extension + +The Activities tab displays all website activities mapped to the user via the Privilege Secure +Access Policies. See the [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) topic for +additional information. + +![Browser extension Activities tab](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensionactivities.webp) + +The Activities tab has the following features: + +- - / - buttons (top right) — Expand or collapse all Resource Activities +- Resources list — Shows all resources mapped to the user via an access policy. Click a Resource to + expand it and show associated Activities. + + - Activities — Click an Activity to start an Activity Session. See the + [Start Web Session](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/startwebsession.md) topic for additional information. + - Favorite icon — Click the favorite icon to move the Activity to the top of the list. + - Settings icon — Click to open the browser extension settings + - Session icon — If a session is active, the following icons are shown (see the + [Start Web Session](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/startwebsession.md) topic for additional information): + + - Green icon – Select to launch the web session + - Red icon – Select to end the current web session + +## Current Tab for Browser Extension + +The Current tab displays any website activity matching the current URL in the browser. + +![Browser Extension Current tab](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensioncurrenttab.webp) + +The Current tab shows the resource that matches the current URL at the top, with all of the +activities available for that resource expanded. It has the following features: + +- Activities — Click an Activity to start an Activity Session. See the + [Start Web Session](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/startwebsession.md) topic for additional information. +- Favorite icon — Click the favorite icon to move the Activity to the top of the list. +- Settings icon — Click to open the browser extension settings + +## Settings Tab for Browser Extension + +Configure basic settings for the browser extension. For additional settings, log in to the Privilege +Secure Console. + +![Browser Extension Settings Tab](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextensionsettings.webp) + +The Settings tab has the following features: + +- End web sessions automatically — If selected, Activities will automatically close if there are no + active web sessions in any tab +- Delete RDP files after 1 day — If selected, temp files downloaded into the download folder as part + of Privilege Secure RDP sessions will be removed after 1 day +- Logout button — Logout of the browser extension diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/startwebsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/startwebsession.md similarity index 92% rename from docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/startwebsession.md rename to docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/startwebsession.md index 3ec6087af9..7fa7d89933 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/startwebsession.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/startwebsession.md @@ -1,3 +1,9 @@ +--- +title: "Start Web Session" +description: "Start Web Session" +sidebar_position: 10 +--- + # Start Web Session Follow the steps to start a web activity session. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/_category_.json new file mode 100644 index 0000000000..165a877747 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dashboard Interface", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active.md deleted file mode 100644 index 40cfa3b88d..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active.md +++ /dev/null @@ -1,50 +0,0 @@ -# Active Dashboard - -The Active sessions dashboard shows all currently active sessions. Create an Activity Session to -grant temporary privileges and gain access to the resources defined by a previously created Access -Policy. - -![End User Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) - -The Active Sessions table has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Create Session — Open the Activity Request window. See the - [Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/access/createsession.md) topic for additional information. -- End Session — Cancel the selected session(s) -- View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.md) topic for additional information. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Expand icon — Click the expand () icon to show additional information for the session -- Status — Shows status information for the session: - - - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to - the login account - - Waiting for Approval — The session requires approval to begin. See the - [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvals.md) topic for additional information. - - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md) topic for additional - information. - - Failed — Pre-Session stage of the Activity has encountered an error - - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. - Direct log-in is detected by polling the Resource at regular intervals and may not update - immediately. - - Canceling — The session is either expired or was canceled manually by the user or an Privilege - Secure administrator. - - Locked — The session has been locked by an Privilege Secure administrator - -- Requested — Date and time of when the session was created -- Host — Resource that the user will run the activity on -- Login Account — Displays the account used to log onto the resource -- Activity — Displays the name of the activity. -- Start — Indicates when the activity started. This refers to when the activity’s actions were - executed and not when the user was logged on to the resource. -- End — Indicates when the session is scheduled to end the activity, which is determined by the - start time plus the maximum session duration set by the access policy Connection Profile - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/_category_.json new file mode 100644 index 0000000000..6268b523eb --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Dashboard", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "active" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/active.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/active.md new file mode 100644 index 0000000000..dd3c5d846e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/active.md @@ -0,0 +1,56 @@ +--- +title: "Active Dashboard" +description: "Active Dashboard" +sidebar_position: 10 +--- + +# Active Dashboard + +The Active sessions dashboard shows all currently active sessions. Create an Activity Session to +grant temporary privileges and gain access to the resources defined by a previously created Access +Policy. + +![End User Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +The Active Sessions table has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Create Session — Open the Activity Request window. See the + [Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/createsession.md) topic for additional information. +- End Session — Cancel the selected session(s) +- View Logs — Opens the Session Logs window to view the action log for the selected session. See the + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/sessionlogs.md) topic for additional information. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Expand icon — Click the expand () icon to show additional information for the session +- Status — Shows status information for the session: + + - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to + the login account + - Waiting for Approval — The session requires approval to begin. See the + [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvals.md) topic for additional information. + - Available — The activity session is ready. Click the icon to begin the session, or log in + through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md) topic for additional + information. + - Failed — Pre-Session stage of the Activity has encountered an error + - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. + Direct log-in is detected by polling the Resource at regular intervals and may not update + immediately. + - Canceling — The session is either expired or was canceled manually by the user or an Privilege + Secure administrator. + - Locked — The session has been locked by an Privilege Secure administrator + +- Requested — Date and time of when the session was created +- Host — Resource that the user will run the activity on +- Login Account — Displays the account used to log onto the resource +- Activity — Displays the name of the activity. +- Start — Indicates when the activity started. This refers to when the activity’s actions were + executed and not when the user was logged on to the resource. +- End — Indicates when the session is scheduled to end the activity, which is determined by the + start time plus the maximum session duration set by the access policy Connection Profile + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md new file mode 100644 index 0000000000..460a0a346c --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md @@ -0,0 +1,62 @@ +--- +title: "Create Activity Session" +description: "Create Activity Session" +sidebar_position: 10 +--- + +# Create Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Navigate to the Dashboard > Active page. + +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: + +- Select Activity – Search for and select an activity from the drop-down list + +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: + +- Select the resource(s) from the table +- (Optional) Click View Selections to view all selected resources + +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: + +- Notes for this session +- Ticket number for this session + +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: + +- Select Now or enter a desired date and time to begin the session + +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. + +**Step 12 –** Click Finish to create the session. + +The new session is created and is shown in the applicable dashboard in the Dashboard interface. If +approval is required, the status Waiting for Approval is shown. The requester cannot log in to the +session until the request is approved and the status changes to Available. + +When the status Available is shown, the remote session is ready. Click the Connection icon to begin +the session, or log in through a client. + +See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/_category_.json new file mode 100644 index 0000000000..9086ef23ea --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Start Activity Session", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "startsession" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/configure/rdcmanager.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/rdcmanager.md similarity index 97% rename from docs/privilegesecure/4.2/accessmanagement/enduser/configure/rdcmanager.md rename to docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/rdcmanager.md index 134195eeb0..88b256ee20 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/configure/rdcmanager.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/rdcmanager.md @@ -1,3 +1,9 @@ +--- +title: "Configure DirectConnect for Remote Desktop Connection" +description: "Configure DirectConnect for Remote Desktop Connection" +sidebar_position: 10 +--- + # Configure DirectConnect for Remote Desktop Connection The Netwrix Privilege Secure proxy service can be used to launch DirectConnect sessions via diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/sessionlogs.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/sessionlogs.md new file mode 100644 index 0000000000..40a240dfa6 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/sessionlogs.md @@ -0,0 +1,41 @@ +--- +title: "Session Logs Window" +description: "Session Logs Window" +sidebar_position: 20 +--- + +# Session Logs Window + +The Session Logs window displays the log details for the selected session. Select a session from the +Active dashboard and click the View Logs button to open the Session Logs window. + +![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) + +The window has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: + + - Log Level — Filter by the message Status level: Debug, Info, Warn, or Error + - Requested date — Filter by session start and/or end dates + +- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's + default download folder. The file name indicates what table was exported. +- Action Service Version — Indicates the version of the Privilege Secure action service that ran the + activity +- Refresh — Reload the information displayed +- Okay — Click to close the window, which can also be closed with the X in the upper-right corner + +The table has the following columns: + +- Line — Indicates the order of the messages within the log +- DateTime — Date timestamp for when the message was recorded +- Status — Provides two details: + + - Icon — Indicates whether the action associated with the message was successful + - Log Level — Indicates message log level: Debug, Info, Warn, or Error + +- Message — Displays the logged details of the message + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md new file mode 100644 index 0000000000..4a8bf27fb5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md @@ -0,0 +1,54 @@ +--- +title: "Start Activity Session" +description: "Start Activity Session" +sidebar_position: 20 +--- + +# Start Activity Session + +On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. +To begin the activity session, click the Connection icon in the Status column for the applicable +session to be automatically connected to the resource. + +![Connecto to remote session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/remotesessionlaunch.webp) + +Also note the icons to view and copy the password for the session as plain text, if the option is +enabled in the access policy Connection Profiles. + +- Copy to Clipboard icon — Click to copy the password for the session as plain text. For + resource–based activities for end users, this is only available if enabled in the activity's + Access Policy. The password can always be viewed for credential–based activities. +- View Password icon — Click to view the password for the session as plain text. For resource–based + activities for end users, this is only available if enabled in the activity's Access Policy. The + password can always be viewed for credential–based activities. To view a password, select the Eye + icon. Users will have 20 seconds to view the password or copy it. +- Connection icon — Click the icon to begin the activity session. + +Alternatively, configure any RDP / SSH Manager for remote login, including: + +- PuTTY +- MobaXterm +- MS Remote Desktop Connection Manager +- MS Terminal Services Client (Remote Desktop) + +See the [Configure DirectConnect for Remote Desktop Connection](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/rdcmanager.md) topic +for additional information. + +## Session Extension + +Each session will remain active for a pre-configured amount of time based on the Connection Profile +being used with the Access Policy. Session extension options can be configured in the connection +profile that allow a session to be extended by the user, in increments. + +If Session Extension is enabled, the session extension option appears for users when the remaining +time is 5 minutes or less. + +**NOTE:** For NPS users with the Administrator role, session extension is always enabled. + +![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) + +For RDP, a pop-up message is displayed in the session window. + +![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) + +For SSH the user can extend by typing **Ctrl+X** when prompted. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvals.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvals.md index 04234618ee..02ad28481c 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvals.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvals.md @@ -1,3 +1,9 @@ +--- +title: "Approvals Dashboard" +description: "Approvals Dashboard" +sidebar_position: 30 +--- + # Approvals Dashboard The Approvals Dashboard displays requested sessions that require approval. Users and group members diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md deleted file mode 100644 index 24318dcbd8..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md +++ /dev/null @@ -1,56 +0,0 @@ -# Create Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Navigate to the Dashboard > Active page. - -**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. - -![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) - -**Step 3 –** On the Request Type page, enter the following information: - -- Select Activity – Search for and select an activity from the drop-down list - -**Step 4 –** Click Next to go to the Resource Selection page. - -![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) - -**Step 5 –** On the Resource Selection page, enter the following information: - -- Select the resource(s) from the table -- (Optional) Click View Selections to view all selected resources - -**Step 6 –** Click **Next** to go to the Notes page. - -![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) - -**Step 7 –** On the Notes page, enter the following information: - -- Notes for this session -- Ticket number for this session - -**Step 8 –** Click Next to go to the Scheduling page. - -![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) - -**Step 9 –** On the Scheduling page, enter the following information: - -- Select Now or enter a desired date and time to begin the session - -**Step 10 –** Click Next to go to the Review page. - -![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) - -**Step 11 –** On the Review page, review the summary of the new session. - -**Step 12 –** Click Finish to create the session. - -The new session is created and is shown in the applicable dashboard in the Dashboard interface. If -approval is required, the status Waiting for Approval is shown. The requester cannot log in to the -session until the request is approved and the status changes to Available. - -When the status Available is shown, the remote session is ready. Click the Connection icon to begin -the session, or log in through a client. - -See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md index 901baa0f84..97a5e8c677 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md @@ -1,3 +1,9 @@ +--- +title: "Historical Dashboard" +description: "Historical Dashboard" +sidebar_position: 40 +--- + # Historical Dashboard The Historical sessions dashboard shows all created sessions and their status. @@ -25,7 +31,7 @@ The table has the following columns: - Rocket icon — Launches the same session (same activity on the same resource with the same connection profile) for any historical session that is not a Credential-based session - View logs icon — Opens the Session Logs window to view the action log for the selected - session. See the [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.md) topic for additional + session. See the [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/sessionlogs.md) topic for additional information. - Requested — Date and time of when the session was created diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/overview.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/overview.md index 905009f917..5860959a7e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/overview.md @@ -1,3 +1,9 @@ +--- +title: "Dashboard Interface" +description: "Dashboard Interface" +sidebar_position: 40 +--- + # Dashboard Interface The Dashboard interface displays an overview of activity sessions, users, resources and related @@ -7,7 +13,7 @@ information. The overview section shows information for the following: -- Active Dashboard – Shows all currently active sessions. See the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active.md) +- Active Dashboard – Shows all currently active sessions. See the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/active.md) topic for additional information. - Scheduled Dashboard – Shows all scheduled sessions. See the [Scheduled Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduled.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduled.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduled.md index 2262744a98..b53b3512eb 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduled.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduled.md @@ -1,3 +1,9 @@ +--- +title: "Scheduled Dashboard" +description: "Scheduled Dashboard" +sidebar_position: 20 +--- + # Scheduled Dashboard The Scheduled sessions dashboard shows all scheduled sessions. @@ -9,7 +15,7 @@ The Scheduled Sessions table has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Create Session — Open the Activity Request window. See the - [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md) topic for additional information. + [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md) topic for additional information. - End Session — Cancel the selected session(s) - Refresh — Reload the information displayed @@ -24,7 +30,7 @@ The table has the following columns: - Waiting for Approval — The session requires approval to begin. See the [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvals.md) topic for additional information. - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md) topic for additional + through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/startsession/startsession.md) topic for additional information. - Failed — Pre-Session stage of the Activity has encountered an error - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md deleted file mode 100644 index bd43cc2829..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/startsession.md +++ /dev/null @@ -1,48 +0,0 @@ -# Start Activity Session - -On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. -To begin the activity session, click the Connection icon in the Status column for the applicable -session to be automatically connected to the resource. - -![Connecto to remote session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/remotesessionlaunch.webp) - -Also note the icons to view and copy the password for the session as plain text, if the option is -enabled in the access policy Connection Profiles. - -- Copy to Clipboard icon — Click to copy the password for the session as plain text. For - resource–based activities for end users, this is only available if enabled in the activity's - Access Policy. The password can always be viewed for credential–based activities. -- View Password icon — Click to view the password for the session as plain text. For resource–based - activities for end users, this is only available if enabled in the activity's Access Policy. The - password can always be viewed for credential–based activities. To view a password, select the Eye - icon. Users will have 20 seconds to view the password or copy it. -- Connection icon — Click the icon to begin the activity session. - -Alternatively, configure any RDP / SSH Manager for remote login, including: - -- PuTTY -- MobaXterm -- MS Remote Desktop Connection Manager -- MS Terminal Services Client (Remote Desktop) - -See the [Configure DirectConnect for Remote Desktop Connection](/docs/privilegesecure/4.2/accessmanagement/enduser/configure/rdcmanager.md) topic -for additional information. - -## Session Extension - -Each session will remain active for a pre-configured amount of time based on the Connection Profile -being used with the Access Policy. Session extension options can be configured in the connection -profile that allow a session to be extended by the user, in increments. - -If Session Extension is enabled, the session extension option appears for users when the remaining -time is 5 minutes or less. - -**NOTE:** For NPS users with the Administrator role, session extension is always enabled. - -![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) - -For RDP, a pop-up message is displayed in the session window. - -![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) - -For SSH the user can extend by typing **Ctrl+X** when prompted. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.md deleted file mode 100644 index 81e4c4102b..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.md +++ /dev/null @@ -1,35 +0,0 @@ -# Session Logs Window - -The Session Logs window displays the log details for the selected session. Select a session from the -Active dashboard and click the View Logs button to open the Session Logs window. - -![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) - -The window has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: - - - Log Level — Filter by the message Status level: Debug, Info, Warn, or Error - - Requested date — Filter by session start and/or end dates - -- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's - default download folder. The file name indicates what table was exported. -- Action Service Version — Indicates the version of the Privilege Secure action service that ran the - activity -- Refresh — Reload the information displayed -- Okay — Click to close the window, which can also be closed with the X in the upper-right corner - -The table has the following columns: - -- Line — Indicates the order of the messages within the log -- DateTime — Date timestamp for when the message was recorded -- Status — Provides two details: - - - Icon — Indicates whether the action associated with the message was successful - - Log Level — Indicates message log level: Debug, Info, Warn, or Error - -- Message — Displays the logged details of the message - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/_category_.json new file mode 100644 index 0000000000..9023698991 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "My Activities Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "myactivities" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/createsession.md b/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/createsession.md new file mode 100644 index 0000000000..5d380d9dc5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/createsession.md @@ -0,0 +1,55 @@ +--- +title: "Create My Activity Session" +description: "Create My Activity Session" +sidebar_position: 10 +--- + +# Create My Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. + +- If an Activity is assigned to a single resource, the Activity card will display the name of the + resource; selecting **Create Session** from the session ribbon will immediately start the + Activity. +- If the Activity is assigned to more than one resource, the Activity card will display the number + of resources; selecting **Create Session** from the session ribbon will open the Configure Session + window. +- **CAUTION:** If your license is expired and you can still log in, you will not be able to create + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: + +- If the Activity is a member of more than one Access Policy, the Access Policy field will change to + a drop-down selection. Based the resources assigned to the selected access policy, the list of + resources will change in the table. +- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should + be optional or mandatory for the session in the related Connection Profile) +- Select the resources required for the Activity session. Use the **Search** field to filter the + resource list. +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +icon. Click **Available** to launch the session. + +- The contextual menu (…) to the top right of the active session card contains options to stop an + active session and to copy/view the login account password, if enabled in the related Connection + Profile. +- All sessions may be managed via the Dashboard interface, and the My Activities interface + interchangeably. + +Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/myactivities.md new file mode 100644 index 0000000000..9cbd3d2b74 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/myactivities.md @@ -0,0 +1,27 @@ +--- +title: "My Activities Page" +description: "My Activities Page" +sidebar_position: 30 +--- + +# My Activities Page + +The Access > My Activities page displays activities mapped to the user as individual cards, +organized alphabetically or by Access Policy. + +![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +To access the My Activities page, open the Access interface. If there is only a single activity card +present on this page that activity will open automatically. + +Activities may be sorted in alphabetical order (the default) or organized into groups according to +Access Policy. Duplicate activities will be automatically grouped into a single card on this +interface. In the modal for provisioning the session, the user can still select from the multiple +Access Policies that are duplicating their access to the activity. + +An Activity may appear in more than one Access Policy group if the Activity is a member of more than +one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by +the resource list of the Access Policy. + +To create an Activity Session, click the **plus** button to begin. See the +[Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md deleted file mode 100644 index b2b1450249..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md +++ /dev/null @@ -1,92 +0,0 @@ -# Navigation - -At the top of the Privilege Secure Console lists available in interfaces and provides access to the -Help link and the User Menu: - -![End User Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/enduserdashboard.webp) - -The buttons have these functions: - -- Interfaces: - - - Access — Grants access to the My Activities page. Activities are be displayed as individual - cards, organized alphabetically or by Access Policy. See the - [My Activities Page](/docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivities.md) topic for additional. information. - - Dashboard — View summaries of recent activity logs and user sessions. See the - [Dashboard Interface](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/overview.md) topic for additional information. - -- Help — Opens the - [Netwrix Privilege Secure Documentation](https://helpcenter.netwrix.com/category/sbpam) in the in - another browser tab -- User Name — Click to open the drop-down menu: - - - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview - of Dark Mode. - - Product Tour — Re-starts walk-through of Privilege Secure features. See the - [Product Tour](/docs/privilegesecure/4.2/accessmanagement/enduser/producttour.md) topic for additional information. - - Logout — Signs the user out of the current session and opens the Login screen - - About — Shows version and license information for the console - -For reviewers there is a Navigation pane where the pages for the selected interface display. Use the -Menu button to the left of the logo to collapse / expand the Navigation pane. - -## Console Icons - -The Privilege Secure Console makes it easy to gather detailed information at a glance. The following -tables show the main icons: - -Interface Icons - -| Icon | Interface | -| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/myactivities.webp) | My Activities | -| ![dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard.webp) | Dashboard | -| ![policy](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/policy.webp) | Policy | -| ![users](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/users.webp) | Users & Groups | -| ![resources](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resources.webp) | Resources | -| ![credentials](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentials.webp) | Credentials | -| ![activities](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activities.webp) | Activities | -| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | -| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | -| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | - -Dashboard Icons - -| Icon | Session Data | -| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | -| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | -| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | -| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | -| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | -| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | -| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | - -Active Directory Icons - -| Icon | Object | -| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | -| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | -| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | -| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | -| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | -| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | -| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | -| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | -| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | -| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | -| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | -| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | - -Information Icons - -| Icon | Information | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | -| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | -| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | -| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | -| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | - -Hover over an icon anywhere within the console for its description. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/_category_.json b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/_category_.json new file mode 100644 index 0000000000..d5e9c7d277 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigation" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/navigation.md b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/navigation.md new file mode 100644 index 0000000000..c909a53887 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/navigation.md @@ -0,0 +1,98 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 20 +--- + +# Navigation + +At the top of the Privilege Secure Console lists available in interfaces and provides access to the +Help link and the User Menu: + +![End User Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/enduserdashboard.webp) + +The buttons have these functions: + +- Interfaces: + + - Access — Grants access to the My Activities page. Activities are be displayed as individual + cards, organized alphabetically or by Access Policy. See the + [My Activities Page](/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/myactivities.md) topic for additional. information. + - Dashboard — View summaries of recent activity logs and user sessions. See the + [Dashboard Interface](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/overview.md) topic for additional information. + +- Help — Opens the + [Netwrix Privilege Secure Documentation](https://helpcenter.netwrix.com/category/sbpam) in the in + another browser tab +- User Name — Click to open the drop-down menu: + + - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview + of Dark Mode. + - Product Tour — Re-starts walk-through of Privilege Secure features. See the + [Product Tour](/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/producttour.md) topic for additional information. + - Logout — Signs the user out of the current session and opens the Login screen + - About — Shows version and license information for the console + +For reviewers there is a Navigation pane where the pages for the selected interface display. Use the +Menu button to the left of the logo to collapse / expand the Navigation pane. + +## Console Icons + +The Privilege Secure Console makes it easy to gather detailed information at a glance. The following +tables show the main icons: + +Interface Icons + +| Icon | Interface | +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/policy.webp) | Policy | +| ![users](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentials.webp) | Credentials | +| ![activities](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Dashboard Icons + +| Icon | Session Data | +| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Active Directory Icons + +| Icon | Object | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Information Icons + +| Icon | Information | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Hover over an icon anywhere within the console for its description. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/producttour.md b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/producttour.md new file mode 100644 index 0000000000..1bfaeb4a69 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/producttour.md @@ -0,0 +1,22 @@ +--- +title: "Product Tour" +description: "Product Tour" +sidebar_position: 10 +--- + +# Product Tour + +New users now experience a product tour on first login. Standard users and users with the Privilege +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +default, the tour will not display on next login unless the **Do not display again** checkbox is +unchecked. + +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) + +See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/overview.md b/docs/privilegesecure/4.2/accessmanagement/enduser/overview.md index 76bab45cc0..d87758c869 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/overview.md @@ -1,3 +1,9 @@ +--- +title: "Privilege Secure End User Overview" +description: "Privilege Secure End User Overview" +sidebar_position: 60 +--- + # Privilege Secure End User Overview This topic and its subtopics are written for users who have been assigned as a Privilege Secure diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/producttour.md b/docs/privilegesecure/4.2/accessmanagement/enduser/producttour.md deleted file mode 100644 index b918a54fb5..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/producttour.md +++ /dev/null @@ -1,16 +0,0 @@ -# Product Tour - -New users now experience a product tour on first login. Standard users and users with the Privilege -Secure administrator role are walked through features that are relevant to their role. - -![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) - -At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By -default, the tour will not display on next login unless the **Do not display again** checkbox is -unchecked. - -The product tour may be re-started at any time via the user menu. - -![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) - -See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.md b/docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.md index 378f122429..3bd64beb32 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.md @@ -1,3 +1,9 @@ +--- +title: "Session Timeout" +description: "Session Timeout" +sidebar_position: 10 +--- + # Session Timeout For security reasons, the Privilege Secure Console automatically logs out the user after 10 minutes diff --git a/docs/privilegesecure/4.2/accessmanagement/gettingstarted.md b/docs/privilegesecure/4.2/accessmanagement/gettingstarted.md index 107ad74223..15a8f5eab9 100644 --- a/docs/privilegesecure/4.2/accessmanagement/gettingstarted.md +++ b/docs/privilegesecure/4.2/accessmanagement/gettingstarted.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 5 +--- + # Getting Started Once Privilege Secure is installed, complete the following configuration sections to enable users to @@ -15,14 +21,14 @@ Directory credentials: - Configure multi-factor authentication (MFA). See the [First Launch](/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md) topic for additional information. - Login to the Privilege Secure Console. See the - [Log Into the Privilege Secure Console](/docs/privilegesecure/4.2/accessmanagement/admin/login.md) topic for additional information. + [Log Into the Privilege Secure Console](/docs/privilegesecure/4.2/accessmanagement/install/login.md) topic for additional information. ## Update the License Netwrix Privilege Secure comes with a temporary 30-day license. Contact the organization’s Netwrix sales representative to purchase a license: -- Import the license file. See the [Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/importlicense.md) topic for +- Import the license file. See the [Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/importlicense.md) topic for additional information. Privilege Secure licensing is done according to user count. Any user who is provisioned access to @@ -34,9 +40,9 @@ regardless of role (Administrator, Reviewer, User, or Custom Role). Prior to using Privilege Secure, it is necessary to add the service accounts and domains that contain the users, groups and resources: -- [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/serviceaccounts.md) — Add the account credentials +- [Service Accounts Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/serviceaccounts/serviceaccounts.md) — Add the account credentials that will grant access to the required resources -- [Add New Domain](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/domain.md) — Add the Active Directory domains that contain the +- [Add New Domain](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/domain.md) — Add the Active Directory domains that contain the users, groups, resources and service accounts that Privilege Secure will use to grant access ## Add Users, Resources & Activities @@ -46,11 +52,11 @@ of an access policy to create a session. The access policy determines what activ perform and on what resources. An Access Policy consists of three parts that must be configured first: -- [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/usersgroups.md) — Add the Users and Groups from AD that +- [Users & Groups Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usersgroups.md) — Add the Users and Groups from AD that will use the Privilege Secure Console -- [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md) — Add the resources such as Windows or Linux +- [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/resources.md) — Add the resources such as Windows or Linux servers that the users will access via the Privilege Secure Console -- [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) — Add the actions that Privilege Secure will +- [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) — Add the actions that Privilege Secure will perform before, during and after a session, such as temporarily adding the user to a local admins group @@ -59,17 +65,17 @@ first: Once the users, groups and resources are added to the console, it is now possible to create access policies to control privileged access: -- [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) — Add the connection profile +- [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) — Add the connection profile that will be used with the access policy -- [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md) — Create the access policies to control +- [Access Policy Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy.md) — Create the access policies to control privileged access to resources ## Create Sessions Privilege Secure is configured and ready to use: -- [Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/access/createsession.md) — Create a session to grant +- [Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/myactivities/createsession.md) — Create a session to grant temporary privileges and gain access to the resources defined by the previously created access policy -- [Browser Extension Interface](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface.md) — Conveniently access all of +- [Browser Extension Interface](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/interface/interface.md) — Conveniently access all of your previously created activities from within an internet browser diff --git a/docs/privilegesecure/4.2/accessmanagement/install/_category_.json b/docs/privilegesecure/4.2/accessmanagement/install/_category_.json new file mode 100644 index 0000000000..f87e537fff --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/install/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/install/components.md b/docs/privilegesecure/4.2/accessmanagement/install/components.md deleted file mode 100644 index 4a07f05afa..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/install/components.md +++ /dev/null @@ -1,104 +0,0 @@ -# Install Components & Methods - -The `NPS.zip` file that can be downloaded from the Netwrix Customer portal contains the following: - -![Contents of the NPS.zip file download](/img/product_docs/privilegesecure/4.2/accessmanagement/install/npszip.webp) - -- NPS_Setup.exe – Opens the Netwrix Setup Launcher to install the Privilege Secure components: - - - Prerequisites Setup – Checks for prerequisites. If any are missing it downloads and installs - the missing components. - - PostgreSQL Setup – Installs the PostgreSQL database on the application server. - - **CAUTION:** The PostgreSQL database must be installed before installing the application. It - can be installed separately or through the Netwrix Setup Launcher. - - - Privilege Secure Setup – Installs the application - -- Pre-Reqs folder – Contains an application executable for installed the required version of - .NET Framework. By default, this installer is run as part of the Netwrix Setup Launcher. -- The Extras folder – Contains additional standalone installers: - - - Enablement Toolkit.exe – Installs a utility that offers a GUI for common testing scenarios - used when troubleshooting the application. See the - [Troubleshooting](/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md) topic for additional information. - - NPS.ActionService.exe – Installs the NPS Action Service nodes. By default, this service is - installed on the application server. This executable can be copied to other servers to install - the service. See the [Action Service Install](/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md) topic for additional - information. - - NPS.DbCfg.msi – Installs NPS Windows database configuration - - NPS.exe – Installs the Privilege Secure application. By default, this installer is run as part - of the Netwrix Setup Launcher. It installs the following components: - - - NPS Action Service - - NPS Email Service - - NPS License Service - - NPS Proxy Service - - NPS Scheduler Service - - Web Service - - **NOTE:** Use this installer if you are not using the Netwrix Setup Launcher. Run the - installer as an administrator and follow the - [Install Application](setuplauncher.md#install-application) instructions, starting with - Step 2. - - - NPS.HaMgr.exe – Installs the High Availability Management tool. If high availability setup is - desired, please coordinate with [Netwrix Support](https://www.netwrix.com/support.html) and - consult the - [How to Configure High Availability (HA) Using SbPAM.HaMgr.exe (now NPS.HaMgr.exe)](https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA04u0000000HfOCAU.html) - knowledge base article. - - NPS.ProxyService – Installs the NPS Proxy Service nodes. It is available as both an EXE and - MSI format. By default, this service is installed on the application server. This executable - can be copied to other servers to install the service. The MSI can be used with a software - deployment tool. See the [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md) topic for additional - information. - - NPS.SchedulerService.exe – Installs the NPS Scheduler Service nodes. By default, this service - is installed on the application server. This executable can be copied to other servers to - install the service. See the [Scheduler Service Install](/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md) topic for - additional information. - - NPS.SiemService.exe – Installs the NPS SIEM Service nodes. This executable can be copied to - other servers to install the service. See the SIEM Service Install topic for additional - information. - - NPS.TSMon.exe – Installs the Netwrix Privilege Secure Remote Desktop Service. This service is - used to monitor Windows events during an RDP session. See the - [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md) topic for - additional information. - - SbPAMPowershellModules.msi – Installs the Netwrix Privilege Secure PowerShell modules. These - modules allow for custom PowerShell scripting tasks to be run against the application API. - - **NOTE:** PowerShell 7.1 is a prerequisite to install these modules. - - - sbpam-url.exe – Installs the sbpam-url URL handler. This will automatically launch SSH - sessions from the browser in your preferred SSH client program. See the - [Invoking Desktop SSH Client Automatically](https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA04u0000004n11CAA.html) - Knowledge Base Article for additional information. - - SbPostgreSQL16.exe – Installs the PostgreSQL v16 database. By default, this installer is run - as part of the Netwrix Setup Launcher. It installs the following components: - - - postgresql-x64-16 service - - PostgreSQL directory and database - - **NOTE:** Use this installer if you are not using the Netwrix Setup Launcher. Run the - installer as an administrator and follow the - [Install PostgreSQL Database](setuplauncher.md#install-postgresql-database) instructions, - starting with Step 2. - -**_RECOMMENDED:_** Antivirus software should be disabled during the component installation. - -The Netwrix Setup Launcher checks for prerequisites and installs both the database and application -on the sames server. See the [Netwrix Setup Launcher](/docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md) topic for instructions. If -the desire is to install the database on a different server, use the appropriate EXE files from the -Extras folder. - -The application also has a silent installation option. When installing by command line, the -directory path is respected only when the installer is run in silent mode. See the -[Application Silent Installer Option](/docs/privilegesecure/4.2/accessmanagement/install/silent.md) topic for additional information. - -There is also a Browser Extension that can be installed for Privilege Secure users. See the -[Browser Extension App](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextension.md) topic for additional -information. - -_Remember,_ Privilege Secure licensing is done according to user count. Any user who is provisioned -access to Privilege Secure will consume a license after their first login. This is true for all -users, regardless of role (Administrator, Reviewer, User, or Custom Role). See -[Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/importlicense.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/components/_category_.json b/docs/privilegesecure/4.2/accessmanagement/install/components/_category_.json new file mode 100644 index 0000000000..14aea5d3a2 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/install/components/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Install Components & Methods", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "components" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/install/components/components.md b/docs/privilegesecure/4.2/accessmanagement/install/components/components.md new file mode 100644 index 0000000000..69d8a0ebd5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/install/components/components.md @@ -0,0 +1,110 @@ +--- +title: "Install Components & Methods" +description: "Install Components & Methods" +sidebar_position: 10 +--- + +# Install Components & Methods + +The `NPS.zip` file that can be downloaded from the Netwrix Customer portal contains the following: + +![Contents of the NPS.zip file download](/img/product_docs/privilegesecure/4.2/accessmanagement/install/npszip.webp) + +- NPS_Setup.exe – Opens the Netwrix Setup Launcher to install the Privilege Secure components: + + - Prerequisites Setup – Checks for prerequisites. If any are missing it downloads and installs + the missing components. + - PostgreSQL Setup – Installs the PostgreSQL database on the application server. + + **CAUTION:** The PostgreSQL database must be installed before installing the application. It + can be installed separately or through the Netwrix Setup Launcher. + + - Privilege Secure Setup – Installs the application + +- Pre-Reqs folder – Contains an application executable for installed the required version of + .NET Framework. By default, this installer is run as part of the Netwrix Setup Launcher. +- The Extras folder – Contains additional standalone installers: + + - Enablement Toolkit.exe – Installs a utility that offers a GUI for common testing scenarios + used when troubleshooting the application. See the + [Troubleshooting](/docs/privilegesecure/4.2/accessmanagement/admin/troubleshooting.md) topic for additional information. + - NPS.ActionService.exe – Installs the NPS Action Service nodes. By default, this service is + installed on the application server. This executable can be copied to other servers to install + the service. See the [Action Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/actionservice.md) topic for additional + information. + - NPS.DbCfg.msi – Installs NPS Windows database configuration + - NPS.exe – Installs the Privilege Secure application. By default, this installer is run as part + of the Netwrix Setup Launcher. It installs the following components: + + - NPS Action Service + - NPS Email Service + - NPS License Service + - NPS Proxy Service + - NPS Scheduler Service + - Web Service + + **NOTE:** Use this installer if you are not using the Netwrix Setup Launcher. Run the + installer as an administrator and follow the + [Install Application](setuplauncher.md#install-application) instructions, starting with + Step 2. + + - NPS.HaMgr.exe – Installs the High Availability Management tool. If high availability setup is + desired, please coordinate with [Netwrix Support](https://www.netwrix.com/support.html) and + consult the + [How to Configure High Availability (HA) Using SbPAM.HaMgr.exe (now NPS.HaMgr.exe)](https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA04u0000000HfOCAU.html) + knowledge base article. + - NPS.ProxyService – Installs the NPS Proxy Service nodes. It is available as both an EXE and + MSI format. By default, this service is installed on the application server. This executable + can be copied to other servers to install the service. The MSI can be used with a software + deployment tool. See the [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md) topic for additional + information. + - NPS.SchedulerService.exe – Installs the NPS Scheduler Service nodes. By default, this service + is installed on the application server. This executable can be copied to other servers to + install the service. See the [Scheduler Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/schedulerservice.md) topic for + additional information. + - NPS.SiemService.exe – Installs the NPS SIEM Service nodes. This executable can be copied to + other servers to install the service. See the SIEM Service Install topic for additional + information. + - NPS.TSMon.exe – Installs the Netwrix Privilege Secure Remote Desktop Service. This service is + used to monitor Windows events during an RDP session. See the + [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md) topic for + additional information. + - SbPAMPowershellModules.msi – Installs the Netwrix Privilege Secure PowerShell modules. These + modules allow for custom PowerShell scripting tasks to be run against the application API. + + **NOTE:** PowerShell 7.1 is a prerequisite to install these modules. + + - sbpam-url.exe – Installs the sbpam-url URL handler. This will automatically launch SSH + sessions from the browser in your preferred SSH client program. See the + [Invoking Desktop SSH Client Automatically](https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA04u0000004n11CAA.html) + Knowledge Base Article for additional information. + - SbPostgreSQL16.exe – Installs the PostgreSQL v16 database. By default, this installer is run + as part of the Netwrix Setup Launcher. It installs the following components: + + - postgresql-x64-16 service + - PostgreSQL directory and database + + **NOTE:** Use this installer if you are not using the Netwrix Setup Launcher. Run the + installer as an administrator and follow the + [Install PostgreSQL Database](setuplauncher.md#install-postgresql-database) instructions, + starting with Step 2. + +**_RECOMMENDED:_** Antivirus software should be disabled during the component installation. + +The Netwrix Setup Launcher checks for prerequisites and installs both the database and application +on the sames server. See the [Netwrix Setup Launcher](/docs/privilegesecure/4.2/accessmanagement/install/components/setuplauncher.md) topic for instructions. If +the desire is to install the database on a different server, use the appropriate EXE files from the +Extras folder. + +The application also has a silent installation option. When installing by command line, the +directory path is respected only when the installer is run in silent mode. See the +[Application Silent Installer Option](/docs/privilegesecure/4.2/accessmanagement/install/components/silent.md) topic for additional information. + +There is also a Browser Extension that can be installed for Privilege Secure users. See the +[Browser Extension App](/docs/privilegesecure/4.2/accessmanagement/enduser/browserextension/browserextension.md) topic for additional +information. + +_Remember,_ Privilege Secure licensing is done according to user count. Any user who is provisioned +access to Privilege Secure will consume a license after their first login. This is true for all +users, regardless of role (Administrator, Reviewer, User, or Custom Role). See +[Import the License File](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/importlicense.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md b/docs/privilegesecure/4.2/accessmanagement/install/components/setuplauncher.md similarity index 98% rename from docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md rename to docs/privilegesecure/4.2/accessmanagement/install/components/setuplauncher.md index 38d3696e42..0080105cc2 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/components/setuplauncher.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Setup Launcher" +description: "Netwrix Setup Launcher" +sidebar_position: 10 +--- + # Netwrix Setup Launcher **CAUTION:** The PostgreSQL database must be installed before installing the application. It can be diff --git a/docs/privilegesecure/4.2/accessmanagement/install/silent.md b/docs/privilegesecure/4.2/accessmanagement/install/components/silent.md similarity index 83% rename from docs/privilegesecure/4.2/accessmanagement/install/silent.md rename to docs/privilegesecure/4.2/accessmanagement/install/components/silent.md index c9ebb1338d..e8509bd8c9 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/silent.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/components/silent.md @@ -1,3 +1,9 @@ +--- +title: "Application Silent Installer Option" +description: "Application Silent Installer Option" +sidebar_position: 20 +--- + # Application Silent Installer Option Follow the steps to install the Privilege Secure application from the command prompt. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md b/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md index e9bdf4b7c4..7d20d57332 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md @@ -1,3 +1,9 @@ +--- +title: "First Launch" +description: "First Launch" +sidebar_position: 20 +--- + # First Launch Once the database and application are installed, the next step is to walk through the Setup Wizard. @@ -69,7 +75,7 @@ MFA provider. **NOTE:** MFA for this account can be done at a later time through the User details page. If that is desired, click Setup Later and skip to Step 6 of these instructions. The initial account will be set to Not Required MFA. See the - [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/usergroupapplication.md) + [User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for additional information. ![Setup Wizard on the Step 2 page displaying the recovery codes](/img/product_docs/privilegesecure/4.2/accessmanagement/install/authenticatorcodes.webp) @@ -120,7 +126,7 @@ click **Close**. When all tests are successful, the window and the Setup Wizard When the Setup Wizard closes, you are redirected to the My Activities interfacing . The activity created by the Setup Wizard, Activity Token for Domain Admin Access, is displayed. -Take a [Product Tour](/docs/privilegesecure/4.2/accessmanagement/admin/producttour.md) of the console or onboard more users and resources. +Take a [Product Tour](/docs/privilegesecure/4.2/accessmanagement/admin/navigation/producttour.md) of the console or onboard more users and resources. See the [Getting Started](/docs/privilegesecure/4.2/accessmanagement/gettingstarted.md) topic for additional information. ## Exit Wizard Early @@ -133,22 +139,22 @@ you exited from: Exit From Step 3 Page – Domain Service Account Navigate to the domain details page and add a new service account. See the -[Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) topic for additional information. +[Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) topic for additional information. Complete the onboarding process misses on the Step 4 and Step 5 pages. Exit From Step 4 Page – Active Directory Sync Navigate to the domain details page and click Synchronize Now. See the -[Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/domain.md) topic for additional information. +[Domain Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/detailspages/domain/domain.md) topic for additional information. Complete the onboarding process misses on the Step 4 and Step 5 pages. Exit From Step 5 Page – Onboard First Resource and Create Access Policy Navigate to the Resources page and add a new server. See the -[Add Resources Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresourcesonboard.md) topic for additional +[Add Resources Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/addandchange/addresourcesonboard/addresourcesonboard.md) topic for additional information. Navigate to the Access Policies page and create a new access policy. See the -[Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/accesspolicy.md) topic for additional information. +[Add Access Policy](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/accesspolicy_1.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/login.md b/docs/privilegesecure/4.2/accessmanagement/install/login.md new file mode 100644 index 0000000000..e18fcde5e7 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/install/login.md @@ -0,0 +1,74 @@ +--- +title: "Log Into the Privilege Secure Console" +description: "Log Into the Privilege Secure Console" +sidebar_position: 30 +--- + +# Log Into the Privilege Secure Console + +Once installation is complete, Privilege Secure is accessible locally on the default port: + +https://localhost:6500 + +Since Privilege Secure is a browser-based application, it is possible to access the web interface +remotely. In most environments, enter the URL for the host on which Privilege Secure is installed +into a supported browser address bar. For example, if Privilege Secure is installed on server +`ExampleServer01`, then the address is: + +https://ExampleServer01:6500 + +**NOTE:** This is the default port. If a custom port is configured, the address to the Privilege +Secure Console is: + +`https://ExampleServer01:[PortNumber]` + +Depending on the organization’s network environment, use the NetBIOS name, fully qualified domain +name (FQDN), or IP Address of the server in the browser. Also, access can be restricted through +firewalls. + +Users can still log in with an expired license. If a license is expired, and the login attempt does +not exceed the license count, users will still be able to log in. If a license is expired, and the +login attempt does exceed the license count, Privilege Secure will prevent the login. + +**CAUTION:** If your license is expired, and you can still log in, you will not be able to create +activity sessions or new users. + +Follow the steps to log in to the Privilege Secure Console. + +**Step 1 –** Open Privilege Secure in a browser window. The Login screen will show the +Authentication Connector that is set as the default. + +**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, +DUO, Symantec VIP, etc) for all user accounts unless otherwise configured in the Initial Set Up +Wizard. If required, first time users must register with an MFA to use with their login credentials. + +![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) + +**Step 2 –** Either click the default authentication connector button, or click **Log In with a +Different Account** to display all of the authentication connectors that are registered with +Privilege Secure. + +![Alternate Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/alternatelogin.webp) + +**Step 3 –** Login to the Privilege Secure Console with a configured authentication connector, or +enter the user credentials. + +**Step 4 –** Click Login to proceed. + +**Step 5 –** Enter the code provided by the registered multi-factor authenticator (MFA). + +![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/mfalogin.webp) + +**Step 6 –** Click MFA Login. The Privilege Secure Console opens on the Dashboard Interface. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +**NOTE:** After five incorrect login attempts, the user will be locked out of the account for five +minutes. Additional incorrect login attempts will extend this time by five minutes for each failed +login. See the +[User, Group, & Application Details Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/usersgroups/usergroupapplication/usergroupapplication.md) topic for +additional information on how to unlock an account. + +The Privilege Secure Console is ready to use. Note that the option to view the recovery codes is no +longer available after the initial login. From here, create Sessions and Access Policies, manage +Users and Resources, and review usage data. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/overview.md b/docs/privilegesecure/4.2/accessmanagement/install/overview.md index 809237f550..e49a6bff53 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/overview.md @@ -1,3 +1,9 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 30 +--- + # Installation These topics describes the installation and initial configuration process of Netwrix Privilege @@ -55,7 +61,7 @@ on activity: When a session begins, the service attaches to the session when it identifies the channel used by the Privilege Secure Proxy service and sends the Windows events back to the application. It specifically monitors what windows are opened and what menus are selected during an RDP session. - See the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md) topic for + See the [Install Remote Desktop Monitor Service on Target RDP Hosts](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md) topic for additional information. ## Single Privilege Secure Server diff --git a/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/_category_.json b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/_category_.json new file mode 100644 index 0000000000..83c3ef1db0 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Services On Additional Servers", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/actionservice.md similarity index 94% rename from docs/privilegesecure/4.2/accessmanagement/install/actionservice.md rename to docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/actionservice.md index f28087a852..a147c652fa 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/actionservice.md @@ -1,3 +1,9 @@ +--- +title: "Action Service Install" +description: "Action Service Install" +sidebar_position: 20 +--- + # Action Service Install The NPS Action Service is installed on the application server as part of Privilege Secure install. @@ -5,13 +11,13 @@ It can also be installed on additional servers. This provides the option to run different locations within an organization. The NPS Proxy Service installer is in the Extras folder of the ZIP file downloaded from the Netwrix -Customer portal. See the [Install Components & Methods](/docs/privilegesecure/4.2/accessmanagement/install/components.md) topic for additional +Customer portal. See the [Install Components & Methods](/docs/privilegesecure/4.2/accessmanagement/install/components/components.md) topic for additional information. **NOTE:** Before you begin, the NPS Proxy Service must be registered with a corresponding application server on the server you will be installing the Action Service prior to installation. The Proxy Service is installed as part of the Action Service installation package. See the -[Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md) topic for installation instructions. +[Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md) topic for installation instructions. Follow the steps to install the NPS Action Service on another server. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md similarity index 98% rename from docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md rename to docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md index 79eed5b63d..6fd571b57c 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md @@ -1,3 +1,9 @@ +--- +title: "Proxy Service Install" +description: "Proxy Service Install" +sidebar_position: 10 +--- + # Proxy Service Install Logging directly onto managed systems from desktops leaves artifacts that can be compromised and @@ -12,7 +18,7 @@ Service, the NPS Scheduler Service, and NPS SIEM Service. This provides the opt defined in the application from different locations within your organization. The NPS Proxy Service installer is in the Extras folder of the ZIP file downloaded from the Netwrix -Customer portal. See the [Install Components & Methods](/docs/privilegesecure/4.2/accessmanagement/install/components.md) topic for additional +Customer portal. See the [Install Components & Methods](/docs/privilegesecure/4.2/accessmanagement/install/components/components.md) topic for additional information. Follow the steps to install the NPS Proxy Service on another server that will run services for the diff --git a/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md similarity index 81% rename from docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md rename to docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md index 3ae441595c..6d7c6ceeb3 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/rdpmonitor.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/rdpmonitor.md @@ -1,3 +1,9 @@ +--- +title: "Install Remote Desktop Monitor Service on Target RDP Hosts" +description: "Install Remote Desktop Monitor Service on Target RDP Hosts" +sidebar_position: 40 +--- + # Install Remote Desktop Monitor Service on Target RDP Hosts The Netwrix Privilege Secure Remote Desktop Monitor service needs to be installed on the target host @@ -6,8 +12,8 @@ on the target host to install and enable this service. The EXE file is located of the Privilege Secure installation download ZIP file. The Windows event activity that occurs during an RDP session is then displayed and is searchable -within the [Live Session Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/liveviewer.md) and the -[Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md) with keystroke details, which are +within the [Live Session Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/active/liveviewer.md) and the +[Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md) with keystroke details, which are monitored and recorded without this service. Follow the steps to install the Remote Desktop Monitor service. @@ -36,5 +42,5 @@ The service is now listening for terminal services connections. **NOTE:** It is necessary for the Record Proxy Sessions option to be enabled on the connection profile for the associated access policy. See the -[Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) topic for additional +[Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/schedulerservice.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md rename to docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/schedulerservice.md index c8b4be72f8..9435824638 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/schedulerservice.md @@ -1,3 +1,9 @@ +--- +title: "Scheduler Service Install" +description: "Scheduler Service Install" +sidebar_position: 30 +--- + # Scheduler Service Install The Scheduler Service is installed with Privilege Secure and can also be installed remotely on other @@ -7,7 +13,7 @@ Privilege Secure Console installer. It is also available for download from the S if required. **NOTE:** Before you begin, the Proxy Service must be installed on any server running services for -Privilege Secure. See the [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md) topic for installation +Privilege Secure. See the [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md) topic for installation instructions. Follow the steps to install the Scheduler Service. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/upgrade.md b/docs/privilegesecure/4.2/accessmanagement/install/upgrade.md index a44f20ba5f..8c90001d43 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/upgrade.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/upgrade.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade Procedure" +description: "Upgrade Procedure" +sidebar_position: 50 +--- + # Upgrade Procedure This chapter describes the basic steps needed to upgrade Netwrix Privilege Secure. diff --git a/docs/privilegesecure/4.2/accessmanagement/overview.md b/docs/privilegesecure/4.2/accessmanagement/overview.md index b925a16745..a4cacb47d6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/overview.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Privilege Secure for Access Management v4.2 Documentation" +description: "Netwrix Privilege Secure for Access Management v4.2 Documentation" +sidebar_position: 10 +--- + # Netwrix Privilege Secure for Access Management v4.2 Documentation Netwrix Privilege Secure for Access Management enables administrators and help desk professionals to diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/_category_.json b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/_category_.json new file mode 100644 index 0000000000..4b0c7c2dec --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Remote Access Gateway", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/_category_.json b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/_category_.json new file mode 100644 index 0000000000..47e5a4a375 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "End User Overview", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/_category_.json b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/_category_.json new file mode 100644 index 0000000000..03daeb0a54 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dashboard Interface", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/_category_.json b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/_category_.json new file mode 100644 index 0000000000..6268b523eb --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Dashboard", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "active" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/active.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/active.md new file mode 100644 index 0000000000..dd8b1c4964 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/active.md @@ -0,0 +1,63 @@ +--- +title: "Active Dashboard" +description: "Active Dashboard" +sidebar_position: 10 +--- + +# Active Dashboard + +The Active sessions dashboard shows all currently active sessions. Create an Activity Session to +grant temporary privileges and gain access to the resources defined by an Access Policy created by +your administrator. + +![End User Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +The Active Sessions table has the following features: + +- Create Session — Open the Activity Request window. See the + [Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/createsession.md) topic for additional information. +- End Session — Cancel the selected session(s) +- View Logs — Opens the Session Logs window to view the action log for the selected session. +- Refresh — Reload the information displayed +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Resource Name — Searches the table or list for resources matching the search string + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Expand icon — Click the expand () icon to show additional information for the session +- Status — Shows status information for the session: + + - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to + the login account + - Waiting for Approval — The session requires approval to begin. See the + [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/approvals.md) topic for additional information. + - Available — The activity session is ready. Click the icon to begin the session, or log in + through a client. See the [Sessions Interface](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/sessions.md) topic for additional information. + - Failed — Pre-Session stage of the Activity has encountered an error + - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. + Direct log-in is detected by polling the Resource at regular intervals and may not update + immediately. + - Canceling — The session is either expired or was canceled manually by the user or an Privilege + Secure administrator. + - Locked — The session has been locked by an Privilege Secure administrator + +- Session icons — depending on how access has been configured, the following icons may be available + on an Available session: + + - Copy Username to Clipboard — Copies the managed user’s username + - Copy Password to Clipboard — Copies the managed user’s password + - View Password — Views the managed user’s password + - Launch Session — Launches a session in the Sessions tab + +- Requested — Date and time of when the session was created +- Host — Resource that the user will run the activity on +- Login Account — Displays the account used to log onto the resource +- Activity — Displays the name of the activity. +- Start — Indicates when the activity started. This refers to when the activity’s actions were + executed and not when the user was logged on to the resource. +- End — Indicates when the session is scheduled to end the activity, which is determined by the + start time plus the maximum session duration set by the access policy Connection Profile + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/createsession.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/createsession.md new file mode 100644 index 0000000000..2fe9278246 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/createsession.md @@ -0,0 +1,62 @@ +--- +title: "Create Activity Session" +description: "Create Activity Session" +sidebar_position: 10 +--- + +# Create Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Navigate to the Dashboard > Active page. + +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: + +- Select Activity – Search for and select an activity from the drop-down list + +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: + +- Select the resource(s) from the table +- (Optional) Click View Selections to view all selected resources + +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: + +- Notes for this session +- Ticket number for this session + +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: + +- Select Now or enter a desired date and time to begin the session + +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. + +**Step 12 –** Click Finish to create the session. + +The new session is created and is shown in the applicable dashboard in the Dashboard interface. If +approval is required, the status Waiting for Approval is shown. The requester cannot log in to the +session until the request is approved and the status changes to Available. + +When the status Available is shown, the remote session is ready. Click the Connection icon to begin +the session, or log in through a client. + +See the [Sessions Interface](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/sessions.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/approvals.md similarity index 95% rename from docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md rename to docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/approvals.md index ae0605e1cb..4bf231268c 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/approvals.md @@ -1,3 +1,9 @@ +--- +title: "Approvals Dashboard" +description: "Approvals Dashboard" +sidebar_position: 30 +--- + # Approvals Dashboard The Approvals Dashboard displays requested sessions that require approval. Users and group members diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/historical.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/historical.md new file mode 100644 index 0000000000..ecbc903f40 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/historical.md @@ -0,0 +1,54 @@ +--- +title: "Historical Dashboard" +description: "Historical Dashboard" +sidebar_position: 40 +--- + +# Historical Dashboard + +The Historical sessions dashboard shows all created sessions and their status. + +![historicaldashboardrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/historicaldashboardrag.webp) + +The Historical Sessions table has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: + + - Resource Name – Filter by Host value + - Requested date — Filter by session start and/or end dates + +- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's + default download folder. The file name indicates what table was exported. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Actions — Contains icons for available actions: + + - Expand icon — Click the expand () icon to show additional information + - Rocket icon — Launches the same session (same activity on the same resource with the same + connection profile) for any historical session that is not a Credential-based session + +- Requested — Date and time of when the session was created +- Status — Shows status information for the session: + + - Canceled — Activity was manually canceled before its scheduled end time by an Privilege Secure + administrator + - Failed — Pre-Session stage of the Activity has encountered an error + - Completed — Activity either reached the end of its scheduled end time or was canceled early by + the requestor + +- Session User— User who requested the session +- Host — Resource that the user will run the activity on +- Login Account — Displays the account used to log onto the resource +- Activity — Displays the name of the activity +- Start — Indicates when the activity started. This refers to when the activity’s actions were + executed and not when the user was logged on to the resource. +- Duration — Indicates how long the Activity ran for until it either reached its scheduled end time + or was manually canceled by the user or an Privilege Secure administrator +- Notes — Any notes that were entered when the session was created +- Ticket Number — Any ticket numbers that were entered when the session was created + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/overview.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/overview.md new file mode 100644 index 0000000000..f335cbc0e6 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/overview.md @@ -0,0 +1,25 @@ +--- +title: "Dashboard Interface" +description: "Dashboard Interface" +sidebar_position: 60 +--- + +# Dashboard Interface + +The Dashboard interface displays an overview of activity sessions, users, resources and related +information. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +The overview section shows information for the following: + +- Active Dashboard – Shows all currently active sessions. See the [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/active.md) + topic for additional information. +- Scheduled Dashboard – Shows all scheduled sessions. See the [Scheduled Dashboard](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/scheduled.md) + topic for additional information. +- Approvals Dashboard – Shows sessions waiting for approval. See the + [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/approvals.md) topic for additional information. +- Historical Dashboard – Shows previous sessions. See the [Historical Dashboard](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/historical.md) + topic for additional information. + +The table shows information on the selected activity session. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/scheduled.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/scheduled.md similarity index 81% rename from docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/scheduled.md rename to docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/scheduled.md index 255b6a00e6..263f40aa85 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/scheduled.md +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/scheduled.md @@ -1,3 +1,9 @@ +--- +title: "Scheduled Dashboard" +description: "Scheduled Dashboard" +sidebar_position: 20 +--- + # Scheduled Dashboard The Scheduled sessions dashboard shows all scheduled sessions. @@ -9,7 +15,7 @@ The Scheduled Sessions table has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Create Session — Open the Activity Request window. See the - [Create Activity Session](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/createsession.md) topic for additional information. + [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/active/createsession.md) topic for additional information. - End Session — Cancel the selected session(s) - Refresh — Reload the information displayed @@ -22,9 +28,9 @@ The table has the following columns: the login account - Pending — Session scheduled start time is still in the future, session is waiting to start - Waiting for Approval — The session requires approval to begin. See the - [Approvals Dashboard](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md) topic for additional information. + [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/approvals.md) topic for additional information. - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the [Sessions Interface](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessions.md) topic for additional information. + through a client. See the [Sessions Interface](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/sessions.md) topic for additional information. - Failed — Pre-Session stage of the Activity has encountered an error - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. Direct log-in is detected by polling the Resource at regular intervals and may not update diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/sessions.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/sessions.md new file mode 100644 index 0000000000..df17d836f4 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/sessions.md @@ -0,0 +1,38 @@ +--- +title: "Sessions Interface" +description: "Sessions Interface" +sidebar_position: 50 +--- + +# Sessions Interface + +On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. +To begin the activity session, click the Connection icon in the Status column for the applicable +session to be automatically connected to the resource. + +![startsessionrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/startsessionrag.webp) + +Clicking the **Session** icon via the Active Dashboard will launch a session on the Sessions tab. + +![sessionwindowrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessionwindowrag.webp) + +The Rec icon is displayed in the top right corner of the session to indicate that the Proxy Service +is recording the session. + +The following controls are available in the top right corner of the Sessions interface. + +- Resolution options: + + - Dynamic + - 1280x720 + - 1920x1080 + - 2560x1440 + - 3840x2160 + +- Ctrl+Alt+Delete — Sends a Ctrl+Alt+Delete command to the session +- Close — Closes the session + +![sessionstabrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessionstabrag.webp) + +Clicking on the **Sessions** tab will display a list of all available sessions and allow the user to +switch between sessions. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/login.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/login.md new file mode 100644 index 0000000000..3909b343f2 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/login.md @@ -0,0 +1,57 @@ +--- +title: "First Time Login" +description: "First Time Login" +sidebar_position: 10 +--- + +# First Time Login + +Remote Access Gateway users can access the portal via the URL provided by a Netwrix Privilege +Secure Administrator, for example: + +`https://[ExampleRagPortalIpAddress]` + +Follow the steps to log in to the Privilege Secure. + +**Step 1 –** Open the Remote Access Gateway in a browser window. The Login screen will show the +Authentication method that is set as the default. + +**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, +DUO, Symantec VIP, etc) for all user accounts unless otherwise configured by an Administrator. If +required, first time users must register with an MFA to use with their login credentials. + +**Step 2 –** Either click the default **Authentication Connector** button, or click **Log In with a +Different Account** to display all of the authentication connectors that are registered +with Privilege Secure. + +![loginrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/loginrag.webp) + +**Step 3 –** Login to the Remote Access Gateway using federated login, or entering the AD or NPS +local user credentials. (The method will depend on how the Remote Access Gateway has been configured +by your administrator). + +- When using an authentication connector, there's no 'username' or 'password' field for the user to + enter. Instead there's just a single button to login. + + ![mfaloginrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/mfaloginrag.webp) + +- Clicking the authentication connector will redirect the user to the IdP login screen, which will + log the user in (with whatever MFA is set up in the IdP) and then revert the user back to + the Privilege Secure dashboard once authenticated. Steps 4-7 will be skipped when using an IdP + login. + +**Step 4 –** Click Login to proceed. + +**Step 5 –** A QR code will be displayed to register with an authenticator application. + +**Step 6 –** Enter the code provided by the registered multi-factor authenticator (MFA). + +![authcoderag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/authcoderag.webp) + +**Step 7 –** Click **MFA Login**. Privilege Secure opens on the Access Interface. + +![accessdashboardrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/accessdashboardrag.webp) + +**Step 8 –** Once the authentication is complete, the Access dashboard is displayed. + +The Remote Access Gateway is ready to use. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/_category_.json b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/_category_.json new file mode 100644 index 0000000000..d134573ced --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "My Activities Page", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "myactivities" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/createsession.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/createsession.md new file mode 100644 index 0000000000..5d380d9dc5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/createsession.md @@ -0,0 +1,55 @@ +--- +title: "Create My Activity Session" +description: "Create My Activity Session" +sidebar_position: 10 +--- + +# Create My Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. + +- If an Activity is assigned to a single resource, the Activity card will display the name of the + resource; selecting **Create Session** from the session ribbon will immediately start the + Activity. +- If the Activity is assigned to more than one resource, the Activity card will display the number + of resources; selecting **Create Session** from the session ribbon will open the Configure Session + window. +- **CAUTION:** If your license is expired and you can still log in, you will not be able to create + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: + +- If the Activity is a member of more than one Access Policy, the Access Policy field will change to + a drop-down selection. Based the resources assigned to the selected access policy, the list of + resources will change in the table. +- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should + be optional or mandatory for the session in the related Connection Profile) +- Select the resources required for the Activity session. Use the **Search** field to filter the + resource list. +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +icon. Click **Available** to launch the session. + +- The contextual menu (…) to the top right of the active session card contains options to stop an + active session and to copy/view the login account password, if enabled in the related Connection + Profile. +- All sessions may be managed via the Dashboard interface, and the My Activities interface + interchangeably. + +Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/myactivities.md new file mode 100644 index 0000000000..b1dde993a8 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/myactivities.md @@ -0,0 +1,27 @@ +--- +title: "My Activities Page" +description: "My Activities Page" +sidebar_position: 50 +--- + +# My Activities Page + +The Access > My Activities page displays activities mapped to the user as individual cards, +organized alphabetically or by Access Policy. + +![myactivitiesrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/myactivitiesrag.webp) + +To access the My Activities page, open the Access interface. If there is only a single activity card +present on this page that activity will open automatically. + +Activities may be sorted in alphabetical order (the default) or organized into groups according to +Access Policy. Duplicate activities will be automatically grouped into a single card on this +interface. In the modal for provisioning the session, the user can still select from the multiple +Access Policies that are duplicating their access to the activity. + +An Activity may appear in more than one Access Policy group if the Activity is a member of more than +one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by +the resource list of the Access Policy. + +To create an Activity Session, click the **plus** button to begin. See the +[Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/createsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/navigation.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/navigation.md new file mode 100644 index 0000000000..ce4c61ccc7 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/navigation.md @@ -0,0 +1,34 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 30 +--- + +# Navigation + +At the top of the Privilege Secure Console lists available in interfaces and provides access to the +Help link and the User Menu: + +![End User Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/enduserdashboard.webp) + +The buttons have these functions: + +- Interfaces: + + - Access — Grants access to the My Activities page. Activities are be displayed as individual + cards, organized alphabetically or by Access Policy. See the + [My Activities Page](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/myactivities/myactivities.md) topic for additional information. + - Dashboard — View summaries of recent activity logs and user sessions. See the + [Dashboard Interface](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/dashboard/overview.md) topic for additional information. + +- Help — Opens the + [Netwrix Privilege Secure Documentation](https://helpcenter.netwrix.com/category/sbpam) in the in + another browser tab +- User Name — Click to open the drop-down menu: + + - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview + of Dark Mode. + - Product Tour — Re-starts walk-through of Privilege Secure features. See the + [Product Tour](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/producttour.md) topic for additional information. + - Logout — Signs the user out of the current session and opens the Login screen + - About — Shows version and license information for the console diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/overview.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/overview.md new file mode 100644 index 0000000000..74939ee60e --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/overview.md @@ -0,0 +1,16 @@ +--- +title: "End User Overview" +description: "End User Overview" +sidebar_position: 20 +--- + +# End User Overview + +This topic and its subtopics are written for users who have been assigned as a Remote Access +Gateway User. + +New users will need to go through the MFA registration process before they can log in. Privilege +Secure requires a multi-factor authentication (MFA) solution (Authenticator, DUO, Symantec VIP etc) +for all user accounts. Upon initial login, the user must complete MFA registration in order to +proceed with using Privilege Secure. It is recommended to check with the organization's +Administrators for login requirements. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/producttour.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/producttour.md new file mode 100644 index 0000000000..525f3b8bfd --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/producttour.md @@ -0,0 +1,22 @@ +--- +title: "Product Tour" +description: "Product Tour" +sidebar_position: 40 +--- + +# Product Tour + +New users now experience a product tour on first login. Standard users and users with the Privilege +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +default, the tour will not display on next login unless the **Do not display again** checkbox is +unchecked. + +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) + +See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/sessiontimeout.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/sessiontimeout.md similarity index 85% rename from docs/privilegesecure/4.2/remoteaccessgateway/enduser/sessiontimeout.md rename to docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/sessiontimeout.md index ba5de2475f..d2b320fbfd 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/sessiontimeout.md +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/enduser/sessiontimeout.md @@ -1,3 +1,9 @@ +--- +title: "Session Timeout" +description: "Session Timeout" +sidebar_position: 20 +--- + # Session Timeout For security reasons, the Remote Access Gateway automatically logs out the user after 20 minutes of diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/installsupport.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/installsupport.md new file mode 100644 index 0000000000..ad93643f50 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/installsupport.md @@ -0,0 +1,10 @@ +--- +title: "Installation Support" +description: "Installation Support" +sidebar_position: 10 +--- + +# Installation Support + +It is strongly recommended that a Netwrix engineer be involved in your RAG installation. Please +contact your account manager to arrange an installation. diff --git a/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/overview.md b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/overview.md new file mode 100644 index 0000000000..0a9c8d8420 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/remoteaccessgateway/overview.md @@ -0,0 +1,27 @@ +--- +title: "Remote Access Gateway" +description: "Remote Access Gateway" +sidebar_position: 10 +--- + +# Remote Access Gateway + +The Remote Access Gateway (RAG) may be added to any Netwrix Privilege Secure installation to +securely extend access to external users such as remote workers or third-party vendors. VPN-less +access is provided via web page with browser-based sessions for RDP and SSH. + +![architecture](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/architecture.webp) + +The RAG is made up of two components: + +RAG Portal + +A dedicated web server to be installed in the DMZ. This is the front-end of the solution for end +users and by default the website runs on HTTPS\443. The RAG Portal communicates with the RAG gateway +over HTTPS\443 + +RAG Gateway + +The gateway runs inside the corporate network and provides a bridge between the RAG Portal and the +Netwrix Privilege Secure installation. The RAG Gateway communicates to the Netwrix Privilege Secure +web service on port 6500 and the Proxy on 4489 and 4422 for RDP and SSH, respectively. diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/_category_.json b/docs/privilegesecure/4.2/accessmanagement/requirements/_category_.json new file mode 100644 index 0000000000..8a00596580 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/applicationserver.md b/docs/privilegesecure/4.2/accessmanagement/requirements/applicationserver.md index 0f3e54e637..9991b297a5 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/applicationserver.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/applicationserver.md @@ -1,3 +1,9 @@ +--- +title: "Application Server" +description: "Application Server" +sidebar_position: 10 +--- + # Application Server The requirements for the (Privilege Secure) application server are: diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/_category_.json b/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/_category_.json new file mode 100644 index 0000000000..fe70f44566 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "AWS Key Management Service", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "awskey" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/awskey.md b/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/awskey.md similarity index 97% rename from docs/privilegesecure/4.2/accessmanagement/requirements/awskey.md rename to docs/privilegesecure/4.2/accessmanagement/requirements/awskey/awskey.md index 3294dca746..110d660b91 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/awskey.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/awskey.md @@ -1,3 +1,9 @@ +--- +title: "AWS Key Management Service" +description: "AWS Key Management Service" +sidebar_position: 60 +--- + # AWS Key Management Service AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and @@ -195,5 +201,5 @@ checkbox. **Step 9 –** Review configuration and click **Save changes** to the NPS_KMS_Policy. The policy will now be limited to only the specified KMS key. The KMS is ready to be roated in -Privilege Secure. See the [AWS KMS Key Rotation](/docs/privilegesecure/4.2/accessmanagement/requirements/awskeyrotation.md) topic for additional +Privilege Secure. See the [AWS KMS Key Rotation](/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/awskeyrotation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/awskeyrotation.md b/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/awskeyrotation.md similarity index 95% rename from docs/privilegesecure/4.2/accessmanagement/requirements/awskeyrotation.md rename to docs/privilegesecure/4.2/accessmanagement/requirements/awskey/awskeyrotation.md index f7a53eb7c9..32c69d28b4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/awskeyrotation.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/awskey/awskeyrotation.md @@ -1,3 +1,9 @@ +--- +title: "AWS KMS Key Rotation" +description: "AWS KMS Key Rotation" +sidebar_position: 10 +--- + # AWS KMS Key Rotation Organizations using AWS Key Management Service (AWS KMS) can configure Netwrix Privilege Secure to diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/client.md b/docs/privilegesecure/4.2/accessmanagement/requirements/client.md index 4d9edecc03..ec230101ea 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/client.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/client.md @@ -1,3 +1,9 @@ +--- +title: "Client" +description: "Client" +sidebar_position: 20 +--- + # Client Privilege Secure is a web service which can be accessed locally or remotely if the server’s firewall diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/overview.md b/docs/privilegesecure/4.2/accessmanagement/requirements/overview.md index be5116bd13..3371ec6ed1 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/overview.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + # Requirements This document describes the recommended configuration of the servers needed to install this product diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/ports.md b/docs/privilegesecure/4.2/accessmanagement/requirements/ports.md index ebf88a1218..d3c6e33564 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/ports.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/ports.md @@ -1,3 +1,9 @@ +--- +title: "Ports" +description: "Ports" +sidebar_position: 50 +--- + # Ports Configure appropriate firewall rules to allow these connections to Privilege Secure. diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/proxyserver.md b/docs/privilegesecure/4.2/accessmanagement/requirements/proxyserver.md index 77c219d073..b1de205dda 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/proxyserver.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/proxyserver.md @@ -1,3 +1,9 @@ +--- +title: "Remote Service Node" +description: "Remote Service Node" +sidebar_position: 30 +--- + # Remote Service Node Privilege Secure supports a variety of RDP/SSH clients, including: @@ -36,6 +42,6 @@ Exclusions for Remote Services: See the following topics for specific installation instructions for remote services: -- [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md) -- [Action Service Install](/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md) -- [Scheduler Service Install](/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md) +- [Proxy Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/proxyservice.md) +- [Action Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/actionservice.md) +- [Scheduler Service Install](/docs/privilegesecure/4.2/accessmanagement/install/servicesonadditional/schedulerservice.md) diff --git a/docs/privilegesecure/4.2/accessmanagement/requirements/target.md b/docs/privilegesecure/4.2/accessmanagement/requirements/target.md index 2f6aeddfd8..52a2eeae38 100644 --- a/docs/privilegesecure/4.2/accessmanagement/requirements/target.md +++ b/docs/privilegesecure/4.2/accessmanagement/requirements/target.md @@ -1,3 +1,9 @@ +--- +title: "Target Environments" +description: "Target Environments" +sidebar_position: 40 +--- + # Target Environments Netwrix Privilege Secure supports management of the following target environments: diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/_category_.json b/docs/privilegesecure/4.2/accessmanagement/revieweruser/_category_.json new file mode 100644 index 0000000000..13cecb0828 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Privilege Secure Reviewer User Overview", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/createsession.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/createsession.md deleted file mode 100644 index a576c5cbb2..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/createsession.md +++ /dev/null @@ -1,49 +0,0 @@ -# Create My Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Select an **Activity** to expand the session ribbon. - -![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) - -**Step 2 –** Click **Create Session** to start a new activity session. - -- If an Activity is assigned to a single resource, the Activity card will display the name of the - resource; selecting **Create Session** from the session ribbon will immediately start the - Activity. -- If the Activity is assigned to more than one resource, the Activity card will display the number - of resources; selecting **Create Session** from the session ribbon will open the Configure Session - window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. - -![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) - -**Step 3 –** Enter the following information: - -- If the Activity is a member of more than one Access Policy, the Access Policy field will change to - a drop-down selection. Based the resources assigned to the selected access policy, the list of - resources will change in the table. -- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should - be optional or mandatory for the session in the related Connection Profile) -- Select the resources required for the Activity session. Use the **Search** field to filter the - resource list. -- Click **Start Session** to start the provisioning process. - -![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) - -**NOTE:** If an approval is required, the Waiting for approval message will display until it has -been granted. - -![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) - -**Step 4 –** When provisioned, an activity session will display an Available status with a green -icon. Click **Available** to launch the session. - -- The contextual menu (…) to the top right of the active session card contains options to stop an - active session and to copy/view the login account password, if enabled in the related Connection - Profile. -- All sessions may be managed via the Dashboard interface, and the My Activities interface - interchangeably. - -Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/myactivities.md deleted file mode 100644 index 7e7d6a261e..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/myactivities.md +++ /dev/null @@ -1,22 +0,0 @@ -# My Activities Page - -The Access > My Activities page displays activities mapped to the user as individual cards, -organized alphabetically or by Access Policy. - -![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) - -To access the My Activities page, open the Access interface. If there is only a single activity card -present on this page that activity will open automatically. - -Activities may be sorted in alphabetical order (the default) or organized into groups according to -Access Policy. Duplicate activities will be automatically grouped into a single card on this -interface. In the modal for provisioning the session, the user can still select from the multiple -Access Policies that are duplicating their access to the activity. - -An Activity may appear in more than one Access Policy group if the Activity is a member of more than -one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by -the resource list of the Access Policy. - -To create an Activity Session, click the **plus** button to begin. See the -[Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsession.md) topic for additional -information. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/_category_.json b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/_category_.json new file mode 100644 index 0000000000..165a877747 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dashboard Interface", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active.md deleted file mode 100644 index bb976e5056..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active.md +++ /dev/null @@ -1,50 +0,0 @@ -# Active Dashboard - -The Active sessions dashboard shows all currently active sessions. Create an Activity Session to -grant temporary privileges and gain access to the resources defined by a previously created Access -Policy. - -![Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/reviweractivedashboard.webp) - -The Active Sessions table has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Create Session — Open the Activity Request window. See the - [Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/createsession.md) topic for additional information. -- End Session — Cancel the selected session(s) -- View Logs — Opens the Session Logs window to view the action log for the selected session. See the - [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/window/sessionlogs.md) topic for additional information. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Expand icon — Click the expand () icon to show additional information for the session -- Status — Shows status information for the session: - - - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to - the login account - - Waiting for Approval — The session requires approval to begin. See the - [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/approvals.md) topic for additional information. - - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startsession.md) topic for additional - information. - - Failed — Pre-Session stage of the Activity has encountered an error - - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. - Direct log-in is detected by polling the Resource at regular intervals and may not update - immediately. - - Canceling — The session is either expired or was canceled manually by the user or an Privilege - Secure administrator. - - Locked — The session has been locked by an Privilege Secure administrator - -- Requested — Date and time of when the session was created -- Host — Resource that the user will run the activity on -- Login Account — Displays the account used to log onto the resource -- Activity — Displays the name of the activity. -- Start — Indicates when the activity started. This refers to when the activity’s actions were - executed and not when the user was logged on to the resource. -- End — Indicates when the session is scheduled to end the activity, which is determined by the - start time plus the maximum session duration set by the access policy Connection Profile - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/_category_.json b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/_category_.json new file mode 100644 index 0000000000..6268b523eb --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Dashboard", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "active" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/active.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/active.md new file mode 100644 index 0000000000..9ec4fa7469 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/active.md @@ -0,0 +1,56 @@ +--- +title: "Active Dashboard" +description: "Active Dashboard" +sidebar_position: 10 +--- + +# Active Dashboard + +The Active sessions dashboard shows all currently active sessions. Create an Activity Session to +grant temporary privileges and gain access to the resources defined by a previously created Access +Policy. + +![Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/reviweractivedashboard.webp) + +The Active Sessions table has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Create Session — Open the Activity Request window. See the + [Create My Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/createsession.md) topic for additional information. +- End Session — Cancel the selected session(s) +- View Logs — Opens the Session Logs window to view the action log for the selected session. See the + [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/sessionlogs.md) topic for additional information. +- Refresh — Reload the information displayed + +The table has the following columns: + +- Checkbox — Check to select one or more items +- Expand icon — Click the expand () icon to show additional information for the session +- Status — Shows status information for the session: + + - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to + the login account + - Waiting for Approval — The session requires approval to begin. See the + [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/approvals.md) topic for additional information. + - Available — The activity session is ready. Click the icon to begin the session, or log in + through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/startsession.md) topic for additional + information. + - Failed — Pre-Session stage of the Activity has encountered an error + - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. + Direct log-in is detected by polling the Resource at regular intervals and may not update + immediately. + - Canceling — The session is either expired or was canceled manually by the user or an Privilege + Secure administrator. + - Locked — The session has been locked by an Privilege Secure administrator + +- Requested — Date and time of when the session was created +- Host — Resource that the user will run the activity on +- Login Account — Displays the account used to log onto the resource +- Activity — Displays the name of the activity. +- Start — Indicates when the activity started. This refers to when the activity’s actions were + executed and not when the user was logged on to the resource. +- End — Indicates when the session is scheduled to end the activity, which is determined by the + start time plus the maximum session duration set by the access policy Connection Profile + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/createsession.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/createsession.md new file mode 100644 index 0000000000..71948b0874 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/createsession.md @@ -0,0 +1,62 @@ +--- +title: "Create Activity Session" +description: "Create Activity Session" +sidebar_position: 10 +--- + +# Create Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Navigate to the Dashboard > Active page. + +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: + +- Select Activity – Search for and select an activity from the drop-down list + +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: + +- Select the resource(s) from the table +- (Optional) Click View Selections to view all selected resources + +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: + +- Notes for this session +- Ticket number for this session + +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: + +- Select Now or enter a desired date and time to begin the session + +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. + +**Step 12 –** Click Finish to create the session. + +The new session is created and is shown in the applicable dashboard in the Dashboard interface. If +approval is required, the status Waiting for Approval is shown. The requester cannot log in to the +session until the request is approved and the status changes to Available. + +When the status Available is shown, the remote session is ready. Click the Connection icon to begin +the session, or log in through a client. + +See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/startsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/_category_.json b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/_category_.json new file mode 100644 index 0000000000..9086ef23ea --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Start Activity Session", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "startsession" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/sessionlogs.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/sessionlogs.md new file mode 100644 index 0000000000..33daabd6d2 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/sessionlogs.md @@ -0,0 +1,41 @@ +--- +title: "Session Logs Window" +description: "Session Logs Window" +sidebar_position: 10 +--- + +# Session Logs Window + +The Session Logs window displays the log details for the selected session. Select a session from the +Active dashboard and click the View Logs button to open the Session Logs window. + +![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) + +The window has the following features: + +- Search — Searches the table or list for matches to the search string. When matches are found, the + table or list is filtered to the matching results. +- Filter — Provides options to filter results based on a chosen criterion: + + - Log Level — Filter by the message Status level: Debug, Info, Warn, or Error + - Requested date — Filter by session start and/or end dates + +- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's + default download folder. The file name indicates what table was exported. +- Action Service Version — Indicates the version of the Privilege Secure action service that ran the + activity +- Refresh — Reload the information displayed +- Okay — Click to close the window, which can also be closed with the X in the upper-right corner + +The table has the following columns: + +- Line — Indicates the order of the messages within the log +- DateTime — Date timestamp for when the message was recorded +- Status — Provides two details: + + - Icon — Indicates whether the action associated with the message was successful + - Log Level — Indicates message log level: Debug, Info, Warn, or Error + +- Message — Displays the logged details of the message + +The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/startsession.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/startsession.md new file mode 100644 index 0000000000..ccc36e9aa8 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/startsession.md @@ -0,0 +1,51 @@ +--- +title: "Start Activity Session" +description: "Start Activity Session" +sidebar_position: 20 +--- + +# Start Activity Session + +On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. +To begin the activity session, click the Connection icon in the Status column for the applicable +session to be automatically connected to the resource. + +![Connecto to remote session](/img/product_docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startactivitysession.webp) + +Also note the icons to view and copy the password for the session as plain text, if the option is +enabled in the access policy Connection Profiles. + +- Copy to Clipboard icon — Click to copy the password for the session as plain text. For + resource–based activities for end users, this is only available if enabled in the activity's + Access Policy. The password can always be viewed for credential–based activities. +- View Password icon — Click to view the password for the session as plain text. For resource–based + activities for end users, this is only available if enabled in the activity's Access Policy. The + password can always be viewed for credential–based activities. To view a password, select the Eye + icon. Users will have 20 seconds to view the password or copy it. +- Connection icon — Click the icon to begin the activity session. + +Alternatively, configure any RDP / SSH Manager for remote login, including: + +- PuTTY +- MobaXterm +- MS Remote Desktop Connection Manager +- MS Terminal Services Client (Remote Desktop) + +## Session Extension + +Each session will remain active for a pre-configured amount of time based on the Connection Profile +being used with the Access Policy. Session extension options can be configured in the connection +profile that allow a session to be extended by the user, in increments. + +If Session Extension is enabled, the session extension option appears for users when the remaining +time is 5 minutes or less. + +**NOTE:** For NPS users with the Administrator role, session extension is always enabled. + +![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) + +For RDP, a pop-up message is displayed in the session window. + +![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) + +For SSH the user can extend by typing **Ctrl+X** when prompted. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/approvals.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/approvals.md index 7ed1ab1812..8038d8f21d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/approvals.md +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/approvals.md @@ -1,3 +1,9 @@ +--- +title: "Approvals Dashboard" +description: "Approvals Dashboard" +sidebar_position: 30 +--- + # Approvals Dashboard The Approvals Dashboard displays requested sessions that require approval. Users and group members diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/createsession.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/createsession.md deleted file mode 100644 index 68b2d1a9f8..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/createsession.md +++ /dev/null @@ -1,56 +0,0 @@ -# Create Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Navigate to the Dashboard > Active page. - -**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. - -![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) - -**Step 3 –** On the Request Type page, enter the following information: - -- Select Activity – Search for and select an activity from the drop-down list - -**Step 4 –** Click Next to go to the Resource Selection page. - -![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) - -**Step 5 –** On the Resource Selection page, enter the following information: - -- Select the resource(s) from the table -- (Optional) Click View Selections to view all selected resources - -**Step 6 –** Click **Next** to go to the Notes page. - -![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) - -**Step 7 –** On the Notes page, enter the following information: - -- Notes for this session -- Ticket number for this session - -**Step 8 –** Click Next to go to the Scheduling page. - -![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) - -**Step 9 –** On the Scheduling page, enter the following information: - -- Select Now or enter a desired date and time to begin the session - -**Step 10 –** Click Next to go to the Review page. - -![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) - -**Step 11 –** On the Review page, review the summary of the new session. - -**Step 12 –** Click Finish to create the session. - -The new session is created and is shown in the applicable dashboard in the Dashboard interface. If -approval is required, the status Waiting for Approval is shown. The requester cannot log in to the -session until the request is approved and the status changes to Available. - -When the status Available is shown, the remote session is ready. Click the Connection icon to begin -the session, or log in through a client. - -See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/historical.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/historical.md index 9ee6336991..25bf5b8404 100644 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/historical.md +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/historical.md @@ -1,3 +1,9 @@ +--- +title: "Historical Dashboard" +description: "Historical Dashboard" +sidebar_position: 40 +--- + # Historical Dashboard The Historical sessions dashboard shows all created sessions and their status. @@ -25,7 +31,7 @@ The table has the following columns: - Rocket icon — Launches the same session (same activity on the same resource with the same connection profile) for any historical session that is not a Credential-based session - View logs icon — Opens the Session Logs window to view the action log for the selected - session. See the [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/window/sessionlogs.md) topic for additional + session. See the [Session Logs Window](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/sessionlogs.md) topic for additional information. - Requested — Date and time of when the session was created diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/overview.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/overview.md index 368e10aa5c..f344ad94c9 100644 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/overview.md @@ -1,3 +1,9 @@ +--- +title: "Dashboard Interface" +description: "Dashboard Interface" +sidebar_position: 40 +--- + # Dashboard Interface The Dashboard interface displays an overview of activity sessions, users, resources and related @@ -8,7 +14,7 @@ information. The overview section shows information for the following: - Active Dashboard – Shows all currently active sessions. See the - [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active.md) topic for additional information. + [Active Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/active.md) topic for additional information. - Scheduled Dashboard – Shows all scheduled sessions. See the [Scheduled Dashboard](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduled.md) topic for additional information. - Approvals Dashboard – Shows sessions waiting for approval. See the diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/scheduled.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/scheduled.md index 7306d2cc20..eea8c2518b 100644 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/scheduled.md +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/scheduled.md @@ -1,3 +1,9 @@ +--- +title: "Scheduled Dashboard" +description: "Scheduled Dashboard" +sidebar_position: 20 +--- + # Scheduled Dashboard The Scheduled sessions dashboard shows all scheduled sessions. @@ -9,7 +15,7 @@ The Scheduled Sessions table has the following features: - Search — Searches the table or list for matches to the search string. When matches are found, the table or list is filtered to the matching results. - Create Session — Open the Activity Request window. See the - [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/createsession.md) topic for additional information. + [Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/createsession.md) topic for additional information. - End Session — Cancel the selected session(s) - Refresh — Reload the information displayed @@ -24,7 +30,7 @@ The table has the following columns: - Waiting for Approval — The session requires approval to begin. See the [Approvals Dashboard](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/approvals.md) topic for additional information. - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startsession.md) topic for additional + through a client. See the [Start Activity Session](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/active/startsession/startsession.md) topic for additional information. - Failed — Pre-Session stage of the Activity has encountered an error - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startsession.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startsession.md deleted file mode 100644 index 79a0dd0e6b..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startsession.md +++ /dev/null @@ -1,45 +0,0 @@ -# Start Activity Session - -On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. -To begin the activity session, click the Connection icon in the Status column for the applicable -session to be automatically connected to the resource. - -![Connecto to remote session](/img/product_docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/startactivitysession.webp) - -Also note the icons to view and copy the password for the session as plain text, if the option is -enabled in the access policy Connection Profiles. - -- Copy to Clipboard icon — Click to copy the password for the session as plain text. For - resource–based activities for end users, this is only available if enabled in the activity's - Access Policy. The password can always be viewed for credential–based activities. -- View Password icon — Click to view the password for the session as plain text. For resource–based - activities for end users, this is only available if enabled in the activity's Access Policy. The - password can always be viewed for credential–based activities. To view a password, select the Eye - icon. Users will have 20 seconds to view the password or copy it. -- Connection icon — Click the icon to begin the activity session. - -Alternatively, configure any RDP / SSH Manager for remote login, including: - -- PuTTY -- MobaXterm -- MS Remote Desktop Connection Manager -- MS Terminal Services Client (Remote Desktop) - -## Session Extension - -Each session will remain active for a pre-configured amount of time based on the Connection Profile -being used with the Access Policy. Session extension options can be configured in the connection -profile that allow a session to be extended by the user, in increments. - -If Session Extension is enabled, the session extension option appears for users when the remaining -time is 5 minutes or less. - -**NOTE:** For NPS users with the Administrator role, session extension is always enabled. - -![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) - -For RDP, a pop-up message is displayed in the session window. - -![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) - -For SSH the user can extend by typing **Ctrl+X** when prompted. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/window/sessionlogs.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/window/sessionlogs.md deleted file mode 100644 index 81e4c4102b..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/window/sessionlogs.md +++ /dev/null @@ -1,35 +0,0 @@ -# Session Logs Window - -The Session Logs window displays the log details for the selected session. Select a session from the -Active dashboard and click the View Logs button to open the Session Logs window. - -![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) - -The window has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: - - - Log Level — Filter by the message Status level: Debug, Info, Warn, or Error - - Requested date — Filter by session start and/or end dates - -- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's - default download folder. The file name indicates what table was exported. -- Action Service Version — Indicates the version of the Privilege Secure action service that ran the - activity -- Refresh — Reload the information displayed -- Okay — Click to close the window, which can also be closed with the X in the upper-right corner - -The table has the following columns: - -- Line — Indicates the order of the messages within the log -- DateTime — Date timestamp for when the message was recorded -- Status — Provides two details: - - - Icon — Indicates whether the action associated with the message was successful - - Log Level — Indicates message log level: Debug, Info, Warn, or Error - -- Message — Displays the logged details of the message - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/_category_.json b/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/_category_.json new file mode 100644 index 0000000000..9023698991 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "My Activities Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "myactivities" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/createsession.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/createsession.md new file mode 100644 index 0000000000..5d380d9dc5 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/createsession.md @@ -0,0 +1,55 @@ +--- +title: "Create My Activity Session" +description: "Create My Activity Session" +sidebar_position: 10 +--- + +# Create My Activity Session + +Follow the steps to create an activity session. + +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. + +- If an Activity is assigned to a single resource, the Activity card will display the name of the + resource; selecting **Create Session** from the session ribbon will immediately start the + Activity. +- If the Activity is assigned to more than one resource, the Activity card will display the number + of resources; selecting **Create Session** from the session ribbon will open the Configure Session + window. +- **CAUTION:** If your license is expired and you can still log in, you will not be able to create + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: + +- If the Activity is a member of more than one Access Policy, the Access Policy field will change to + a drop-down selection. Based the resources assigned to the selected access policy, the list of + resources will change in the table. +- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should + be optional or mandatory for the session in the related Connection Profile) +- Select the resources required for the Activity session. Use the **Search** field to filter the + resource list. +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +icon. Click **Available** to launch the session. + +- The contextual menu (…) to the top right of the active session card contains options to stop an + active session and to copy/view the login account password, if enabled in the related Connection + Profile. +- All sessions may be managed via the Dashboard interface, and the My Activities interface + interchangeably. + +Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/myactivities.md new file mode 100644 index 0000000000..ab0a5f87fc --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/myactivities.md @@ -0,0 +1,28 @@ +--- +title: "My Activities Page" +description: "My Activities Page" +sidebar_position: 30 +--- + +# My Activities Page + +The Access > My Activities page displays activities mapped to the user as individual cards, +organized alphabetically or by Access Policy. + +![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +To access the My Activities page, open the Access interface. If there is only a single activity card +present on this page that activity will open automatically. + +Activities may be sorted in alphabetical order (the default) or organized into groups according to +Access Policy. Duplicate activities will be automatically grouped into a single card on this +interface. In the modal for provisioning the session, the user can still select from the multiple +Access Policies that are duplicating their access to the activity. + +An Activity may appear in more than one Access Policy group if the Activity is a member of more than +one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by +the resource list of the Access Policy. + +To create an Activity Session, click the **plus** button to begin. See the +[Create Activity Session](/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/active/createsession.md) topic for additional +information. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation.md deleted file mode 100644 index a798696aa7..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation.md +++ /dev/null @@ -1,95 +0,0 @@ -# Navigation - -At the top of the Privilege Secure Console lists available in interfaces and provides access to the -Help link and the User Menu: - -![Access Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/revieweruser/reviweraccessdashboard.webp) - -The buttons have these functions: - -- Interfaces: - - - Access — Grants access to the My Activities page. Activities are be displayed as individual - cards, organized alphabetically or by Access Policy. See the - [My Activities Page](/docs/privilegesecure/4.2/accessmanagement/revieweruser/access/myactivities.md) topic for additional. information. - - Dashboard — View summaries of recent activity logs and user sessions. See the - [Dashboard Interface](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/overview.md) topic for additional information. - - Audit & Reporting Interface — Audit user access entitlement (Access Certification). This - interface is limited to Reviewers. See the Audit and Reporting Page topic for additional - information. - -- Help — Opens the - [Netwrix Privilege Secure Documentation](https://helpcenter.netwrix.com/category/sbpam) in the in - another browser tab -- User Name — Click to open the drop-down menu: - - - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview - of Dark Mode. - - Product Tour — Re-starts walk-through of Privilege Secure features. See the - [Product Tour](/docs/privilegesecure/4.2/accessmanagement/revieweruser/producttour.md) topic for additional information. - - Logout — Signs the user out of the current session and opens the Login screen - - About — Shows version and license information for the console - -For reviewers there is a Navigation pane where the pages for the selected interface display. Use the -Menu button to the left of the logo to collapse / expand the Navigation pane. - -## Console Icons - -The Privilege Secure Console makes it easy to gather detailed information at a glance. The following -tables show the main icons: - -Interface Icons - -| Icon | Interface | -| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | -| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | -| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | -| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | -| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | -| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | -| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | -| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | -| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | -| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | - -Dashboard Icons - -| Icon | Session Data | -| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | -| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | -| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | -| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | -| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | -| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | -| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | - -Active Directory Icons - -| Icon | Object | -| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | -| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | -| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | -| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | -| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | -| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | -| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | -| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | -| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | -| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | -| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | -| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | - -Information Icons - -| Icon | Information | -| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | -| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | -| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | -| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | -| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | - -Hover over an icon anywhere within the console for its description. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/_category_.json b/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/_category_.json new file mode 100644 index 0000000000..d5e9c7d277 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigation" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/navigation.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/navigation.md new file mode 100644 index 0000000000..d0c05e5c55 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/navigation.md @@ -0,0 +1,101 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 20 +--- + +# Navigation + +At the top of the Privilege Secure Console lists available in interfaces and provides access to the +Help link and the User Menu: + +![Access Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/revieweruser/reviweraccessdashboard.webp) + +The buttons have these functions: + +- Interfaces: + + - Access — Grants access to the My Activities page. Activities are be displayed as individual + cards, organized alphabetically or by Access Policy. See the + [My Activities Page](/docs/privilegesecure/4.2/accessmanagement/revieweruser/myactivities/myactivities.md) topic for additional. information. + - Dashboard — View summaries of recent activity logs and user sessions. See the + [Dashboard Interface](/docs/privilegesecure/4.2/accessmanagement/revieweruser/dashboard/overview.md) topic for additional information. + - Audit & Reporting Interface — Audit user access entitlement (Access Certification). This + interface is limited to Reviewers. See the Audit and Reporting Page topic for additional + information. + +- Help — Opens the + [Netwrix Privilege Secure Documentation](https://helpcenter.netwrix.com/category/sbpam) in the in + another browser tab +- User Name — Click to open the drop-down menu: + + - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview + of Dark Mode. + - Product Tour — Re-starts walk-through of Privilege Secure features. See the + [Product Tour](/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/producttour.md) topic for additional information. + - Logout — Signs the user out of the current session and opens the Login screen + - About — Shows version and license information for the console + +For reviewers there is a Navigation pane where the pages for the selected interface display. Use the +Menu button to the left of the logo to collapse / expand the Navigation pane. + +## Console Icons + +The Privilege Secure Console makes it easy to gather detailed information at a glance. The following +tables show the main icons: + +Interface Icons + +| Icon | Interface | +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Dashboard Icons + +| Icon | Session Data | +| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Active Directory Icons + +| Icon | Object | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Information Icons + +| Icon | Information | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Hover over an icon anywhere within the console for its description. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/producttour.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/producttour.md new file mode 100644 index 0000000000..1bfaeb4a69 --- /dev/null +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/navigation/producttour.md @@ -0,0 +1,22 @@ +--- +title: "Product Tour" +description: "Product Tour" +sidebar_position: 10 +--- + +# Product Tour + +New users now experience a product tour on first login. Standard users and users with the Privilege +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +default, the tour will not display on next login unless the **Do not display again** checkbox is +unchecked. + +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) + +See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/enduser/navigation/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/overview.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/overview.md index 11ae3e707b..337fa128a6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/overview.md @@ -1,3 +1,9 @@ +--- +title: "Privilege Secure Reviewer User Overview" +description: "Privilege Secure Reviewer User Overview" +sidebar_position: 50 +--- + # Privilege Secure Reviewer User Overview This topic and its subtopics are written for users who have been assigned as a Privilege Secure diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/producttour.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/producttour.md deleted file mode 100644 index b918a54fb5..0000000000 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/producttour.md +++ /dev/null @@ -1,16 +0,0 @@ -# Product Tour - -New users now experience a product tour on first login. Standard users and users with the Privilege -Secure administrator role are walked through features that are relevant to their role. - -![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) - -At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By -default, the tour will not display on next login unless the **Do not display again** checkbox is -unchecked. - -The product tour may be re-started at any time via the user menu. - -![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) - -See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/accessmanagement/revieweruser/sessiontimeout.md b/docs/privilegesecure/4.2/accessmanagement/revieweruser/sessiontimeout.md index 378f122429..3bd64beb32 100644 --- a/docs/privilegesecure/4.2/accessmanagement/revieweruser/sessiontimeout.md +++ b/docs/privilegesecure/4.2/accessmanagement/revieweruser/sessiontimeout.md @@ -1,3 +1,9 @@ +--- +title: "Session Timeout" +description: "Session Timeout" +sidebar_position: 10 +--- + # Session Timeout For security reasons, the Privilege Secure Console automatically logs out the user after 10 minutes diff --git a/docs/privilegesecure/4.2/accessmanagement/whatsnew.md b/docs/privilegesecure/4.2/accessmanagement/whatsnew.md index 73f1768c0d..920a781caf 100644 --- a/docs/privilegesecure/4.2/accessmanagement/whatsnew.md +++ b/docs/privilegesecure/4.2/accessmanagement/whatsnew.md @@ -1,3 +1,9 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 10 +--- + # What's New ## New Netwrix Community! @@ -54,7 +60,7 @@ Netwrix Secure Remote Access ensures secure, efficient, and policy-driven remote New: Obscured Passwords in Replay Viewer Protect sensitive information during session replays, ensuring compliance with stricter security -regulations. See the [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/window/replayviewer.md) topic for +regulations. See the [Replay Viewer Window](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/historical/replayviewer.md) topic for additional information. New: Proxy Auditing for SCP and SFTP @@ -66,7 +72,7 @@ New: Granular AD Authentication Control Enable or disable "Other Login" (AD authentication) for more granular access control, minimizing potential security risks. See the -[Set Authentication as Default Login](admin/configuration/page/authentication.md#set-authentication-as-default-login) +[Set Authentication as Default Login](/docs/privilegesecure/4.2/accessmanagement/admin/interface/authentication/authentication.md#set-authentication-as-default-login) topic for additional information. Enhancement: Expanded SIEM Integration @@ -79,21 +85,21 @@ threat detection and investigation. New: Customizable Login Formats Create login account templates with custom formats, streamlining user provisioning and access -management. See the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) and -[Login Account Templates](/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityloginaccounttemplates.md) topics for additional +management. See the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) and +[Login Account Templates](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activityloginaccounttemplates.md) topics for additional information. New: "Delete Permanently" Option Provides a clear confirmation step when removing resources, preventing accidental data loss. See the -[Remove Resource Window](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/removeresource.md) topic for additional +[Remove Resource Window](/docs/privilegesecure/4.2/accessmanagement/admin/interface/resources/removeresource.md) topic for additional information. New: Advanced Login Account Templates Expanded string manipulation functions and a name field increase to 20 characters offer greater flexibility in user provisioning. See the -[Login Account Templates](/docs/privilegesecure/4.2/accessmanagement/admin/policy/activityloginaccounttemplates.md) topic for additional +[Login Account Templates](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activity/activityloginaccounttemplates.md) topic for additional information. New: Optional Linux Software Scans @@ -103,24 +109,24 @@ Disable "Installed Software" functionality by default to optimize scans for spec New: Connect Account for Interactive App Launch Simplifies application launching by pre-configuring connection accounts. See the -[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. +[Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/activities/activities.md) topic for additional information. New: View Password on Set Password Allows users to confirm password entries during credential creation, reducing errors. See the -[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/credentials/manageinternalserviceaccount.md) +[Manage Internal Service Accounts](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/manageinternalserviceaccount.md) topic for additional information. New: Customizable Connection Profiles Add custom input fields to connection profiles for improved data collection and organization. See -the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md) topic for additional +the [Connection Profiles Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/accesspolicy/connectionprofiles/connectionprofiles.md) topic for additional information. Enhancement: Improved Scheduler Visibility The "Statistics" tab now precedes the "Action Queues" tab in Service Nodes for easier workflow -management. See the [Scheduler Service](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md) topic for +management. See the [Scheduler Service](/docs/privilegesecure/4.2/accessmanagement/admin/interface/servicenodes/servicenodes/scheduler.md) topic for additional information. ### Additional Enhancements @@ -133,5 +139,5 @@ New: Credential Policy Overrides Enable credential groups to override platform-level credential schedules for more granular control over privileged credential life cycles. See the -[Credential Policy Overrides Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentialpolicyoverrides.md) topic for +[Credential Policy Overrides Page](/docs/privilegesecure/4.2/accessmanagement/admin/interface/credentials/credentialpolicyover/credentialpolicyoverrides.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/discovery/_category_.json b/docs/privilegesecure/4.2/discovery/_category_.json new file mode 100644 index 0000000000..24119cc030 --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Privilege Secure for Discovery v2.21 Documentation", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/gpos.md b/docs/privilegesecure/4.2/discovery/admin/configuration/gpos.md deleted file mode 100644 index 949ac540ed..0000000000 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/gpos.md +++ /dev/null @@ -1,31 +0,0 @@ -# GPOs - -GPOs - -# GPOs - -## Problem - -With the rollout of Privilege Secure, attention often has to be given to GPOs. GPOs are used to push -access to the local administrator account for many users and groups. However, Privilege Secure -represents a paradigm shift in thinking on how privileged access is managed. Until this shift in -thinking is rectified, Privilege Secure and Active Directory will "fight" over whether an account is -in the Local Administrators group, Privilege Secure removing the account, and GPO adding it back -again, in an infinite loop. Or, vice versa, Privilege Secure is adding Persistent accounts (service -accounts) and GPO, using Restricted Groups, is removing them again. - -## Solution - -- Reduce the scope of these GPOs. Do not include JITA accounts (interactive accounts) in the list of - accounts to add via GPO. If needed for initial addition of these accounts (for example, on a new - build) use the GPO option for "Apply once and do not reapply". -- Do not rely on "Restricted Groups" to tightly control the Local Administrators group. That is what - Privilege Secure is for. Instead use "Preferences" to _add_ Persistent accounts to the Local - Administrators group (but not remove any). See an example of this type of GPO below under "More - Information". - -## More Information - -- Example of how to use GPO to add the Privilege Secure service account (the "Protect Mode" - account). - [Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO](/docs/privilegesecure/4.2/discovery/productmodeaccount.md) diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/linux.md b/docs/privilegesecure/4.2/discovery/admin/configuration/linux.md deleted file mode 100644 index a446eaa135..0000000000 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/linux.md +++ /dev/null @@ -1,122 +0,0 @@ -# Privilege Secure and Linux - -Privilege Secure and Linux - -# Privilege Secure and Linux - -**CAUTION:** Always back up the /etc/sudoers file prior to scanning or enabling Scan Mode on any -system in NPS-D. Scanning, regardless of Protect Mode setting, a Liunx system will result in a -flattening of the /etc/sudoers file. This will pull in all permissions from other sources (e.g: -files locate in /etc/sudoers.d) into the /etc/sudoers file, and disable sudo permissions being -acquired from those sources. - -This topic covers the processes surrounding Privilege Secure with Linux systems. Specifically -covering: - -- Privilege Secure’s **Linux Registration** process, via API calls, through Postman or QuickStart. -- Privilege Secure’s general **JITA Request for Linux** using the bridged AD accounts -- **Protect Modes** JITA+DENY with the applied modifications to sudoers.d directory -- **“Under the Hood”**, what Privilege Secure is doing with the 3 reference files used for Privilege - Secure’s inventory and visibility of Linux systems - -### Linux Registration Setup - -Similar to registering Windows systems, there is some prep work that is needed to allow Privilege -Secure processes to complete on the newly registered Linux machines. Here are the outlined items to -be completed prior registering Linux systems. - -- A service account will be required to register/enroll the system within Privilege Secure. This - account will need to have sudo permissions on the Linux endpoint(s). -- Adding a sudo user: - - - For users experienced with Linux, add line to /etc/sudoers file with the permissions for user, - ‘example_user’ show here: `example_user ALL=(ALL) NOPASSWD: ALL` - - [Linux: Add Sudo User to Ubuntu System](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxaddsudouser.md) - -### Linux Registration - (pre 2.18.0) - -The below Zendesk support article, which covers the fields sent during the registration process -including the admin account(s) that will be added to the Linux endpoint and used for JITA access. -Linux registration can be completed via either of the below methods. The Postman option will allow -for a single system registration and the QuickStart option will allow for bulk systems registration. - -- Postman program (used for individual system registration) - - [Postman Linux Registration](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/postmanlinuxregistration.md) -- QuickStart script (used for bulk system registration) - - [QuickStart Script](/docs/privilegesecure/4.2/discovery/admin/configuration/quickstartscript.md) - -## JITA Request for Linux Systems - -- Domain Account: This account will be “linked” to the local Linux account on the end point, and - displayed in the Privilege Secure inventory. -- Local Linux Account: Local account that was added to the Linux system to allow JITA SSH access. - -Linux JITA Session Behavior - -- User requests JITA for a Linux system. -- If it is the first time a user is requesting access to Linux system, Privilege Secure creates a - local account on the Linux machine, using AD credentials. - - - Example entry into /etc/passwd for user ‘s1_user’: - `s1_user:x:1005:1005:PrivilegeSecure AD Bridged Account:/home/s1_user:/bin/sh` - - User can then SSH to the linux box with just username (case sensitive), no domain required. - -- Privilege Secure also create an entry for that account in the `/etc/sudoers/` providing sudo - capabilities. -- Once the JITA session expires: - - - The entry created for the user in the `/etc/sudoers/` directory is removed, removing sudo - capability. - - The password set on the account is scrambled. - - The AD account created remains in /etc/passwd. - -## Protect Modes - -Privilege Secure users should be using a provisioned domain account to get JITA access to the linux -system. Protect Modes apply to accounts that have been added locally to the /etc/sudoers file or -/etc/sudoers.d directory. - -Always backup the original sudoers file before placing a system into a Protect mode.   Example of -command to use on the system to be protected: - -sudo cp /etc/sudoers /etc/sudoers.orig - -Protect Mode: JITA - -- Permanent access could be granted by setting the account to persistent. This could be done for a - service account that needs to have access to the system at all times. -- Privilege Secure recognizes newly added local accounts to the /etc/sudoers file or /etc/sudoers.d - directory -- The accounts recognized are added to Privilege Secure’s inventory, with the policy persistent: No - and on Host:No. -- The account is removed from the /etc/sudoers file or /etc/sudoers.d directory - -Protect Mode: DENY - -- The only different from Protect Mode: JITA is the discovered local account is not added - toPrivilege Secure’s inventory. So these accounts can not be set to persistent. - -## Under the Hood - -3 files/locations that Privilege Secure focuses on with the associated permission - -- /etc/sudoers.d directory- Read and Write -- /etc/passwd file- Read and Write -- /etc/sudoers file- Read and Write - -What we are not doing yet is looking at what users are in the “sudo” group. The sudo group is -referenced to the “wheel” group in some flavors of Linux. - -``` -# Allow members of group sudo to execute any command -%sudo    ALL=(ALL:ALL) ALL - -``` - -Privilege Secure’s visibility of whether an account exist for a Linux system is done via the -/etc/passwd file, this file doesn’t show/define permissions. - -Privilege Secure reads the sudoers file, within the /etc directory, to check for user and group -privilege specifications. - -During JITA sessions and expirations Privilege Secure will modify the /etc/sudoers file. diff --git a/docs/privilegesecure/4.2/discovery/admin/maintenance/operational.md b/docs/privilegesecure/4.2/discovery/admin/maintenance/operational.md deleted file mode 100644 index 453f98ea6c..0000000000 --- a/docs/privilegesecure/4.2/discovery/admin/maintenance/operational.md +++ /dev/null @@ -1,129 +0,0 @@ -# Operational Maintenance - -Operational Maintenance - -# Operational Maintenance - -Once Privilege Secure is rolled out there are various maintenance and operational items that should -be done at regular intervals: - -## Privilege Secure Processes (suggested daily) - -- The Privilege Secure processes can be listed using the following command: -- s1 status; s1 nodes -- This lists the status of all containers in the docker environment for Privilege Secure. They - should all be scaled to 1/1 in a production environment. All nodes should be listed - -![image.webp](/img/product_docs/privilegesecure/4.2/discovery/admin/maintenance/360053539334_image.webp) - -- The manager status should be listed as "Leader" for a single node or "Leader" and "Reachable" as - above. The Leader is the primary manager node and the Reachable nodes are managers. In the event - of a failure of a node an election to determine a new primary manager takes place. A single node - can fail without any indication to users. - -## Disk Maintenance (suggested weekly) - -- Disk space should be checked on a periodic basis. The command to check this is: df -h -- This command is disk free with the switch h for human readable. Disk usage over 80% should be - checked to see if there are any specific reasons for excessive disk usage. If this the space can - not be reduced successfully, additional disc space should be added. The Customer Success team can - assist with the review and reduction of used disc space and also increase of disk space (physical - or virtual, dependent on environment). - -## Backups - -Review (suggested weekly) - -- Check that backups are being executed on the production node and successfully copied to DR. -- Confirm that backups with appropriate recent date exist on DR server. Backups are usually executed - from a cron run script daily. -- If the backup is set to restore the database backup daily, check the logs for any errors. -- Production Primary Node: -- ls -lath /secureone/data/db/backups -- DR Primary Node: -- ls -lath /secureone/data/db/restore - -Test (suggested minimum yearly) - -- It is recommended to test DR at least yearly. This can be part of a wider DR test or specific to - Privilege Secure. -- A test window should be created for this as changes to Privilege Secure DR would not be propagated - back to the main production instance. -- After a test ensure that services are down on the DR node. This will avoid the DR environment - overriding changes from Production. The command below can be utilized for this: - - - `s1 stop expire worker scanner` - -## Run Quickstart to Review Protect Mode and Persistence (suggested weekly) - -- Quickstart should be run frequently to ensure that all machines remain in protect mode. The output - from Quickstart can easily be filtered for any machines that do not show in protect mode. This - ensures that the build process and addition or protect mode is being executed as expected. -- Quickstart can also be used for a review of persistent access. This should be minimized to service - accounts. A review to look for user accounts set to persistent should be carried out. If these are - truly required to be persistent, then they should be switched to a service account. - -## Privilege Secure Log Review - SIEM (suggested weekly) - -- Typically a SIEM solution is best placed to report any issues that can be captured in Privilege - Secure logs. -- An example set of queries for Splunk is included here: - [Splunk and SIEM Queries](/docs/privilegesecure/4.2/discovery/integrations/siem/splunkqueries.md) -- The "change system policy" output should be reviewed for any removal of protect mode. -- The "slow JITA access" and "time it takes for JITA access" can give an indication if users are - being slowed down in their ability to elevate privilege when utilizing Privilege Secure. - -## Mongo Health (suggested weekly) - -Time Sync - -- Run the following command to check that the servers are remaining in sync with time: -- sudo docker exec -it $(sudo docker ps | grep mongo | cut -d' ' -f1) mongo SecureONE --eval - 'rs.printSlaveReplicationInfo()' -- The result should show that there is little or no difference in time: -- secureone@ip-10-100-11-27:/secureone/conf/fluentd$ sudo docker exec -it $(sudo docker ps | grep - mongo | cut -d' ' -f1) mongo SecureONE --eval 'rs.printSlaveReplicationInfo()' - MongoDB shell version v4.0.20 - connecting to: mongodb://127.0.0.1:27017/SecureONE?gssapiServiceName=mongodb - Implicit session: session \{ "id" : UUID("dcab2535-4051-48df-80fd-eec1136f692b") \} - MongoDB server version: 4.0.20 - source: mongo2:27017 - syncedTo: Tue Sep 22 2020 16:03:34 GMT+0000 (UTC) - 0 secs (0 hrs) behind the primary - source: mongo3:27017 - syncedTo: Tue Sep 22 2020 16:03:34 GMT+0000 (UTC) - 0 secs (0 hrs) behind the primary -- In the event of a variation in time, contact the Remediant Customer Success team. - -Mongo status - -- Run the following to ensure the mongo DB nodes are maintaining the correct state: - -``` -sudo docker exec -it $(sudo docker ps | grep mongo | cut -d' ' -f1) mongo SecureONE --eval 'rs.status()' | grep "name\|health\|state\|stateStr" -``` - -- The output of this should be - -``` -"name" : "mongo1:27017", -"health" : 1, -"state" : 1, -"stateStr" : "PRIMARY", -"name" : "mongo2:27017", -"health" : 1, -"state" : 2, -"stateStr" : "SECONDARY", -"name" : "mongo3:27017", -"health" : 1, -"state" : 2, -"stateStr" : "SECONDARY", -``` - -**NOTE:** Health should report as 1 for everything and state should be 1 or 2. - -## Version and OS updates (suggested quarterly minimum) - -- Ensure quarterly meeting to review updates to Privilege Secure version and OS patches/updates. -- Patches can be applied monthly. The Customer Success team can be contacted prior to updates to - ensure no known issues. diff --git a/docs/privilegesecure/4.2/discovery/administration/_category_.json b/docs/privilegesecure/4.2/discovery/administration/_category_.json new file mode 100644 index 0000000000..fd9af12ef3 --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Administration", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/administration/configuration/_category_.json b/docs/privilegesecure/4.2/discovery/administration/configuration/_category_.json new file mode 100644 index 0000000000..969a7bb418 --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Configuration", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/accountinventorycolors.md b/docs/privilegesecure/4.2/discovery/administration/configuration/accountinventorycolors.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/accountinventorycolors.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/accountinventorycolors.md index 10e9167c7a..5de690ed41 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/accountinventorycolors.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/accountinventorycolors.md @@ -1,3 +1,9 @@ +--- +title: "Account Inventory Colors" +description: "Account Inventory Colors" +sidebar_position: 230 +--- + # Account Inventory Colors Account Inventory Colors diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/addadomain.md b/docs/privilegesecure/4.2/discovery/administration/configuration/addadomain.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/addadomain.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/addadomain.md index bc3904d6cf..7fed4080c8 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/addadomain.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/addadomain.md @@ -1,3 +1,9 @@ +--- +title: "Add a Domain" +description: "Add a Domain" +sidebar_position: 50 +--- + # Add a Domain Add a Domain diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/addcertificateauthority.md b/docs/privilegesecure/4.2/discovery/administration/configuration/addcertificateauthority.md similarity index 90% rename from docs/privilegesecure/4.2/discovery/admin/configuration/addcertificateauthority.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/addcertificateauthority.md index 7441a69816..5f3efc3e73 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/addcertificateauthority.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/addcertificateauthority.md @@ -1,3 +1,9 @@ +--- +title: "Add a Certificate Authority to the Ubuntu Trusted Authorities Repository" +description: "Add a Certificate Authority to the Ubuntu Trusted Authorities Repository" +sidebar_position: 100 +--- + # Add a Certificate Authority to the Ubuntu Trusted Authorities Repository Add a Certificate Authority to the Ubuntu Trusted Authorities Repository diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/adfailover.md b/docs/privilegesecure/4.2/discovery/administration/configuration/adfailover.md similarity index 99% rename from docs/privilegesecure/4.2/discovery/admin/configuration/adfailover.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/adfailover.md index 2392142968..cd3d71c071 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/adfailover.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/adfailover.md @@ -1,3 +1,9 @@ +--- +title: "AD Failover" +description: "AD Failover" +sidebar_position: 120 +--- + # AD Failover AD Failover diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/advancedfields.md b/docs/privilegesecure/4.2/discovery/administration/configuration/advancedfields.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/advancedfields.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/advancedfields.md index 5ca931d55c..4ee627cc22 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/advancedfields.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/advancedfields.md @@ -1,3 +1,9 @@ +--- +title: "QuickStart Advanced Fields" +description: "QuickStart Advanced Fields" +sidebar_position: 180 +--- + # QuickStart Advanced Fields QuickStart Advanced Fields @@ -191,11 +197,11 @@ System: VMTEMP1 [+] System: VMTEMP2 Linux registration prerequisites: -- [Linux Registrations Prerequisites](/docs/privilegesecure/4.2/discovery/linuxregistrationsprerequisites.md) +- [Linux Registrations Prerequisites](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md) Guide on registering linux system with Postman (using API): -- [Postman Linux Registration](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/postmanlinuxregistration.md) +- [Postman Linux Registration](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postmanlinuxregistration.md) Troubleshooting Linux Registration: @@ -203,7 +209,7 @@ Troubleshooting Linux Registration: You can also specify a an excel file containing a list of linux systems and credentials to register with Privilege Secure. -Example [linux_register.xlsx](/docs/privilegesecure/4.2/discovery/attachments/360042878654_linux_register.xlsx): +Example [linux_register.xlsx](/static/files/privilegesecure/discovery/attachments/360042878654_linux_register.xlsx): | System | Username | Password | Admins[0] | Scan | Persistent | Secure | Nondomain | | --- | --- | --- | --- | --- | --- | --- | --- | diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/applyserviceaccount.md b/docs/privilegesecure/4.2/discovery/administration/configuration/applyserviceaccount.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/applyserviceaccount.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/applyserviceaccount.md index e678ae0c03..ed79ce390c 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/applyserviceaccount.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/applyserviceaccount.md @@ -1,3 +1,9 @@ +--- +title: "Apply a Service Account from an existing AD group Directly to a Machine" +description: "Apply a Service Account from an existing AD group Directly to a Machine" +sidebar_position: 300 +--- + # Apply a Service Account from an existing AD group Directly to a Machine Apply a Service Account from an existing AD group Directly to a Machine diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/azuresso.md b/docs/privilegesecure/4.2/discovery/administration/configuration/azuresso.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/configuration/azuresso.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/azuresso.md index 89c247a52b..46899cc11d 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/azuresso.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/azuresso.md @@ -1,3 +1,9 @@ +--- +title: "Azure SSO" +description: "Azure SSO" +sidebar_position: 250 +--- + # Azure SSO Azure SSO diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/certificatesslfiles.md b/docs/privilegesecure/4.2/discovery/administration/configuration/certificatesslfiles.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/configuration/certificatesslfiles.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/certificatesslfiles.md index f3c832afa2..b42f0b9125 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/certificatesslfiles.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/certificatesslfiles.md @@ -1,3 +1,9 @@ +--- +title: "Certificate (SSL) Files" +description: "Certificate (SSL) Files" +sidebar_position: 70 +--- + # Certificate (SSL) Files Certificate (SSL) Files diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/changepasswords.md b/docs/privilegesecure/4.2/discovery/administration/configuration/changepasswords.md similarity index 90% rename from docs/privilegesecure/4.2/discovery/admin/configuration/changepasswords.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/changepasswords.md index 971faca6a6..c64a480a45 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/changepasswords.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/changepasswords.md @@ -1,3 +1,9 @@ +--- +title: "Change Privilege Secure Passwords (SSH and UI)" +description: "Change Privilege Secure Passwords (SSH and UI)" +sidebar_position: 150 +--- + # Change Privilege Secure Passwords (SSH and UI) Change Privilege Secure Passwords (SSH and UI) diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/configureadfs.md b/docs/privilegesecure/4.2/discovery/administration/configuration/configureadfs.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/configuration/configureadfs.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/configureadfs.md index 9e14c97e87..71004572cf 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/configureadfs.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/configureadfs.md @@ -1,3 +1,9 @@ +--- +title: "Configure ADFS (Active Directory Federation Services) SSO" +description: "Configure ADFS (Active Directory Federation Services) SSO" +sidebar_position: 260 +--- + # Configure ADFS (Active Directory Federation Services) SSO Configure ADFS (Active Directory Federation Services) SSO diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/duoaccessgateway.md b/docs/privilegesecure/4.2/discovery/administration/configuration/duoaccessgateway.md similarity index 92% rename from docs/privilegesecure/4.2/discovery/admin/configuration/duoaccessgateway.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/duoaccessgateway.md index 375342836f..f3a531ec26 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/duoaccessgateway.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/duoaccessgateway.md @@ -1,3 +1,9 @@ +--- +title: "SSO: Duo Access Gateway (DAG)" +description: "SSO: Duo Access Gateway (DAG)" +sidebar_position: 170 +--- + # SSO: Duo Access Gateway (DAG) SSO: Duo Access Gateway (DAG) @@ -8,7 +14,7 @@ SSO: Duo Access Gateway (DAG) This topic covers integrating Privilege Secure with Duo using a Duo on-premise Duo Access Gateway (DAG) SSO. Please find an article detailing the Privilege Secure terms here: -[SSO Configuration](/docs/privilegesecure/4.2/discovery/admin/configuration/ssoconfiguration.md) +[SSO Configuration](/docs/privilegesecure/4.2/discovery/administration/configuration/ssoconfiguration.md) ## Prerequisites @@ -106,7 +112,7 @@ or disable SSO when appropriate: If you are using ADFS as an authentication source and receive a "SAML Assertion Not Yet Valid" while trying to log in, please see:  -[Configure ADFS (Active Directory Federation Services) SSO](/docs/privilegesecure/4.2/discovery/admin/configuration/configureadfs.md) +[Configure ADFS (Active Directory Federation Services) SSO](/docs/privilegesecure/4.2/discovery/administration/configuration/configureadfs.md) ## Additional Information diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/duohostedsso.md b/docs/privilegesecure/4.2/discovery/administration/configuration/duohostedsso.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/configuration/duohostedsso.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/duohostedsso.md index a0a8501bed..376ac2a215 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/duohostedsso.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/duohostedsso.md @@ -1,3 +1,9 @@ +--- +title: "Duo Hosted SSO" +description: "Duo Hosted SSO" +sidebar_position: 240 +--- + # Duo Hosted SSO Duo Hosted SSO @@ -8,7 +14,7 @@ Duo Hosted SSO This topic covers integrating Privilege Secure with Duo using a Duo hosted SSO. Please find an article detailing the Privilege Secure SSO terms here: -[SSO Configuration](/docs/privilegesecure/4.2/discovery/admin/configuration/ssoconfiguration.md) +[SSO Configuration](/docs/privilegesecure/4.2/discovery/administration/configuration/ssoconfiguration.md) ## Preqrequisites @@ -85,7 +91,7 @@ URL provided by Duo.  This is found in the application's "Metadata" section. If you are using ADFS as an authentication source and receive a "SAML Assertion Not Yet Valid" while trying to log in, please see:  -[Configure ADFS (Active Directory Federation Services) SSO](/docs/privilegesecure/4.2/discovery/admin/configuration/configureadfs.md) +[Configure ADFS (Active Directory Federation Services) SSO](/docs/privilegesecure/4.2/discovery/administration/configuration/configureadfs.md) ## Additional Information diff --git a/docs/privilegesecure/4.2/discovery/administration/configuration/gpos.md b/docs/privilegesecure/4.2/discovery/administration/configuration/gpos.md new file mode 100644 index 0000000000..fda0ec176a --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/gpos.md @@ -0,0 +1,37 @@ +--- +title: "GPOs" +description: "GPOs" +sidebar_position: 200 +--- + +# GPOs + +GPOs + +# GPOs + +## Problem + +With the rollout of Privilege Secure, attention often has to be given to GPOs. GPOs are used to push +access to the local administrator account for many users and groups. However, Privilege Secure +represents a paradigm shift in thinking on how privileged access is managed. Until this shift in +thinking is rectified, Privilege Secure and Active Directory will "fight" over whether an account is +in the Local Administrators group, Privilege Secure removing the account, and GPO adding it back +again, in an infinite loop. Or, vice versa, Privilege Secure is adding Persistent accounts (service +accounts) and GPO, using Restricted Groups, is removing them again. + +## Solution + +- Reduce the scope of these GPOs. Do not include JITA accounts (interactive accounts) in the list of + accounts to add via GPO. If needed for initial addition of these accounts (for example, on a new + build) use the GPO option for "Apply once and do not reapply". +- Do not rely on "Restricted Groups" to tightly control the Local Administrators group. That is what + Privilege Secure is for. Instead use "Preferences" to _add_ Persistent accounts to the Local + Administrators group (but not remove any). See an example of this type of GPO below under "More + Information". + +## More Information + +- Example of how to use GPO to add the Privilege Secure service account (the "Protect Mode" + account). + [Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/productmodeaccount.md) diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/jitasessionduration.md b/docs/privilegesecure/4.2/discovery/administration/configuration/jitasessionduration.md similarity index 87% rename from docs/privilegesecure/4.2/discovery/admin/configuration/jitasessionduration.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/jitasessionduration.md index d25dc6e5dd..84ef96b265 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/jitasessionduration.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/jitasessionduration.md @@ -1,3 +1,9 @@ +--- +title: "Change the Default/Maximum JITA Session Duration" +description: "Change the Default/Maximum JITA Session Duration" +sidebar_position: 90 +--- + # Change the Default/Maximum JITA Session Duration Change the Default/Maximum JITA Session Duration diff --git a/docs/privilegesecure/4.2/discovery/administration/configuration/linux.md b/docs/privilegesecure/4.2/discovery/administration/configuration/linux.md new file mode 100644 index 0000000000..464ab32f0f --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/linux.md @@ -0,0 +1,128 @@ +--- +title: "Privilege Secure and Linux" +description: "Privilege Secure and Linux" +sidebar_position: 270 +--- + +# Privilege Secure and Linux + +Privilege Secure and Linux + +# Privilege Secure and Linux + +**CAUTION:** Always back up the /etc/sudoers file prior to scanning or enabling Scan Mode on any +system in NPS-D. Scanning, regardless of Protect Mode setting, a Liunx system will result in a +flattening of the /etc/sudoers file. This will pull in all permissions from other sources (e.g: +files locate in /etc/sudoers.d) into the /etc/sudoers file, and disable sudo permissions being +acquired from those sources. + +This topic covers the processes surrounding Privilege Secure with Linux systems. Specifically +covering: + +- Privilege Secure’s **Linux Registration** process, via API calls, through Postman or QuickStart. +- Privilege Secure’s general **JITA Request for Linux** using the bridged AD accounts +- **Protect Modes** JITA+DENY with the applied modifications to sudoers.d directory +- **“Under the Hood”**, what Privilege Secure is doing with the 3 reference files used for Privilege + Secure’s inventory and visibility of Linux systems + +### Linux Registration Setup + +Similar to registering Windows systems, there is some prep work that is needed to allow Privilege +Secure processes to complete on the newly registered Linux machines. Here are the outlined items to +be completed prior registering Linux systems. + +- A service account will be required to register/enroll the system within Privilege Secure. This + account will need to have sudo permissions on the Linux endpoint(s). +- Adding a sudo user: + + - For users experienced with Linux, add line to /etc/sudoers file with the permissions for user, + ‘example_user’ show here: `example_user ALL=(ALL) NOPASSWD: ALL` + - [Linux: Add Sudo User to Ubuntu System](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxaddsudouser.md) + +### Linux Registration - (pre 2.18.0) + +The below Zendesk support article, which covers the fields sent during the registration process +including the admin account(s) that will be added to the Linux endpoint and used for JITA access. +Linux registration can be completed via either of the below methods. The Postman option will allow +for a single system registration and the QuickStart option will allow for bulk systems registration. + +- Postman program (used for individual system registration) - + [Postman Linux Registration](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postmanlinuxregistration.md) +- QuickStart script (used for bulk system registration) - + [QuickStart Script](/docs/privilegesecure/4.2/discovery/administration/configuration/quickstartscript.md) + +## JITA Request for Linux Systems + +- Domain Account: This account will be “linked” to the local Linux account on the end point, and + displayed in the Privilege Secure inventory. +- Local Linux Account: Local account that was added to the Linux system to allow JITA SSH access. + +Linux JITA Session Behavior + +- User requests JITA for a Linux system. +- If it is the first time a user is requesting access to Linux system, Privilege Secure creates a + local account on the Linux machine, using AD credentials. + + - Example entry into /etc/passwd for user ‘s1_user’: + `s1_user:x:1005:1005:PrivilegeSecure AD Bridged Account:/home/s1_user:/bin/sh` + - User can then SSH to the linux box with just username (case sensitive), no domain required. + +- Privilege Secure also create an entry for that account in the `/etc/sudoers/` providing sudo + capabilities. +- Once the JITA session expires: + + - The entry created for the user in the `/etc/sudoers/` directory is removed, removing sudo + capability. + - The password set on the account is scrambled. + - The AD account created remains in /etc/passwd. + +## Protect Modes + +Privilege Secure users should be using a provisioned domain account to get JITA access to the linux +system. Protect Modes apply to accounts that have been added locally to the /etc/sudoers file or +/etc/sudoers.d directory. + +Always backup the original sudoers file before placing a system into a Protect mode.   Example of +command to use on the system to be protected: + +sudo cp /etc/sudoers /etc/sudoers.orig + +Protect Mode: JITA + +- Permanent access could be granted by setting the account to persistent. This could be done for a + service account that needs to have access to the system at all times. +- Privilege Secure recognizes newly added local accounts to the /etc/sudoers file or /etc/sudoers.d + directory +- The accounts recognized are added to Privilege Secure’s inventory, with the policy persistent: No + and on Host:No. +- The account is removed from the /etc/sudoers file or /etc/sudoers.d directory + +Protect Mode: DENY + +- The only different from Protect Mode: JITA is the discovered local account is not added + toPrivilege Secure’s inventory. So these accounts can not be set to persistent. + +## Under the Hood + +3 files/locations that Privilege Secure focuses on with the associated permission + +- /etc/sudoers.d directory- Read and Write +- /etc/passwd file- Read and Write +- /etc/sudoers file- Read and Write + +What we are not doing yet is looking at what users are in the “sudo” group. The sudo group is +referenced to the “wheel” group in some flavors of Linux. + +``` +# Allow members of group sudo to execute any command +%sudo    ALL=(ALL:ALL) ALL + +``` + +Privilege Secure’s visibility of whether an account exist for a Linux system is done via the +/etc/passwd file, this file doesn’t show/define permissions. + +Privilege Secure reads the sudoers file, within the /etc directory, to check for user and group +privilege specifications. + +During JITA sessions and expirations Privilege Secure will modify the /etc/sudoers file. diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/linuxandad.md b/docs/privilegesecure/4.2/discovery/administration/configuration/linuxandad.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/admin/configuration/linuxandad.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/linuxandad.md index 2a4eb6afd0..8336594aee 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/linuxandad.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/linuxandad.md @@ -1,3 +1,9 @@ +--- +title: "Using Privilege Secure with Lin" +description: "Using Privilege Secure with Lin" +sidebar_position: 130 +--- + # Using Privilege Secure with Lin Using Privilege Secure with Lin @@ -46,7 +52,7 @@ local accounts or AD Directory accounts, we have you covered. - Privilege Secure manages Linux systems without using an agent, and this requires a registration step to establish a local service account with SSH access and Sudo permissions. - - [Privilege Secure and Linux](/docs/privilegesecure/4.2/discovery/admin/configuration/linux.md) + - [Privilege Secure and Linux](/docs/privilegesecure/4.2/discovery/administration/configuration/linux.md) - AD-joined Linux systems (Using Centrify, PB Open, SSSD/RealmD) will be discovered in AD by Privilege Secure before "registration" occurs but can not be Scanned or protected until a Privilege Secure service account is established on the system. diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/linuxsimplified2.18+.md b/docs/privilegesecure/4.2/discovery/administration/configuration/linuxsimplified2.18+.md similarity index 95% rename from docs/privilegesecure/4.2/discovery/admin/configuration/linuxsimplified2.18+.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/linuxsimplified2.18+.md index c5a2118cef..ebbee59234 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/linuxsimplified2.18+.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/linuxsimplified2.18+.md @@ -1,3 +1,9 @@ +--- +title: "Linux Simplified - 2.18+" +description: "Linux Simplified - 2.18+" +sidebar_position: 20 +--- + # Linux Simplified - 2.18+ Linux Simplified - 2.18+ diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/logchanges2.20.md b/docs/privilegesecure/4.2/discovery/administration/configuration/logchanges2.20.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/configuration/logchanges2.20.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/logchanges2.20.md index ca6babceab..856073bf8c 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/logchanges2.20.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/logchanges2.20.md @@ -1,3 +1,9 @@ +--- +title: "Log Changes 2.20+" +description: "Log Changes 2.20+" +sidebar_position: 10 +--- + # Log Changes 2.20+ Log Changes 2.20+ diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/oampasswordconfig.md b/docs/privilegesecure/4.2/discovery/administration/configuration/oampasswordconfig.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/admin/configuration/oampasswordconfig.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/oampasswordconfig.md index 2ed9f774a5..5b8bf25484 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/oampasswordconfig.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/oampasswordconfig.md @@ -1,3 +1,9 @@ +--- +title: "OAM Password Configuration" +description: "OAM Password Configuration" +sidebar_position: 110 +--- + # OAM Password Configuration OAM Password Configuration diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/oktaintegration.md b/docs/privilegesecure/4.2/discovery/administration/configuration/oktaintegration.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/configuration/oktaintegration.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/oktaintegration.md index 5ce5a463d5..bdcbe26845 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/oktaintegration.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/oktaintegration.md @@ -1,3 +1,9 @@ +--- +title: "Okta SSO and MFA Integration" +description: "Okta SSO and MFA Integration" +sidebar_position: 160 +--- + # Okta SSO and MFA Integration Okta SSO and MFA Integration diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/quickstartscript.md b/docs/privilegesecure/4.2/discovery/administration/configuration/quickstartscript.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/admin/configuration/quickstartscript.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/quickstartscript.md index fde09d270a..21ed8630f1 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/quickstartscript.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/quickstartscript.md @@ -1,3 +1,9 @@ +--- +title: "QuickStart Script" +description: "QuickStart Script" +sidebar_position: 280 +--- + # QuickStart Script QuickStart Script diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/radius.md b/docs/privilegesecure/4.2/discovery/administration/configuration/radius.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/admin/configuration/radius.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/radius.md index 88d367215c..64f05c4a23 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/radius.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/radius.md @@ -1,3 +1,9 @@ +--- +title: "RADIUS" +description: "RADIUS" +sidebar_position: 190 +--- + # RADIUS RADIUS diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/removepersistence.md b/docs/privilegesecure/4.2/discovery/administration/configuration/removepersistence.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/removepersistence.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/removepersistence.md index f8ed0b74af..298fd38346 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/removepersistence.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/removepersistence.md @@ -1,3 +1,9 @@ +--- +title: "Remove Persistence on Machines" +description: "Remove Persistence on Machines" +sidebar_position: 290 +--- + # Remove Persistence on Machines Remove Persistence on Machines @@ -7,7 +13,7 @@ Remove Persistence on Machines ## Overview Once freeze mode has been implemented -([Freeze Mode](/docs/privilegesecure/4.2/discovery/freeze_mode.md)), +([Freeze Mode](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/freeze_mode.md)), persistent access needs to be reduced. This should be done in a risk-based approach, by targeting the groups that convey most access. This activity can be split by @@ -64,7 +70,7 @@ interactive group can easily be done by Quickstart. The method for carrying this out is detailed in the “Applying a Service Account Directly to a Machine” article -([](https://remediant.zendesk.com/hc/en-us/articles/4995338773655-Applying-a-Service-Account-from-an-existing-AD-group-Directly-to-a-Machine)[Apply a Service Account from an existing AD group Directly to a Machine](/docs/privilegesecure/4.2/discovery/admin/configuration/applyserviceaccount.md)). +([](https://remediant.zendesk.com/hc/en-us/articles/4995338773655-Applying-a-Service-Account-from-an-existing-AD-group-Directly-to-a-Machine)[Apply a Service Account from an existing AD group Directly to a Machine](/docs/privilegesecure/4.2/discovery/administration/configuration/applyserviceaccount.md)). ### Pull Quickstart File diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/resetmfatokens.md b/docs/privilegesecure/4.2/discovery/administration/configuration/resetmfatokens.md similarity index 90% rename from docs/privilegesecure/4.2/discovery/admin/configuration/resetmfatokens.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/resetmfatokens.md index c9b4b1feee..64a4ee195e 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/resetmfatokens.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/resetmfatokens.md @@ -1,3 +1,9 @@ +--- +title: "Reset MFA Tokens" +description: "Reset MFA Tokens" +sidebar_position: 310 +--- + # Reset MFA Tokens Reset MFA Tokens @@ -15,7 +21,7 @@ token at next login. Please see the Privilege Secure User Guide - First Time Logging In for setting new MFA: -- [First Login](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/firstlogin.md) +- [First Login](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/firstlogin.md) ## Reset MFA Inherited by AD Group @@ -48,4 +54,4 @@ appropriate user's MFA token: Please see the Privilege Secure User Guide - First Time Logging In for setting new MFA: -- [First Login](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/firstlogin.md) +- [First Login](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/firstlogin.md) diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/saslkerberos.md b/docs/privilegesecure/4.2/discovery/administration/configuration/saslkerberos.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/configuration/saslkerberos.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/saslkerberos.md index ac34a225dc..3c331a2597 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/saslkerberos.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/saslkerberos.md @@ -1,3 +1,9 @@ +--- +title: "SASL Kerberos" +description: "SASL Kerberos" +sidebar_position: 40 +--- + # SASL Kerberos SASL Kerberos diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/sessiontimeouts.md b/docs/privilegesecure/4.2/discovery/administration/configuration/sessiontimeouts.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/sessiontimeouts.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/sessiontimeouts.md index c234ddb981..c3892de180 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/sessiontimeouts.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/sessiontimeouts.md @@ -1,3 +1,9 @@ +--- +title: "Controlling Session Timeouts with GPO" +description: "Controlling Session Timeouts with GPO" +sidebar_position: 210 +--- + # Controlling Session Timeouts with GPO Controlling Session Timeouts with GPO diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/spinitiatedsso.md b/docs/privilegesecure/4.2/discovery/administration/configuration/spinitiatedsso.md similarity index 88% rename from docs/privilegesecure/4.2/discovery/admin/configuration/spinitiatedsso.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/spinitiatedsso.md index 397bdb85f3..da028f8363 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/spinitiatedsso.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/spinitiatedsso.md @@ -1,3 +1,9 @@ +--- +title: "SP Initiated SSO" +description: "SP Initiated SSO" +sidebar_position: 30 +--- + # SP Initiated SSO SP Initiated SSO diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/sslcsr.md b/docs/privilegesecure/4.2/discovery/administration/configuration/sslcsr.md similarity index 89% rename from docs/privilegesecure/4.2/discovery/admin/configuration/sslcsr.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/sslcsr.md index 0449a16d36..4ead838274 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/sslcsr.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/sslcsr.md @@ -1,3 +1,9 @@ +--- +title: "SSL CSR (Certificate Signing Request)" +description: "SSL CSR (Certificate Signing Request)" +sidebar_position: 60 +--- + # SSL CSR (Certificate Signing Request) SSL CSR (Certificate Signing Request) diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/ssoconfiguration.md b/docs/privilegesecure/4.2/discovery/administration/configuration/ssoconfiguration.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/ssoconfiguration.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/ssoconfiguration.md index 8f58c8241a..997927c417 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/ssoconfiguration.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/ssoconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "SSO Configuration" +description: "SSO Configuration" +sidebar_position: 140 +--- + # SSO Configuration SSO Configuration diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/uibranding.md b/docs/privilegesecure/4.2/discovery/administration/configuration/uibranding.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/configuration/uibranding.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/uibranding.md index a073fda3ce..b22a4fa619 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/uibranding.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/uibranding.md @@ -1,3 +1,9 @@ +--- +title: "User Interface Branding" +description: "User Interface Branding" +sidebar_position: 220 +--- + # User Interface Branding User Interface Branding diff --git a/docs/privilegesecure/4.2/discovery/admin/configuration/webservercertificate.md b/docs/privilegesecure/4.2/discovery/administration/configuration/webservercertificate.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/admin/configuration/webservercertificate.md rename to docs/privilegesecure/4.2/discovery/administration/configuration/webservercertificate.md index 4c35ab8933..265e7d82f6 100644 --- a/docs/privilegesecure/4.2/discovery/admin/configuration/webservercertificate.md +++ b/docs/privilegesecure/4.2/discovery/administration/configuration/webservercertificate.md @@ -1,3 +1,9 @@ +--- +title: "Create Web Server Certificate with SANs" +description: "Create Web Server Certificate with SANs" +sidebar_position: 80 +--- + # Create Web Server Certificate with SANs Create Web Server Certificate with SANs @@ -24,7 +30,7 @@ the like, it is recommended to add the public certificate chain for the CA to th the Privilege Secure nodes. See the -[Add a Certificate Authority to the Ubuntu Trusted Authorities Repository](/docs/privilegesecure/4.2/discovery/admin/configuration/addcertificateauthority.md) +[Add a Certificate Authority to the Ubuntu Trusted Authorities Repository](/docs/privilegesecure/4.2/discovery/administration/configuration/addcertificateauthority.md) topic for additional information. **NOTE:** If the Privilege Secure web application does not function after updating the certificate, diff --git a/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/_category_.json b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/_category_.json new file mode 100644 index 0000000000..ebe895f7de --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "On Prem Maintenance", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/admin/maintenance/dellr430r440idrac9.md b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/dellr430r440idrac9.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/maintenance/dellr430r440idrac9.md rename to docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/dellr430r440idrac9.md index 0cb66bb0df..975e6ef5a7 100644 --- a/docs/privilegesecure/4.2/discovery/admin/maintenance/dellr430r440idrac9.md +++ b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/dellr430r440idrac9.md @@ -1,3 +1,9 @@ +--- +title: "Dell R430/R440 iDrac 9 LOM Network Configuration via Reboot" +description: "Dell R430/R440 iDrac 9 LOM Network Configuration via Reboot" +sidebar_position: 30 +--- + # Dell R430/R440 iDrac 9 LOM Network Configuration via Reboot Dell R430/R440 iDrac 9 LOM Network Configuration via Reboot diff --git a/docs/privilegesecure/4.2/discovery/admin/maintenance/failback.md b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/failback.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/maintenance/failback.md rename to docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/failback.md index d9f10f08bf..06048796fa 100644 --- a/docs/privilegesecure/4.2/discovery/admin/maintenance/failback.md +++ b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/failback.md @@ -1,3 +1,9 @@ +--- +title: "Failback (DR to PROD)" +description: "Failback (DR to PROD)" +sidebar_position: 20 +--- + # Failback (DR to PROD) Failback (DR to PROD) diff --git a/docs/privilegesecure/4.2/discovery/admin/maintenance/linuxremovesnapbin.md b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/linuxremovesnapbin.md similarity index 86% rename from docs/privilegesecure/4.2/discovery/admin/maintenance/linuxremovesnapbin.md rename to docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/linuxremovesnapbin.md index 846241073a..2c838a331b 100644 --- a/docs/privilegesecure/4.2/discovery/admin/maintenance/linuxremovesnapbin.md +++ b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/linuxremovesnapbin.md @@ -1,3 +1,9 @@ +--- +title: "Linux: Remove /snap/bin from PATH" +description: "Linux: Remove /snap/bin from PATH" +sidebar_position: 10 +--- + # Linux: Remove /snap/bin from PATH Linux: Remove /snap/bin from PATH diff --git a/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/operational.md b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/operational.md new file mode 100644 index 0000000000..9cc64549fa --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/operational.md @@ -0,0 +1,135 @@ +--- +title: "Operational Maintenance" +description: "Operational Maintenance" +sidebar_position: 50 +--- + +# Operational Maintenance + +Operational Maintenance + +# Operational Maintenance + +Once Privilege Secure is rolled out there are various maintenance and operational items that should +be done at regular intervals: + +## Privilege Secure Processes (suggested daily) + +- The Privilege Secure processes can be listed using the following command: +- s1 status; s1 nodes +- This lists the status of all containers in the docker environment for Privilege Secure. They + should all be scaled to 1/1 in a production environment. All nodes should be listed + +![image.webp](/img/product_docs/privilegesecure/4.2/discovery/admin/maintenance/360053539334_image.webp) + +- The manager status should be listed as "Leader" for a single node or "Leader" and "Reachable" as + above. The Leader is the primary manager node and the Reachable nodes are managers. In the event + of a failure of a node an election to determine a new primary manager takes place. A single node + can fail without any indication to users. + +## Disk Maintenance (suggested weekly) + +- Disk space should be checked on a periodic basis. The command to check this is: df -h +- This command is disk free with the switch h for human readable. Disk usage over 80% should be + checked to see if there are any specific reasons for excessive disk usage. If this the space can + not be reduced successfully, additional disc space should be added. The Customer Success team can + assist with the review and reduction of used disc space and also increase of disk space (physical + or virtual, dependent on environment). + +## Backups + +Review (suggested weekly) + +- Check that backups are being executed on the production node and successfully copied to DR. +- Confirm that backups with appropriate recent date exist on DR server. Backups are usually executed + from a cron run script daily. +- If the backup is set to restore the database backup daily, check the logs for any errors. +- Production Primary Node: +- ls -lath /secureone/data/db/backups +- DR Primary Node: +- ls -lath /secureone/data/db/restore + +Test (suggested minimum yearly) + +- It is recommended to test DR at least yearly. This can be part of a wider DR test or specific to + Privilege Secure. +- A test window should be created for this as changes to Privilege Secure DR would not be propagated + back to the main production instance. +- After a test ensure that services are down on the DR node. This will avoid the DR environment + overriding changes from Production. The command below can be utilized for this: + + - `s1 stop expire worker scanner` + +## Run Quickstart to Review Protect Mode and Persistence (suggested weekly) + +- Quickstart should be run frequently to ensure that all machines remain in protect mode. The output + from Quickstart can easily be filtered for any machines that do not show in protect mode. This + ensures that the build process and addition or protect mode is being executed as expected. +- Quickstart can also be used for a review of persistent access. This should be minimized to service + accounts. A review to look for user accounts set to persistent should be carried out. If these are + truly required to be persistent, then they should be switched to a service account. + +## Privilege Secure Log Review - SIEM (suggested weekly) + +- Typically a SIEM solution is best placed to report any issues that can be captured in Privilege + Secure logs. +- An example set of queries for Splunk is included here: + [Splunk and SIEM Queries](/docs/privilegesecure/4.2/discovery/integrations/siem/splunkqueries.md) +- The "change system policy" output should be reviewed for any removal of protect mode. +- The "slow JITA access" and "time it takes for JITA access" can give an indication if users are + being slowed down in their ability to elevate privilege when utilizing Privilege Secure. + +## Mongo Health (suggested weekly) + +Time Sync + +- Run the following command to check that the servers are remaining in sync with time: +- sudo docker exec -it $(sudo docker ps | grep mongo | cut -d' ' -f1) mongo SecureONE --eval + 'rs.printSlaveReplicationInfo()' +- The result should show that there is little or no difference in time: +- secureone@ip-10-100-11-27:/secureone/conf/fluentd$ sudo docker exec -it $(sudo docker ps | grep + mongo | cut -d' ' -f1) mongo SecureONE --eval 'rs.printSlaveReplicationInfo()' + MongoDB shell version v4.0.20 + connecting to: mongodb://127.0.0.1:27017/SecureONE?gssapiServiceName=mongodb + Implicit session: session \{ "id" : UUID("dcab2535-4051-48df-80fd-eec1136f692b") \} + MongoDB server version: 4.0.20 + source: mongo2:27017 + syncedTo: Tue Sep 22 2020 16:03:34 GMT+0000 (UTC) + 0 secs (0 hrs) behind the primary + source: mongo3:27017 + syncedTo: Tue Sep 22 2020 16:03:34 GMT+0000 (UTC) + 0 secs (0 hrs) behind the primary +- In the event of a variation in time, contact the Remediant Customer Success team. + +Mongo status + +- Run the following to ensure the mongo DB nodes are maintaining the correct state: + +``` +sudo docker exec -it $(sudo docker ps | grep mongo | cut -d' ' -f1) mongo SecureONE --eval 'rs.status()' | grep "name\|health\|state\|stateStr" +``` + +- The output of this should be + +``` +"name" : "mongo1:27017", +"health" : 1, +"state" : 1, +"stateStr" : "PRIMARY", +"name" : "mongo2:27017", +"health" : 1, +"state" : 2, +"stateStr" : "SECONDARY", +"name" : "mongo3:27017", +"health" : 1, +"state" : 2, +"stateStr" : "SECONDARY", +``` + +**NOTE:** Health should report as 1 for everything and state should be 1 or 2. + +## Version and OS updates (suggested quarterly minimum) + +- Ensure quarterly meeting to review updates to Privilege Secure version and OS patches/updates. +- Patches can be applied monthly. The Customer Success team can be contacted prior to updates to + ensure no known issues. diff --git a/docs/privilegesecure/4.2/discovery/admin/maintenance/ssh.md b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/ssh.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/admin/maintenance/ssh.md rename to docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/ssh.md index 6d04f00f71..c885e98b42 100644 --- a/docs/privilegesecure/4.2/discovery/admin/maintenance/ssh.md +++ b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/ssh.md @@ -1,3 +1,9 @@ +--- +title: "SSH into Privilege Secure Node(s)" +description: "SSH into Privilege Secure Node(s)" +sidebar_position: 60 +--- + # SSH into Privilege Secure Node(s) SSH into Privilege Secure Node(s) diff --git a/docs/privilegesecure/4.2/discovery/admin/maintenance/updateosonappliances.md b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/updateosonappliances.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/maintenance/updateosonappliances.md rename to docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/updateosonappliances.md index 9b824143c1..3f2f9bedff 100644 --- a/docs/privilegesecure/4.2/discovery/admin/maintenance/updateosonappliances.md +++ b/docs/privilegesecure/4.2/discovery/administration/onpremmaintenance/updateosonappliances.md @@ -1,3 +1,9 @@ +--- +title: "Update Privilege Secure OS on Appliances" +description: "Update Privilege Secure OS on Appliances" +sidebar_position: 40 +--- + # Update Privilege Secure OS on Appliances Update Privilege Secure OS on Appliances @@ -19,7 +25,7 @@ Privilege Secure will be offline for 30-60 minutes. ## Requirements - 30-60 minute scheduled maintenance window with expected downtim -- [Install the S1 CLI Helper Utility ](/docs/privilegesecure/4.2/discovery/install/s1clihelperutility.md) +- [Install the S1 CLI Helper Utility ](/docs/privilegesecure/4.2/discovery/installation/s1clihelperutility.md) ## Use Case: Cluster In-Place (1 node at a Time, No Downtime) diff --git a/docs/privilegesecure/4.2/discovery/administration/reporting/_category_.json b/docs/privilegesecure/4.2/discovery/administration/reporting/_category_.json new file mode 100644 index 0000000000..3612a8526e --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Reporting", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/admin/reporting/accessrisk.md b/docs/privilegesecure/4.2/discovery/administration/reporting/accessrisk.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/admin/reporting/accessrisk.md rename to docs/privilegesecure/4.2/discovery/administration/reporting/accessrisk.md index 7352f09153..0c4fb93a88 100644 --- a/docs/privilegesecure/4.2/discovery/admin/reporting/accessrisk.md +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/accessrisk.md @@ -1,3 +1,9 @@ +--- +title: "Access Risk" +description: "Access Risk" +sidebar_position: 30 +--- + # Access Risk Access Risk diff --git a/docs/privilegesecure/4.2/discovery/admin/reporting/applicationlogbasics.md b/docs/privilegesecure/4.2/discovery/administration/reporting/applicationlogbasics.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/reporting/applicationlogbasics.md rename to docs/privilegesecure/4.2/discovery/administration/reporting/applicationlogbasics.md index 15333d8b43..f89f765a2b 100644 --- a/docs/privilegesecure/4.2/discovery/admin/reporting/applicationlogbasics.md +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/applicationlogbasics.md @@ -1,3 +1,9 @@ +--- +title: "Application Log CheatSheet Basics" +description: "Application Log CheatSheet Basics" +sidebar_position: 20 +--- + # Application Log CheatSheet Basics Application Log CheatSheet Basics diff --git a/docs/privilegesecure/4.2/discovery/admin/reporting/dashboardguide.md b/docs/privilegesecure/4.2/discovery/administration/reporting/dashboardguide.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/reporting/dashboardguide.md rename to docs/privilegesecure/4.2/discovery/administration/reporting/dashboardguide.md index 00995716fb..a99d2f273b 100644 --- a/docs/privilegesecure/4.2/discovery/admin/reporting/dashboardguide.md +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/dashboardguide.md @@ -1,3 +1,9 @@ +--- +title: "Dashboard Guide" +description: "Dashboard Guide" +sidebar_position: 60 +--- + # Dashboard Guide Dashboard Guide diff --git a/docs/privilegesecure/4.2/discovery/admin/reporting/licensingdetails.md b/docs/privilegesecure/4.2/discovery/administration/reporting/licensingdetails.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/reporting/licensingdetails.md rename to docs/privilegesecure/4.2/discovery/administration/reporting/licensingdetails.md index 2c117c2692..f08ddcbc8c 100644 --- a/docs/privilegesecure/4.2/discovery/admin/reporting/licensingdetails.md +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/licensingdetails.md @@ -1,3 +1,9 @@ +--- +title: "Licensing Details" +description: "Licensing Details" +sidebar_position: 10 +--- + # Licensing Details Licensing Details diff --git a/docs/privilegesecure/4.2/discovery/admin/reporting/logparsing.md b/docs/privilegesecure/4.2/discovery/administration/reporting/logparsing.md similarity index 99% rename from docs/privilegesecure/4.2/discovery/admin/reporting/logparsing.md rename to docs/privilegesecure/4.2/discovery/administration/reporting/logparsing.md index 7849c76c41..3b926825ba 100644 --- a/docs/privilegesecure/4.2/discovery/admin/reporting/logparsing.md +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/logparsing.md @@ -1,3 +1,9 @@ +--- +title: "Log Parsing & Reporting: Top 5 End-User Activity Log Data" +description: "Log Parsing & Reporting: Top 5 End-User Activity Log Data" +sidebar_position: 50 +--- + # Log Parsing & Reporting: Top 5 End-User Activity Log Data Log Parsing & Reporting: Top 5 End-User Activity Log Data diff --git a/docs/privilegesecure/4.2/discovery/admin/reporting/standingprivilegescript.md b/docs/privilegesecure/4.2/discovery/administration/reporting/standingprivilegescript.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/reporting/standingprivilegescript.md rename to docs/privilegesecure/4.2/discovery/administration/reporting/standingprivilegescript.md index 2d0cde3981..94905835be 100644 --- a/docs/privilegesecure/4.2/discovery/admin/reporting/standingprivilegescript.md +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/standingprivilegescript.md @@ -1,3 +1,9 @@ +--- +title: "Standing Privilege Reduction Metric Script" +description: "Standing Privilege Reduction Metric Script" +sidebar_position: 70 +--- + # Standing Privilege Reduction Metric Script Standing Privilege Reduction Metric Script diff --git a/docs/privilegesecure/4.2/discovery/admin/reporting/systemmanagementscreen.md b/docs/privilegesecure/4.2/discovery/administration/reporting/systemmanagementscreen.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/admin/reporting/systemmanagementscreen.md rename to docs/privilegesecure/4.2/discovery/administration/reporting/systemmanagementscreen.md index 51139238cf..96abce2a52 100644 --- a/docs/privilegesecure/4.2/discovery/admin/reporting/systemmanagementscreen.md +++ b/docs/privilegesecure/4.2/discovery/administration/reporting/systemmanagementscreen.md @@ -1,3 +1,9 @@ +--- +title: "System Management Screen" +description: "System Management Screen" +sidebar_position: 40 +--- + # System Management Screen System Management Screen diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/403zerousns.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/403zerousns.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/403zerousns.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/403zerousns.md index bfbfb34077..d44b7d2680 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/403zerousns.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/403zerousns.md @@ -1,3 +1,9 @@ +--- +title: "403 - Zero USNs by Domain" +description: "403 - Zero USNs by Domain" +sidebar_position: 40 +--- + # 403 - Zero USNs by Domain 403 - Zero USNs by Domain diff --git a/docs/privilegesecure/4.2/discovery/administration/systemmanagement/_category_.json b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/_category_.json new file mode 100644 index 0000000000..00b5164b60 --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "System Management", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/adduserorgroup.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/adduserorgroup.md similarity index 87% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/adduserorgroup.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/adduserorgroup.md index 528a40040c..beaaaa10d1 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/adduserorgroup.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/adduserorgroup.md @@ -1,3 +1,9 @@ +--- +title: "Add a User or Group to a Systems' Administrator Account Inventory" +description: "Add a User or Group to a Systems' Administrator Account Inventory" +sidebar_position: 20 +--- + # Add a User or Group to a Systems' Administrator Account Inventory Add a User or Group to a Systems' Administrator Account Inventory @@ -70,9 +76,9 @@ Data Sheet, Provision Account column. For additional information, see the following topics: -- [QuickStart Script](/docs/privilegesecure/4.2/discovery/admin/configuration/quickstartscript.md) -- [Quickstart Fields Demystified](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/quickstartfields.md) +- [QuickStart Script](/docs/privilegesecure/4.2/discovery/administration/configuration/quickstartscript.md) +- [Quickstart Fields Demystified](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/quickstartfields.md) Replicate sudo permissions to one or many systems: -- [Linux: Replicate Sudo Permissions to Many Systems Using QuickStart](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxsudopermissions.md) +- [Linux: Replicate Sudo Permissions to Many Systems Using QuickStart](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxsudopermissions.md) diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/bulkactions.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/bulkactions.md similarity index 98% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/bulkactions.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/bulkactions.md index b29982e0d4..5cd688652e 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/bulkactions.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/bulkactions.md @@ -1,3 +1,9 @@ +--- +title: "Bulk Actions" +description: "Bulk Actions" +sidebar_position: 90 +--- + # Bulk Actions Bulk Actions diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/commonuierrors.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/commonuierrors.md similarity index 99% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/commonuierrors.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/commonuierrors.md index 9f2053e652..84a84c9ecd 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/commonuierrors.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/commonuierrors.md @@ -1,3 +1,9 @@ +--- +title: "Explanation of Common UI Errors" +description: "Explanation of Common UI Errors" +sidebar_position: 100 +--- + # Explanation of Common UI Errors Explanation of Common UI Errors @@ -16,9 +22,9 @@ Dynamic DNS records. - Cause 1 – Privilege Secure scan account does not have permissions to enumerate the local Administrators group. The GPO allowing the scan account to make remote calls to SAM. - Solution 1 – - [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecure/4.2/discovery/scangposerver2016+dcs.md) + [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2016+dcs.md) or - [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/scangposerver2012or2008dcs.md) + [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) - Cause 2 – System can not reach a domain controller for AD account authentication.  Can verify by receiving an error to that affect while attempting to RDP to that system using an AD account.  If a terminal is available via EDR or remote management solution, you can also verify by running a diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/firstlogin.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/firstlogin.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/firstlogin.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/firstlogin.md index 8d55dde5d3..120dc85e6d 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/firstlogin.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/firstlogin.md @@ -1,3 +1,9 @@ +--- +title: "First Login" +description: "First Login" +sidebar_position: 70 +--- + # First Login First Login diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/jitasessions.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/jitasessions.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/jitasessions.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/jitasessions.md index 1e9813232b..d6c2d89288 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/jitasessions.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/jitasessions.md @@ -1,3 +1,9 @@ +--- +title: "Starting and Managing JITA Sessions for Another User" +description: "Starting and Managing JITA Sessions for Another User" +sidebar_position: 150 +--- + # Starting and Managing JITA Sessions for Another User Starting and Managing JITA Sessions for Another User diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxaddsudouser.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxaddsudouser.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxaddsudouser.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxaddsudouser.md index f12b6761d6..355945d8f5 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxaddsudouser.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxaddsudouser.md @@ -1,3 +1,9 @@ +--- +title: "Linux: Add Sudo User to Ubuntu System" +description: "Linux: Add Sudo User to Ubuntu System" +sidebar_position: 50 +--- + # Linux: Add Sudo User to Ubuntu System Linux: Add Sudo User to Ubuntu System diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxandmac.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxandmac.md similarity index 95% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxandmac.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxandmac.md index 440606a9c8..08d4e61bcc 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxandmac.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxandmac.md @@ -1,3 +1,9 @@ +--- +title: "Linux and Mac Lightweight Directory Bridging - JWT and Passwords" +description: "Linux and Mac Lightweight Directory Bridging - JWT and Passwords" +sidebar_position: 10 +--- + # Linux and Mac Lightweight Directory Bridging - JWT and Passwords Linux and Mac Lightweight Directory Bridging - JWT and Passwords diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxgranularsudo.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxgranularsudo.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxgranularsudo.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxgranularsudo.md index 55b0e2eac7..c29661e467 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxgranularsudo.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxgranularsudo.md @@ -1,3 +1,9 @@ +--- +title: "Linux: Granular Sudo" +description: "Linux: Granular Sudo" +sidebar_position: 130 +--- + # Linux: Granular Sudo Linux: Granular Sudo diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxsudopermissions.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxsudopermissions.md similarity index 90% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxsudopermissions.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxsudopermissions.md index b0daaced9c..bd7155c2f1 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/linuxsudopermissions.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/linuxsudopermissions.md @@ -1,3 +1,9 @@ +--- +title: "Linux: Replicate Sudo Permissions to Many Systems Using QuickStart" +description: "Linux: Replicate Sudo Permissions to Many Systems Using QuickStart" +sidebar_position: 30 +--- + # Linux: Replicate Sudo Permissions to Many Systems Using QuickStart Linux: Replicate Sudo Permissions to Many Systems Using QuickStart diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/oamextended.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/oamextended.md similarity index 99% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/oamextended.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/oamextended.md index 0bbb024654..cd62a6de93 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/oamextended.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/oamextended.md @@ -1,3 +1,9 @@ +--- +title: "Offline Access Management (OAM) - Extended" +description: "Offline Access Management (OAM) - Extended" +sidebar_position: 60 +--- + # Offline Access Management (OAM) - Extended Offline Access Management (OAM) - Extended diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/quickstartfields.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/quickstartfields.md similarity index 99% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/quickstartfields.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/quickstartfields.md index e2261834e2..5592883096 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/quickstartfields.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/quickstartfields.md @@ -1,3 +1,9 @@ +--- +title: "Quickstart Fields Demystified" +description: "Quickstart Fields Demystified" +sidebar_position: 120 +--- + # Quickstart Fields Demystified Quickstart Fields Demystified diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/removeasystem.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/removeasystem.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/removeasystem.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/removeasystem.md index c3e3b183a6..a1b8c2fb97 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/removeasystem.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/removeasystem.md @@ -1,3 +1,9 @@ +--- +title: "Remove a System from Privilege Secure" +description: "Remove a System from Privilege Secure" +sidebar_position: 140 +--- + # Remove a System from Privilege Secure Remove a System from Privilege Secure diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/restoreasystem.md b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/restoreasystem.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/restoreasystem.md rename to docs/privilegesecure/4.2/discovery/administration/systemmanagement/restoreasystem.md index 7226db2378..298d4da136 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/restoreasystem.md +++ b/docs/privilegesecure/4.2/discovery/administration/systemmanagement/restoreasystem.md @@ -1,3 +1,9 @@ +--- +title: "Restore a System" +description: "Restore a System" +sidebar_position: 110 +--- + # Restore a System Restore a System diff --git a/docs/privilegesecure/4.2/discovery/gettingstarted.md b/docs/privilegesecure/4.2/discovery/gettingstarted.md index 82ec09aef4..88d5b6cc8c 100644 --- a/docs/privilegesecure/4.2/discovery/gettingstarted.md +++ b/docs/privilegesecure/4.2/discovery/gettingstarted.md @@ -1,3 +1,9 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 5 +--- + # Getting Started Getting Started @@ -55,7 +61,7 @@ Configuration). This is domain specific and is opened by clicking the > sign nex - The scan mode account should then be used to rollout a GPO change to ensure all Windows machines are able to be scanned. The details on how to make this GPO change are detailed in this article: - [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/scangposerver2012or2008dcs.md) + [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) - Set the domain to be scanned Once these are set the domain can be scanned. @@ -65,13 +71,13 @@ Groups, OUs, Users, etc. A load balanced connection will cause group updates to correctly. The dashboard can now be reviewed. An explanation of the dashboard is available in this article: -[Dashboard Guide](/docs/privilegesecure/4.2/discovery/admin/reporting/dashboardguide.md) +[Dashboard Guide](/docs/privilegesecure/4.2/discovery/administration/reporting/dashboardguide.md) ## Adding Users To Privilege Secure Privilege Secure utilizes two levels of user accounts, User and Administrator. These are explained in the article below: -[Add a User or Group to a Systems' Administrator Account Inventory](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/adduserorgroup.md) +[Add a User or Group to a Systems' Administrator Account Inventory](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/adduserorgroup.md) Before protect mode is rolled out users that would require privileged access should be added to Privilege Secure. This is typically done by means of an AD group. The Config/Users and Groups page is used to @@ -126,7 +132,7 @@ detail toPrivilege Secure for multiple systems in one go. ## Install Python Version 2.7 Follow the following article to install Python: -[Linux Registrations Prerequisites](/docs/privilegesecure/4.2/discovery/linuxregistrationsprerequisites.md) +[Linux Registrations Prerequisites](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md) ## Download Privilege Secure Reporting Tools (Quickstart) @@ -135,7 +141,7 @@ way of understanding the full access across the organization by system and also of making changes to Privilege Secure in bulk. - Download the script zip file from: - [QuickStart Script](/docs/privilegesecure/4.2/discovery/admin/configuration/quickstartscript.md) + [QuickStart Script](/docs/privilegesecure/4.2/discovery/administration/configuration/quickstartscript.md) - Run `pip install -r requirements.txt` with the path to the requirements.txt file that comes with the latest quickstart script. This requires Python 2.7 and PIP to be installed (PIP is installed by default with Python). @@ -149,7 +155,7 @@ Install and configure Postman in preparation for running the Quickstart process. for updating and enrolling multiple machines into Privilege Secure. Part of the initial configuration of this requires Postman. Postman is a tool for running APIs within Privilege Secure. -- [Postman: Installing and Configuring ](/docs/privilegesecure/4.2/discovery/postman_-_installing_and_configuring_.md) +- [Postman: Installing and Configuring ](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postman_-_installing_and_configuring_.md) ## Running Quickstart @@ -174,8 +180,8 @@ More information for running Quickstart is available from the following articles How To: Offline Access Management (OAM) - Extended: -- [Offline Access Management (OAM) - Extended](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/oamextended.md) +- [Offline Access Management (OAM) - Extended](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/oamextended.md) How To: QuickStart - Offline Access Management and Registering Linux Computers -- [QuickStart Advanced Fields](/docs/privilegesecure/4.2/discovery/admin/configuration/advancedfields.md) +- [QuickStart Advanced Fields](/docs/privilegesecure/4.2/discovery/administration/configuration/advancedfields.md) diff --git a/docs/privilegesecure/4.2/discovery/installation/_category_.json b/docs/privilegesecure/4.2/discovery/installation/_category_.json new file mode 100644 index 0000000000..0f6ac7ae2c --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/installation/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Installation", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/install/dellpoweredge.md b/docs/privilegesecure/4.2/discovery/installation/dellpoweredge.md similarity index 90% rename from docs/privilegesecure/4.2/discovery/install/dellpoweredge.md rename to docs/privilegesecure/4.2/discovery/installation/dellpoweredge.md index 9657b86ffb..ad522e96d9 100644 --- a/docs/privilegesecure/4.2/discovery/install/dellpoweredge.md +++ b/docs/privilegesecure/4.2/discovery/installation/dellpoweredge.md @@ -1,3 +1,9 @@ +--- +title: "Dell PowerEdge Default iDRAC Password" +description: "Dell PowerEdge Default iDRAC Password" +sidebar_position: 10 +--- + # Dell PowerEdge Default iDRAC Password Dell PowerEdge Default iDRAC Password diff --git a/docs/privilegesecure/4.2/discovery/install/dockersecrets.md b/docs/privilegesecure/4.2/discovery/installation/dockersecrets.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/install/dockersecrets.md rename to docs/privilegesecure/4.2/discovery/installation/dockersecrets.md index 4559246487..db8b2c34d7 100644 --- a/docs/privilegesecure/4.2/discovery/install/dockersecrets.md +++ b/docs/privilegesecure/4.2/discovery/installation/dockersecrets.md @@ -1,3 +1,9 @@ +--- +title: "Docker Secrets Matching DR Site to PROD Site" +description: "Docker Secrets Matching DR Site to PROD Site" +sidebar_position: 30 +--- + # Docker Secrets Matching DR Site to PROD Site Docker Secrets Matching DR Site to PROD Site @@ -23,7 +29,7 @@ here:  [Docker: Manage sensitive data with Docker secrets](https://docs.docker ### Requirements This guide utilizes -the [Install the S1 CLI Helper Utility ](/docs/privilegesecure/4.2/discovery/install/s1clihelperutility.md) +the [Install the S1 CLI Helper Utility ](/docs/privilegesecure/4.2/discovery/installation/s1clihelperutility.md) ### Retrieve the Docker Secret from Current Privilege Secure Instance diff --git a/docs/privilegesecure/4.2/discovery/install/machineprovisionidrac.md b/docs/privilegesecure/4.2/discovery/installation/machineprovisionidrac.md similarity index 92% rename from docs/privilegesecure/4.2/discovery/install/machineprovisionidrac.md rename to docs/privilegesecure/4.2/discovery/installation/machineprovisionidrac.md index 199ddf1366..0fd3768c6d 100644 --- a/docs/privilegesecure/4.2/discovery/install/machineprovisionidrac.md +++ b/docs/privilegesecure/4.2/discovery/installation/machineprovisionidrac.md @@ -1,3 +1,9 @@ +--- +title: "Machine Provisioning - iDRAC" +description: "Machine Provisioning - iDRAC" +sidebar_position: 20 +--- + # Machine Provisioning - iDRAC Machine Provisioning - iDRAC diff --git a/docs/privilegesecure/4.2/discovery/install/s1clihelperutility.md b/docs/privilegesecure/4.2/discovery/installation/s1clihelperutility.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/install/s1clihelperutility.md rename to docs/privilegesecure/4.2/discovery/installation/s1clihelperutility.md index 824e58ec18..acdb8c89b8 100644 --- a/docs/privilegesecure/4.2/discovery/install/s1clihelperutility.md +++ b/docs/privilegesecure/4.2/discovery/installation/s1clihelperutility.md @@ -1,3 +1,9 @@ +--- +title: "Install the S1 CLI Helper Utility" +description: "Install the S1 CLI Helper Utility" +sidebar_position: 40 +--- + # Install the S1 CLI Helper Utility Install the S1 CLI Helper Utility diff --git a/docs/privilegesecure/4.2/discovery/integrations/_category_.json b/docs/privilegesecure/4.2/discovery/integrations/_category_.json new file mode 100644 index 0000000000..1861652d0c --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/integrations/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Integrations", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/integrations/api/_category_.json b/docs/privilegesecure/4.2/discovery/integrations/api/_category_.json new file mode 100644 index 0000000000..c72001acec --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/integrations/api/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "API", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/integrations/api/advancedapireference.md b/docs/privilegesecure/4.2/discovery/integrations/api/advancedapireference.md index 0fae384c37..69b6a1a2f8 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/api/advancedapireference.md +++ b/docs/privilegesecure/4.2/discovery/integrations/api/advancedapireference.md @@ -1,3 +1,9 @@ +--- +title: "Advanced API Reference" +description: "Advanced API Reference" +sidebar_position: 30 +--- + # Advanced API Reference Advanced API Reference diff --git a/docs/privilegesecure/4.2/discovery/integrations/api/apikeymanagement.md b/docs/privilegesecure/4.2/discovery/integrations/api/apikeymanagement.md index ead96b21a2..11c0062dc7 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/api/apikeymanagement.md +++ b/docs/privilegesecure/4.2/discovery/integrations/api/apikeymanagement.md @@ -1,3 +1,9 @@ +--- +title: "API Key Management" +description: "API Key Management" +sidebar_position: 10 +--- + # API Key Management API Key Management diff --git a/docs/privilegesecure/4.2/discovery/integrations/api/apikeyrevocation.md b/docs/privilegesecure/4.2/discovery/integrations/api/apikeyrevocation.md index fd9383a39c..d6436b074b 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/api/apikeyrevocation.md +++ b/docs/privilegesecure/4.2/discovery/integrations/api/apikeyrevocation.md @@ -1,3 +1,9 @@ +--- +title: "API Key Revocation" +description: "API Key Revocation" +sidebar_position: 50 +--- + # API Key Revocation API Key Revocation diff --git a/docs/privilegesecure/4.2/discovery/integrations/api/postmanauthenticate.md b/docs/privilegesecure/4.2/discovery/integrations/api/postmanauthenticate.md index d7e2b59cb9..cc301acb7a 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/api/postmanauthenticate.md +++ b/docs/privilegesecure/4.2/discovery/integrations/api/postmanauthenticate.md @@ -1,3 +1,9 @@ +--- +title: "Postman: Authenticate using an API key" +description: "Postman: Authenticate using an API key" +sidebar_position: 40 +--- + # Postman: Authenticate using an API key Postman: Authenticate using an API key diff --git a/docs/privilegesecure/4.2/discovery/integrations/api/postmanlinux.md b/docs/privilegesecure/4.2/discovery/integrations/api/postmanlinux.md index 055b836589..5d70c616a0 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/api/postmanlinux.md +++ b/docs/privilegesecure/4.2/discovery/integrations/api/postmanlinux.md @@ -1,3 +1,9 @@ +--- +title: "PostMan: Adding Users/Groups to Linux System Inventory" +description: "PostMan: Adding Users/Groups to Linux System Inventory" +sidebar_position: 20 +--- + # PostMan: Adding Users/Groups to Linux System Inventory PostMan: Adding Users/Groups to Linux System Inventory diff --git a/docs/privilegesecure/4.2/discovery/integrations/edr/_category_.json b/docs/privilegesecure/4.2/discovery/integrations/edr/_category_.json new file mode 100644 index 0000000000..4a362a4d33 --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/integrations/edr/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "EDR", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/integrations/edr/carbonblack.md b/docs/privilegesecure/4.2/discovery/integrations/edr/carbonblack.md index 099e7d8deb..72fcb8f69d 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/edr/carbonblack.md +++ b/docs/privilegesecure/4.2/discovery/integrations/edr/carbonblack.md @@ -1,3 +1,9 @@ +--- +title: "Carbon Black" +description: "Carbon Black" +sidebar_position: 10 +--- + # Carbon Black Carbon Black diff --git a/docs/privilegesecure/4.2/discovery/integrations/edr/crowdstrike.md b/docs/privilegesecure/4.2/discovery/integrations/edr/crowdstrike.md index 0f8ea3e644..99378b0b5d 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/edr/crowdstrike.md +++ b/docs/privilegesecure/4.2/discovery/integrations/edr/crowdstrike.md @@ -1,3 +1,9 @@ +--- +title: "CrowdStrike" +description: "CrowdStrike" +sidebar_position: 20 +--- + # CrowdStrike CrowdStrike diff --git a/docs/privilegesecure/4.2/discovery/integrations/edr/sentinelone.md b/docs/privilegesecure/4.2/discovery/integrations/edr/sentinelone.md index 80a0006b1f..fb77cd6b5f 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/edr/sentinelone.md +++ b/docs/privilegesecure/4.2/discovery/integrations/edr/sentinelone.md @@ -1,3 +1,9 @@ +--- +title: "SentinelOne" +description: "SentinelOne" +sidebar_position: 30 +--- + # SentinelOne SentinelOne diff --git a/docs/privilegesecure/4.2/discovery/integrations/siem/_category_.json b/docs/privilegesecure/4.2/discovery/integrations/siem/_category_.json new file mode 100644 index 0000000000..241fe8583e --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/integrations/siem/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "SIEM", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/integrations/siem/additionallogs.md b/docs/privilegesecure/4.2/discovery/integrations/siem/additionallogs.md index 6a74441305..23d685d6f5 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/siem/additionallogs.md +++ b/docs/privilegesecure/4.2/discovery/integrations/siem/additionallogs.md @@ -1,3 +1,9 @@ +--- +title: "Additional Logs" +description: "Additional Logs" +sidebar_position: 50 +--- + # Additional Logs Additional Logs diff --git a/docs/privilegesecure/4.2/discovery/integrations/siem/forwardlogs.md b/docs/privilegesecure/4.2/discovery/integrations/siem/forwardlogs.md index 265e008424..7cbf831105 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/siem/forwardlogs.md +++ b/docs/privilegesecure/4.2/discovery/integrations/siem/forwardlogs.md @@ -1,3 +1,9 @@ +--- +title: "Forward Logs to Syslog Servers and SIEM Solutions" +description: "Forward Logs to Syslog Servers and SIEM Solutions" +sidebar_position: 20 +--- + # Forward Logs to Syslog Servers and SIEM Solutions Forward Logs to Syslog Servers and SIEM Solutions diff --git a/docs/privilegesecure/4.2/discovery/integrations/siem/logs.md b/docs/privilegesecure/4.2/discovery/integrations/siem/logs.md index 17c022391b..03317d0c88 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/siem/logs.md +++ b/docs/privilegesecure/4.2/discovery/integrations/siem/logs.md @@ -1,3 +1,9 @@ +--- +title: "Logs" +description: "Logs" +sidebar_position: 40 +--- + # Logs Logs diff --git a/docs/privilegesecure/4.2/discovery/integrations/siem/splunkjson.md b/docs/privilegesecure/4.2/discovery/integrations/siem/splunkjson.md index 5fe4051de1..9e4003ca24 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/siem/splunkjson.md +++ b/docs/privilegesecure/4.2/discovery/integrations/siem/splunkjson.md @@ -1,3 +1,9 @@ +--- +title: "Splunk (JSON) Source Type" +description: "Splunk (JSON) Source Type" +sidebar_position: 10 +--- + # Splunk (JSON) Source Type Splunk (JSON) Source Type diff --git a/docs/privilegesecure/4.2/discovery/integrations/siem/splunkqueries.md b/docs/privilegesecure/4.2/discovery/integrations/siem/splunkqueries.md index d479aa084d..925bf6d243 100644 --- a/docs/privilegesecure/4.2/discovery/integrations/siem/splunkqueries.md +++ b/docs/privilegesecure/4.2/discovery/integrations/siem/splunkqueries.md @@ -1,3 +1,9 @@ +--- +title: "Splunk and SIEM Queries" +description: "Splunk and SIEM Queries" +sidebar_position: 30 +--- + # Splunk and SIEM Queries Splunk and SIEM Queries diff --git a/docs/privilegesecure/4.2/discovery/overview.md b/docs/privilegesecure/4.2/discovery/overview.md index 73f10acb6d..2bf675d462 100644 --- a/docs/privilegesecure/4.2/discovery/overview.md +++ b/docs/privilegesecure/4.2/discovery/overview.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Privilege Secure for Discovery v2.21 Documentation" +description: "Netwrix Privilege Secure for Discovery v2.21 Documentation" +sidebar_position: 20 +--- + # Netwrix Privilege Secure for Discovery v2.21 Documentation Netwrix Privilege Secure for Discovery v2.21 Documentation diff --git a/docs/privilegesecure/4.2/discovery/partners/_category_.json b/docs/privilegesecure/4.2/discovery/partners/_category_.json new file mode 100644 index 0000000000..764d499728 --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/partners/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Partners", + "position": 60, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/partners/technicalpartnerdocu/_category_.json b/docs/privilegesecure/4.2/discovery/partners/technicalpartnerdocu/_category_.json new file mode 100644 index 0000000000..d5e8d818bb --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/partners/technicalpartnerdocu/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Technical Partner Documentation", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/info_-_secureone_core_services.md b/docs/privilegesecure/4.2/discovery/partners/technicalpartnerdocu/core_services.md similarity index 100% rename from docs/privilegesecure/4.2/discovery/info_-_secureone_core_services.md rename to docs/privilegesecure/4.2/discovery/partners/technicalpartnerdocu/core_services.md diff --git a/docs/privilegesecure/4.2/discovery/requirements/_category_.json b/docs/privilegesecure/4.2/discovery/requirements/_category_.json new file mode 100644 index 0000000000..8a00596580 --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/requirements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/requirements/architectureoverview.md b/docs/privilegesecure/4.2/discovery/requirements/architectureoverview.md index 30d958513a..c00964c70a 100644 --- a/docs/privilegesecure/4.2/discovery/requirements/architectureoverview.md +++ b/docs/privilegesecure/4.2/discovery/requirements/architectureoverview.md @@ -1,3 +1,9 @@ +--- +title: "Architectue Overview" +description: "Architectue Overview" +sidebar_position: 10 +--- + # Architectue Overview Architectue Overview diff --git a/docs/privilegesecure/4.2/discovery/requirements/haanddr.md b/docs/privilegesecure/4.2/discovery/requirements/haanddr.md index c3442266bc..15e8b3e98d 100644 --- a/docs/privilegesecure/4.2/discovery/requirements/haanddr.md +++ b/docs/privilegesecure/4.2/discovery/requirements/haanddr.md @@ -1,3 +1,9 @@ +--- +title: "High Availability (HA) and Disaster Recovery (DR) Options" +description: "High Availability (HA) and Disaster Recovery (DR) Options" +sidebar_position: 20 +--- + # High Availability (HA) and Disaster Recovery (DR) Options High Availability (HA) and Disaster Recovery (DR) Options diff --git a/docs/privilegesecure/4.2/discovery/requirements/overview.md b/docs/privilegesecure/4.2/discovery/requirements/overview.md index 1ce1ae129e..410b10e1b0 100644 --- a/docs/privilegesecure/4.2/discovery/requirements/overview.md +++ b/docs/privilegesecure/4.2/discovery/requirements/overview.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + # Requirements Requirements @@ -135,7 +141,7 @@ configured as service accounts to disallow interactive logon and be set with com **All** accounts are required for configuring the domain to be scanned and protected within Privilege Secure. More information can be found here: -[Service Accounts](/docs/privilegesecure/4.2/discovery/serviceaccounts.md) +[Service Accounts](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/serviceaccounts.md) **NOTE:** We require a static DC to ensure S1 can correctly detect and account for changes made to Groups, OUs, Users, etc. A load balanced connection will cause group updates to not be recognized @@ -156,9 +162,9 @@ required uses Group Policy Preferences (GPP). There are separate guides dependin Controller version.  - 2008-2012 Domain Controllers – - [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/scangposerver2012or2008dcs.md) + [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) - 2016+ Domain Controllers – - [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecure/4.2/discovery/scangposerver2016+dcs.md) + [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2016+dcs.md) Microsoft by default (Windows 2016 & Windows 10 Creators Edition or later) restricted the ability to remotely enumerate members of local groups including the local Administrators group. Older operating @@ -236,7 +242,7 @@ Bulk Actions - Operations currently supported: JITA, Scan Mode, Protect Mode, Scan Systems, Set EDR Config, Set OAM, Set Accounts Persistent, Add/Update Account, Remove Account - More information and instruction can be found here: - [Bulk Actions](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/bulkactions.md) + [Bulk Actions](/docs/privilegesecure/4.2/discovery/administration/systemmanagement/bulkactions.md) QuickStart @@ -248,7 +254,7 @@ QuickStart - Historical solution for managing endpoints en masse. - Supports JITA, Scan Mode, Protect Mode, OAM, EDR, Linux Registration, etc. More information can be found here: - [QuickStart Advanced Fields](/docs/privilegesecure/4.2/discovery/admin/configuration/advancedfields.md) + [QuickStart Advanced Fields](/docs/privilegesecure/4.2/discovery/administration/configuration/advancedfields.md) API diff --git a/docs/privilegesecure/4.2/discovery/requirements/portsandfirewalls.md b/docs/privilegesecure/4.2/discovery/requirements/portsandfirewalls.md index a0030380d7..2251b3c027 100644 --- a/docs/privilegesecure/4.2/discovery/requirements/portsandfirewalls.md +++ b/docs/privilegesecure/4.2/discovery/requirements/portsandfirewalls.md @@ -1,3 +1,9 @@ +--- +title: "Port, Firewall, and Datacenter Requirements" +description: "Port, Firewall, and Datacenter Requirements" +sidebar_position: 40 +--- + # Port, Firewall, and Datacenter Requirements Port, Firewall, and Datacenter Requirements diff --git a/docs/privilegesecure/4.2/discovery/requirements/serverstoragesizing.md b/docs/privilegesecure/4.2/discovery/requirements/serverstoragesizing.md index fc04df314c..1823ad2549 100644 --- a/docs/privilegesecure/4.2/discovery/requirements/serverstoragesizing.md +++ b/docs/privilegesecure/4.2/discovery/requirements/serverstoragesizing.md @@ -1,3 +1,9 @@ +--- +title: "Server Storage Sizing" +description: "Server Storage Sizing" +sidebar_position: 30 +--- + # Server Storage Sizing Server Storage Sizing diff --git a/docs/privilegesecure/4.2/discovery/requirements/supportedosandbrowsers.md b/docs/privilegesecure/4.2/discovery/requirements/supportedosandbrowsers.md index fd02767ec0..2520d7a9ad 100644 --- a/docs/privilegesecure/4.2/discovery/requirements/supportedosandbrowsers.md +++ b/docs/privilegesecure/4.2/discovery/requirements/supportedosandbrowsers.md @@ -1,3 +1,9 @@ +--- +title: "Supported Operating Systems and Browsers" +description: "Supported Operating Systems and Browsers" +sidebar_position: 60 +--- + # Supported Operating Systems and Browsers Supported Operating Systems and Browsers @@ -24,8 +30,8 @@ the OS requirements, please reach out to Netwrix Support. | Debian 7 | Netwrix AWS | Success | | | Debian 11 | Netwrix AWS | Success | | | Windows | | | | -| Windows XP and onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](/docs/privilegesecure/4.2/discovery/admin/configuration/saslkerberos.md) topic for additional information. | -| Windows Server 2003 and Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows.onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](/docs/privilegesecure/4.2/discovery/admin/configuration/saslkerberos.md) topic for additional information. | +| Windows XP and onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](/docs/privilegesecure/4.2/discovery/administration/configuration/saslkerberos.md) topic for additional information. | +| Windows Server 2003 and Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows.onwards | Netwrix AWS | Success | Netwrix cannot guarantee support of Kerberos for out-of-support versions of Windows. See the [SASL Kerberos](/docs/privilegesecure/4.2/discovery/administration/configuration/saslkerberos.md) topic for additional information. | ## Browser Requirements diff --git a/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/_category_.json b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/_category_.json new file mode 100644 index 0000000000..faf486929b --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Technical Preparation", + "position": 70, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/privilegesecure/4.2/discovery/accountsecurity.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/accountsecurity.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/accountsecurity.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/accountsecurity.md index 10998da429..64eaf6901b 100644 --- a/docs/privilegesecure/4.2/discovery/accountsecurity.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/accountsecurity.md @@ -1,3 +1,9 @@ +--- +title: "System & Service Account Security" +description: "System & Service Account Security" +sidebar_position: 10 +--- + # System & Service Account Security System & Service Account Security diff --git a/docs/privilegesecure/4.2/discovery/freeze_mode.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/freeze_mode.md similarity index 99% rename from docs/privilegesecure/4.2/discovery/freeze_mode.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/freeze_mode.md index 65c69a163c..1302b13efa 100644 --- a/docs/privilegesecure/4.2/discovery/freeze_mode.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/freeze_mode.md @@ -1,3 +1,9 @@ +--- +title: "Freeze Mode" +description: "Freeze Mode" +sidebar_position: 30 +--- + # Freeze Mode Freeze Mode diff --git a/docs/privilegesecure/4.2/discovery/golivechecklist.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/golivechecklist.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/golivechecklist.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/golivechecklist.md index 2592a11e68..b310e2dbcd 100644 --- a/docs/privilegesecure/4.2/discovery/golivechecklist.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/golivechecklist.md @@ -1,3 +1,9 @@ +--- +title: "Go-Live Checklist" +description: "Go-Live Checklist" +sidebar_position: 60 +--- + # Go-Live Checklist Go-Live Checklist diff --git a/docs/privilegesecure/4.2/discovery/info_-_what's_different_about_domain_controllers.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md similarity index 91% rename from docs/privilegesecure/4.2/discovery/info_-_what's_different_about_domain_controllers.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md index 571e0f5493..d357718986 100644 --- a/docs/privilegesecure/4.2/discovery/info_-_what's_different_about_domain_controllers.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/info_-_what's_different_about_domain_controllers.md @@ -1,3 +1,9 @@ +--- +title: "Info: What's Different About Domain Controllers?" +description: "Info: What's Different About Domain Controllers?" +sidebar_position: 120 +--- + # Info: What's Different About Domain Controllers? Info: What's Different About Domain Controllers? diff --git a/docs/privilegesecure/4.2/discovery/linuxregistrationsprerequisites.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md similarity index 96% rename from docs/privilegesecure/4.2/discovery/linuxregistrationsprerequisites.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md index 3cde1afb82..a2ec0e89f1 100644 --- a/docs/privilegesecure/4.2/discovery/linuxregistrationsprerequisites.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md @@ -1,3 +1,9 @@ +--- +title: "Linux Registrations Prerequisites" +description: "Linux Registrations Prerequisites" +sidebar_position: 110 +--- + # Linux Registrations Prerequisites Linux Registrations Prerequisites @@ -87,8 +93,8 @@ are more distributions of Linux supported by Privilege Secure. The full list is Guide on registering linux system with Postman (using API) -- [Postman Linux Registration](/docs/privilegesecure/4.2/discovery/admin/systemmanagement/postmanlinuxregistration.md) +- [Postman Linux Registration](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postmanlinuxregistration.md) Guide on registering linux system with QuickStart -- [Linux Simplified - 2.18+](/docs/privilegesecure/4.2/discovery/admin/configuration/linuxsimplified2.18+.md) +- [Linux Simplified - 2.18+](/docs/privilegesecure/4.2/discovery/administration/configuration/linuxsimplified2.18+.md) diff --git a/docs/privilegesecure/4.2/discovery/postman_-_installing_and_configuring_.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postman_-_installing_and_configuring_.md similarity index 97% rename from docs/privilegesecure/4.2/discovery/postman_-_installing_and_configuring_.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postman_-_installing_and_configuring_.md index fb0184aae3..2f0d6a341f 100644 --- a/docs/privilegesecure/4.2/discovery/postman_-_installing_and_configuring_.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postman_-_installing_and_configuring_.md @@ -1,3 +1,9 @@ +--- +title: "Postman: Installing and Configuring" +description: "Postman: Installing and Configuring" +sidebar_position: 90 +--- + # Postman: Installing and Configuring Postman: Installing and Configuring diff --git a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/postmanlinuxregistration.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postmanlinuxregistration.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/admin/systemmanagement/postmanlinuxregistration.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postmanlinuxregistration.md index 1f5ee76734..ac62b2c98c 100644 --- a/docs/privilegesecure/4.2/discovery/admin/systemmanagement/postmanlinuxregistration.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/postmanlinuxregistration.md @@ -1,3 +1,9 @@ +--- +title: "Postman Linux Registration" +description: "Postman Linux Registration" +sidebar_position: 100 +--- + # Postman Linux Registration Postman Linux Registration @@ -11,7 +17,7 @@ files locate in /etc/sudoers.d) into the /etc/sudoers file, and disable sudo per acquired from those sources. Linux registration -prerequisites: [Linux Registrations Prerequisites](/docs/privilegesecure/4.2/discovery/linuxregistrationsprerequisites.md) +prerequisites: [Linux Registrations Prerequisites](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/linuxregistrationsprerequisites.md) ## Adding Linux Machines to Privilege Secure diff --git a/docs/privilegesecure/4.2/discovery/productmodeaccount.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/productmodeaccount.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/productmodeaccount.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/productmodeaccount.md index eba180bda1..5c2f9c666d 100644 --- a/docs/privilegesecure/4.2/discovery/productmodeaccount.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/productmodeaccount.md @@ -1,3 +1,9 @@ +--- +title: "Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO" +description: "Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO" +sidebar_position: 40 +--- + # Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO Add Privilege Secure Protect Mode Account to Windows Endpoints via GPO diff --git a/docs/privilegesecure/4.2/discovery/proxyfirewallwhitelist.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/proxyfirewallwhitelist.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/proxyfirewallwhitelist.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/proxyfirewallwhitelist.md index c0421c650c..11f95cd431 100644 --- a/docs/privilegesecure/4.2/discovery/proxyfirewallwhitelist.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/proxyfirewallwhitelist.md @@ -1,3 +1,9 @@ +--- +title: "Proxy/Firewall Whitelist Servers" +description: "Proxy/Firewall Whitelist Servers" +sidebar_position: 80 +--- + # Proxy/Firewall Whitelist Servers Proxy/Firewall Whitelist Servers diff --git a/docs/privilegesecure/4.2/discovery/riskregister.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/riskregister.md similarity index 99% rename from docs/privilegesecure/4.2/discovery/riskregister.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/riskregister.md index 5b4f136a30..88dc046d13 100644 --- a/docs/privilegesecure/4.2/discovery/riskregister.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/riskregister.md @@ -1,3 +1,9 @@ +--- +title: "Risk Register" +description: "Risk Register" +sidebar_position: 50 +--- + # Risk Register Risk Register diff --git a/docs/privilegesecure/4.2/discovery/scangposerver2012or2008dcs.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md similarity index 93% rename from docs/privilegesecure/4.2/discovery/scangposerver2012or2008dcs.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md index d77ee837e7..cb5cf413aa 100644 --- a/docs/privilegesecure/4.2/discovery/scangposerver2012or2008dcs.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md @@ -1,3 +1,9 @@ +--- +title: "Scan GPO Guide (Server 2012 or 2008 Domain Controllers)" +description: "Scan GPO Guide (Server 2012 or 2008 Domain Controllers)" +sidebar_position: 130 +--- + # Scan GPO Guide (Server 2012 or 2008 Domain Controllers) Scan GPO Guide (Server 2012 or 2008 Domain Controllers) @@ -36,7 +42,7 @@ admin group. **NOTE:** For environments with any 2012 and 2008 domain controllers.  For environments with only Server 2016 only domain controllers, please see this -article:  [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecure/4.2/discovery/scangposerver2016+dcs.md) +article:  [Scan GPO Guide (Server 2016+ Domain Controllers)](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2016+dcs.md) Opening the “Group Policy Management Editor” and create or open a policy for the domain.  This GPO should be applied to servers and workstation to be managed by SecureONE. "Local Admin GPO" policy is diff --git a/docs/privilegesecure/4.2/discovery/scangposerver2016+dcs.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2016+dcs.md similarity index 94% rename from docs/privilegesecure/4.2/discovery/scangposerver2016+dcs.md rename to docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2016+dcs.md index 5605554736..27fb25048d 100644 --- a/docs/privilegesecure/4.2/discovery/scangposerver2016+dcs.md +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2016+dcs.md @@ -1,3 +1,9 @@ +--- +title: "Scan GPO Guide (Server 2016+ Domain Controllers)" +description: "Scan GPO Guide (Server 2016+ Domain Controllers)" +sidebar_position: 70 +--- + # Scan GPO Guide (Server 2016+ Domain Controllers) Scan GPO Guide (Server 2016+ Domain Controllers) @@ -41,7 +47,7 @@ members. **NOTE:** For environments with any 2012 and 2008 domain controllers, please see this article: -- [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/scangposerver2012or2008dcs.md) +- [Scan GPO Guide (Server 2012 or 2008 Domain Controllers)](/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/scangposerver2012or2008dcs.md) Opening the “Group Policy Management Editor” and create or open a policy for the domain.  This GPO policy should be applied to servers and workstation to be managed by Privilege Secure.  "Privilege diff --git a/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/serviceaccounts.md b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/serviceaccounts.md new file mode 100644 index 0000000000..81b4febb8b --- /dev/null +++ b/docs/privilegesecure/4.2/discovery/requirements/technicalpreparation/serviceaccounts.md @@ -0,0 +1,79 @@ +--- +title: "Service Accounts" +description: "Service Accounts" +sidebar_position: 20 +--- + +# Service Accounts + +Service Accounts + +# Service Accounts + +When configuring a new domain inside of Privilege Secure, there are three fields which require an +account in order to perform specific tasks: + +- Bind DN +- Scan Mode Settings +- Protect Mode Settings + +## Bind DN + +The Bind DN account is specified using the `DOMAIN\account` format, and is required for the +`ldapsync` service to successfully connect to the configured domain controller and synchronize the +information in Active Directory on a continuous basis.  This allows Domain Administrators to +continue to perform their jobs without being impacted in any way by Privilege Secure - Privilege +Secure adapts to their existing processes. + +![Screen_Shot_2019-04-19_at_1.59.55_PM.webp](/img/product_docs/privilegesecure/4.2/discovery/360021800554_screen_shot_2019-04-19_at_1.59.55_pm_419x139.webp) + +## Scan Mode Settings + +Scan Mode in Privilege Secure leverages a **non-privileged domain user account** to reach out to the +computer objects on a network, enumerate the local administrator group on the endpoint, and return +this information to Privilege Secure.  This is all accomplished via a **non-privileged** account on +Windows devices prior to `Windows 10 Creator Edition` and `Windows Server 2016`.  For more +information on scanning endpoints which have a newer Windows Operating System than these, see GPO +Guide v1. + +![Screen_Shot_2019-04-19_at_1.59.26_PM.webp](/img/product_docs/privilegesecure/4.2/discovery/360021800554_screen_shot_2019-04-19_at_1.59.26_pm_394x209.webp) + +**NOTE:** It is recommended that the "Default Policy" for Scan Mode be set to "**Enabled**," and +that a different account be used for "Scan Mode" than "Protect Mode." + +## Protect Mode Settings + +Protect Mode leverages an **administrative account** on the endpoint to enforce a **zero-trust** +state.  It is **strongly recommended** that the default policy for "Protect Mode" be set to +"**Disabled**" until the risk of enforcing Protect Mode to the business has been fully assessed.  In +order for Privilege Secure to correctly enforce Protect Mode, the Domain User account configured in +the screenshot below **must** be in the local administrator group on the endpoint in question.  When +this account is detected by Privilege Secure in the scanning phase, it will automatically be flagged +as the Protect Mode service account and be set as persistent and irremovable from the account +inventory in question. + +In general, the Protect Mode account can be any account in the local administrator group of a +machine and as long as the account information matches what is saved in the fields below, Protect +Mode can be enforced.  This approach can be useful for performing troubleshooting, and in some cases +will be required for deployment domain-wide.  However, most full-scale deployments leverage a domain +user account vs. a local account. + +![Screen_Shot_2019-04-19_at_1.59.35_PM.webp](/img/product_docs/privilegesecure/4.2/discovery/360021800554_screen_shot_2019-04-19_at_1.59.35_pm_388x208.webp) + +**NOTE:** It is highly recommended that the "Default Policy" for Protect Mode be set to +**Disabled**, and that a different account be used for "Protect Mode" than "Scan Mode." + +## Segregating Duties of Configured Accounts + +While it is possible to use the same domain user account for both the Scan and Protect accounts, it +is recommended to use separate accounts in keeping with best practices. This approach is not +technically wrong, but presents some important considerations. + +Practically speaking, a Protect Mode account is a domain account which has privileged access on +any/all machines configured in the domain, which is not required for scanning.  For this reason +alone, having a separate account for scanning is recommended so that the roles of each account in +the configured environment are clearly delineated.  In addition, because the Protect Mode account is +a privileged account on the domain, it does and should have greater capabilities than the Scan Mode +account, with greater attention paid to it.  If the same account is used for both Scan and Protect +Mode, this can easily lead to accidentally setting entire domains to enforce Protect Mode before the +correct preparations have been made, with potentially disastrous consequences for an organization. diff --git a/docs/privilegesecure/4.2/discovery/requirements/virtualmachines.md b/docs/privilegesecure/4.2/discovery/requirements/virtualmachines.md index 870159ad5d..1921085d15 100644 --- a/docs/privilegesecure/4.2/discovery/requirements/virtualmachines.md +++ b/docs/privilegesecure/4.2/discovery/requirements/virtualmachines.md @@ -1,3 +1,9 @@ +--- +title: "Virtual Machines" +description: "Virtual Machines" +sidebar_position: 50 +--- + # Virtual Machines Virtual Machines diff --git a/docs/privilegesecure/4.2/discovery/serviceaccounts.md b/docs/privilegesecure/4.2/discovery/serviceaccounts.md deleted file mode 100644 index 5ae525d592..0000000000 --- a/docs/privilegesecure/4.2/discovery/serviceaccounts.md +++ /dev/null @@ -1,73 +0,0 @@ -# Service Accounts - -Service Accounts - -# Service Accounts - -When configuring a new domain inside of Privilege Secure, there are three fields which require an -account in order to perform specific tasks: - -- Bind DN -- Scan Mode Settings -- Protect Mode Settings - -## Bind DN - -The Bind DN account is specified using the `DOMAIN\account` format, and is required for the -`ldapsync` service to successfully connect to the configured domain controller and synchronize the -information in Active Directory on a continuous basis.  This allows Domain Administrators to -continue to perform their jobs without being impacted in any way by Privilege Secure - Privilege -Secure adapts to their existing processes. - -![Screen_Shot_2019-04-19_at_1.59.55_PM.webp](/img/product_docs/privilegesecure/4.2/discovery/360021800554_screen_shot_2019-04-19_at_1.59.55_pm_419x139.webp) - -## Scan Mode Settings - -Scan Mode in Privilege Secure leverages a **non-privileged domain user account** to reach out to the -computer objects on a network, enumerate the local administrator group on the endpoint, and return -this information to Privilege Secure.  This is all accomplished via a **non-privileged** account on -Windows devices prior to `Windows 10 Creator Edition` and `Windows Server 2016`.  For more -information on scanning endpoints which have a newer Windows Operating System than these, see GPO -Guide v1. - -![Screen_Shot_2019-04-19_at_1.59.26_PM.webp](/img/product_docs/privilegesecure/4.2/discovery/360021800554_screen_shot_2019-04-19_at_1.59.26_pm_394x209.webp) - -**NOTE:** It is recommended that the "Default Policy" for Scan Mode be set to "**Enabled**," and -that a different account be used for "Scan Mode" than "Protect Mode." - -## Protect Mode Settings - -Protect Mode leverages an **administrative account** on the endpoint to enforce a **zero-trust** -state.  It is **strongly recommended** that the default policy for "Protect Mode" be set to -"**Disabled**" until the risk of enforcing Protect Mode to the business has been fully assessed.  In -order for Privilege Secure to correctly enforce Protect Mode, the Domain User account configured in -the screenshot below **must** be in the local administrator group on the endpoint in question.  When -this account is detected by Privilege Secure in the scanning phase, it will automatically be flagged -as the Protect Mode service account and be set as persistent and irremovable from the account -inventory in question. - -In general, the Protect Mode account can be any account in the local administrator group of a -machine and as long as the account information matches what is saved in the fields below, Protect -Mode can be enforced.  This approach can be useful for performing troubleshooting, and in some cases -will be required for deployment domain-wide.  However, most full-scale deployments leverage a domain -user account vs. a local account. - -![Screen_Shot_2019-04-19_at_1.59.35_PM.webp](/img/product_docs/privilegesecure/4.2/discovery/360021800554_screen_shot_2019-04-19_at_1.59.35_pm_388x208.webp) - -**NOTE:** It is highly recommended that the "Default Policy" for Protect Mode be set to -**Disabled**, and that a different account be used for "Protect Mode" than "Scan Mode." - -## Segregating Duties of Configured Accounts - -While it is possible to use the same domain user account for both the Scan and Protect accounts, it -is recommended to use separate accounts in keeping with best practices. This approach is not -technically wrong, but presents some important considerations. - -Practically speaking, a Protect Mode account is a domain account which has privileged access on -any/all machines configured in the domain, which is not required for scanning.  For this reason -alone, having a separate account for scanning is recommended so that the roles of each account in -the configured environment are clearly delineated.  In addition, because the Protect Mode account is -a privileged account on the domain, it does and should have greater capabilities than the Scan Mode -account, with greater attention paid to it.  If the same account is used for both Scan and Protect -Mode, this can easily lead to accidentally setting entire domains to enforce Protect Mode before the -correct preparations have been made, with potentially disastrous consequences for an organization. diff --git a/docs/privilegesecure/4.2/discovery/whatsnew.md b/docs/privilegesecure/4.2/discovery/whatsnew.md index 84fe3abe74..840a4a230a 100644 --- a/docs/privilegesecure/4.2/discovery/whatsnew.md +++ b/docs/privilegesecure/4.2/discovery/whatsnew.md @@ -1,3 +1,9 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 10 +--- + # What's New What's New diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/createsession.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/createsession.md deleted file mode 100644 index a576c5cbb2..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/createsession.md +++ /dev/null @@ -1,49 +0,0 @@ -# Create My Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Select an **Activity** to expand the session ribbon. - -![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) - -**Step 2 –** Click **Create Session** to start a new activity session. - -- If an Activity is assigned to a single resource, the Activity card will display the name of the - resource; selecting **Create Session** from the session ribbon will immediately start the - Activity. -- If the Activity is assigned to more than one resource, the Activity card will display the number - of resources; selecting **Create Session** from the session ribbon will open the Configure Session - window. -- **CAUTION:** If your license is expired and you can still log in, you will not be able to create - activity sessions. - -![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) - -**Step 3 –** Enter the following information: - -- If the Activity is a member of more than one Access Policy, the Access Policy field will change to - a drop-down selection. Based the resources assigned to the selected access policy, the list of - resources will change in the table. -- Enter notes or a ticket number in the applicable field (Set whether notes or ticket numbers should - be optional or mandatory for the session in the related Connection Profile) -- Select the resources required for the Activity session. Use the **Search** field to filter the - resource list. -- Click **Start Session** to start the provisioning process. - -![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) - -**NOTE:** If an approval is required, the Waiting for approval message will display until it has -been granted. - -![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) - -**Step 4 –** When provisioned, an activity session will display an Available status with a green -icon. Click **Available** to launch the session. - -- The contextual menu (…) to the top right of the active session card contains options to stop an - active session and to copy/view the login account password, if enabled in the related Connection - Profile. -- All sessions may be managed via the Dashboard interface, and the My Activities interface - interchangeably. - -Provisioning and active sessions are displayed in the session ribbon, newest sessions to the left. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/myactivities.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/myactivities.md deleted file mode 100644 index e5bd8e99a4..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/myactivities.md +++ /dev/null @@ -1,21 +0,0 @@ -# My Activities Page - -The Access > My Activities page displays activities mapped to the user as individual cards, -organized alphabetically or by Access Policy. - -![myactivitiesrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/myactivitiesrag.webp) - -To access the My Activities page, open the Access interface. If there is only a single activity card -present on this page that activity will open automatically. - -Activities may be sorted in alphabetical order (the default) or organized into groups according to -Access Policy. Duplicate activities will be automatically grouped into a single card on this -interface. In the modal for provisioning the session, the user can still select from the multiple -Access Policies that are duplicating their access to the activity. - -An Activity may appear in more than one Access Policy group if the Activity is a member of more than -one Access Policy. When sorted by Access Policy, the list of resources displayed is determined by -the resource list of the Access Policy. - -To create an Activity Session, click the **plus** button to begin. See the -[Create My Activity Session](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/createsession.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/active.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/active.md deleted file mode 100644 index ce5dbed388..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/active.md +++ /dev/null @@ -1,57 +0,0 @@ -# Active Dashboard - -The Active sessions dashboard shows all currently active sessions. Create an Activity Session to -grant temporary privileges and gain access to the resources defined by an Access Policy created by -your administrator. - -![End User Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) - -The Active Sessions table has the following features: - -- Create Session — Open the Activity Request window. See the - [Create My Activity Session](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/createsession.md) topic for additional information. -- End Session — Cancel the selected session(s) -- View Logs — Opens the Session Logs window to view the action log for the selected session. -- Refresh — Reload the information displayed -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Resource Name — Searches the table or list for resources matching the search string - -The table has the following columns: - -- Checkbox — Check to select one or more items -- Expand icon — Click the expand () icon to show additional information for the session -- Status — Shows status information for the session: - - - Provisioning — Pre-Session stage of the Activity is processing and assigning permissions to - the login account - - Waiting for Approval — The session requires approval to begin. See the - [Approvals Dashboard](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md) topic for additional information. - - Available — The activity session is ready. Click the icon to begin the session, or log in - through a client. See the [Sessions Interface](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessions.md) topic for additional information. - - Failed — Pre-Session stage of the Activity has encountered an error - - Logged In — User is successfully logged in to the Resource either directly or via the Proxy. - Direct log-in is detected by polling the Resource at regular intervals and may not update - immediately. - - Canceling — The session is either expired or was canceled manually by the user or an Privilege - Secure administrator. - - Locked — The session has been locked by an Privilege Secure administrator - -- Session icons — depending on how access has been configured, the following icons may be available - on an Available session: - - - Copy Username to Clipboard — Copies the managed user’s username - - Copy Password to Clipboard — Copies the managed user’s password - - View Password — Views the managed user’s password - - Launch Session — Launches a session in the Sessions tab - -- Requested — Date and time of when the session was created -- Host — Resource that the user will run the activity on -- Login Account — Displays the account used to log onto the resource -- Activity — Displays the name of the activity. -- Start — Indicates when the activity started. This refers to when the activity’s actions were - executed and not when the user was logged on to the resource. -- End — Indicates when the session is scheduled to end the activity, which is determined by the - start time plus the maximum session duration set by the access policy Connection Profile - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/createsession.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/createsession.md deleted file mode 100644 index 721eb9ed10..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/createsession.md +++ /dev/null @@ -1,56 +0,0 @@ -# Create Activity Session - -Follow the steps to create an activity session. - -**Step 1 –** Navigate to the Dashboard > Active page. - -**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. - -![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) - -**Step 3 –** On the Request Type page, enter the following information: - -- Select Activity – Search for and select an activity from the drop-down list - -**Step 4 –** Click Next to go to the Resource Selection page. - -![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) - -**Step 5 –** On the Resource Selection page, enter the following information: - -- Select the resource(s) from the table -- (Optional) Click View Selections to view all selected resources - -**Step 6 –** Click **Next** to go to the Notes page. - -![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) - -**Step 7 –** On the Notes page, enter the following information: - -- Notes for this session -- Ticket number for this session - -**Step 8 –** Click Next to go to the Scheduling page. - -![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) - -**Step 9 –** On the Scheduling page, enter the following information: - -- Select Now or enter a desired date and time to begin the session - -**Step 10 –** Click Next to go to the Review page. - -![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) - -**Step 11 –** On the Review page, review the summary of the new session. - -**Step 12 –** Click Finish to create the session. - -The new session is created and is shown in the applicable dashboard in the Dashboard interface. If -approval is required, the status Waiting for Approval is shown. The requester cannot log in to the -session until the request is approved and the status changes to Available. - -When the status Available is shown, the remote session is ready. Click the Connection icon to begin -the session, or log in through a client. - -See the [Sessions Interface](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessions.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/historical.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/historical.md deleted file mode 100644 index 65dce772c8..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/historical.md +++ /dev/null @@ -1,48 +0,0 @@ -# Historical Dashboard - -The Historical sessions dashboard shows all created sessions and their status. - -![historicaldashboardrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/historicaldashboardrag.webp) - -The Historical Sessions table has the following features: - -- Search — Searches the table or list for matches to the search string. When matches are found, the - table or list is filtered to the matching results. -- Filter — Provides options to filter results based on a chosen criterion: - - - Resource Name – Filter by Host value - - Requested date — Filter by session start and/or end dates - -- Export as CSV — Generates a CSV file of the table and automatically downloads it to your browser's - default download folder. The file name indicates what table was exported. -- Refresh — Reload the information displayed - -The table has the following columns: - -- Actions — Contains icons for available actions: - - - Expand icon — Click the expand () icon to show additional information - - Rocket icon — Launches the same session (same activity on the same resource with the same - connection profile) for any historical session that is not a Credential-based session - -- Requested — Date and time of when the session was created -- Status — Shows status information for the session: - - - Canceled — Activity was manually canceled before its scheduled end time by an Privilege Secure - administrator - - Failed — Pre-Session stage of the Activity has encountered an error - - Completed — Activity either reached the end of its scheduled end time or was canceled early by - the requestor - -- Session User— User who requested the session -- Host — Resource that the user will run the activity on -- Login Account — Displays the account used to log onto the resource -- Activity — Displays the name of the activity -- Start — Indicates when the activity started. This refers to when the activity’s actions were - executed and not when the user was logged on to the resource. -- Duration — Indicates how long the Activity ran for until it either reached its scheduled end time - or was manually canceled by the user or an Privilege Secure administrator -- Notes — Any notes that were entered when the session was created -- Ticket Number — Any ticket numbers that were entered when the session was created - -The table columns can be resized and sorted in ascending or descending order. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/overview.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/overview.md deleted file mode 100644 index c55f986682..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/overview.md +++ /dev/null @@ -1,19 +0,0 @@ -# Dashboard Interface - -The Dashboard interface displays an overview of activity sessions, users, resources and related -information. - -![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) - -The overview section shows information for the following: - -- Active Dashboard – Shows all currently active sessions. See the [Active Dashboard](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/active.md) - topic for additional information. -- Scheduled Dashboard – Shows all scheduled sessions. See the [Scheduled Dashboard](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/scheduled.md) - topic for additional information. -- Approvals Dashboard – Shows sessions waiting for approval. See the - [Approvals Dashboard](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/approvals.md) topic for additional information. -- Historical Dashboard – Shows previous sessions. See the [Historical Dashboard](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/historical.md) - topic for additional information. - -The table shows information on the selected activity session. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessions.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessions.md deleted file mode 100644 index 9cfb775886..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessions.md +++ /dev/null @@ -1,32 +0,0 @@ -# Sessions Interface - -On the Active Sessions dashboard, when the status Available is shown, the activity session is ready. -To begin the activity session, click the Connection icon in the Status column for the applicable -session to be automatically connected to the resource. - -![startsessionrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/startsessionrag.webp) - -Clicking the **Session** icon via the Active Dashboard will launch a session on the Sessions tab. - -![sessionwindowrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessionwindowrag.webp) - -The Rec icon is displayed in the top right corner of the session to indicate that the Proxy Service -is recording the session. - -The following controls are available in the top right corner of the Sessions interface. - -- Resolution options: - - - Dynamic - - 1280x720 - - 1920x1080 - - 2560x1440 - - 3840x2160 - -- Ctrl+Alt+Delete — Sends a Ctrl+Alt+Delete command to the session -- Close — Closes the session - -![sessionstabrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/sessionstabrag.webp) - -Clicking on the **Sessions** tab will display a list of all available sessions and allow the user to -switch between sessions. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/login.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/login.md deleted file mode 100644 index 9b06d1fd7d..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/login.md +++ /dev/null @@ -1,51 +0,0 @@ -# First Time Login - -Remote Access Gateway users can access the portal via the URL provided by a Netwrix Privilege -Secure Administrator, for example: - -`https://[ExampleRagPortalIpAddress]` - -Follow the steps to log in to the Privilege Secure. - -**Step 1 –** Open the Remote Access Gateway in a browser window. The Login screen will show the -Authentication method that is set as the default. - -**NOTE:** Privilege Secure requires a multi-factor authentication (MFA) solution (Authenticator, -DUO, Symantec VIP, etc) for all user accounts unless otherwise configured by an Administrator. If -required, first time users must register with an MFA to use with their login credentials. - -**Step 2 –** Either click the default **Authentication Connector** button, or click **Log In with a -Different Account** to display all of the authentication connectors that are registered -with Privilege Secure. - -![loginrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/loginrag.webp) - -**Step 3 –** Login to the Remote Access Gateway using federated login, or entering the AD or NPS -local user credentials. (The method will depend on how the Remote Access Gateway has been configured -by your administrator). - -- When using an authentication connector, there's no 'username' or 'password' field for the user to - enter. Instead there's just a single button to login. - - ![mfaloginrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/mfaloginrag.webp) - -- Clicking the authentication connector will redirect the user to the IdP login screen, which will - log the user in (with whatever MFA is set up in the IdP) and then revert the user back to - the Privilege Secure dashboard once authenticated. Steps 4-7 will be skipped when using an IdP - login. - -**Step 4 –** Click Login to proceed. - -**Step 5 –** A QR code will be displayed to register with an authenticator application. - -**Step 6 –** Enter the code provided by the registered multi-factor authenticator (MFA). - -![authcoderag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/authcoderag.webp) - -**Step 7 –** Click **MFA Login**. Privilege Secure opens on the Access Interface. - -![accessdashboardrag](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/enduser/accessdashboardrag.webp) - -**Step 8 –** Once the authentication is complete, the Access dashboard is displayed. - -The Remote Access Gateway is ready to use. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/navigation.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/navigation.md deleted file mode 100644 index 29c62c5386..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/navigation.md +++ /dev/null @@ -1,28 +0,0 @@ -# Navigation - -At the top of the Privilege Secure Console lists available in interfaces and provides access to the -Help link and the User Menu: - -![End User Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/enduserdashboard.webp) - -The buttons have these functions: - -- Interfaces: - - - Access — Grants access to the My Activities page. Activities are be displayed as individual - cards, organized alphabetically or by Access Policy. See the - [My Activities Page](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/access/myactivities.md) topic for additional information. - - Dashboard — View summaries of recent activity logs and user sessions. See the - [Dashboard Interface](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/dashboard/overview.md) topic for additional information. - -- Help — Opens the - [Netwrix Privilege Secure Documentation](https://helpcenter.netwrix.com/category/sbpam) in the in - another browser tab -- User Name — Click to open the drop-down menu: - - - Dark Mode — Toggle “Dark Mode” for the console. Hover over the toggle switch to see a preview - of Dark Mode. - - Product Tour — Re-starts walk-through of Privilege Secure features. See the - [Product Tour](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/producttour.md) topic for additional information. - - Logout — Signs the user out of the current session and opens the Login screen - - About — Shows version and license information for the console diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/overview.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/overview.md deleted file mode 100644 index 38427cd345..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/overview.md +++ /dev/null @@ -1,10 +0,0 @@ -# End User Overview - -This topic and its subtopics are written for users who have been assigned as a Remote Access -Gateway User. - -New users will need to go through the MFA registration process before they can log in. Privilege -Secure requires a multi-factor authentication (MFA) solution (Authenticator, DUO, Symantec VIP etc) -for all user accounts. Upon initial login, the user must complete MFA registration in order to -proceed with using Privilege Secure. It is recommended to check with the organization's -Administrators for login requirements. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/producttour.md b/docs/privilegesecure/4.2/remoteaccessgateway/enduser/producttour.md deleted file mode 100644 index 66c4e0760f..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/enduser/producttour.md +++ /dev/null @@ -1,16 +0,0 @@ -# Product Tour - -New users now experience a product tour on first login. Standard users and users with the Privilege -Secure administrator role are walked through features that are relevant to their role. - -![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) - -At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By -default, the tour will not display on next login unless the **Do not display again** checkbox is -unchecked. - -The product tour may be re-started at any time via the user menu. - -![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) - -See the [Navigation](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/navigation.md) topic for additional information. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/install/installsupport.md b/docs/privilegesecure/4.2/remoteaccessgateway/install/installsupport.md deleted file mode 100644 index b7c359057f..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/install/installsupport.md +++ /dev/null @@ -1,4 +0,0 @@ -# Installation Support - -It is strongly recommended that a Netwrix engineer be involved in your RAG installation. Please -contact your account manager to arrange an installation. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/overview.md b/docs/privilegesecure/4.2/remoteaccessgateway/overview.md deleted file mode 100644 index ebd29a32a6..0000000000 --- a/docs/privilegesecure/4.2/remoteaccessgateway/overview.md +++ /dev/null @@ -1,21 +0,0 @@ -# Remote Access Gateway - -The Remote Access Gateway (RAG) may be added to any Netwrix Privilege Secure installation to -securely extend access to external users such as remote workers or third-party vendors. VPN-less -access is provided via web page with browser-based sessions for RDP and SSH. - -![architecture](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/architecture.webp) - -The RAG is made up of two components: - -RAG Portal - -A dedicated web server to be installed in the DMZ. This is the front-end of the solution for end -users and by default the website runs on HTTPS\443. The RAG Portal communicates with the RAG gateway -over HTTPS\443 - -RAG Gateway - -The gateway runs inside the corporate network and provides a bridge between the RAG Portal and the -Netwrix Privilege Secure installation. The RAG Gateway communicates to the Netwrix Privilege Secure -web service on port 6500 and the Proxy on 4489 and 4422 for RDP and SSH, respectively. diff --git a/scripts/rename-md.js b/scripts/rename-md.js new file mode 100644 index 0000000000..78e1a75859 --- /dev/null +++ b/scripts/rename-md.js @@ -0,0 +1,126 @@ +#!/usr/bin/env node +const fs = require('fs'); +const path = require('path'); +const fse = require('fs-extra'); + +// Helper to recursively get all .md files in a directory +function getAllMarkdownFiles(dir, fileList = []) { + const files = fs.readdirSync(dir); + files.forEach(file => { + const filePath = path.join(dir, file); + const stat = fs.statSync(filePath); + if (stat.isDirectory()) { + getAllMarkdownFiles(filePath, fileList); + } else if (file.endsWith('.md')) { + fileList.push(filePath); + } + }); + return fileList; +} + +// Helper to update markdown links in a file, returns array of updated links +function updateMarkdownLinks(filePath, oldPath, newPath) { + let content = fs.readFileSync(filePath, 'utf8'); + let updated = false; + let updatedLinks = []; + + // Normalize to forward slashes for matching + const normalizedOld = oldPath.replace(/\\/g, '/'); + const normalizedNew = newPath.replace(/\\/g, '/'); + const absOld = `/docs/${normalizedOld}`; + const absNew = `/docs/${normalizedNew}`; + + // Regex to match markdown links, capturing optional '!' for images + const linkRegex = /(!)?\[([^\]]+)\]\(([^)]+)\)/g; + + const newContent = content.replace(linkRegex, (match, isImage, text, link) => { + if (isImage) return match; // skip images + + let replaced = false; + let newLink = link; + + // Replace absolute path prefix + if (link.startsWith(absOld + '/') || link === absOld) { + newLink = absNew + link.slice(absOld.length); + replaced = true; + } + // Replace relative path prefix + else if (link.startsWith(normalizedOld + '/') || link === normalizedOld) { + newLink = normalizedNew + link.slice(normalizedOld.length); + replaced = true; + } + + if (replaced) { + updated = true; + updatedLinks.push(match.trim()); + return `[${text}](${newLink})`; + } + return match; + }); + + if (updated) { + fs.writeFileSync(filePath, newContent, 'utf8'); + console.log(` Updated links in: ${filePath}`); + updatedLinks.forEach(link => { + console.log(` - ${link}`); + }); + } + + return updatedLinks.length > 0; +} + +// Main function +function main() { + // Parse command line arguments + const args = process.argv.slice(2); + if (args.length !== 2) { + console.error('Usage: node scripts/rename-md.js '); + process.exit(1); + } + + const oldPath = args[0]; + const newPath = args[1]; + + // Assume always in docs folder + const docsDir = path.resolve('docs'); + const resolvedOldPath = path.join(docsDir, oldPath); + const resolvedNewPath = path.join(docsDir, newPath); + + if (!fs.existsSync(resolvedOldPath)) { + console.error(`Error: Source does not exist: ${resolvedOldPath}`); + process.exit(1); + } + + // Safety check: prevent moving a folder into itself or its parent + if (fs.statSync(resolvedOldPath).isDirectory() && (resolvedOldPath === resolvedNewPath || resolvedNewPath.startsWith(resolvedOldPath + path.sep))) { + console.error('Error: Cannot move a directory into itself or its parent'); + process.exit(1); + } + + try { + // Move/rename the file or folder + fse.moveSync(resolvedOldPath, resolvedNewPath, { overwrite: true }); + console.log(`Moved/renamed ${resolvedOldPath} to ${resolvedNewPath}`); + + // Update markdown links + console.log('Updating markdown links...'); + const markdownFiles = getAllMarkdownFiles(docsDir); + console.log(`Found ${markdownFiles.length} markdown files to check`); + + let updatedFilesCount = 0; + markdownFiles.forEach(filePath => { + if (updateMarkdownLinks(filePath, oldPath, newPath)) { + updatedFilesCount++; + } + }); + + console.log(`Updated markdown links in ${updatedFilesCount} files under docs/.`); + + } catch (error) { + console.error('Error:', error.message); + process.exit(1); + } +} + +// Run the script +main(); \ No newline at end of file diff --git a/scripts/reorganize-from-fltoc.js b/scripts/reorganize-from-fltoc.js index 04bc581b4f..e8c1d97492 100644 --- a/scripts/reorganize-from-fltoc.js +++ b/scripts/reorganize-from-fltoc.js @@ -50,11 +50,14 @@ function getAllMdFiles(dir, rel = '') { function mapFltocLinkToMd(link) { if (link.startsWith('/Content/Config/')) { - return link.replace('/Content/', '').replace(/\.htm$/, '.md').replace(/ /g, '_').toLowerCase(); + return link.replace('/Content/', '').replace(/\.html?$/, '.md').replace(/ /g, '_').toLowerCase(); } else if (link.startsWith('/Content/Access/General/')) { - return link.replace('/Content/Access/General/', 'general/').replace(/\.htm$/, '.md').replace(/ /g, '_').toLowerCase(); - } else if (link.startsWith(`/Content/${PRODUCT_KEY}/`)) { - return link.replace(`/Content/${PRODUCT_KEY}/`, '').replace(/\.htm$/, '.md').replace(/ /g, '_').toLowerCase(); + return link.replace('/Content/Access/General/', 'general/').replace(/\.html?$/, '.md').replace(/ /g, '_').toLowerCase(); + } else if (PRODUCT_KEY && link.startsWith(`/Content/${PRODUCT_KEY}/`)) { + return link.replace(`/Content/${PRODUCT_KEY}/`, '').replace(/\.html?$/, '.md').replace(/ /g, '_').toLowerCase(); + } else if (link.startsWith('/Content/')) { + // fallback: just remove /Content/ + return link.replace('/Content/', '').replace(/\.html?$/, '.md').replace(/ /g, '_').toLowerCase(); } return null; } @@ -162,7 +165,9 @@ function updateFrontmatter(filePath, title, position) { try { let content = fs.readFileSync(filePath, 'utf8'); const h1Match = content.match(/^#\s+(.+)$/m); - const realTitle = h1Match ? h1Match[1].trim() : title; + let realTitle = h1Match ? h1Match[1].trim() : title; + // Escape double quotes + realTitle = realTitle.replace(/"/g, '\\"'); const description = realTitle; const frontmatter = `---\ntitle: "${realTitle}"\ndescription: "${description}"\nsidebar_position: ${position}\n---\n\n`; if (content.startsWith('---')) { @@ -292,7 +297,7 @@ function walkTreeAndReorganize(tree, parentFolders, docsPath, sidebarPositionSta } position += 10; } else if (item.type === 'category') { - let folderName = item.label.toLowerCase().replace(/\s+/g, '-'); + let folderName = limitFolderName(item.label.toLowerCase().replace(/\s+/g, '')); let folderPath = path.join(docsPath, ...parentFolders, folderName); if (fs.existsSync(folderPath) && !fs.statSync(folderPath).isDirectory()) { // If a file exists where a folder should be, rename the folder @@ -411,6 +416,10 @@ function updateAllLinks(docsPath, fileMoves) { walk(docsPath); } +function limitFolderName(name) { + return name.slice(0, 40); +} + function main() { // 1. Parse .fltoc const xml = fs.readFileSync(FLTOC_PATH, 'utf8'); diff --git a/sidebars/endpointpolicymanager.js b/sidebars/endpointpolicymanager.js index b989a804b6..ce91703ad9 100644 --- a/sidebars/endpointpolicymanager.js +++ b/sidebars/endpointpolicymanager.js @@ -1,438 +1,10 @@ -/** - * Creating a sidebar enables you to: - * - create an ordered group of docs - * - render a sidebar for each doc of that group - * - provide next/previous navigation - * - * The sidebars can be generated from the filesystem, or explicitly defined here. - * - * Create as many sidebars as you want. - */ - -// @ts-check /** @type {import('@docusaurus/plugin-content-docs').SidebarsConfig} */ const sidebars = { endpointpolicymanagerSidebar: [ { - type: 'doc', - id: 'index', - label: 'Overview', - }, - - // Getting Started - { - type: 'category', - label: 'Getting Started', - items: [ - 'getting-started/index', - 'getting-started/basic-concepts', - { - type: 'autogenerated', - dirName: 'getting-started', - }, - ], - collapsed: false, - }, - - // Installation and Deployment - { - type: 'category', - label: 'Installation and Deployment', - items: [ - { - type: 'autogenerated', - dirName: 'installation-and-deployment', - }, - ], - }, - - // Licensing - { - type: 'category', - label: 'Licensing', - items: [ - 'licensing/index', - { - type: 'autogenerated', - dirName: 'licensing', - }, - ], - }, - - // Policy Management - { - type: 'category', - label: 'Policy Management', - items: [ - { - type: 'category', - label: 'Administrative Templates', - items: [ - { - type: 'autogenerated', - dirName: 'policy-management/administrative-templates', - }, - ], - }, - { - type: 'category', - label: 'Preferences', - items: [ - { - type: 'autogenerated', - dirName: 'policy-management/preferences', - }, - ], - }, - { - type: 'category', - label: 'Item Level Targeting', - items: [ - { - type: 'autogenerated', - dirName: 'policy-management/item-level-targeting', - }, - ], - }, - ], - }, - - // Application Management - { - type: 'category', - label: 'Application Management', - items: [ - { - type: 'category', - label: 'Application Settings', - items: [ - { - type: 'autogenerated', - dirName: 'application-management/application-settings', - }, - ], - }, - { - type: 'category', - label: 'File Associations', - items: [ - { - type: 'autogenerated', - dirName: 'application-management/file-associations', - }, - ], - }, - { - type: 'category', - label: 'Java Enterprise Rules', - items: [ - { - type: 'autogenerated', - dirName: 'application-management/java-enterprise-rules', - }, - ], - }, - { - type: 'category', - label: 'Browser Router', - items: [ - { - type: 'autogenerated', - dirName: 'application-management/browser-router', - }, - ], - }, - ], - }, - - // Security and Privilege Management - { - type: 'category', - label: 'Security and Privilege Management', - items: [ - { - type: 'category', - label: 'Least Privilege Manager', - items: [ - { - type: 'autogenerated', - dirName: 'security-and-privilege-management/least-privilege-manager', - }, - ], - }, - { - type: 'category', - label: 'Security Settings', - items: [ - { - type: 'autogenerated', - dirName: 'security-and-privilege-management/security-settings', - }, - ], - }, - { - type: 'category', - label: 'GPO Export', - items: [ - { - type: 'autogenerated', - dirName: 'security-and-privilege-management/gpo-export', - }, - ], - }, - ], - }, - - // Device and Desktop Management - { - type: 'category', - label: 'Device and Desktop Management', - items: [ - { - type: 'category', - label: 'Device Manager', - items: [ - { - type: 'autogenerated', - dirName: 'device-and-desktop-management/device-manager', - }, - ], - }, - { - type: 'category', - label: 'Start Screen and Taskbar', - items: [ - { - type: 'autogenerated', - dirName: 'device-and-desktop-management/start-screen-and-taskbar', - }, - ], - }, - { - type: 'category', - label: 'Remote Desktop Protocol', - items: [ - { - type: 'autogenerated', - dirName: 'device-and-desktop-management/remote-desktop-protocol', - }, - ], - }, - ], - }, - - // Cloud and Remote Management - { - type: 'category', - label: 'Cloud and Remote Management', - items: [ - { - type: 'category', - label: 'Cloud Management', - items: [ - { - type: 'autogenerated', - dirName: 'cloud-and-remote-management/cloud-management', - }, - ], - }, - { - type: 'category', - label: 'Remote Work Delivery', - items: [ - { - type: 'autogenerated', - dirName: 'cloud-and-remote-management/remote-work-delivery', - }, - ], - }, - { - type: 'category', - label: 'MDM Integration', - items: [ - { - type: 'autogenerated', - dirName: 'cloud-and-remote-management/mdm-integration', - }, - ], - }, - ], - }, - - // Automation and Scripting - { - type: 'category', - label: 'Automation and Scripting', - items: [ - { - type: 'category', - label: 'Scripts and Triggers', - items: [ - { - type: 'autogenerated', - dirName: 'automation-and-scripting/scripts-and-triggers', - }, - ], - }, - { - type: 'category', - label: 'Feature Management', - items: [ - { - type: 'autogenerated', - dirName: 'automation-and-scripting/feature-management', - }, - ], - }, - ], - }, - - // Compliance and Reporting - { - type: 'category', - label: 'Compliance and Reporting', - items: [ - { - type: 'category', - label: 'Group Policy Compliance Reporter', - items: [ - { - type: 'autogenerated', - dirName: 'compliance-and-reporting/group-policy-compliance-reporter', - }, - ], - }, - { - type: 'category', - label: 'Editions', - items: [ - { - type: 'autogenerated', - dirName: 'compliance-and-reporting/editions', - }, - ], - }, - ], - }, - - // Deployment Methods - { - type: 'category', - label: '🚢 Deployment Methods', - items: [ - { - type: 'category', - label: 'Group Policy', - items: [ - { - type: 'autogenerated', - dirName: 'deployment-methods/group-policy', - }, - ], - }, - { - type: 'category', - label: 'Software Packages', - items: [ - { - type: 'autogenerated', - dirName: 'deployment-methods/software-packages', - }, - ], - }, - ], - }, - - // Integrations - { - type: 'category', - label: 'Integrations', - items: [ - { - type: 'category', - label: 'Third-Party Integrations', - items: [ - { - type: 'autogenerated', - dirName: 'integrations/third-party-integrations', - }, - ], - }, - ], - }, - - // Platform Specific - { - type: 'category', - label: 'Platform Specific', - items: [ - { - type: 'category', - label: 'Mac Support', - items: [ - { - type: 'autogenerated', - dirName: 'platform-specific/mac-support', - }, - ], - }, - { - type: 'category', - label: 'Windows Requirements', - items: [ - { - type: 'autogenerated', - dirName: 'platform-specific/windows-requirements', - }, - ], - }, - ], - }, - - // Resources - { - type: 'category', - label: '📚 Resources', - items: ['resources/knowledge-base', 'resources/video-tutorials'], - }, - - // Troubleshooting - { - type: 'category', - label: 'Troubleshooting', - items: [ - 'troubleshooting/index', - { - type: 'autogenerated', - dirName: 'troubleshooting', - }, - ], - }, - - // Reference - { - type: 'category', - label: '📖 Reference', - items: ['reference/index'], - }, - - // Archive - { - type: 'category', - label: 'Archive', - items: [ - { - type: 'category', - label: 'Archived Guides', - items: [ - { - type: 'autogenerated', - dirName: 'archive/archived-guides', - }, - ], - }, - ], + type: 'autogenerated', + dirName: '.', }, ], }; diff --git a/docs/privilegesecure/4.2/discovery/attachments/360042878654_linux_register.xlsx b/static/files/privilegesecure/discovery/attachments/360042878654_linux_register.xlsx similarity index 100% rename from docs/privilegesecure/4.2/discovery/attachments/360042878654_linux_register.xlsx rename to static/files/privilegesecure/discovery/attachments/360042878654_linux_register.xlsx